xref: /freebsd/contrib/wpa/src/crypto/random.c (revision 4b72b91a7132df1f77bbae194e1071ac621f1edb) 
1f05cddf9SRui Paulo /*
2f05cddf9SRui Paulo  * Random number generator
3f05cddf9SRui Paulo  * Copyright (c) 2010-2011, Jouni Malinen <j@w1.fi>
4f05cddf9SRui Paulo  *
5f05cddf9SRui Paulo  * This software may be distributed under the terms of the BSD license.
6f05cddf9SRui Paulo  * See README for more details.
7f05cddf9SRui Paulo  *
8f05cddf9SRui Paulo  * This random number generator is used to provide additional entropy to the
9f05cddf9SRui Paulo  * one provided by the operating system (os_get_random()) for session key
10f05cddf9SRui Paulo  * generation. The os_get_random() output is expected to be secure and the
11f05cddf9SRui Paulo  * implementation here is expected to provide only limited protection against
12f05cddf9SRui Paulo  * cases where os_get_random() cannot provide strong randomness. This
13f05cddf9SRui Paulo  * implementation shall not be assumed to be secure as the sole source of
14f05cddf9SRui Paulo  * randomness. The random_get_bytes() function mixes in randomness from
15f05cddf9SRui Paulo  * os_get_random() and as such, calls to os_get_random() can be replaced with
16f05cddf9SRui Paulo  * calls to random_get_bytes() without reducing security.
17f05cddf9SRui Paulo  *
18f05cddf9SRui Paulo  * The design here follows partially the design used in the Linux
19f05cddf9SRui Paulo  * drivers/char/random.c, but the implementation here is simpler and not as
20f05cddf9SRui Paulo  * strong. This is a compromise to reduce duplicated CPU effort and to avoid
21f05cddf9SRui Paulo  * extra code/memory size. As pointed out above, os_get_random() needs to be
22f05cddf9SRui Paulo  * guaranteed to be secure for any of the security assumptions to hold.
23f05cddf9SRui Paulo  */
24f05cddf9SRui Paulo 
25f05cddf9SRui Paulo #include "utils/includes.h"
26f05cddf9SRui Paulo #ifdef __linux__
27f05cddf9SRui Paulo #include <fcntl.h>
284bc52338SCy Schubert #ifdef CONFIG_GETRANDOM
294bc52338SCy Schubert #include <sys/random.h>
304bc52338SCy Schubert #endif /* CONFIG_GETRANDOM */
31f05cddf9SRui Paulo #endif /* __linux__ */
32f05cddf9SRui Paulo 
33f05cddf9SRui Paulo #include "utils/common.h"
34f05cddf9SRui Paulo #include "utils/eloop.h"
35f05cddf9SRui Paulo #include "crypto/crypto.h"
36f05cddf9SRui Paulo #include "sha1.h"
37f05cddf9SRui Paulo #include "random.h"
38f05cddf9SRui Paulo 
39f05cddf9SRui Paulo #define POOL_WORDS 32
40f05cddf9SRui Paulo #define POOL_WORDS_MASK (POOL_WORDS - 1)
41f05cddf9SRui Paulo #define POOL_TAP1 26
42f05cddf9SRui Paulo #define POOL_TAP2 20
43f05cddf9SRui Paulo #define POOL_TAP3 14
44f05cddf9SRui Paulo #define POOL_TAP4 7
45f05cddf9SRui Paulo #define POOL_TAP5 1
46f05cddf9SRui Paulo #define EXTRACT_LEN 16
47f05cddf9SRui Paulo #define MIN_READY_MARK 2
48f05cddf9SRui Paulo 
49f05cddf9SRui Paulo static u32 pool[POOL_WORDS];
50f05cddf9SRui Paulo static unsigned int input_rotate = 0;
51f05cddf9SRui Paulo static unsigned int pool_pos = 0;
52*4b72b91aSCy Schubert static u8 stub_key[20];
53f05cddf9SRui Paulo #ifdef __linux__
54*4b72b91aSCy Schubert static size_t stub_key_avail = 0;
55f05cddf9SRui Paulo static int random_fd = -1;
56f05cddf9SRui Paulo #endif /* __linux__ */
