/src/botan/src/lib/rng/system_rng/system_rng.cpp

Source (jump to first uncovered line)
/*
* System RNG
* (C) 2014,2015,2017,2018 Jack Lloyd
* (C) 2021 Tom Crowley
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/system_rng.h>

#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM)
  #include <botan/internal/dyn_load.h>
  #define NOMINMAX 1
  #define _WINSOCKAPI_ // stop windows.h including winsock.h
  #include <windows.h>

#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG)
  #include <bcrypt.h>

#elif defined(BOTAN_TARGET_OS_HAS_CCRANDOM)
  #include <CommonCrypto/CommonRandom.h>

#elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM)
  #include <stdlib.h>

#elif defined(BOTAN_TARGET_OS_HAS_GETRANDOM)
  #include <sys/random.h>
  #include <errno.h>

#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM)
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <unistd.h>
  #include <errno.h>
#endif

namespace Botan {

namespace {

#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM)

class System_RNG_Impl final : public RandomNumberGenerator
   {
   public:
      System_RNG_Impl() : m_advapi("advapi32.dll")
         {
         // This throws if the function is not found
         m_rtlgenrandom = m_advapi.resolve<RtlGenRandom_fptr>("SystemFunction036");
         }

      void randomize(uint8_t buf[], size_t len) override
         {
         const size_t limit = std::numeric_limits<ULONG>::max();

         uint8_t* pData = buf;
         size_t bytesLeft = len;
         while (bytesLeft > 0)
            {
            const ULONG blockSize = static_cast<ULONG>(std::min(bytesLeft, limit));

            const bool success = m_rtlgenrandom(pData, blockSize) == TRUE;
            if (!success)
               {
               throw System_Error("RtlGenRandom failed");
               }

            BOTAN_ASSERT(bytesLeft >= blockSize, "Block is oversized");
            bytesLeft -= blockSize;
            pData += blockSize;
            }
         }

      void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
      bool is_seeded() const override { return true; }
      bool accepts_input() const override { return false; }
      void clear() override { /* not possible */ }
      std::string name() const override { return "RtlGenRandom"; }
   private:
      using RtlGenRandom_fptr = BOOLEAN (NTAPI *)(PVOID, ULONG);

      Dynamically_Loaded_Library m_advapi;
      RtlGenRandom_fptr m_rtlgenrandom;
   };

#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG)

class System_RNG_Impl final : public RandomNumberGenerator
   {
   public:
      System_RNG_Impl()
         {
         NTSTATUS ret = ::BCryptOpenAlgorithmProvider(&m_prov,
                                                      BCRYPT_RNG_ALGORITHM,
                                                      MS_PRIMITIVE_PROVIDER, 0);
         if(ret != STATUS_SUCCESS)
            throw System_Error("System_RNG failed to acquire crypto provider", ret);
         }

      ~System_RNG_Impl()
         {
         ::BCryptCloseAlgorithmProvider(m_prov, 0);
         }

      void randomize(uint8_t buf[], size_t len) override
         {
         const size_t limit = std::numeric_limits<ULONG>::max();

         uint8_t* pData = buf;
         size_t bytesLeft = len;
         while (bytesLeft > 0)
            {
            const ULONG blockSize = static_cast<ULONG>(std::min(bytesLeft, limit));

            const NTSTATUS ret = BCryptGenRandom(m_prov, static_cast<PUCHAR>(pData), blockSize, 0);
            if (ret != STATUS_SUCCESS)
               {
               throw System_Error("System_RNG call to BCryptGenRandom failed", ret);
               }

            BOTAN_ASSERT(bytesLeft >= blockSize, "Block is oversized");
            bytesLeft -= blockSize;
            pData += blockSize;
            }
         }

      void add_entropy(const uint8_t in[], size_t length) override
         {
         /*
         There is a flag BCRYPT_RNG_USE_ENTROPY_IN_BUFFER to provide
         entropy inputs, but it is ignored in Windows 8 and later.
         */
         }

      bool is_seeded() const override { return true; }
      bool accepts_input() const override { return false; }
      void clear() override { /* not possible */ }
      std::string name() const override { return "crypto_ng"; }
   private:
      BCRYPT_ALG_HANDLE m_prov;
   };

