1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Random Number Generation Functions 28 * (as defined in PKCS#11 spec section 11.15) 29 * 30 */ 31 32 #include <sys/types.h> 33 #include <sys/stat.h> 34 #include <fcntl.h> 35 #include <errno.h> 36 #include <string.h> 37 38 #include "metaGlobal.h" 39 40 /* 41 * meta_SeedRandom 42 * 43 * Unlike most other metaslot functions, meta_SeedRandom does not distribute 44 * the call to a specific provider. Rather, we assume that the /dev/urandom 45 * implementation is a kCF consumer, and is pulling randomness from everywhere 46 * it can. Thus, by seeding /dev/urandom we let kCF potentially do all the 47 * work. 48 * 49 * NOTES: 50 * 1) /dev/urandom vs. /dev/random... Unfortunately P11 does not allow app 51 * to request a "quality", so we'll just assume urandom is good enough. 52 * Concerned apps can pull hardcore randomness from specific places they 53 * trust (eg by checking for CKF_HW?).. 54 * 55 */ 56 CK_RV 57 meta_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, 58 CK_ULONG ulSeedLen) 59 { 60 CK_RV rv; 61 meta_session_t *session; 62 ssize_t n; 63 64 if (pSeed == NULL || ulSeedLen == 0) 65 return (CKR_ARGUMENTS_BAD); 66 67 /* Just check handle for validity, we don't need it for anything. */ 68 rv = meta_handle2session(hSession, &session); 69 if (rv != CKR_OK) 70 return (rv); 71 REFRELEASE(session); 72 73 if (meta_urandom_seed_fd < 0) { 74 (void) pthread_mutex_lock(&initmutex); 75 /* Check again holding the mutex */ 76 if (meta_urandom_seed_fd < 0) { 77 meta_urandom_seed_fd = open_nointr(RANDOM_DEVICE, 78 O_WRONLY); 79 if (meta_urandom_seed_fd < 0) { 80 (void) pthread_mutex_unlock(&initmutex); 81 if (errno == EACCES) 82 return (CKR_RANDOM_SEED_NOT_SUPPORTED); 83 return (CKR_DEVICE_ERROR); 84 } 85 } 86 (void) pthread_mutex_unlock(&initmutex); 87 } 88 89 n = writen_nointr(meta_urandom_seed_fd, pSeed, ulSeedLen); 90 if (n <= 0) { 91 return (CKR_DEVICE_ERROR); 92 } 93 94 return (CKR_OK); 95 } 96 97 /* 98 * meta_GenerateRandom 99 * 100 * Unlike most other metaslot functions, meta_GenerateRandom does not distribute 101 * the call to a specific provider. Rather, we assume that the /dev/urandom 102 * implementation is a kCF consumer, and is pulling randomness from everywhere 103 * it can. Thus, by reading /dev/urandom we let kCF potentially do all the 104 * work. 105 * 106 */ 107 CK_RV 108 meta_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, 109 CK_ULONG ulRandomLen) 110 { 111 CK_RV rv; 112 meta_session_t *session; 113 int fd; 114 ssize_t n; 115 116 if (pRandomData == NULL || ulRandomLen < 1) 117 return (CKR_ARGUMENTS_BAD); 118 119 /* Just check handle for validity, we don't need it for anything. */ 120 rv = meta_handle2session(hSession, &session); 121 if (rv != CKR_OK) 122 return (rv); 123 REFRELEASE(session); 124 125 fd = open_nointr(RANDOM_DEVICE, O_RDONLY); 126 if (fd == -1) { 127 return (CKR_DEVICE_ERROR); 128 } 129 130 n = readn_nointr(fd, pRandomData, ulRandomLen); 131 if (n <= 0) { 132 (void) close(fd); 133 return (CKR_DEVICE_ERROR); 134 } 135 136 (void) close(fd); 137 138 return (CKR_OK); 139 } 140