1/*
2 * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
3 * Use is subject to license terms.
4 */
5
6#pragma ident	"%Z%%M%	%I%	%E% SMI"
7
8/*
9 * Copyright (C) 1998 by the FundsXpress, INC.
10 *
11 * All rights reserved.
12 *
13 * Export of this software from the United States of America may require
14 * a specific license from the United States Government.  It is the
15 * responsibility of any person or organization contemplating export to
16 * obtain such a license before exporting.
17 *
18 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
19 * distribute this software and its documentation for any purpose and
20 * without fee is hereby granted, provided that the above copyright
21 * notice appear in all copies and that both that copyright notice and
22 * this permission notice appear in supporting documentation, and that
23 * the name of FundsXpress. not be used in advertising or publicity pertaining
24 * to distribution of the software without specific, written prior
25 * permission.  FundsXpress makes no representations about the suitability of
26 * this software for any purpose.  It is provided "as is" without express
27 * or implied warranty.
28 */
29
30#include <k5-int.h>
31
32#ifdef _KERNEL
33#include <sys/random.h>
34#endif
35
36#ifndef _KERNEL
37
38/*
39 * Solaris kerberos:  we don't need a random number generator
40 * for the /dev/[u]random, as it uses entropy in the kernel.
41 * Keep this function as some apps might call it directly.
42 */
43
44/*ARGSUSED*/
45krb5_error_code KRB5_CALLCONV
46krb5_c_random_seed(krb5_context context, krb5_data *data)
47{
48	/*
49	 * We can't do much if this fails, so ignore the
50	 * return code.  /dev/urandom has its own entropy
51	 * source, so seeding it from here is of questionable
52	 * value in the first place.
53	 */
54	(void) C_SeedRandom(krb_ctx_hSession(context),
55		(CK_BYTE_PTR)data->data,
56		(CK_ULONG)data->length);
57
58	return(0);
59}
60#endif /* !_KERNEL */
61
62/*
63 * krb5_get_random_octets
64 *   New for Solaris 9.  This routine takes advantage of the new
65 * /dev/[u]random interface provided in Solaris 9 for getting random
66 * bytes generated from the kernel.  The entropy produced there is generally
67 * considered better than the current MIT PRNG code that we are replacing.
68 *
69 * This func is visible so that it can be used to generate a
70 * random confounder.
71 */
72
73#ifndef _KERNEL
74
75#endif /* ! _KERNEL */
76
77/*
78 * We can assume that the memory for data is already malloc'd.
79 * Return an error if there is an error, but don't clear the data->length
80 * or free data->data.  This will be done by the calling function.
81 */
82
83/*ARGSUSED*/
84krb5_error_code KRB5_CALLCONV
85krb5_c_random_make_octets(krb5_context context, krb5_data *data)
86{
87/*
88 * Solaris kerberos uses /dev/[u]random
89 */
90#ifndef _KERNEL /* User space code */
91
92    krb5_error_code err = 0;
93    CK_RV rv;
94
95    KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, user space using "
96	"krb5_get_random_octets()\n");
97
98    rv = C_GenerateRandom(krb_ctx_hSession(context), (CK_BYTE_PTR)data->data,
99		(CK_ULONG)data->length);
100
101    if (rv != CKR_OK) {
102	KRB5_LOG(KRB5_ERR, "C_GenerateRandom failed in "
103		"krb5_c_random_make_octets: rv = 0x%x.", rv);
104	err = PKCS_ERR;
105    }
106    if (err != 0) {
107	KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, error");
108	return (err);
109    }
110
111#else  /* Kernel code section */
112
113    /*
114     * Solaris Kerberos: for kernel code we use the randomness generator native
115     * to Solaris 9.  We avoid global variables and other nastiness this way.
116     *
117     * Using random_get_pseudo_bytes() instead of random_get_bytes() because it
118     * will not return an error code if there isn't enough entropy but will use
119     * a pseudo random algorithm to produce randomness.  Most of the time it
120     * should be as good as random_get_bytes() and we don't have to worry about
121     * dealing with a non-fatal error.
122     */
123    KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, kernel using "
124	    "random_get_pseudo_bytes()\n ");
125
126    if(random_get_pseudo_bytes((uint8_t *)data->data, data->length) != 0) {
127	KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, "
128		"random_get_pseudo_bytes() error.\n");
129	return(KRB5_CRYPTO_INTERNAL);
130    }
131
132#endif /* !_KERNEL */
133
134    KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() end\n");
135    return(0);
136}
137