]>
Commit | Line | Data |
---|---|---|
bfc9a610 | 1 | /* |
2 | * Copyright (c) 2000 Damien Miller. All rights reserved. | |
3 | * | |
4 | * Redistribution and use in source and binary forms, with or without | |
5 | * modification, are permitted provided that the following conditions | |
6 | * are met: | |
7 | * 1. Redistributions of source code must retain the above copyright | |
8 | * notice, this list of conditions and the following disclaimer. | |
9 | * 2. Redistributions in binary form must reproduce the above copyright | |
10 | * notice, this list of conditions and the following disclaimer in the | |
11 | * documentation and/or other materials provided with the distribution. | |
12 | * 3. All advertising materials mentioning features or use of this software | |
13 | * must display the following acknowledgement: | |
14 | * This product includes software developed by Markus Friedl. | |
15 | * 4. The name of the author may not be used to endorse or promote products | |
16 | * derived from this software without specific prior written permission. | |
17 | * | |
18 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
19 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
20 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
21 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
22 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
23 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
24 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
28 | */ | |
29 | ||
30 | #include "includes.h" | |
31 | ||
32 | #include "ssh.h" | |
33 | #include "xmalloc.h" | |
34 | ||
35 | #ifdef HAVE_OPENSSL | |
36 | # include <openssl/rand.h> | |
37 | # include <openssl/sha.h> | |
38 | #endif | |
39 | #ifdef HAVE_SSL | |
40 | # include <ssl/rand.h> | |
41 | # include <ssl/sha.h> | |
42 | #endif | |
43 | ||
44 | RCSID("$Id$"); | |
45 | ||
46 | #ifdef EGD_SOCKET | |
47 | #ifndef offsetof | |
48 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | |
49 | #endif | |
50 | /* Collect entropy from EGD */ | |
51 | void get_random_bytes(unsigned char *buf, int len) | |
52 | { | |
53 | static int egd_socket = -1; | |
54 | int c; | |
55 | char egd_message[2] = { 0x02, 0x00 }; | |
56 | struct sockaddr_un addr; | |
57 | int addr_len; | |
58 | ||
59 | memset(&addr, '\0', sizeof(addr)); | |
60 | addr.sun_family = AF_UNIX; | |
61 | ||
62 | /* FIXME: compile time check? */ | |
63 | if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path)) | |
64 | fatal("Random pool path is too long"); | |
65 | ||
66 | strcpy(addr.sun_path, EGD_SOCKET); | |
67 | ||
68 | addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET); | |
69 | ||
70 | if (egd_socket == -1) { | |
71 | egd_socket = socket(AF_UNIX, SOCK_STREAM, 0); | |
72 | if (egd_socket == -1) | |
73 | fatal("Couldn't create AF_UNIX socket: %s", strerror(errno)); | |
74 | if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1) | |
75 | fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno)); | |
76 | } | |
77 | ||
78 | if (len > 255) | |
79 | fatal("Too many bytes to read from EGD"); | |
80 | ||
81 | /* Send blocking read request to EGD */ | |
82 | egd_message[1] = len; | |
83 | ||
84 | c = atomicio(write, egd_socket, egd_message, sizeof(egd_message)); | |
85 | if (c == -1) | |
86 | fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); | |
87 | ||
88 | c = atomicio(read, egd_socket, buf, len); | |
89 | if (c <= 0) | |
90 | fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); | |
91 | ||
92 | close(EGD_SOCKET); | |
93 | } | |
94 | #else /* !EGD_SOCKET */ | |
95 | #ifdef RANDOM_POOL | |
96 | /* Collect entropy from /dev/urandom or pipe */ | |
97 | void get_random_bytes(unsigned char *buf, int len) | |
98 | { | |
99 | static int random_pool = -1; | |
100 | int c; | |
