From 7160abdedc9dce303b7786b54feb08bbe26d7d72 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Mon, 27 Mar 2017 19:29:55 +0200 Subject: Use getentropy(2) as random source. Gather entropy from system call getentropy(2). This is available since in OpenBSD 5.6 and Solaris 11.3. It can provide up to 256 bytes entropy from the kernel without blocking. As a system call it does not need a file descriptor and works in chroot(2) environments without device nodes. --- src/build-data/buildh.in | 2 +- src/lib/entropy/entropy_srcs.cpp | 11 +++++++++++ src/lib/entropy/getentropy/getentropy.cpp | 30 ++++++++++++++++++++++++++++++ src/lib/entropy/getentropy/getentropy.h | 28 ++++++++++++++++++++++++++++ src/lib/entropy/getentropy/info.txt | 9 +++++++++ 5 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 src/lib/entropy/getentropy/getentropy.cpp create mode 100644 src/lib/entropy/getentropy/getentropy.h create mode 100644 src/lib/entropy/getentropy/info.txt (limited to 'src') diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 1c389fe02..393bcc4fb 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -122,7 +122,7 @@ * seriously broken system RNG. */ #define BOTAN_ENTROPY_DEFAULT_SOURCES \ - { "rdseed", "rdrand", "darwin_secrandom", "dev_random", \ + { "rdseed", "rdrand", "darwin_secrandom", "getentropy", "dev_random", \ "win32_cryptoapi", "proc_walk", "system_stats" } diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp index 252be4fa1..d9d5cfe4b 100644 --- a/src/lib/entropy/entropy_srcs.cpp +++ b/src/lib/entropy/entropy_srcs.cpp @@ -36,6 +36,10 @@ #include #endif +#if defined(BOTAN_HAS_ENTROPY_SRC_GETENTROPY) + #include +#endif + namespace Botan { std::unique_ptr Entropy_Source::create(const std::string& name) @@ -61,6 +65,13 @@ std::unique_ptr Entropy_Source::create(const std::string& name) #endif } + if(name == "getentropy") + { +#if defined(BOTAN_HAS_ENTROPY_SRC_GETENTROPY) + return std::unique_ptr(new Getentropy); +#endif + } + if(name == "dev_random") { #if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM) diff --git a/src/lib/entropy/getentropy/getentropy.cpp b/src/lib/entropy/getentropy/getentropy.cpp new file mode 100644 index 000000000..56c356eba --- /dev/null +++ b/src/lib/entropy/getentropy/getentropy.cpp @@ -0,0 +1,30 @@ +/* +* System Call getentropy(2) +* (C) 2017 Alexander Bluhm (genua GmbH) +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include + +#include + +namespace Botan { + +/** +* Gather BOTAN_SYSTEM_RNG_POLL_REQUEST bytes entropy from getentropy(2). +* This is 64 bytes, note that maximum buffer size is limited to 256 bytes. +*/ +size_t Getentropy::poll(RandomNumberGenerator& rng) + { + secure_vector buf(BOTAN_SYSTEM_RNG_POLL_REQUEST); + + if(::getentropy(buf.data(), buf.size()) == 0) + { + rng.add_entropy(buf.data(), buf.size()); + return buf.size() * 8; + } + + return 0; + } +} diff --git a/src/lib/entropy/getentropy/getentropy.h b/src/lib/entropy/getentropy/getentropy.h new file mode 100644 index 000000000..ebc49320b --- /dev/null +++ b/src/lib/entropy/getentropy/getentropy.h @@ -0,0 +1,28 @@ +/* +* Entropy Source Using OpenBSD getentropy(2) system call +* (C) 2017 Alexander Bluhm (genua GmbH) +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_ENTROPY_SRC_GETENTROPY_H__ +#define BOTAN_ENTROPY_SRC_GETENTROPY_H__ + +#include + +namespace Botan { + +/** +* Entropy source using the getentropy(2) sustem call first introduced in +* OpenBSD 5.6 and added to Solaris 11.3. +*/ +class Getentropy final : public Entropy_Source + { + public: + std::string name() const override { return "getentropy"; } + size_t poll(RandomNumberGenerator& rng) override; + }; + +} + +#endif diff --git a/src/lib/entropy/getentropy/info.txt b/src/lib/entropy/getentropy/info.txt new file mode 100644 index 000000000..89e7b120d --- /dev/null +++ b/src/lib/entropy/getentropy/info.txt @@ -0,0 +1,9 @@ +define ENTROPY_SRC_GETENTROPY 20170327 + + +getentropy.h + + + +openbsd + -- cgit v1.2.3