Home | History | Annotate | Download | only in crypto
      1 /*
      2  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
      3  * Use is subject to license terms.
      4  */
      5 
      6 #pragma ident	"%Z%%M%	%I%	%E% SMI"
      7 
      8 /*
      9  * Copyright (C) 1998 by the FundsXpress, INC.
     10  *
     11  * All rights reserved.
     12  *
     13  * Export of this software from the United States of America may require
     14  * a specific license from the United States Government.  It is the
     15  * responsibility of any person or organization contemplating export to
     16  * obtain such a license before exporting.
     17  *
     18  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
     19  * distribute this software and its documentation for any purpose and
     20  * without fee is hereby granted, provided that the above copyright
     21  * notice appear in all copies and that both that copyright notice and
     22  * this permission notice appear in supporting documentation, and that
     23  * the name of FundsXpress. not be used in advertising or publicity pertaining
     24  * to distribution of the software without specific, written prior
     25  * permission.  FundsXpress makes no representations about the suitability of
     26  * this software for any purpose.  It is provided "as is" without express
     27  * or implied warranty.
     28  */
     29 
     30 #include <k5-int.h>
     31 
     32 #ifdef _KERNEL
     33 #include <sys/random.h>
     34 #endif
     35 
     36 #ifndef _KERNEL
     37 
     38 /*
     39  * Solaris kerberos:  we don't need a random number generator
     40  * for the /dev/[u]random, as it uses entropy in the kernel.
     41  * Keep this function as some apps might call it directly.
     42  */
     43 
     44 /*ARGSUSED*/
     45 krb5_error_code KRB5_CALLCONV
     46 krb5_c_random_seed(krb5_context context, krb5_data *data)
     47 {
     48 	/*
     49 	 * We can't do much if this fails, so ignore the
     50 	 * return code.  /dev/urandom has its own entropy
     51 	 * source, so seeding it from here is of questionable
     52 	 * value in the first place.
     53 	 */
     54 	(void) C_SeedRandom(krb_ctx_hSession(context),
     55 		(CK_BYTE_PTR)data->data,
     56 		(CK_ULONG)data->length);
     57 
     58 	return(0);
     59 }
     60 #endif /* !_KERNEL */
     61 
     62 /*
     63  * krb5_get_random_octets
     64  *   New for Solaris 9.  This routine takes advantage of the new
     65  * /dev/[u]random interface provided in Solaris 9 for getting random
     66  * bytes generated from the kernel.  The entropy produced there is generally
     67  * considered better than the current MIT PRNG code that we are replacing.
     68  *
     69  * This func is visible so that it can be used to generate a
     70  * random confounder.
     71  */
     72 
     73 #ifndef _KERNEL
     74 
     75 #endif /* ! _KERNEL */
     76 
     77 /*
     78  * We can assume that the memory for data is already malloc'd.
     79  * Return an error if there is an error, but don't clear the data->length
     80  * or free data->data.  This will be done by the calling function.
     81  */
     82 
     83 /*ARGSUSED*/
     84 krb5_error_code KRB5_CALLCONV
     85 krb5_c_random_make_octets(krb5_context context, krb5_data *data)
     86 {
     87 /*
     88  * Solaris kerberos uses /dev/[u]random
     89  */
     90 #ifndef _KERNEL /* User space code */
     91 
     92     krb5_error_code err = 0;
     93     CK_RV rv;
     94 
     95     KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, user space using "
     96 	"krb5_get_random_octets()\n");
     97 
     98     rv = C_GenerateRandom(krb_ctx_hSession(context), (CK_BYTE_PTR)data->data,
     99 		(CK_ULONG)data->length);
    100 
    101     if (rv != CKR_OK) {
    102 	KRB5_LOG(KRB5_ERR, "C_GenerateRandom failed in "
    103 		"krb5_c_random_make_octets: rv = 0x%x.", rv);
    104 	err = PKCS_ERR;
    105     }
    106     if (err != 0) {
    107 	KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, error");
    108 	return (err);
    109     }
    110 
    111 #else  /* Kernel code section */
    112 
    113     /*
    114      * Solaris Kerberos: for kernel code we use the randomness generator native
    115      * to Solaris 9.  We avoid global variables and other nastiness this way.
    116      *
    117      * Using random_get_pseudo_bytes() instead of random_get_bytes() because it
    118      * will not return an error code if there isn't enough entropy but will use
    119      * a pseudo random algorithm to produce randomness.  Most of the time it
    120      * should be as good as random_get_bytes() and we don't have to worry about
    121      * dealing with a non-fatal error.
    122      */
    123     KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, kernel using "
    124 	    "random_get_pseudo_bytes()\n ");
    125 
    126     if(random_get_pseudo_bytes((uint8_t *)data->data, data->length) != 0) {
    127 	KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, "
    128 		"random_get_pseudo_bytes() error.\n");
    129 	return(KRB5_CRYPTO_INTERNAL);
    130     }
    131 
    132 #endif /* !_KERNEL */
    133 
    134     KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() end\n");
    135     return(0);
    136 }
    137