101 | ||
102 | if (random_pool == -1) { | |
103 | random_pool = open(RANDOM_POOL, O_RDONLY); | |
104 | if (random_pool == -1) | |
105 | fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); | |
106 | } | |
107 | ||
108 | verbose("randfd: %i", random_pool); | |
109 | ||
110 | c = atomicio(read, random_pool, buf, len); | |
111 | if (c <= 0) | |
112 | fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); | |
113 | } | |
114 | #endif /* RANDOM_POOL */ | |
115 | #endif /* EGD_SOCKET */ | |
116 | ||
117 | #if !defined(EGD_SOCKET) && !defined(RANDOM_POOL) | |
118 | /* | |
119 | * FIXME: proper entropy estimations. All current values are guesses | |
120 | * FIXME: Need timeout for slow moving programs | |
121 | * FIXME: More entropy sources | |
122 | */ | |
123 | ||
124 | double stir_from_system(void); | |
125 | double stir_from_programs(void); | |
126 | double stir_gettimeofday(double entropy_estimate); | |
127 | double stir_clock(double entropy_estimate); | |
128 | double stir_rusage(int who, double entropy_estimate); | |
129 | double hash_output_from_command(const char *path, const char **args, char *hash); | |
130 | ||
131 | typedef struct | |
132 | { | |
133 | /* Proportion of data that is entropy */ | |
134 | double rate; | |
135 | /* Path to executable */ | |
136 | const char *path; | |
137 | /* argv to pass to executable */ | |
138 | const char *args[5]; | |
139 | } entropy_source_t; | |
140 | ||
141 | entropy_source_t entropy_sources[] = { | |
142 | #ifdef PROG_LS | |
143 | { 0.002, PROG_LS, { "ls", "-alni", "/var/log", NULL } }, | |
144 | { 0.002, PROG_LS, { "ls", "-alni", "/var/adm", NULL } }, | |
145 | { 0.002, PROG_LS, { "ls", "-alni", "/var/mail", NULL } }, | |
146 | { 0.002, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } }, | |
147 | { 0.002, PROG_LS, { "ls", "-alni", "/proc", NULL } }, | |
148 | { 0.002, PROG_LS, { "ls", "-alni", "/tmp", NULL } }, | |
149 | #endif | |
150 | #ifdef PROG_NETSTAT | |
151 | { 0.005, PROG_NETSTAT, { "netstat","-an", NULL, NULL } }, | |
152 | { 0.010, PROG_NETSTAT, { "netstat","-in", NULL, NULL } }, | |
153 | { 0.002, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } }, | |
154 | { 0.002, PROG_NETSTAT, { "netstat","-s", NULL, NULL } }, | |
155 | #endif | |
156 | #ifdef PROG_ARP | |
157 | { 0.002, PROG_ARP, { "arp","-a","-n", NULL } }, | |
158 | #endif | |
159 | #ifdef PROG_IFCONFIG | |
160 | { 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } }, | |
161 | #endif | |
162 | #ifdef PROG_PS | |
163 | { 0.003, PROG_PS, { "ps", "laxww", NULL, NULL } }, | |
164 | { 0.003, PROG_PS, { "ps", "-al", NULL, NULL } }, | |
165 | { 0.003, PROG_PS, { "ps", "-efl", NULL, NULL } }, | |
166 | #endif | |
167 | #ifdef PROG_W | |
168 | { 0.005, PROG_W, { "w", NULL, NULL, NULL } }, | |
169 | #endif | |
170 | #ifdef PROG_WHO | |
171 | { 0.001, PROG_WHO, { "who","-i", NULL, NULL } }, | |
172 | #endif | |
173 | #ifdef PROG_LAST | |
174 | { 0.001, PROG_LAST, { "last", NULL, NULL, NULL } }, | |
175 | #endif | |
176 | #ifdef PROG_LASTLOG | |
177 | { 0.001, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } }, | |
178 | #endif | |
179 | #ifdef PROG_DF | |
180 | { 0.010, PROG_DF, { "df", NULL, NULL, NULL } }, | |
181 | { 0.010, PROG_DF, { "df", "-i", NULL, NULL } }, | |
182 | #endif | |
183 | #ifdef PROG_VMSTAT | |
184 | { 0.010, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } }, | |
185 | #endif | |
186 | #ifdef PROG_UPTIME | |
187 | { 0.001, PROG_UPTIME, { "uptime", NULL, NULL, NULL } }, | |
188 | #endif | |
189 | #ifdef PROG_IPCS | |
190 | { 0.001, PROG_IPCS, { "-a", NULL, NULL, NULL } }, | |
191 | #endif | |
192 | #ifdef PROG_TAIL | |
193 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } }, | |
194 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } }, | |
