aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/entropy
diff options
context:
space:
mode:
authorAlexander Bluhm <[email protected]>2017-03-27 19:29:55 +0200
committerAlexander Bluhm <[email protected]>2017-03-29 02:58:18 +0200
commit7160abdedc9dce303b7786b54feb08bbe26d7d72 (patch)
tree8ba60ea8bd7d30fa03db5c2f963608718bbad8c3 /src/lib/entropy
parent0a45b6d563c9faf87143334f43abf8afec0335d8 (diff)
Use getentropy(2) as random source.
Gather entropy from system call getentropy(2). This is available since in OpenBSD 5.6 and Solaris 11.3. It can provide up to 256 bytes entropy from the kernel without blocking. As a system call it does not need a file descriptor and works in chroot(2) environments without device nodes.
Diffstat (limited to 'src/lib/entropy')
-rw-r--r--src/lib/entropy/entropy_srcs.cpp11
-rw-r--r--src/lib/entropy/getentropy/getentropy.cpp30
-rw-r--r--src/lib/entropy/getentropy/getentropy.h28
-rw-r--r--src/lib/entropy/getentropy/info.txt9
4 files changed, 78 insertions, 0 deletions
diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp
index 252be4fa1..d9d5cfe4b 100644
--- a/src/lib/entropy/entropy_srcs.cpp
+++ b/src/lib/entropy/entropy_srcs.cpp
@@ -36,6 +36,10 @@
#include <botan/internal/darwin_secrandom.h>
#endif
+#if defined(BOTAN_HAS_ENTROPY_SRC_GETENTROPY)
+ #include <botan/internal/getentropy.h>
+#endif
+
namespace Botan {
std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
@@ -61,6 +65,13 @@ std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
#endif
}
+ if(name == "getentropy")
+ {
+#if defined(BOTAN_HAS_ENTROPY_SRC_GETENTROPY)
+ return std::unique_ptr<Entropy_Source>(new Getentropy);
+#endif
+ }
+
if(name == "dev_random")
{
#if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM)
diff --git a/src/lib/entropy/getentropy/getentropy.cpp b/src/lib/entropy/getentropy/getentropy.cpp
new file mode 100644
index 000000000..56c356eba
--- /dev/null
+++ b/src/lib/entropy/getentropy/getentropy.cpp
@@ -0,0 +1,30 @@
+/*
+* System Call getentropy(2)
+* (C) 2017 Alexander Bluhm (genua GmbH)
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/internal/getentropy.h>
+
+#include <unistd.h>
+
+namespace Botan {
+
+/**
+* Gather BOTAN_SYSTEM_RNG_POLL_REQUEST bytes entropy from getentropy(2).
+* This is 64 bytes, note that maximum buffer size is limited to 256 bytes.
+*/
+size_t Getentropy::poll(RandomNumberGenerator& rng)
+ {
+ secure_vector<uint8_t> buf(BOTAN_SYSTEM_RNG_POLL_REQUEST);
+
+ if(::getentropy(buf.data(), buf.size()) == 0)
+ {
+ rng.add_entropy(buf.data(), buf.size());
+ return buf.size() * 8;
+ }
+
+ return 0;
+ }
+}
diff --git a/src/lib/entropy/getentropy/getentropy.h b/src/lib/entropy/getentropy/getentropy.h
new file mode 100644
index 000000000..ebc49320b
--- /dev/null
+++ b/src/lib/entropy/getentropy/getentropy.h
@@ -0,0 +1,28 @@
+/*
+* Entropy Source Using OpenBSD getentropy(2) system call
+* (C) 2017 Alexander Bluhm (genua GmbH)
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_ENTROPY_SRC_GETENTROPY_H__
+#define BOTAN_ENTROPY_SRC_GETENTROPY_H__
+
+#include <botan/entropy_src.h>
+
+namespace Botan {
+
+/**
+* Entropy source using the getentropy(2) sustem call first introduced in
+* OpenBSD 5.6 and added to Solaris 11.3.
+*/
+class Getentropy final : public Entropy_Source
+ {
+ public:
+ std::string name() const override { return "getentropy"; }
+ size_t poll(RandomNumberGenerator& rng) override;
+ };
+
+}
+
+#endif
diff --git a/src/lib/entropy/getentropy/info.txt b/src/lib/entropy/getentropy/info.txt
new file mode 100644
index 000000000..89e7b120d
--- /dev/null
+++ b/src/lib/entropy/getentropy/info.txt
@@ -0,0 +1,9 @@
+define ENTROPY_SRC_GETENTROPY 20170327
+
+<header:internal>
+getentropy.h
+</header:internal>
+
+<os>
+openbsd
+</os>