57f05cddf9SRui Paulo static unsigned int own_pool_ready = 0;
58f05cddf9SRui Paulo #define RANDOM_ENTROPY_SIZE 20
59f05cddf9SRui Paulo static char *random_entropy_file = NULL;
60f05cddf9SRui Paulo 
61f05cddf9SRui Paulo #define MIN_COLLECT_ENTROPY 1000
62f05cddf9SRui Paulo static unsigned int entropy = 0;
63f05cddf9SRui Paulo static unsigned int total_collected = 0;
64f05cddf9SRui Paulo 
65f05cddf9SRui Paulo 
66f05cddf9SRui Paulo static void random_write_entropy(void);
67f05cddf9SRui Paulo 
68f05cddf9SRui Paulo 
__ROL32(u32 x,u32 y)69f05cddf9SRui Paulo static u32 __ROL32(u32 x, u32 y)
70f05cddf9SRui Paulo {
7185732ac8SCy Schubert 	if (y == 0)
7285732ac8SCy Schubert 		return x;
7385732ac8SCy Schubert 
74f05cddf9SRui Paulo 	return (x << (y & 31)) | (x >> (32 - (y & 31)));
75f05cddf9SRui Paulo }
76f05cddf9SRui Paulo 
77f05cddf9SRui Paulo 
random_mix_pool(const void * buf,size_t len)78f05cddf9SRui Paulo static void random_mix_pool(const void *buf, size_t len)
79f05cddf9SRui Paulo {
80f05cddf9SRui Paulo 	static const u32 twist[8] = {
81f05cddf9SRui Paulo 		0x00000000, 0x3b6e20c8, 0x76dc4190, 0x4db26158,
82f05cddf9SRui Paulo 		0xedb88320, 0xd6d6a3e8, 0x9b64c2b0, 0xa00ae278
83f05cddf9SRui Paulo 	};
84f05cddf9SRui Paulo 	const u8 *pos = buf;
85f05cddf9SRui Paulo 	u32 w;
86f05cddf9SRui Paulo 
87f05cddf9SRui Paulo 	wpa_hexdump_key(MSG_EXCESSIVE, "random_mix_pool", buf, len);
88f05cddf9SRui Paulo 
89f05cddf9SRui Paulo 	while (len--) {
90f05cddf9SRui Paulo 		w = __ROL32(*pos++, input_rotate & 31);
91f05cddf9SRui Paulo 		input_rotate += pool_pos ? 7 : 14;
92f05cddf9SRui Paulo 		pool_pos = (pool_pos - 1) & POOL_WORDS_MASK;
93f05cddf9SRui Paulo 		w ^= pool[pool_pos];
94f05cddf9SRui Paulo 		w ^= pool[(pool_pos + POOL_TAP1) & POOL_WORDS_MASK];
95f05cddf9SRui Paulo 		w ^= pool[(pool_pos + POOL_TAP2) & POOL_WORDS_MASK];
96f05cddf9SRui Paulo 		w ^= pool[(pool_pos + POOL_TAP3) & POOL_WORDS_MASK];
97f05cddf9SRui Paulo 		w ^= pool[(pool_pos + POOL_TAP4) & POOL_WORDS_MASK];
98f05cddf9SRui Paulo 		w ^= pool[(pool_pos + POOL_TAP5) & POOL_WORDS_MASK];
99f05cddf9SRui Paulo 		pool[pool_pos] = (w >> 3) ^ twist[w & 7];
100f05cddf9SRui Paulo 	}
101f05cddf9SRui Paulo }
102f05cddf9SRui Paulo 
103f05cddf9SRui Paulo 
random_extract(u8 * out)104f05cddf9SRui Paulo static void random_extract(u8 *out)
105f05cddf9SRui Paulo {
106f05cddf9SRui Paulo 	unsigned int i;
107f05cddf9SRui Paulo 	u8 hash[SHA1_MAC_LEN];
108f05cddf9SRui Paulo 	u32 *hash_ptr;
109f05cddf9SRui Paulo 	u32 buf[POOL_WORDS / 2];
110f05cddf9SRui Paulo 
111f05cddf9SRui Paulo 	/* First, add hash back to pool to make backtracking more difficult. */
112*4b72b91aSCy Schubert 	hmac_sha1(stub_key, sizeof(stub_key), (const u8 *) pool,
113f05cddf9SRui Paulo 		  sizeof(pool), hash);
114f05cddf9SRui Paulo 	random_mix_pool(hash, sizeof(hash));
115f05cddf9SRui Paulo 	/* Hash half the pool to extra data */
116f05cddf9SRui Paulo 	for (i = 0; i < POOL_WORDS / 2; i++)
117f05cddf9SRui Paulo 		buf[i] = pool[(pool_pos - i) & POOL_WORDS_MASK];
118*4b72b91aSCy Schubert 	hmac_sha1(stub_key, sizeof(stub_key), (const u8 *) buf,
119f05cddf9SRui Paulo 		  sizeof(buf), hash);
120f05cddf9SRui Paulo 	/*
121f05cddf9SRui Paulo 	 * Fold the hash to further reduce any potential output pattern.
