Damien Miller | 040f383 | 2000-04-03 14:50:43 +1000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2000 Damien Miller. All rights reserved. |
| 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions |
| 6 | * are met: |
| 7 | * 1. Redistributions of source code must retain the above copyright |
| 8 | * notice, this list of conditions and the following disclaimer. |
| 9 | * 2. Redistributions in binary form must reproduce the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer in the |
| 11 | * documentation and/or other materials provided with the distribution. |
| 12 | * 3. All advertising materials mentioning features or use of this software |
| 13 | * must display the following acknowledgement: |
| 14 | * This product includes software developed by Markus Friedl. |
| 15 | * 4. The name of the author may not be used to endorse or promote products |
| 16 | * derived from this software without specific prior written permission. |
| 17 | * |
| 18 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 19 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 20 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 21 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 22 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 23 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 24 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 28 | */ |
| 29 | |
| 30 | #include "includes.h" |
| 31 | |
| 32 | #include "ssh.h" |
| 33 | #include "xmalloc.h" |
| 34 | |
| 35 | #ifdef HAVE_OPENSSL |
| 36 | # include <openssl/rand.h> |
| 37 | # include <openssl/sha.h> |
| 38 | #endif |
| 39 | #ifdef HAVE_SSL |
| 40 | # include <ssl/rand.h> |
| 41 | # include <ssl/sha.h> |
| 42 | #endif |
| 43 | |
| 44 | RCSID("$Id: entropy.c,v 1.1 2000/04/03 04:50:45 damien Exp $"); |
| 45 | |
| 46 | #ifdef EGD_SOCKET |
| 47 | #ifndef offsetof |
| 48 | # define offsetof(type, member) ((size_t) &((type *)0)->member) |
| 49 | #endif |
| 50 | /* Collect entropy from EGD */ |
| 51 | void get_random_bytes(unsigned char *buf, int len) |
| 52 | { |
| 53 | static int egd_socket = -1; |
| 54 | int c; |
| 55 | char egd_message[2] = { 0x02, 0x00 }; |
| 56 | struct sockaddr_un addr; |
| 57 | int addr_len; |
| 58 | |
| 59 | memset(&addr, '\0', sizeof(addr)); |
| 60 | addr.sun_family = AF_UNIX; |
| 61 | |
| 62 | /* FIXME: compile time check? */ |
| 63 | if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path)) |
| 64 | fatal("Random pool path is too long"); |
| 65 | |
| 66 | strcpy(addr.sun_path, EGD_SOCKET); |
| 67 | |
| 68 | addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET); |
| 69 | |
| 70 | if (egd_socket == -1) { |
| 71 | egd_socket = socket(AF_UNIX, SOCK_STREAM, 0); |
| 72 | if (egd_socket == -1) |
| 73 | fatal("Couldn't create AF_UNIX socket: %s", strerror(errno)); |
| 74 | if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1) |
| 75 | fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno)); |
| 76 | } |
| 77 | |
| 78 | if (len > 255) |
| 79 | fatal("Too many bytes to read from EGD"); |
| 80 | |
| 81 | /* Send blocking read request to EGD */ |
| 82 | egd_message[1] = len; |
| 83 | |
| 84 | c = atomicio(write, egd_socket, egd_message, sizeof(egd_message)); |
| 85 | if (c == -1) |
| 86 | fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); |
| 87 | |
| 88 | c = atomicio(read, egd_socket, buf, len); |
| 89 | if (c <= 0) |
| 90 | fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); |
| 91 | |
| 92 | close(EGD_SOCKET); |
| 93 | } |
| 94 | #else /* !EGD_SOCKET */ |
| 95 | #ifdef RANDOM_POOL |
| 96 | /* Collect entropy from /dev/urandom or pipe */ |
| 97 | void get_random_bytes(unsigned char *buf, int len) |
| 98 | { |
| 99 | static int random_pool = -1; |
| 100 | int c; |
| 101 | |
| 102 | if (random_pool == -1) { |
| 103 | random_pool = open(RANDOM_POOL, O_RDONLY); |
| 104 | if (random_pool == -1) |
| 105 | fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); |
| 106 | } |
| 107 | |
| 108 | verbose("randfd: %i", random_pool); |
| 109 | |
| 110 | c = atomicio(read, random_pool, buf, len); |
| 111 | if (c <= 0) |
| 112 | fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); |
| 113 | } |
| 114 | #endif /* RANDOM_POOL */ |
| 115 | #endif /* EGD_SOCKET */ |
| 116 | |
| 117 | #if !defined(EGD_SOCKET) && !defined(RANDOM_POOL) |
| 118 | /* |
| 119 | * FIXME: proper entropy estimations. All current values are guesses |
| 120 | * FIXME: Need timeout for slow moving programs |
| 121 | * FIXME: More entropy sources |
| 122 | */ |
| 123 | |
| 124 | double stir_from_system(void); |
| 125 | double stir_from_programs(void); |
| 126 | double stir_gettimeofday(double entropy_estimate); |
| 127 | double stir_clock(double entropy_estimate); |
| 128 | double stir_rusage(int who, double entropy_estimate); |
| 129 | double hash_output_from_command(const char *path, const char **args, char *hash); |
| 130 | |
| 131 | typedef struct |
| 132 | { |
| 133 | /* Proportion of data that is entropy */ |
| 134 | double rate; |
| 135 | /* Path to executable */ |
| 136 | const char *path; |
| 137 | /* argv to pass to executable */ |
| 138 | const char *args[5]; |
| 139 | } entropy_source_t; |
| 140 | |
| 141 | entropy_source_t entropy_sources[] = { |
| 142 | #ifdef PROG_LS |
| 143 | { 0.002, PROG_LS, { "ls", "-alni", "/var/log", NULL } }, |
| 144 | { 0.002, PROG_LS, { "ls", "-alni", "/var/adm", NULL } }, |
| 145 | { 0.002, PROG_LS, { "ls", "-alni", "/var/mail", NULL } }, |
| 146 | { 0.002, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } }, |
| 147 | { 0.002, PROG_LS, { "ls", "-alni", "/proc", NULL } }, |
| 148 | { 0.002, PROG_LS, { "ls", "-alni", "/tmp", NULL } }, |
| 149 | #endif |
| 150 | #ifdef PROG_NETSTAT |
| 151 | { 0.005, PROG_NETSTAT, { "netstat","-an", NULL, NULL } }, |
| 152 | { 0.010, PROG_NETSTAT, { "netstat","-in", NULL, NULL } }, |
| 153 | { 0.002, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } }, |
| 154 | { 0.002, PROG_NETSTAT, { "netstat","-s", NULL, NULL } }, |
| 155 | #endif |
| 156 | #ifdef PROG_ARP |
| 157 | { 0.002, PROG_ARP, { "arp","-a","-n", NULL } }, |
| 158 | #endif |
| 159 | #ifdef PROG_IFCONFIG |
| 160 | { 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } }, |
| 161 | #endif |
| 162 | #ifdef PROG_PS |
| 163 | { 0.003, PROG_PS, { "ps", "laxww", NULL, NULL } }, |
| 164 | { 0.003, PROG_PS, { "ps", "-al", NULL, NULL } }, |
| 165 | { 0.003, PROG_PS, { "ps", "-efl", NULL, NULL } }, |
| 166 | #endif |
| 167 | #ifdef PROG_W |
| 168 | { 0.005, PROG_W, { "w", NULL, NULL, NULL } }, |
| 169 | #endif |
| 170 | #ifdef PROG_WHO |
| 171 | { 0.001, PROG_WHO, { "who","-i", NULL, NULL } }, |
| 172 | #endif |
| 173 | #ifdef PROG_LAST |
| 174 | { 0.001, PROG_LAST, { "last", NULL, NULL, NULL } }, |
| 175 | #endif |
| 176 | #ifdef PROG_LASTLOG |
| 177 | { 0.001, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } }, |
| 178 | #endif |
| 179 | #ifdef PROG_DF |
| 180 | { 0.010, PROG_DF, { "df", NULL, NULL, NULL } }, |
| 181 | { 0.010, PROG_DF, { "df", "-i", NULL, NULL } }, |
| 182 | #endif |
| 183 | #ifdef PROG_VMSTAT |
| 184 | { 0.010, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } }, |
| 185 | #endif |
| 186 | #ifdef PROG_UPTIME |
| 187 | { 0.001, PROG_UPTIME, { "uptime", NULL, NULL, NULL } }, |
| 188 | #endif |
| 189 | #ifdef PROG_IPCS |
| 190 | { 0.001, PROG_IPCS, { "-a", NULL, NULL, NULL } }, |
| 191 | #endif |
| 192 | #ifdef PROG_TAIL |
| 193 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } }, |
| 194 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } }, |