#elif defined(BOTAN_TARGET_OS_HAS_CCRANDOM)

class System_RNG_Impl final : public RandomNumberGenerator
   {
   public:
      void randomize(uint8_t buf[], size_t len) override
         {
         if (::CCRandomGenerateBytes(buf, len) != kCCSuccess)
            {
            throw System_Error("System_RNG CCRandomGenerateBytes failed", errno);
            }
         }
      bool accepts_input() const override { return false; }
      void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
      bool is_seeded() const override { return true; }
      void clear() override { /* not possible */ }
      std::string name() const override { return "CCRandomGenerateBytes"; }
   };

#elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM)

class System_RNG_Impl final : public RandomNumberGenerator
   {
   public:
      // No constructor or destructor needed as no userland state maintained

      void randomize(uint8_t buf[], size_t len) override
         {
         // macOS 10.15 arc4random crashes if called with buf == nullptr && len == 0
   // however it uses ccrng_generate internally which returns a status, ignored
   // to respect arc4random "no-fail" interface contract
         if(len > 0)
            {
            ::arc4random_buf(buf, len);
            }
         }

      bool accepts_input() const override { return false; }
      void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
      bool is_seeded() const override { return true; }
      void clear() override { /* not possible */ }
      std::string name() const override { return "arc4random"; }
   };

#elif defined(BOTAN_TARGET_OS_HAS_GETRANDOM)

class System_RNG_Impl final : public RandomNumberGenerator
   {
   public:
      // No constructor or destructor needed as no userland state maintained

      void randomize(uint8_t buf[], size_t len) override
         {
         const unsigned int flags = 0;

         while(len > 0)
            {
            const ssize_t got = ::getrandom(buf, len, flags);

            if(got < 0)
               {
               if(errno == EINTR)
                  continue;
               throw System_Error("System_RNG getrandom failed", errno);
               }

            buf += got;
            len -= got;
            }
         }

      bool accepts_input() const override { return false; }
      void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
      bool is_seeded() const override { return true; }
      void clear() override { /* not possible */ }
      std::string name() const override { return "getrandom"; }
   };


#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM)

// Read a random device

class System_RNG_Impl final : public RandomNumberGenerator
   {
   public:
      System_RNG_Impl()
         {
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif

         /*
         * First open /dev/random and read one byte. On old Linux kernels
         * this blocks the RNG until we have been actually seeded.
         */
         m_fd = ::open("/dev/random", O_RDONLY | O_NOCTTY);
         if(m_fd < 0)
            throw System_Error("System_RNG failed to open RNG device", errno);

         uint8_t b;
         const size_t got = ::read(m_fd, &b, 1);
         ::close(m_fd);

         if(got != 1)
            throw System_Error("System_RNG failed to read blocking RNG device");

         m_fd = ::open("/dev/urandom", O_RDWR | O_NOCTTY);

         if(m_fd >= 0)
            {
            m_writable = true;
            }
         else
            {
            /*
            Cannot open in read-write mode. Fall back to read-only,
            calls to add_entropy will fail, but randomize will work
            */
            m_fd = ::open("/dev/urandom", O_RDONLY | O_NOCTTY);
            m_writable = false;
            }

         if(m_fd < 0)
            throw System_Error("System_RNG failed to open RNG device", errno);
         }

      ~System_RNG_Impl()
         {
         ::close(m_fd);
         m_fd = -1;
         }

      void randomize(uint8_t buf[], size_t len) override;
      void add_entropy(const uint8_t in[], size_t length) override;
      bool is_seeded() const override { return true; }
      bool accepts_input() const override { return m_writable; }
      void clear() override { /* not possible */ }
      std::string name() const override { return "urandom"; }
   private:
      int m_fd;
      bool m_writable;
   };

void System_RNG_Impl::randomize(uint8_t buf[], size_t len)
   {
   while(len)
      {
      ssize_t got = ::read(m_fd, buf, len);

      if(got < 0)
         {
         if(errno == EINTR)
            continue;
         throw System_Error("System_RNG read failed", errno);
         }
      if(got == 0)
         throw System_Error("System_RNG EOF on device"); // ?!?