122f05cddf9SRui Paulo 	 * Though, compromise this to reduce CPU use for the most common output
123f05cddf9SRui Paulo 	 * length (32) and return 16 bytes from instead of only half.
124f05cddf9SRui Paulo 	 */
125f05cddf9SRui Paulo 	hash_ptr = (u32 *) hash;
126f05cddf9SRui Paulo 	hash_ptr[0] ^= hash_ptr[4];
127f05cddf9SRui Paulo 	os_memcpy(out, hash, EXTRACT_LEN);
128f05cddf9SRui Paulo }
129f05cddf9SRui Paulo 
130f05cddf9SRui Paulo 
random_add_randomness(const void * buf,size_t len)131f05cddf9SRui Paulo void random_add_randomness(const void *buf, size_t len)
132f05cddf9SRui Paulo {
133f05cddf9SRui Paulo 	struct os_time t;
134f05cddf9SRui Paulo 	static unsigned int count = 0;
135f05cddf9SRui Paulo 
136f05cddf9SRui Paulo 	count++;
137f05cddf9SRui Paulo 	if (entropy > MIN_COLLECT_ENTROPY && (count & 0x3ff) != 0) {
138f05cddf9SRui Paulo 		/*
139f05cddf9SRui Paulo 		 * No need to add more entropy at this point, so save CPU and
140f05cddf9SRui Paulo 		 * skip the update.
141f05cddf9SRui Paulo 		 */
142f05cddf9SRui Paulo 		return;
143f05cddf9SRui Paulo 	}
144f05cddf9SRui Paulo 	wpa_printf(MSG_EXCESSIVE, "Add randomness: count=%u entropy=%u",
145f05cddf9SRui Paulo 		   count, entropy);
146f05cddf9SRui Paulo 
147f05cddf9SRui Paulo 	os_get_time(&t);
148f05cddf9SRui Paulo 	wpa_hexdump_key(MSG_EXCESSIVE, "random pool",
149f05cddf9SRui Paulo 			(const u8 *) pool, sizeof(pool));
150f05cddf9SRui Paulo 	random_mix_pool(&t, sizeof(t));
151f05cddf9SRui Paulo 	random_mix_pool(buf, len);
152f05cddf9SRui Paulo 	wpa_hexdump_key(MSG_EXCESSIVE, "random pool",
153f05cddf9SRui Paulo 			(const u8 *) pool, sizeof(pool));
154f05cddf9SRui Paulo 	entropy++;
155f05cddf9SRui Paulo 	total_collected++;
156f05cddf9SRui Paulo }
157f05cddf9SRui Paulo 
158f05cddf9SRui Paulo 
random_get_bytes(void * buf,size_t len)159f05cddf9SRui Paulo int random_get_bytes(void *buf, size_t len)
160f05cddf9SRui Paulo {
161f05cddf9SRui Paulo 	int ret;
162f05cddf9SRui Paulo 	u8 *bytes = buf;
163f05cddf9SRui Paulo 	size_t left;
164f05cddf9SRui Paulo 
165f05cddf9SRui Paulo 	wpa_printf(MSG_MSGDUMP, "Get randomness: len=%u entropy=%u",
166f05cddf9SRui Paulo 		   (unsigned int) len, entropy);
167f05cddf9SRui Paulo 
168f05cddf9SRui Paulo 	/* Start with assumed strong randomness from OS */
169f05cddf9SRui Paulo 	ret = os_get_random(buf, len);
170f05cddf9SRui Paulo 	wpa_hexdump_key(MSG_EXCESSIVE, "random from os_get_random",
171f05cddf9SRui Paulo 			buf, len);
172f05cddf9SRui Paulo 