| 195 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } }, |
| 196 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } }, |
| 197 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } }, |
| 198 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } }, |
| 199 | #endif |
| 200 | { 0.000, NULL, { NULL, NULL, NULL, NULL, NULL } }, |
| 201 | }; |
| 202 | |
| 203 | |
| 204 | double |
| 205 | stir_from_system(void) |
| 206 | { |
| 207 | double total_entropy_estimate; |
| 208 | long int i; |
| 209 | |
| 210 | total_entropy_estimate = 0; |
| 211 | |
| 212 | i = getpid(); |
| 213 | RAND_add(&i, sizeof(i), 0.1); |
| 214 | total_entropy_estimate += 0.1; |
| 215 | |
| 216 | i = getppid(); |
| 217 | RAND_add(&i, sizeof(i), 0.1); |
| 218 | total_entropy_estimate += 0.1; |
| 219 | |
| 220 | i = getuid(); |
| 221 | RAND_add(&i, sizeof(i), 0.0); |
| 222 | i = getgid(); |
| 223 | RAND_add(&i, sizeof(i), 0.0); |
| 224 | |
| 225 | total_entropy_estimate += stir_gettimeofday(1.0); |
| 226 | total_entropy_estimate += stir_clock(0.2); |
| 227 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); |
| 228 | |
| 229 | return(total_entropy_estimate); |
| 230 | } |
| 231 | |
| 232 | double |
| 233 | stir_from_programs(void) |
| 234 | { |
| 235 | int i; |
| 236 | int c; |
| 237 | double entropy_estimate; |
| 238 | double total_entropy_estimate; |
| 239 | char hash[SHA_DIGEST_LENGTH]; |
| 240 | |
| 241 | /* |
| 242 | * Run through list of programs twice to catch differences |
| 243 | */ |
| 244 | total_entropy_estimate = 0; |
| 245 | for(i = 0; i < 2; i++) { |
| 246 | c = 0; |
| 247 | while (entropy_sources[c].path != NULL) { |
| 248 | /* Hash output from command */ |
| 249 | entropy_estimate = hash_output_from_command(entropy_sources[c].path, |
| 250 | entropy_sources[c].args, hash); |
| 251 | |
| 252 | /* Scale back entropy estimate according to command's rate */ |
| 253 | entropy_estimate *= entropy_sources[c].rate; |
| 254 | |
| 255 | /* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */ |
| 256 | if (entropy_estimate > SHA_DIGEST_LENGTH) |
| 257 | entropy_estimate = SHA_DIGEST_LENGTH; |
| 258 | |
| 259 | /* * Scale back estimates for subsequent passes through list */ |
| 260 | entropy_estimate /= 10.0 * (i + 1.0); |
| 261 | |
| 262 | /* Stir it in */ |
| 263 | RAND_add(hash, sizeof(hash), entropy_estimate); |
| 264 | |
| 265 | /* FIXME: turn this off later */ |
| 266 | #if 1 |
| 267 | debug("Got %0.2f bytes of entropy from %s", entropy_estimate, |
| 268 | entropy_sources[c].path); |
| 269 | #endif |
| 270 | |
| 271 | total_entropy_estimate += entropy_estimate; |
| 272 | |
| 273 | /* Execution times should be a little unpredictable */ |
| 274 | total_entropy_estimate += stir_gettimeofday(0.05); |
| 275 | total_entropy_estimate += stir_clock(0.05); |
| 276 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1); |
| 277 | total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1); |
| 278 | |
| 279 | c++; |
| 280 | } |
| 281 | } |
| 282 | |
| 283 | return(total_entropy_estimate); |
| 284 | } |
| 285 | |
| 286 | double |
| 287 | stir_gettimeofday(double entropy_estimate) |
| 288 | { |
| 289 | struct timeval tv; |
| 290 | |
| 291 | if (gettimeofday(&tv, NULL) == -1) |
| 292 | fatal("Couldn't gettimeofday: %s", strerror(errno)); |
| 293 | |
| 294 | RAND_add(&tv, sizeof(tv), entropy_estimate); |
| 295 | |
| 296 | return(entropy_estimate); |
| 297 | } |
| 298 | |
| 299 | double |
| 300 | stir_clock(double entropy_estimate) |
| 301 | { |
| 302 | #ifdef HAVE_CLOCK |
| 303 | clock_t c; |
| 304 | |
| 305 | c = clock(); |
| 306 | RAND_add(&c, sizeof(c), entropy_estimate); |
| 307 | |
| 308 | return(entropy_estimate); |
| 309 | #else /* _HAVE_CLOCK */ |
| 310 | return(0); |
| 311 | #endif /* _HAVE_CLOCK */ |
| 312 | } |
| 313 | |
| 314 | double |