      buf += got;
      len -= got;
      }
   }

void System_RNG_Impl::add_entropy(const uint8_t input[], size_t len)
   {
   if(!m_writable)
      return;

   while(len)
      {
      ssize_t got = ::write(m_fd, input, len);

      if(got < 0)
         {
         if(errno == EINTR)
            continue;

         /*
         * This is seen on OS X CI, despite the fact that the man page
         * for macOS urandom explicitly states that writing to it is
         * supported, and write(2) does not document EPERM at all.
         * But in any case EPERM seems indicative of a policy decision
         * by the OS or sysadmin that additional entropy is not wanted
         * in the system pool, so we accept that and return here,
         * since there is no corrective action possible.
         *
         * In Linux EBADF or EPERM is returned if m_fd is not opened for
         * writing.
         */
         if(errno == EPERM || errno == EBADF)
            return;

         // maybe just ignore any failure here and return?
         throw System_Error("System_RNG write failed", errno);
         }

      input += got;
      len -= got;
      }
   }

#endif

}

RandomNumberGenerator& system_rng()
   {
   static System_RNG_Impl g_system_rng;
   return g_system_rng;
   }

}

Coverage Report

Created: 2022-01-14 08:07

Line	Count	Source (jump to first uncovered line)
1		/*
2		* System RNG
3		* (C) 2014,2015,2017,2018 Jack Lloyd
4		* (C) 2021 Tom Crowley
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		*/
8
9		#include <botan/system_rng.h>
10
11		#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM)
12		#include <botan/internal/dyn_load.h>
13		#define NOMINMAX 1
14		#define _WINSOCKAPI_ // stop windows.h including winsock.h
15		#include <windows.h>
16
17		#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG)
18		#include <bcrypt.h>
19
20		#elif defined(BOTAN_TARGET_OS_HAS_CCRANDOM)
21		#include <CommonCrypto/CommonRandom.h>
22
23		#elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM)
24		#include <stdlib.h>
25
26		#elif defined(BOTAN_TARGET_OS_HAS_GETRANDOM)
27		#include <sys/random.h>
28		#include <errno.h>
29
30		#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM)
31		#include <sys/types.h>
32		#include <sys/stat.h>
33		#include <fcntl.h>
34		#include <unistd.h>
35		#include <errno.h>
36		#endif
37
38		namespace Botan {
39
40		namespace {
41
42		#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM)
43
44		class System_RNG_Impl final : public RandomNumberGenerator
45		{
46		public:
47		System_RNG_Impl() : m_advapi("advapi32.dll")
48		{
49		// This throws if the function is not found
50		m_rtlgenrandom = m_advapi.resolve<RtlGenRandom_fptr>("SystemFunction036");
51		}
52
53		void randomize(uint8_t buf[], size_t len) override
54		{
55		const size_t limit = std::numeric_limits<ULONG>::max();
56
57		uint8_t* pData = buf;
58		size_t bytesLeft = len;
59		while (bytesLeft > 0)
60		{
61		const ULONG blockSize = static_cast<ULONG>(std::min(bytesLeft, limit));
62
63		const bool success = m_rtlgenrandom(pData, blockSize) == TRUE;
64		if (!success)
65		{
66		throw System_Error("RtlGenRandom failed");
67		}
68
69		BOTAN_ASSERT(bytesLeft >= blockSize, "Block is oversized");
70		bytesLeft -= blockSize;
71		pData += blockSize;
72		}
73		}
74
75		void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
76		bool is_seeded() const override { return true; }
77		bool accepts_input() const override { return false; }
78		void clear() override { /* not possible */ }
79		std::string name() const override { return "RtlGenRandom"; }
80		private:
81		using RtlGenRandom_fptr = BOOLEAN (NTAPI *)(PVOID, ULONG);
82
83		Dynamically_Loaded_Library m_advapi;
84		RtlGenRandom_fptr m_rtlgenrandom;
85		};
86