173f05cddf9SRui Paulo 	/* Mix in additional entropy extracted from the internal pool */
174f05cddf9SRui Paulo 	left = len;
175f05cddf9SRui Paulo 	while (left) {
176f05cddf9SRui Paulo 		size_t siz, i;
177f05cddf9SRui Paulo 		u8 tmp[EXTRACT_LEN];
178f05cddf9SRui Paulo 		random_extract(tmp);
179f05cddf9SRui Paulo 		wpa_hexdump_key(MSG_EXCESSIVE, "random from internal pool",
180f05cddf9SRui Paulo 				tmp, sizeof(tmp));
181f05cddf9SRui Paulo 		siz = left > EXTRACT_LEN ? EXTRACT_LEN : left;
182f05cddf9SRui Paulo 		for (i = 0; i < siz; i++)
183f05cddf9SRui Paulo 			*bytes++ ^= tmp[i];
184f05cddf9SRui Paulo 		left -= siz;
185f05cddf9SRui Paulo 	}
186f05cddf9SRui Paulo 
187f05cddf9SRui Paulo #ifdef CONFIG_FIPS
188f05cddf9SRui Paulo 	/* Mix in additional entropy from the crypto module */
189325151a3SRui Paulo 	bytes = buf;
190f05cddf9SRui Paulo 	left = len;
191f05cddf9SRui Paulo 	while (left) {
192f05cddf9SRui Paulo 		size_t siz, i;
193f05cddf9SRui Paulo 		u8 tmp[EXTRACT_LEN];
194f05cddf9SRui Paulo 		if (crypto_get_random(tmp, sizeof(tmp)) < 0) {
195f05cddf9SRui Paulo 			wpa_printf(MSG_ERROR, "random: No entropy available "
196f05cddf9SRui Paulo 				   "for generating strong random bytes");
197f05cddf9SRui Paulo 			return -1;
198f05cddf9SRui Paulo 		}
199f05cddf9SRui Paulo 		wpa_hexdump_key(MSG_EXCESSIVE, "random from crypto module",
200f05cddf9SRui Paulo 				tmp, sizeof(tmp));
201f05cddf9SRui Paulo 		siz = left > EXTRACT_LEN ? EXTRACT_LEN : left;
202f05cddf9SRui Paulo 		for (i = 0; i < siz; i++)
203f05cddf9SRui Paulo 			*bytes++ ^= tmp[i];
204f05cddf9SRui Paulo 		left -= siz;
205f05cddf9SRui Paulo 	}
206f05cddf9SRui Paulo #endif /* CONFIG_FIPS */
207f05cddf9SRui Paulo 
208f05cddf9SRui Paulo 	wpa_hexdump_key(MSG_EXCESSIVE, "mixed random", buf, len);
209f05cddf9SRui Paulo 
210f05cddf9SRui Paulo 	if (entropy < len)
211f05cddf9SRui Paulo 		entropy = 0;
212f05cddf9SRui Paulo 	else
213f05cddf9SRui Paulo 		entropy -= len;
214f05cddf9SRui Paulo 
215f05cddf9SRui Paulo 	return ret;
216f05cddf9SRui Paulo }
217f05cddf9SRui Paulo 
218f05cddf9SRui Paulo 
random_pool_ready(void)219f05cddf9SRui Paulo int random_pool_ready(void)
220f05cddf9SRui Paulo {
221f05cddf9SRui Paulo #ifdef __linux__
222f05cddf9SRui Paulo 	int fd;
223f05cddf9SRui Paulo 	ssize_t res;
224f05cddf9SRui Paulo 
225f05cddf9SRui Paulo 	/*
226f05cddf9SRui Paulo 	 * Make sure that there is reasonable entropy available before allowing
227f05cddf9SRui Paulo 	 * some key derivation operations to proceed.
