1/* random.c - Random number switch
2 * Copyright (C) 2008  Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20/*
21  This module switches between different implementations of random
22  number generators and provides a few help functions.
23 */
24
25#include <config.h>
26#include <stdio.h>
27#include <stdlib.h>
28#include <errno.h>
29
30#include "g10lib.h"
31#include "random.h"
32#include "rand-internal.h"
33#include "ath.h"
34
35
36/* If not NULL a progress function called from certain places and the
37   opaque value passed along.  Registered by
38   _gcry_register_random_progress (). */
39static void (*progress_cb) (void *,const char*,int,int, int );
40static void *progress_cb_data;
41
42
43
44
45/* ---  Functions  --- */
46
47
48/* Used to register a progress callback.  This needs to be called
49   before any threads are created. */
50void
51_gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int),
52                                void *cb_data )
53{
54  progress_cb = cb;
55  progress_cb_data = cb_data;
56}
57
58
59/* This progress function is currently used by the random modules to
60   give hints on how much more entropy is required. */
61void
62_gcry_random_progress (const char *what, int printchar, int current, int total)
63{
64  if (progress_cb)
65    progress_cb (progress_cb_data, what, printchar, current, total);
66}
67
68
69
70/* Initialize this random subsystem.  If FULL is false, this function
71   merely calls the basic initialization of the module and does not do
72   anything more.  Doing this is not really required but when running
73   in a threaded environment we might get a race condition
74   otherwise. */
75void
76_gcry_random_initialize (int full)
77{
78  if (fips_mode ())
79    _gcry_rngfips_initialize (full);
80  else
81    _gcry_rngcsprng_initialize (full);
82}
83
84
85void
86_gcry_random_dump_stats (void)
87{
88  if (fips_mode ())
89    _gcry_rngfips_dump_stats ();
90  else
91    _gcry_rngcsprng_dump_stats ();
92}
93
94
95/* This function should be called during initialization and before
96   initialization of this module to place the random pools into secure
97   memory.  */
98void
99_gcry_secure_random_alloc (void)
100{
101  if (fips_mode ())
102    ;  /* Not used; the FIPS RNG is always in secure mode.  */
103  else
104    _gcry_rngcsprng_secure_alloc ();
105}
106
107
108/* This may be called before full initialization to degrade the
109   quality of the RNG for the sake of a faster running test suite.  */
110void
111_gcry_enable_quick_random_gen (void)
112{
113  if (fips_mode ())
114    ;  /* Not used.  */
115  else
116    _gcry_rngcsprng_enable_quick_gen ();
117}
118
119
120void
121_gcry_set_random_daemon_socket (const char *socketname)
122{
123  if (fips_mode ())
124    ;  /* Not used.  */
125  else
126    _gcry_rngcsprng_set_daemon_socket (socketname);
127}
128
129/* With ONOFF set to 1, enable the use of the daemon.  With ONOFF set
130   to 0, disable the use of the daemon.  With ONOF set to -1, return
131   whether the daemon has been enabled. */
132int
133_gcry_use_random_daemon (int onoff)
134{
135  if (fips_mode ())
136    return 0; /* Never enabled in fips mode.  */
137  else
138    return _gcry_rngcsprng_use_daemon (onoff);
139}
140
141
142/* This function returns true if no real RNG is available or the
143   quality of the RNG has been degraded for test purposes.  */
144int
145_gcry_random_is_faked (void)
146{
147  if (fips_mode ())
148    return _gcry_rngfips_is_faked ();
149  else
150    return _gcry_rngcsprng_is_faked ();
151}
152
153
154/* Add BUFLEN bytes from BUF to the internal random pool.  QUALITY
155   should be in the range of 0..100 to indicate the goodness of the
156   entropy added, or -1 for goodness not known.  */
157gcry_error_t
158gcry_random_add_bytes (const void *buf, size_t buflen, int quality)
159{
160  if (fips_mode ())
161    return 0; /* No need for this in fips mode.  */
162  else
163    return _gcry_rngcsprng_add_bytes (buf, buflen, quality);
164}
165
166
167/* Helper function.  */
168static void
169do_randomize (void *buffer, size_t length, enum gcry_random_level level)
170{
171  if (fips_mode ())
172    _gcry_rngfips_randomize (buffer, length, level);
173  else
174    _gcry_rngcsprng_randomize (buffer, length, level);
175}
176
177/* The public function to return random data of the quality LEVEL.
178   Returns a pointer to a newly allocated and randomized buffer of
179   LEVEL and NBYTES length.  Caller must free the buffer.  */
180void *
181gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
182{
183  void *buffer;
184
185  buffer = gcry_xmalloc (nbytes);
186  do_randomize (buffer, nbytes, level);
187  return buffer;
188}
189
190
191/* The public function to return random data of the quality LEVEL;
192   this version of the function returns the random in a buffer allocated
193   in secure memory.  Caller must free the buffer. */
194void *
195gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
196{
197  void *buffer;
198
199  /* Historical note (1.3.0--1.4.1): The buffer was only allocated
200     in secure memory if the pool in random-csprng.c was also set to
201     use secure memory.  */
202  buffer = gcry_xmalloc_secure (nbytes);
203  do_randomize (buffer, nbytes, level);
204  return buffer;
205}
206
207
208/* Public function to fill the buffer with LENGTH bytes of
209   cryptographically strong random bytes.  Level GCRY_WEAK_RANDOM is
210   not very strong, GCRY_STRONG_RANDOM is strong enough for most
211   usage, GCRY_VERY_STRONG_RANDOM is good for key generation stuff but
212   may be very slow.  */
213void
214gcry_randomize (void *buffer, size_t length, enum gcry_random_level level)
215{
216  do_randomize (buffer, length, level);
217}
218
219
220/* This function may be used to specify the file to be used as a seed
221   file for the PRNG.  This function should be called prior to the
222   initialization of the random module.  NAME may not be NULL.  */
223void
224_gcry_set_random_seed_file (const char *name)
225{
226  if (fips_mode ())
227    ; /* No need for this in fips mode.  */
228  else
229    _gcry_rngcsprng_set_seed_file (name);
230}
231
232
233/* If a seed file has been setup, this function may be used to write
234   back the random numbers entropy pool.  */
235void
236_gcry_update_random_seed_file (void)
237{
238  if (fips_mode ())
239    ; /* No need for this in fips mode.  */
240  else
241    _gcry_rngcsprng_update_seed_file ();
242}
243
244
245
246/* The fast random pool function as called at some places in
247   libgcrypt.  This is merely a wrapper to make sure that this module
248   is initialized and to lock the pool.  Note, that this function is a
249   NOP unless a random function has been used or _gcry_initialize (1)
250   has been used.  We use this hack so that the internal use of this
251   function in cipher_open and md_open won't start filling up the
252   random pool, even if no random will be required by the process. */
253void
254_gcry_fast_random_poll (void)
255{
256  if (fips_mode ())
257    ; /* No need for this in fips mode.  */
258  else
259    _gcry_rngcsprng_fast_poll ();
260}
261
262
263
264/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */
265void
266gcry_create_nonce (void *buffer, size_t length)
267{
268  if (fips_mode ())
269    _gcry_rngfips_create_nonce (buffer, length);
270  else
271    _gcry_rngcsprng_create_nonce (buffer, length);
272}
273
274
275/* Run the self-tests for the RNG.  This is currently only implemented
276   for the FIPS generator.  */
277gpg_error_t
278_gcry_random_selftest (selftest_report_func_t report)
279{
280  if (fips_mode ())
281    return _gcry_rngfips_selftest (report);
282  else
283    return 0; /* No selftests yet.  */
284}
285
286
287/* Create a new test context for an external RNG test driver.  On
288   success the test context is stored at R_CONTEXT; on failure NULL is
289   stored at R_CONTEXT and an error code is returned.  */
290gcry_err_code_t
291_gcry_random_init_external_test (void **r_context,
292                                 unsigned int flags,
293                                 const void *key, size_t keylen,
294                                 const void *seed, size_t seedlen,
295                                 const void *dt, size_t dtlen)
296{
297  (void)flags;
298  if (fips_mode ())
299    return _gcry_rngfips_init_external_test (r_context, flags, key, keylen,
300                                             seed, seedlen,
301                                             dt, dtlen);
302  else
303    return GPG_ERR_NOT_SUPPORTED;
304}
305
306/* Get BUFLEN bytes from the RNG using the test CONTEXT and store them
307   at BUFFER.  Return 0 on success or an error code.  */
308gcry_err_code_t
309_gcry_random_run_external_test (void *context, char *buffer, size_t buflen)
310{
311  if (fips_mode ())
312    return _gcry_rngfips_run_external_test (context, buffer, buflen);
313  else
314    return GPG_ERR_NOT_SUPPORTED;
315}
316
317/* Release the test CONTEXT.  */
318void
319_gcry_random_deinit_external_test (void *context)
320{
321  if (fips_mode ())
322    _gcry_rngfips_deinit_external_test (context);
323}
324