87		#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG)
88
89		class System_RNG_Impl final : public RandomNumberGenerator
90		{
91		public:
92		System_RNG_Impl()
93		{
94		NTSTATUS ret = ::BCryptOpenAlgorithmProvider(&m_prov,
95		BCRYPT_RNG_ALGORITHM,
96		MS_PRIMITIVE_PROVIDER, 0);
97		if(ret != STATUS_SUCCESS)
98		throw System_Error("System_RNG failed to acquire crypto provider", ret);
99		}
100
101		~System_RNG_Impl()
102		{
103		::BCryptCloseAlgorithmProvider(m_prov, 0);
104		}
105
106		void randomize(uint8_t buf[], size_t len) override
107		{
108		const size_t limit = std::numeric_limits<ULONG>::max();
109
110		uint8_t* pData = buf;
111		size_t bytesLeft = len;
112		while (bytesLeft > 0)
113		{
114		const ULONG blockSize = static_cast<ULONG>(std::min(bytesLeft, limit));
115
116		const NTSTATUS ret = BCryptGenRandom(m_prov, static_cast<PUCHAR>(pData), blockSize, 0);
117		if (ret != STATUS_SUCCESS)
118		{
119		throw System_Error("System_RNG call to BCryptGenRandom failed", ret);
120		}
121
122		BOTAN_ASSERT(bytesLeft >= blockSize, "Block is oversized");
123		bytesLeft -= blockSize;
124		pData += blockSize;
125		}
126		}
127
128		void add_entropy(const uint8_t in[], size_t length) override
129		{
130		/*
131		There is a flag BCRYPT_RNG_USE_ENTROPY_IN_BUFFER to provide
132		entropy inputs, but it is ignored in Windows 8 and later.
133		*/
134		}
135
136		bool is_seeded() const override { return true; }
137		bool accepts_input() const override { return false; }
138		void clear() override { /* not possible */ }
139		std::string name() const override { return "crypto_ng"; }
140		private:
141		BCRYPT_ALG_HANDLE m_prov;
142		};
143
144		#elif defined(BOTAN_TARGET_OS_HAS_CCRANDOM)
145
146		class System_RNG_Impl final : public RandomNumberGenerator
147		{
148		public:
149		void randomize(uint8_t buf[], size_t len) override
150		{
151		if (::CCRandomGenerateBytes(buf, len) != kCCSuccess)
152		{
153		throw System_Error("System_RNG CCRandomGenerateBytes failed", errno);
154		}
155		}
156		bool accepts_input() const override { return false; }
157		void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
158		bool is_seeded() const override { return true; }
159		void clear() override { /* not possible */ }
160		std::string name() const override { return "CCRandomGenerateBytes"; }
161		};
162
163		#elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM)
164
165		class System_RNG_Impl final : public RandomNumberGenerator
166		{
167		public:
168		// No constructor or destructor needed as no userland state maintained
169
170		void randomize(uint8_t buf[], size_t len) override
171		{
172		// macOS 10.15 arc4random crashes if called with buf == nullptr && len == 0
173		// however it uses ccrng_generate internally which returns a status, ignored
174		// to respect arc4random "no-fail" interface contract
175		if(len > 0)
176		{
177		::arc4random_buf(buf, len);
178		}
179		}
180
181		bool accepts_input() const override { return false; }
182		void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
183		bool is_seeded() const override { return true; }
184		void clear() override { /* not possible */ }
185		std::string name() const override { return "arc4random"; }
186		};
187
188		#elif defined(BOTAN_TARGET_OS_HAS_GETRANDOM)
189
190		class System_RNG_Impl final : public RandomNumberGenerator
191		{
192		public:
193		// No constructor or destructor needed as no userland state maintained
194
195		void randomize(uint8_t buf[], size_t len) override
196		{
197		const unsigned int flags = 0;
198
199		while(len > 0)
200		{
201		const ssize_t got = ::getrandom(buf, len, flags);
202
203		if(got < 0)
204		{
205		if(errno == EINTR)
206		continue;
207		throw System_Error("System_RNG getrandom failed", errno);
208		}