| 315 | stir_rusage(int who, double entropy_estimate) |
| 316 | { |
| 317 | #ifdef HAVE_GETRUSAGE |
| 318 | struct rusage ru; |
| 319 | |
| 320 | if (getrusage(who, &ru) == -1) |
| 321 | fatal("Couldn't getrusage: %s", strerror(errno)); |
| 322 | |
| 323 | RAND_add(&ru, sizeof(ru), 0.1); |
| 324 | |
| 325 | return(entropy_estimate); |
| 326 | #else /* _HAVE_GETRUSAGE */ |
| 327 | return(0); |
| 328 | #endif /* _HAVE_GETRUSAGE */ |
| 329 | } |
| 330 | |
| 331 | double |
| 332 | hash_output_from_command(const char *path, const char **args, char *hash) |
| 333 | { |
| 334 | static int devnull = -1; |
| 335 | int p[2]; |
| 336 | pid_t pid; |
| 337 | int status; |
| 338 | char buf[2048]; |
| 339 | int bytes_read; |
| 340 | int total_bytes_read; |
| 341 | SHA_CTX sha; |
| 342 | |
| 343 | if (devnull == -1) { |
| 344 | devnull = open("/dev/null", O_RDWR); |
| 345 | if (devnull == -1) |
| 346 | fatal("Couldn't open /dev/null: %s", strerror(errno)); |
| 347 | } |
| 348 | |
| 349 | if (pipe(p) == -1) |
| 350 | fatal("Couldn't open pipe: %s", strerror(errno)); |
| 351 | |
| 352 | switch (pid = fork()) { |
| 353 | case -1: /* Error */ |
| 354 | close(p[0]); |
| 355 | close(p[1]); |
| 356 | fatal("Couldn't fork: %s", strerror(errno)); |
| 357 | /* NOTREACHED */ |
| 358 | case 0: /* Child */ |
| 359 | close(0); |
| 360 | close(1); |
| 361 | close(2); |
| 362 | dup2(devnull, 0); |
| 363 | dup2(p[1], 1); |
| 364 | dup2(p[1], 2); |
| 365 | close(p[0]); |
| 366 | close(p[1]); |
| 367 | close(devnull); |
| 368 | |
| 369 | execv(path, (char**)args); |
| 370 | debug("(child) Couldn't exec '%s': %s", path, strerror(errno)); |
| 371 | _exit(-1); |
| 372 | default: /* Parent */ |
| 373 | break; |
| 374 | } |
| 375 | |
| 376 | RAND_add(&pid, sizeof(&pid), 0.0); |
| 377 | |
| 378 | close(p[1]); |
| 379 | |
| 380 | /* Hash output from child */ |
| 381 | SHA1_Init(&sha); |
| 382 | total_bytes_read = 0; |
| 383 | while ((bytes_read = read(p[0], buf, sizeof(buf))) > 0) { |
| 384 | SHA1_Update(&sha, buf, bytes_read); |
| 385 | total_bytes_read += bytes_read; |
| 386 | RAND_add(&bytes_read, sizeof(&bytes_read), 0.0); |
| 387 | } |
| 388 | SHA1_Final(hash, &sha); |
| 389 | |
| 390 | close(p[0]); |
| 391 | |
| 392 | if (waitpid(pid, &status, 0) == -1) { |
| 393 | error("Couldn't wait for child '%s' completion: %s", path, |
| 394 | strerror(errno)); |
| 395 | return(-1); |
| 396 | } |
| 397 | |
| 398 | RAND_add(&status, sizeof(&status), 0.0); |
| 399 | |
| 400 | if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) |
| 401 | return(0.0); |
| 402 | else |
| 403 | return(total_bytes_read); |
| 404 | } |
| 405 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ |
| 406 | |
| 407 | #if defined(EGD_SOCKET) || defined(RANDOM_POOL) |
| 408 | /* |
| 409 | * Seed OpenSSL's random number pool from Kernel random number generator |
| 410 | * or EGD |
| 411 | */ |
| 412 | void |
| 413 | seed_rng(void) |
| 414 | { |
| 415 | char buf[32]; |
| 416 | |
| 417 | debug("Seeding random number generator"); |
| 418 | get_random_bytes(buf, sizeof(buf)); |
| 419 | RAND_add(buf, sizeof(buf), sizeof(buf)); |
| 420 | memset(buf, '\0', sizeof(buf)); |
| 421 | } |
| 422 | #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ |
| 423 | /* |
| 424 | * Conditionally Seed OpenSSL's random number pool syscalls and program output |
| 425 | */ |
| 426 | void |
| 427 | seed_rng(void) |
| 428 | { |
| 429 | if (!RAND_status()) { |
| 430 | debug("Seeding random number generator."); |
| 431 | debug("%i bytes from system calls", (int)stir_from_system()); |
| 432 | debug("%i bytes from programs", (int)stir_from_programs()); |
| 433 | debug("OpenSSL random status is now %i\n", RAND_status()); |
| 434 | } |
| 435 | } |
| 436 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ |