diff options
| author | lloyd <[email protected]> | 2008-11-23 18:02:08 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2008-11-23 18:02:08 +0000 |
| commit | 1bddfc5aeffc8ece20c18b4b8f6a9a006969ff80 (patch) | |
| tree | 4d3d3bde418c6fde92c30e439939cb3b2889c3ba /src/entropy | |
| parent | 6ed33c39344921294b782f004002a942cbd82eb6 (diff) | |
Change unix_procs entropy source to be a plain EntropySource instead of
a Buffered_EntropySource. Data used in the poll is directly accumulated
into the output buffer using XOR, wrapping around as needed. The
implementation uses xor_into_buf from xor_buf.h
This is simpler and more convincingly secure than the method used
by Buffered_EntropySource. In particular the collected data is persisted
in the buffer there much longer than needed. It is also much harder for
entropy sources to signal errors or a failure to collected data using
Buffered_EntropySource. And, with the simple xor_into_buf function, it
is actually quite easy to remove without major changes.
Diffstat (limited to 'src/entropy')
| -rw-r--r-- | src/entropy/unix_procs/es_unix.cpp | 59 | ||||
| -rw-r--r-- | src/entropy/unix_procs/es_unix.h | 8 | ||||
| -rw-r--r-- | src/entropy/unix_procs/info.txt | 4 |
3 files changed, 47 insertions, 24 deletions
diff --git a/src/entropy/unix_procs/es_unix.cpp b/src/entropy/unix_procs/es_unix.cpp index 012a38ce0..2b0d1f0e7 100644 --- a/src/entropy/unix_procs/es_unix.cpp +++ b/src/entropy/unix_procs/es_unix.cpp @@ -6,6 +6,7 @@ #include <botan/es_unix.h> #include <botan/unix_cmd.h> #include <botan/parsing.h> +#include <botan/xor_buf.h> #include <algorithm> #include <sys/time.h> #include <sys/stat.h> @@ -45,48 +46,72 @@ void Unix_EntropySource::add_sources(const Unix_Program srcs[], u32bit count) /************************************************* * Unix Fast Poll * *************************************************/ -void Unix_EntropySource::do_fast_poll() +u32bit Unix_EntropySource::fast_poll(byte buf[], u32bit length) { - const char* STAT_TARGETS[] = { "/", "/tmp", "/etc/passwd", ".", "..", 0 }; + if(length == 0) + return 0; + + u32bit buf_i = 0; + + const char* STAT_TARGETS[] = { + "/", + "/tmp", + "/var/tmp", + "/usr", + "/home", + "/etc/passwd", + ".", + "..", + 0 }; for(u32bit j = 0; STAT_TARGETS[j]; j++) { struct stat statbuf; clear_mem(&statbuf, 1); ::stat(STAT_TARGETS[j], &statbuf); - add_bytes(&statbuf, sizeof(statbuf)); - } - add_bytes(::getpid()); - add_bytes(::getppid()); + buf_i = xor_into_buf(buf, buf_i, length, &statbuf, sizeof(statbuf)); + } - add_bytes(::getuid()); - add_bytes(::getgid()); - add_bytes(::geteuid()); - add_bytes(::getegid()); + u32bit ids[] = { + ::getpid(), + ::getppid(), + ::getuid(), + ::geteuid(), + ::getegid(), + ::getpgrp(), + ::getsid(0) + }; - add_bytes(::getpgrp()); - add_bytes(::getsid(0)); + for(u32bit i = 0; i != sizeof(ids); ++i) + buf_i = xor_into_buf(buf, buf_i, length, &ids[i], sizeof(ids[i])); struct ::rusage usage; clear_mem(&usage, 1); ::getrusage(RUSAGE_SELF, &usage); - add_bytes(&usage, sizeof(usage)); + buf_i = xor_into_buf(buf, buf_i, length, &usage, sizeof(usage)); ::getrusage(RUSAGE_CHILDREN, &usage); - add_bytes(&usage, sizeof(usage)); + buf_i = xor_into_buf(buf, buf_i, length, &usage, sizeof(usage)); + + return length; } /************************************************* * Unix Slow Poll * *************************************************/ -void Unix_EntropySource::do_slow_poll() +u32bit Unix_EntropySource::slow_poll(byte buf[], u32bit length) { + if(length == 0) + return 0; + const u32bit TRY_TO_GET = 16 * 1024; const u32bit MINIMAL_WORKING = 32; u32bit got = 0; + u32bit buf_i = 0; + for(u32bit j = 0; j != sources.size(); j++) { DataSource_Command pipe(sources[j].name_and_args, PATH); @@ -97,7 +122,7 @@ void Unix_EntropySource::do_slow_poll() while(!pipe.end_of_data()) { u32bit this_loop = pipe.read(buffer, buffer.size()); - add_bytes(buffer, this_loop); + buf_i = xor_into_buf(buf, buf_i, length, buffer, this_loop); got_from_src += this_loop; } @@ -107,6 +132,8 @@ void Unix_EntropySource::do_slow_poll() if(got >= TRY_TO_GET) break; } + + return length; } } diff --git a/src/entropy/unix_procs/es_unix.h b/src/entropy/unix_procs/es_unix.h index 907ebbc3a..f4af255ca 100644 --- a/src/entropy/unix_procs/es_unix.h +++ b/src/entropy/unix_procs/es_unix.h @@ -6,7 +6,7 @@ #ifndef BOTAN_ENTROPY_SRC_UNIX_H__ #define BOTAN_ENTROPY_SRC_UNIX_H__ -#include <botan/buf_es.h> +#include <botan/entropy_src.h> #include <botan/unix_cmd.h> #include <vector> @@ -15,7 +15,7 @@ namespace Botan { /************************************************* * Unix Entropy Source * *************************************************/ -class BOTAN_DLL Unix_EntropySource : public Buffered_EntropySource +class BOTAN_DLL Unix_EntropySource : public EntropySource { public: std::string name() const { return "Unix Entropy Source"; } @@ -25,8 +25,8 @@ class BOTAN_DLL Unix_EntropySource : public Buffered_EntropySource private: static void add_default_sources(std::vector<Unix_Program>&); - void do_fast_poll(); - void do_slow_poll(); + u32bit fast_poll(byte buf[], u32bit length); + u32bit slow_poll(byte buf[], u32bit length); const std::vector<std::string> PATH; std::vector<Unix_Program> sources; diff --git a/src/entropy/unix_procs/info.txt b/src/entropy/unix_procs/info.txt index 981399dbb..f16e21289 100644 --- a/src/entropy/unix_procs/info.txt +++ b/src/entropy/unix_procs/info.txt @@ -13,10 +13,6 @@ es_unix.h unix_cmd.h </add> -<requires> -buf_es -</requires> - <os> aix beos |