1/* random.c - Random number switch 2 * Copyright (C) 2008 Free Software Foundation, Inc. 3 * 4 * This file is part of Libgcrypt. 5 * 6 * Libgcrypt is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU Lesser General Public License as 8 * published by the Free Software Foundation; either version 2.1 of 9 * the License, or (at your option) any later version. 10 * 11 * Libgcrypt is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this program; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20/* 21 This module switches between different implementations of random 22 number generators and provides a few help functions. 23 */ 24 25#include <config.h> 26#include <stdio.h> 27#include <stdlib.h> 28#include <errno.h> 29 30#include "g10lib.h" 31#include "random.h" 32#include "rand-internal.h" 33#include "ath.h" 34 35 36/* If not NULL a progress function called from certain places and the 37 opaque value passed along. Registered by 38 _gcry_register_random_progress (). */ 39static void (*progress_cb) (void *,const char*,int,int, int ); 40static void *progress_cb_data; 41 42 43 44 45/* --- Functions --- */ 46 47 48/* Used to register a progress callback. This needs to be called 49 before any threads are created. */ 50void 51_gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int), 52 void *cb_data ) 53{ 54 progress_cb = cb; 55 progress_cb_data = cb_data; 56} 57 58 59/* This progress function is currently used by the random modules to 60 give hints on how much more entropy is required. */ 61void 62_gcry_random_progress (const char *what, int printchar, int current, int total) 63{ 64 if (progress_cb) 65 progress_cb (progress_cb_data, what, printchar, current, total); 66} 67 68 69 70/* Initialize this random subsystem. If FULL is false, this function 71 merely calls the basic initialization of the module and does not do 72 anything more. Doing this is not really required but when running 73 in a threaded environment we might get a race condition 74 otherwise. */ 75void 76_gcry_random_initialize (int full) 77{ 78 if (fips_mode ()) 79 _gcry_rngfips_initialize (full); 80 else 81 _gcry_rngcsprng_initialize (full); 82} 83 84 85void 86_gcry_random_dump_stats (void) 87{ 88 if (fips_mode ()) 89 _gcry_rngfips_dump_stats (); 90 else 91 _gcry_rngcsprng_dump_stats (); 92} 93 94 95/* This function should be called during initialization and before 96 initialization of this module to place the random pools into secure 97 memory. */ 98void 99_gcry_secure_random_alloc (void) 100{ 101 if (fips_mode ()) 102 ; /* Not used; the FIPS RNG is always in secure mode. */ 103 else 104 _gcry_rngcsprng_secure_alloc (); 105} 106 107 108/* This may be called before full initialization to degrade the 109 quality of the RNG for the sake of a faster running test suite. */ 110void 111_gcry_enable_quick_random_gen (void) 112{ 113 if (fips_mode ()) 114 ; /* Not used. */ 115 else 116 _gcry_rngcsprng_enable_quick_gen (); 117} 118 119 120void 121_gcry_set_random_daemon_socket (const char *socketname) 122{ 123 if (fips_mode ()) 124 ; /* Not used. */ 125 else 126 _gcry_rngcsprng_set_daemon_socket (socketname); 127} 128 129/* With ONOFF set to 1, enable the use of the daemon. With ONOFF set 130 to 0, disable the use of the daemon. With ONOF set to -1, return 131 whether the daemon has been enabled. */ 132int 133_gcry_use_random_daemon (int onoff) 134{ 135 if (fips_mode ()) 136 return 0; /* Never enabled in fips mode. */ 137 else 138 return _gcry_rngcsprng_use_daemon (onoff); 139} 140 141 142/* This function returns true if no real RNG is available or the 143 quality of the RNG has been degraded for test purposes. */ 144int 145_gcry_random_is_faked (void) 146{ 147 if (fips_mode ()) 148 return _gcry_rngfips_is_faked (); 149 else 150 return _gcry_rngcsprng_is_faked (); 151} 152 153 154/* Add BUFLEN bytes from BUF to the internal random pool. QUALITY 155 should be in the range of 0..100 to indicate the goodness of the 156 entropy added, or -1 for goodness not known. */ 157gcry_error_t 158gcry_random_add_bytes (const void *buf, size_t buflen, int quality) 159{ 160 if (fips_mode ()) 161 return 0; /* No need for this in fips mode. */ 162 else 163 return _gcry_rngcsprng_add_bytes (buf, buflen, quality); 164} 165 166 167/* Helper function. */ 168static void 169do_randomize (void *buffer, size_t length, enum gcry_random_level level) 170{ 171 if (fips_mode ()) 172 _gcry_rngfips_randomize (buffer, length, level); 173 else 174 _gcry_rngcsprng_randomize (buffer, length, level); 175} 176 177/* The public function to return random data of the quality LEVEL. 178 Returns a pointer to a newly allocated and randomized buffer of 179 LEVEL and NBYTES length. Caller must free the buffer. */ 180void * 181gcry_random_bytes (size_t nbytes, enum gcry_random_level level) 182{ 183 void *buffer; 184 185 buffer = gcry_xmalloc (nbytes); 186 do_randomize (buffer, nbytes, level); 187 return buffer; 188} 189 190 191/* The public function to return random data of the quality LEVEL; 192 this version of the function returns the random in a buffer allocated 193 in secure memory. Caller must free the buffer. */ 194void * 195gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level) 196{ 197 void *buffer; 198 199 /* Historical note (1.3.0--1.4.1): The buffer was only allocated 200 in secure memory if the pool in random-csprng.c was also set to 201 use secure memory. */ 202 buffer = gcry_xmalloc_secure (nbytes); 203 do_randomize (buffer, nbytes, level); 204 return buffer; 205} 206 207 208/* Public function to fill the buffer with LENGTH bytes of 209 cryptographically strong random bytes. Level GCRY_WEAK_RANDOM is 210 not very strong, GCRY_STRONG_RANDOM is strong enough for most 211 usage, GCRY_VERY_STRONG_RANDOM is good for key generation stuff but 212 may be very slow. */ 213void 214gcry_randomize (void *buffer, size_t length, enum gcry_random_level level) 215{ 216 do_randomize (buffer, length, level); 217} 218 219 220/* This function may be used to specify the file to be used as a seed 221 file for the PRNG. This function should be called prior to the 222 initialization of the random module. NAME may not be NULL. */ 223void 224_gcry_set_random_seed_file (const char *name) 225{ 226 if (fips_mode ()) 227 ; /* No need for this in fips mode. */ 228 else 229 _gcry_rngcsprng_set_seed_file (name); 230} 231 232 233/* If a seed file has been setup, this function may be used to write 234 back the random numbers entropy pool. */ 235void 236_gcry_update_random_seed_file (void) 237{ 238 if (fips_mode ()) 239 ; /* No need for this in fips mode. */ 240 else 241 _gcry_rngcsprng_update_seed_file (); 242} 243 244 245 246/* The fast random pool function as called at some places in 247 libgcrypt. This is merely a wrapper to make sure that this module 248 is initialized and to lock the pool. Note, that this function is a 249 NOP unless a random function has been used or _gcry_initialize (1) 250 has been used. We use this hack so that the internal use of this 251 function in cipher_open and md_open won't start filling up the 252 random pool, even if no random will be required by the process. */ 253void 254_gcry_fast_random_poll (void) 255{ 256 if (fips_mode ()) 257 ; /* No need for this in fips mode. */ 258 else 259 _gcry_rngcsprng_fast_poll (); 260} 261 262 263 264/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */ 265void 266gcry_create_nonce (void *buffer, size_t length) 267{ 268 if (fips_mode ()) 269 _gcry_rngfips_create_nonce (buffer, length); 270 else 271 _gcry_rngcsprng_create_nonce (buffer, length); 272} 273 274 275/* Run the self-tests for the RNG. This is currently only implemented 276 for the FIPS generator. */ 277gpg_error_t 278_gcry_random_selftest (selftest_report_func_t report) 279{ 280 if (fips_mode ()) 281 return _gcry_rngfips_selftest (report); 282 else 283 return 0; /* No selftests yet. */ 284} 285 286 287/* Create a new test context for an external RNG test driver. On 288 success the test context is stored at R_CONTEXT; on failure NULL is 289 stored at R_CONTEXT and an error code is returned. */ 290gcry_err_code_t 291_gcry_random_init_external_test (void **r_context, 292 unsigned int flags, 293 const void *key, size_t keylen, 294 const void *seed, size_t seedlen, 295 const void *dt, size_t dtlen) 296{ 297 (void)flags; 298 if (fips_mode ()) 299 return _gcry_rngfips_init_external_test (r_context, flags, key, keylen, 300 seed, seedlen, 301 dt, dtlen); 302 else 303 return GPG_ERR_NOT_SUPPORTED; 304} 305 306/* Get BUFLEN bytes from the RNG using the test CONTEXT and store them 307 at BUFFER. Return 0 on success or an error code. */ 308gcry_err_code_t 309_gcry_random_run_external_test (void *context, char *buffer, size_t buflen) 310{ 311 if (fips_mode ()) 312 return _gcry_rngfips_run_external_test (context, buffer, buflen); 313 else 314 return GPG_ERR_NOT_SUPPORTED; 315} 316 317/* Release the test CONTEXT. */ 318void 319_gcry_random_deinit_external_test (void *context) 320{ 321 if (fips_mode ()) 322 _gcry_rngfips_deinit_external_test (context); 323} 324