195 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } }, | |
196 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } }, | |
197 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } }, | |
198 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } }, | |
199 | #endif | |
200 | { 0.000, NULL, { NULL, NULL, NULL, NULL, NULL } }, | |
201 | }; | |
202 | ||
203 | ||
204 | double | |
205 | stir_from_system(void) | |
206 | { | |
207 | double total_entropy_estimate; | |
208 | long int i; | |
209 | ||
210 | total_entropy_estimate = 0; | |
211 | ||
212 | i = getpid(); | |
213 | RAND_add(&i, sizeof(i), 0.1); | |
214 | total_entropy_estimate += 0.1; | |
215 | ||
216 | i = getppid(); | |
217 | RAND_add(&i, sizeof(i), 0.1); | |
218 | total_entropy_estimate += 0.1; | |
219 | ||
220 | i = getuid(); | |
221 | RAND_add(&i, sizeof(i), 0.0); | |
222 | i = getgid(); | |
223 | RAND_add(&i, sizeof(i), 0.0); | |
224 | ||
225 | total_entropy_estimate += stir_gettimeofday(1.0); | |
226 | total_entropy_estimate += stir_clock(0.2); | |
227 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); | |
228 | ||
229 | return(total_entropy_estimate); | |
230 | } | |
231 | ||
232 | double | |
233 | stir_from_programs(void) | |
234 | { | |
235 | int i; | |
236 | int c; | |
237 | double entropy_estimate; | |
238 | double total_entropy_estimate; | |
239 | char hash[SHA_DIGEST_LENGTH]; | |
240 | ||
241 | /* | |
242 | * Run through list of programs twice to catch differences | |
243 | */ | |
244 | total_entropy_estimate = 0; | |
245 | for(i = 0; i < 2; i++) { | |
246 | c = 0; | |
247 | while (entropy_sources[c].path != NULL) { | |
248 | /* Hash output from command */ | |
249 | entropy_estimate = hash_output_from_command(entropy_sources[c].path, | |
250 | entropy_sources[c].args, hash); | |
251 | ||
252 | /* Scale back entropy estimate according to command's rate */ | |
253 | entropy_estimate *= entropy_sources[c].rate; | |
254 | ||
255 | /* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */ | |
256 | if (entropy_estimate > SHA_DIGEST_LENGTH) | |
257 | entropy_estimate = SHA_DIGEST_LENGTH; | |
258 | ||
259 | /* * Scale back estimates for subsequent passes through list */ | |
260 | entropy_estimate /= 10.0 * (i + 1.0); | |
261 | ||
262 | /* Stir it in */ | |
263 | RAND_add(hash, sizeof(hash), entropy_estimate); | |
264 | ||
265 | /* FIXME: turn this off later */ | |
266 | #if 1 | |
267 | debug("Got %0.2f bytes of entropy from %s", entropy_estimate, | |
268 | entropy_sources[c].path); | |
269 | #endif | |
270 | ||
271 | total_entropy_estimate += entropy_estimate; | |
272 | ||
273 | /* Execution times should be a little unpredictable */ | |
274 | total_entropy_estimate += stir_gettimeofday(0.05); | |
275 | total_entropy_estimate += stir_clock(0.05); | |
276 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1); | |
277 | total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1); | |
278 | ||
279 | c++; | |
280 | } | |
281 | } | |
282 | ||
283 | return(total_entropy_estimate); | |
284 | } | |
285 | ||
286 | double | |
287 | stir_gettimeofday(double entropy_estimate) | |
288 | { | |
289 | struct timeval tv; | |
290 | ||
291 | if (gettimeofday(&tv, NULL) == -1) | |
292 | fatal("Couldn't gettimeofday: %s", strerror(errno)); | |
293 | ||
294 | RAND_add(&tv, sizeof(tv), entropy_estimate); | |
295 | ||
296 | return(entropy_estimate); | |
297 | } | |
298 | ||
299 | double | |
300 | stir_clock(double entropy_estimate) | |
301 | { | |
302 | #ifdef HAVE_CLOCK | |
303 | clock_t c; | |
304 | ||
305 | c = clock(); | |
306 | RAND_add(&c, sizeof(c), entropy_estimate); | |
307 | ||
308 | return(entropy_estimate); | |
309 | #else /* _HAVE_CLOCK */ | |
310 | return(0); | |
311 | #endif /* _HAVE_CLOCK */ | |
312 | } | |
313 | ||