228f05cddf9SRui Paulo 	 */
229f05cddf9SRui Paulo 
230*4b72b91aSCy Schubert 	if (stub_key_avail == sizeof(stub_key))
231f05cddf9SRui Paulo 		return 1; /* Already initialized - good to continue */
232f05cddf9SRui Paulo 
233f05cddf9SRui Paulo 	/*
2344bc52338SCy Schubert 	 * Try to fetch some more data from the kernel high quality RNG.
2354bc52338SCy Schubert 	 * There may not be enough data available at this point,
236f05cddf9SRui Paulo 	 * so use non-blocking read to avoid blocking the application
237f05cddf9SRui Paulo 	 * completely.
238f05cddf9SRui Paulo 	 */
2394bc52338SCy Schubert 
2404bc52338SCy Schubert #ifdef CONFIG_GETRANDOM
241*4b72b91aSCy Schubert 	res = getrandom(stub_key + stub_key_avail,
242*4b72b91aSCy Schubert 			sizeof(stub_key) - stub_key_avail, GRND_NONBLOCK);
2434bc52338SCy Schubert 	if (res < 0) {
2444bc52338SCy Schubert 		if (errno == ENOSYS) {
2454bc52338SCy Schubert 			wpa_printf(MSG_DEBUG,
2464bc52338SCy Schubert 				   "random: getrandom() not supported, falling back to /dev/random");
2474bc52338SCy Schubert 		} else {
2484bc52338SCy Schubert 			wpa_printf(MSG_INFO,
2494bc52338SCy Schubert 				   "random: no data from getrandom(): %s",
2504bc52338SCy Schubert 				   strerror(errno));
2514bc52338SCy Schubert 			res = 0;
2524bc52338SCy Schubert 		}
2534bc52338SCy Schubert 	}
2544bc52338SCy Schubert #else /* CONFIG_GETRANDOM */
2554bc52338SCy Schubert 	res = -1;
2564bc52338SCy Schubert #endif /* CONFIG_GETRANDOM */
2574bc52338SCy Schubert 	if (res < 0) {
258f05cddf9SRui Paulo 		fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
259f05cddf9SRui Paulo 		if (fd < 0) {
2604bc52338SCy Schubert 			wpa_printf(MSG_ERROR,
2614bc52338SCy Schubert 				   "random: Cannot open /dev/random: %s",
2625b9c547cSRui Paulo 				   strerror(errno));
263f05cddf9SRui Paulo 			return -1;
264f05cddf9SRui Paulo 		}
265f05cddf9SRui Paulo 
266*4b72b91aSCy Schubert 		res = read(fd, stub_key + stub_key_avail,
267*4b72b91aSCy Schubert 			   sizeof(stub_key) - stub_key_avail);
268f05cddf9SRui Paulo 		if (res < 0) {
2694bc52338SCy Schubert 			wpa_printf(MSG_ERROR,
2704bc52338SCy Schubert 				   "random: Cannot read from /dev/random: %s",
2714bc52338SCy Schubert 				   strerror(errno));
272f05cddf9SRui Paulo 			res = 0;
273f05cddf9SRui Paulo 		}
2744bc52338SCy Schubert 		close(fd);
2754bc52338SCy Schubert 	}
2764bc52338SCy Schubert 
2774bc52338SCy Schubert 	wpa_printf(MSG_DEBUG, "random: Got %u/%u random bytes", (unsigned) res,
278*4b72b91aSCy Schubert 		   (unsigned) (sizeof(stub_key) - stub_key_avail));
279*4b72b91aSCy Schubert 	stub_key_avail += res;
280f05cddf9SRui Paulo 
281*4b72b91aSCy Schubert 	if (stub_key_avail == sizeof(stub_key)) {
282f05cddf9SRui Paulo 		if (own_pool_ready < MIN_READY_MARK)
283f05cddf9SRui Paulo 			own_pool_ready = MIN_READY_MARK;
284f05cddf9SRui Paulo 		random_write_entropy();
285f05cddf9SRui Paulo 		return 1;
286f05cddf9SRui Paulo 	}
287f05cddf9SRui Paulo 
288f05cddf9SRui Paulo 	wpa_printf(MSG_INFO, "random: Only %u/%u bytes of strong "
2894bc52338SCy Schubert 		   "random data available",
290*4b72b91aSCy Schubert 		   (unsigned) stub_key_avail, (unsigned) sizeof(stub_key));
291f05cddf9SRui Paulo 
292f05cddf9SRui Paulo 	if (own_pool_ready >= MIN_READY_MARK ||
293f05cddf9SRui Paulo 	    total_collected + 10 * own_pool_ready > MIN_COLLECT_ENTROPY) {
294f05cddf9SRui Paulo 		wpa_printf(MSG_INFO, "random: Allow operation to proceed "
295f05cddf9SRui Paulo 			   "based on internal entropy");
296f05cddf9SRui Paulo 		return 1;
297f05cddf9SRui Paulo 	}
298f05cddf9SRui Paulo 
299f05cddf9SRui Paulo 	wpa_printf(MSG_INFO, "random: Not enough entropy pool available for "
300f05cddf9SRui Paulo 		   "secure operations");
301f05cddf9SRui Paulo 	return 0;
302f05cddf9SRui Paulo #else /* __linux__ */
303f05cddf9SRui Paulo 	/* TODO: could do similar checks on non-Linux platforms */
304f05cddf9SRui Paulo 	return 1;
305f05cddf9SRui Paulo #endif /* __linux__ */
306f05cddf9SRui Paulo }
307f05cddf9SRui Paulo 
308f05cddf9SRui Paulo 
random_mark_pool_ready(void)309f05cddf9SRui Paulo void random_mark_pool_ready(void)
310f05cddf9SRui Paulo {
311f05cddf9SRui Paulo 	own_pool_ready++;
312f05cddf9SRui Paulo 	wpa_printf(MSG_DEBUG, "random: Mark internal entropy pool to be "
313f05cddf9SRui Paulo 		   "ready (count=%u/%u)", own_pool_ready, MIN_READY_MARK);
314f05cddf9SRui Paulo 	random_write_entropy();
315f05cddf9SRui Paulo }
316f05cddf9SRui Paulo 
317f05cddf9SRui Paulo 
318f05cddf9SRui Paulo #ifdef __linux__
319f05cddf9SRui Paulo 
random_close_fd(void)320f05cddf9SRui Paulo static void random_close_fd(void)
321f05cddf9SRui Paulo {
322f05cddf9SRui Paulo 	if (random_fd >= 0) {
323f05cddf9SRui Paulo 		eloop_unregister_read_sock(random_fd);
324f05cddf9SRui Paulo 		close(random_fd);
325f05cddf9SRui Paulo 		random_fd = -1;
326f05cddf9SRui Paulo 	}
327f05cddf9SRui Paulo }
328f05cddf9SRui Paulo 
329f05cddf9SRui Paulo 
random_read_fd(int sock,void * eloop_ctx,void * sock_ctx)330f05cddf9SRui Paulo static void random_read_fd(int sock, void *eloop_ctx, void *sock_ctx)
331f05cddf9SRui Paulo {
332f05cddf9SRui Paulo 	ssize_t res;
333f05cddf9SRui Paulo 
334*4b72b91aSCy Schubert 	if (stub_key_avail == sizeof(stub_key)) {
335f05cddf9SRui Paulo 		random_close_fd();
336f05cddf9SRui Paulo 		return;
337f05cddf9SRui Paulo 	}
338f05cddf9SRui Paulo 
339*4b72b91aSCy Schubert 	res = read(sock, stub_key + stub_key_avail,
340*4b72b91aSCy Schubert 		   sizeof(stub_key) - stub_key_avail);
341f05cddf9SRui Paulo 	if (res < 0) {
342f05cddf9SRui Paulo 		wpa_printf(MSG_ERROR, "random: Cannot read from /dev/random: "
343f05cddf9SRui Paulo 			   "%s", strerror(errno));
344f05cddf9SRui Paulo 		return;
345f05cddf9SRui Paulo 	}
346f05cddf9SRui Paulo 
347f05cddf9SRui Paulo 	wpa_printf(MSG_DEBUG, "random: Got %u/%u bytes from /dev/random",
348f05cddf9SRui Paulo 		   (unsigned) res,
349*4b72b91aSCy Schubert 		   (unsigned) (sizeof(stub_key) - stub_key_avail));
350*4b72b91aSCy Schubert 	stub_key_avail += res;
351f05cddf9SRui Paulo 
352*4b72b91aSCy Schubert 	if (stub_key_avail == sizeof(stub_key)) {
353f05cddf9SRui Paulo 		random_close_fd();
354f05cddf9SRui Paulo 		if (own_pool_ready < MIN_READY_MARK)
355f05cddf9SRui Paulo 			own_pool_ready = MIN_READY_MARK;
356f05cddf9SRui Paulo 		random_write_entropy();
357f05cddf9SRui Paulo 	}
358f05cddf9SRui Paulo }
359f05cddf9SRui Paulo 
360f05cddf9SRui Paulo #endif /* __linux__ */
361f05cddf9SRui Paulo 
362f05cddf9SRui Paulo 
random_read_entropy(void)363f05cddf9SRui Paulo static void random_read_entropy(void)
364f05cddf9SRui Paulo {
365f05cddf9SRui Paulo 	char *buf;
366f05cddf9SRui Paulo 	size_t len;
367f05cddf9SRui Paulo 
368f05cddf9SRui Paulo 	if (!random_entropy_file)
369f05cddf9SRui Paulo 		return;
370f05cddf9SRui Paulo 
371f05cddf9SRui Paulo 	buf = os_readfile(random_entropy_file, &len);
372f05cddf9SRui Paulo 	if (buf == NULL)
373f05cddf9SRui Paulo 		return; /* entropy file not yet available */
374f05cddf9SRui Paulo 
375f05cddf9SRui Paulo 	if (len != 1 + RANDOM_ENTROPY_SIZE) {
376f05cddf9SRui Paulo 		wpa_printf(MSG_DEBUG, "random: Invalid entropy file %s",
377f05cddf9SRui Paulo 			   random_entropy_file);
378f05cddf9SRui Paulo 		os_free(buf);
379f05cddf9SRui Paulo 		return;
380f05cddf9SRui Paulo 	}
381f05cddf9SRui Paulo 
382f05cddf9SRui Paulo 	own_pool_ready = (u8) buf[0];
383f05cddf9SRui Paulo 	random_add_randomness(buf + 1, RANDOM_ENTROPY_SIZE);
384f05cddf9SRui Paulo 	os_free(buf);
385f05cddf9SRui Paulo 	wpa_printf(MSG_DEBUG, "random: Added entropy from %s "
386f05cddf9SRui Paulo 		   "(own_pool_ready=%u)",
387f05cddf9SRui Paulo 		   random_entropy_file, own_pool_ready);
388f05cddf9SRui Paulo }
389f05cddf9SRui Paulo 
390f05cddf9SRui Paulo 
random_write_entropy(void)391f05cddf9SRui Paulo static void random_write_entropy(void)
392f05cddf9SRui Paulo {
393f05cddf9SRui Paulo 	char buf[RANDOM_ENTROPY_SIZE];
394f05cddf9SRui Paulo 	FILE *f;
395f05cddf9SRui Paulo 	u8 opr;
396f05cddf9SRui Paulo 	int fail = 0;
397f05cddf9SRui Paulo 
398f05cddf9SRui Paulo 	if (!random_entropy_file)
399f05cddf9SRui Paulo 		return;
400f05cddf9SRui Paulo 
401f05cddf9SRui Paulo 	if (random_get_bytes(buf, RANDOM_ENTROPY_SIZE) < 0)
402f05cddf9SRui Paulo 		return;
403f05cddf9SRui Paulo 
404f05cddf9SRui Paulo 	f = fopen(random_entropy_file, "wb");
405f05cddf9SRui Paulo 	if (f == NULL) {
406f05cddf9SRui Paulo 		wpa_printf(MSG_ERROR, "random: Could not open entropy file %s "
407f05cddf9SRui Paulo 			   "for writing", random_entropy_file);
408f05cddf9SRui Paulo 		return;
409f05cddf9SRui Paulo 	}
410f05cddf9SRui Paulo 
411f05cddf9SRui Paulo 	opr = own_pool_ready > 0xff ? 0xff : own_pool_ready;
412f05cddf9SRui Paulo 	if (fwrite(&opr, 1, 1, f) != 1 ||
413f05cddf9SRui Paulo 	    fwrite(buf, RANDOM_ENTROPY_SIZE, 1, f) != 1)
414f05cddf9SRui Paulo 		fail = 1;
415f05cddf9SRui Paulo 	fclose(f);
416f05cddf9SRui Paulo 	if (fail) {
417f05cddf9SRui Paulo 		wpa_printf(MSG_ERROR, "random: Could not write entropy data "
418f05cddf9SRui Paulo 			   "to %s", random_entropy_file);
419f05cddf9SRui Paulo 		return;
420f05cddf9SRui Paulo 	}
421f05cddf9SRui Paulo 
422f05cddf9SRui Paulo 	wpa_printf(MSG_DEBUG, "random: Updated entropy file %s "
423f05cddf9SRui Paulo 		   "(own_pool_ready=%u)",
424f05cddf9SRui Paulo 		   random_entropy_file, own_pool_ready);
425f05cddf9SRui Paulo }
426f05cddf9SRui Paulo 
427f05cddf9SRui Paulo 
random_init(const char * entropy_file)428f05cddf9SRui Paulo void random_init(const char *entropy_file)
429f05cddf9SRui Paulo {
430f05cddf9SRui Paulo 	os_free(random_entropy_file);
431f05cddf9SRui Paulo 	if (entropy_file)
432f05cddf9SRui Paulo 		random_entropy_file = os_strdup(entropy_file);
433f05cddf9SRui Paulo 	else
434f05cddf9SRui Paulo 		random_entropy_file = NULL;
435f05cddf9SRui Paulo 	random_read_entropy();
436f05cddf9SRui Paulo 
437f05cddf9SRui Paulo #ifdef __linux__
438f05cddf9SRui Paulo 	if (random_fd >= 0)
439f05cddf9SRui Paulo 		return;
440f05cddf9SRui Paulo 
4414bc52338SCy Schubert #ifdef CONFIG_GETRANDOM
4424bc52338SCy Schubert 	{
443*4b72b91aSCy Schubert 		u8 stub;
4444bc52338SCy Schubert 
445*4b72b91aSCy Schubert 		if (getrandom(&stub, 0, GRND_NONBLOCK) == 0 ||
4464bc52338SCy Schubert 		    errno != ENOSYS) {
4474bc52338SCy Schubert 			wpa_printf(MSG_DEBUG,
4484bc52338SCy Schubert 				   "random: getrandom() support available");
4494bc52338SCy Schubert 			return;
4504bc52338SCy Schubert 		}
4514bc52338SCy Schubert 	}
4524bc52338SCy Schubert #endif /* CONFIG_GETRANDOM */
4534bc52338SCy Schubert 
454f05cddf9SRui Paulo 	random_fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
455f05cddf9SRui Paulo 	if (random_fd < 0) {
456f05cddf9SRui Paulo 		wpa_printf(MSG_ERROR, "random: Cannot open /dev/random: %s",
4575b9c547cSRui Paulo 			   strerror(errno));
458f05cddf9SRui Paulo 		return;
459f05cddf9SRui Paulo 	}
460f05cddf9SRui Paulo 	wpa_printf(MSG_DEBUG, "random: Trying to read entropy from "
461f05cddf9SRui Paulo 		   "/dev/random");
462f05cddf9SRui Paulo 
463f05cddf9SRui Paulo 	eloop_register_read_sock(random_fd, random_read_fd, NULL, NULL);
464f05cddf9SRui Paulo #endif /* __linux__ */
465f05cddf9SRui Paulo 
466f05cddf9SRui Paulo 	random_write_entropy();
467f05cddf9SRui Paulo }
468f05cddf9SRui Paulo 
469f05cddf9SRui Paulo 
random_deinit(void)470f05cddf9SRui Paulo void random_deinit(void)
471f05cddf9SRui Paulo {
472f05cddf9SRui Paulo #ifdef __linux__
473f05cddf9SRui Paulo 	random_close_fd();
474f05cddf9SRui Paulo #endif /* __linux__ */
475f05cddf9SRui Paulo 	random_write_entropy();
476f05cddf9SRui Paulo 	os_free(random_entropy_file);
477f05cddf9SRui Paulo 	random_entropy_file = NULL;
478f05cddf9SRui Paulo }
479