209
210		buf += got;
211		len -= got;
212		}
213		}
214
215		bool accepts_input() const override { return false; }
216		void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
217		bool is_seeded() const override { return true; }
218		void clear() override { /* not possible */ }
219		std::string name() const override { return "getrandom"; }
220		};
221
222
223		#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM)
224
225		// Read a random device
226
227		class System_RNG_Impl final : public RandomNumberGenerator
228		{
229		public:
230		System_RNG_Impl()
231	0	{
232		#ifndef O_NOCTTY
233		#define O_NOCTTY 0
234		#endif
235
236		/*
237		* First open /dev/random and read one byte. On old Linux kernels
238		* this blocks the RNG until we have been actually seeded.
239		*/
240	0	m_fd = ::open("/dev/random", O_RDONLY \| O_NOCTTY);
241	0	if(m_fd < 0)
242	0	throw System_Error("System_RNG failed to open RNG device", errno);
243
244	0	uint8_t b;
245	0	const size_t got = ::read(m_fd, &b, 1);
246	0	::close(m_fd);
247
248	0	if(got != 1)
249	0	throw System_Error("System_RNG failed to read blocking RNG device");
250
251	0	m_fd = ::open("/dev/urandom", O_RDWR \| O_NOCTTY);
252
253	0	if(m_fd >= 0)
254	0	{
255	0	m_writable = true;
256	0	}
257	0	else
258	0	{
259		/*
260		Cannot open in read-write mode. Fall back to read-only,
261		calls to add_entropy will fail, but randomize will work
262		*/
263	0	m_fd = ::open("/dev/urandom", O_RDONLY \| O_NOCTTY);
264	0	m_writable = false;
265	0	}
266
267	0	if(m_fd < 0)
268	0	throw System_Error("System_RNG failed to open RNG device", errno);
269	0	}
270
271		~System_RNG_Impl()
272	0	{
273	0	::close(m_fd);
274	0	m_fd = -1;
275	0	}
276
277		void randomize(uint8_t buf[], size_t len) override;
278		void add_entropy(const uint8_t in[], size_t length) override;
279	0	bool is_seeded() const override { return true; }
280	0	bool accepts_input() const override { return m_writable; }
281	0	void clear() override { /* not possible */ }
282	0	std::string name() const override { return "urandom"; }
283		private:
284		int m_fd;
285		bool m_writable;
286		};
287
288		void System_RNG_Impl::randomize(uint8_t buf[], size_t len)
289	0	{
290	0	while(len)
291	0	{
292	0	ssize_t got = ::read(m_fd, buf, len);
293
294	0	if(got < 0)
295	0	{
296	0	if(errno == EINTR)
297	0	continue;
298	0	throw System_Error("System_RNG read failed", errno);
299	0	}
300	0	if(got == 0)
301	0	throw System_Error("System_RNG EOF on device"); // ?!?
302
303	0	buf += got;
304	0	len -= got;
305	0	}
306	0	}
307
308		void System_RNG_Impl::add_entropy(const uint8_t input[], size_t len)
309	0	{
310	0	if(!m_writable)
311	0	return;
312
313	0	while(len)
314	0	{
315	0	ssize_t got = ::write(m_fd, input, len);
316
317	0	if(got < 0)
318	0	{
319	0	if(errno == EINTR)
320	0	continue;
321
322		/*
323		* This is seen on OS X CI, despite the fact that the man page
324		* for macOS urandom explicitly states that writing to it is
325		* supported, and write(2) does not document EPERM at all.
326		* But in any case EPERM seems indicative of a policy decision
327		* by the OS or sysadmin that additional entropy is not wanted
328		* in the system pool, so we accept that and return here,
329		* since there is no corrective action possible.
330		*
331		* In Linux EBADF or EPERM is returned if m_fd is not opened for
332		* writing.
333		*/
334	0	if(errno == EPERM \|\| errno == EBADF)
335	0	return;
336
337		// maybe just ignore any failure here and return?
338	0	throw System_Error("System_RNG write failed", errno);
339	0	}
340
341	0	input += got;
342	0	len -= got;
343	0	}
344	0	}
345
346		#endif
347
348		}
349
350		RandomNumberGenerator& system_rng()
351	0	{
352	0	static System_RNG_Impl g_system_rng;
353	0	return g_system_rng;
354	0	}
355
356		}