314 | double | |
315 | stir_rusage(int who, double entropy_estimate) | |
316 | { | |
317 | #ifdef HAVE_GETRUSAGE | |
318 | struct rusage ru; | |
319 | ||
320 | if (getrusage(who, &ru) == -1) | |
321 | fatal("Couldn't getrusage: %s", strerror(errno)); | |
322 | ||
323 | RAND_add(&ru, sizeof(ru), 0.1); | |
324 | ||
325 | return(entropy_estimate); | |
326 | #else /* _HAVE_GETRUSAGE */ | |
327 | return(0); | |
328 | #endif /* _HAVE_GETRUSAGE */ | |
329 | } | |
330 | ||
331 | double | |
332 | hash_output_from_command(const char *path, const char **args, char *hash) | |
333 | { | |
334 | static int devnull = -1; | |
335 | int p[2]; | |
336 | pid_t pid; | |
337 | int status; | |
338 | char buf[2048]; | |
339 | int bytes_read; | |
340 | int total_bytes_read; | |
341 | SHA_CTX sha; | |
342 | ||
343 | if (devnull == -1) { | |
344 | devnull = open("/dev/null", O_RDWR); | |
345 | if (devnull == -1) | |
346 | fatal("Couldn't open /dev/null: %s", strerror(errno)); | |
347 | } | |
348 | ||
349 | if (pipe(p) == -1) | |
350 | fatal("Couldn't open pipe: %s", strerror(errno)); | |
351 | ||
352 | switch (pid = fork()) { | |
353 | case -1: /* Error */ | |
354 | close(p[0]); | |
355 | close(p[1]); | |
356 | fatal("Couldn't fork: %s", strerror(errno)); | |
357 | /* NOTREACHED */ | |
358 | case 0: /* Child */ | |
359 | close(0); | |
360 | close(1); | |
361 | close(2); | |
362 | dup2(devnull, 0); | |
363 | dup2(p[1], 1); | |
364 | dup2(p[1], 2); | |
365 | close(p[0]); | |
366 | close(p[1]); | |
367 | close(devnull); | |
368 | ||
369 | execv(path, (char**)args); | |
370 | debug("(child) Couldn't exec '%s': %s", path, strerror(errno)); | |
371 | _exit(-1); | |
372 | default: /* Parent */ | |
373 | break; | |
374 | } | |
375 | ||
376 | RAND_add(&pid, sizeof(&pid), 0.0); | |
377 | ||
378 | close(p[1]); | |
379 | ||
380 | /* Hash output from child */ | |
381 | SHA1_Init(&sha); | |
382 | total_bytes_read = 0; | |
383 | while ((bytes_read = read(p[0], buf, sizeof(buf))) > 0) { | |
384 | SHA1_Update(&sha, buf, bytes_read); | |
385 | total_bytes_read += bytes_read; | |
386 | RAND_add(&bytes_read, sizeof(&bytes_read), 0.0); | |
387 | } | |
388 | SHA1_Final(hash, &sha); | |
389 | ||
390 | close(p[0]); | |
391 | ||
392 | if (waitpid(pid, &status, 0) == -1) { | |
393 | error("Couldn't wait for child '%s' completion: %s", path, | |
394 | strerror(errno)); | |
395 | return(-1); | |
396 | } | |
397 | ||
398 | RAND_add(&status, sizeof(&status), 0.0); | |
399 | ||
400 | if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) | |
401 | return(0.0); | |
402 | else | |
403 | return(total_bytes_read); | |
404 | } | |
405 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ | |
406 | ||
407 | #if defined(EGD_SOCKET) || defined(RANDOM_POOL) | |
408 | /* | |
409 | * Seed OpenSSL's random number pool from Kernel random number generator | |
410 | * or EGD | |
411 | */ | |
412 | void | |
413 | seed_rng(void) | |
414 | { | |
415 | char buf[32]; | |
416 | ||
417 | debug("Seeding random number generator"); | |
418 | get_random_bytes(buf, sizeof(buf)); | |
419 | RAND_add(buf, sizeof(buf), sizeof(buf)); | |
420 | memset(buf, '\0', sizeof(buf)); | |
421 | } | |
422 | #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ | |
423 | /* | |
424 | * Conditionally Seed OpenSSL's random number pool syscalls and program output | |
425 | */ | |
426 | void | |
427 | seed_rng(void) | |
428 | { | |
429 | if (!RAND_status()) { | |
430 | debug("Seeding random number generator."); | |
431 | debug("%i bytes from system calls", (int)stir_from_system()); | |
432 | debug("%i bytes from programs", (int)stir_from_programs()); | |
433 | debug("OpenSSL random status is now %i\n", RAND_status()); | |
434 | } | |
435 | } | |
436 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ |