OLD | NEW |
| (Empty) |
1 /* | |
2 * Copyright (c) 2012 The Native Client Authors. All rights reserved. | |
3 * Use of this source code is governed by a BSD-style license that can be | |
4 * found in the LICENSE file. | |
5 */ | |
6 | |
7 /* | |
8 * A NaClDesc subclass that exposes the platform secure RNG | |
9 * implementation. | |
10 */ | |
11 | |
12 #include <string.h> | |
13 | |
14 #include "native_client/src/trusted/desc/nacl_desc_rng.h" | |
15 | |
16 #include "native_client/src/shared/platform/nacl_secure_random.h" | |
17 #include "native_client/src/shared/platform/nacl_secure_random_base.h" | |
18 #include "native_client/src/trusted/desc/nacl_desc_base.h" | |
19 | |
20 #include "native_client/src/trusted/service_runtime/include/sys/stat.h" | |
21 #include "native_client/src/trusted/service_runtime/include/sys/errno.h" | |
22 | |
23 static struct NaClDescVtbl const kNaClDescRngVtbl; /* fwd */ | |
24 | |
25 static int NaClDescRngSubclassCtor(struct NaClDescRng *self) { | |
26 if (!NaClSecureRngCtor(&self->rng)) { | |
27 goto rng_ctor_fail; | |
28 } | |
29 NACL_VTBL(NaClRefCount, self) = | |
30 (struct NaClRefCountVtbl *) &kNaClDescRngVtbl; | |
31 return 1; | |
32 | |
33 /* failure cleanup */ | |
34 rng_ctor_fail: | |
35 (*NACL_VTBL(NaClRefCount, self)->Dtor)((struct NaClRefCount *) self); | |
36 return 0; | |
37 } | |
38 | |
39 int NaClDescRngCtor(struct NaClDescRng *self) { | |
40 int rv; | |
41 if (!NaClDescCtor((struct NaClDesc *) self)) { | |
42 return 0; | |
43 } | |
44 rv = NaClDescRngSubclassCtor(self); | |
45 if (!rv) { | |
46 (*NACL_VTBL(NaClRefCount, self)->Dtor)((struct NaClRefCount *) self); | |
47 } | |
48 return rv; | |
49 } | |
50 | |
51 static void NaClDescRngDtor(struct NaClRefCount *vself) { | |
52 struct NaClDescRng *self = (struct NaClDescRng *) vself; | |
53 | |
54 (*NACL_VTBL(NaClSecureRngIf, &self->rng)->Dtor)( | |
55 (struct NaClSecureRngIf *) &self->rng); | |
56 NACL_VTBL(NaClDesc, self) = &kNaClDescVtbl; | |
57 (*NACL_VTBL(NaClRefCount, self)->Dtor)((struct NaClRefCount *) self); | |
58 } | |
59 | |
60 static ssize_t NaClDescRngRead(struct NaClDesc *vself, | |
61 void *buf, | |
62 size_t len) { | |
63 struct NaClDescRng *self = (struct NaClDescRng *) vself; | |
64 | |
65 (*NACL_VTBL(NaClSecureRngIf, &self->rng)->GenBytes)( | |
66 (struct NaClSecureRngIf *) &self->rng, buf, len); | |
67 return len; | |
68 } | |
69 | |
70 static ssize_t NaClDescRngWrite(struct NaClDesc *vself, | |
71 void const *buf, | |
72 size_t len) { | |
73 UNREFERENCED_PARAMETER(vself); | |
74 UNREFERENCED_PARAMETER(buf); | |
75 | |
76 /* | |
77 * Eventually we may want to have secure pseudorandom number | |
78 * generators that permit mixing user-supplied data -- presumably | |
79 * low entropy, from timing of events or something like that -- into | |
80 * the generator state. This must be done carefully, of course, | |
81 * since we would not want the user-supplied data to destroy the | |
82 * internal generator's entropy. | |
83 */ | |
84 return len; | |
85 } | |
86 | |
87 static int NaClDescRngFstat(struct NaClDesc *vself, | |
88 struct nacl_abi_stat *statbuf) { | |
89 UNREFERENCED_PARAMETER(vself); | |
90 | |
91 memset(statbuf, 0, sizeof *statbuf); | |
92 statbuf->nacl_abi_st_dev = 0; | |
93 #if defined(NACL_MASK_INODES) | |
94 statbuf->nacl_abi_st_ino = NACL_FAKE_INODE_NUM; | |
95 #else | |
96 statbuf->nacl_abi_st_ino = 0; | |
97 #endif | |
98 statbuf->nacl_abi_st_mode = NACL_ABI_S_IRUSR | NACL_ABI_S_IFCHR; | |
99 statbuf->nacl_abi_st_nlink = 1; | |
100 statbuf->nacl_abi_st_uid = -1; | |
101 statbuf->nacl_abi_st_gid = -1; | |
102 statbuf->nacl_abi_st_rdev = 0; | |
103 statbuf->nacl_abi_st_size = 0; | |
104 statbuf->nacl_abi_st_blksize = 0; | |
105 statbuf->nacl_abi_st_blocks = 0; | |
106 statbuf->nacl_abi_st_atime = 0; | |
107 statbuf->nacl_abi_st_atimensec = 0; | |
108 statbuf->nacl_abi_st_mtime = 0; | |
109 statbuf->nacl_abi_st_mtimensec = 0; | |
110 statbuf->nacl_abi_st_ctime = 0; | |
111 statbuf->nacl_abi_st_ctimensec = 0; | |
112 | |
113 return 0; | |
114 } | |
115 | |
116 /* | |
117 * We allow descriptor "transfer", where in reality we create a | |
118 * separate rng locally at the recipient end. This is arguably | |
119 * semantically different since there is no shared access to the same | |
120 * generator; on the other hand, it should be polynomial-time | |
121 * indistinguishable since the output is supposed to be | |
122 * cryptographically secure. | |
123 */ | |
124 static int NaClDescRngExternalizeSize(struct NaClDesc *vself, | |
125 size_t *nbytes, | |
126 size_t *nhandles) { | |
127 return NaClDescExternalizeSize(vself, nbytes, nhandles); | |
128 } | |
129 | |
130 static int NaClDescRngExternalize(struct NaClDesc *vself, | |
131 struct NaClDescXferState *xfer) { | |
132 return NaClDescExternalize(vself, xfer); | |
133 } | |
134 | |
135 static struct NaClDescVtbl const kNaClDescRngVtbl = { | |
136 { | |
137 NaClDescRngDtor, | |
138 }, | |
139 NaClDescMapNotImplemented, | |
140 NACL_DESC_UNMAP_NOT_IMPLEMENTED | |
141 NaClDescRngRead, | |
142 NaClDescRngWrite, | |
143 NaClDescSeekNotImplemented, | |
144 NaClDescPReadNotImplemented, | |
145 NaClDescPWriteNotImplemented, | |
146 NaClDescRngFstat, | |
147 NaClDescGetdentsNotImplemented, | |
148 NaClDescRngExternalizeSize, | |
149 NaClDescRngExternalize, | |
150 NaClDescLockNotImplemented, | |
151 NaClDescTryLockNotImplemented, | |
152 NaClDescUnlockNotImplemented, | |
153 NaClDescWaitNotImplemented, | |
154 NaClDescTimedWaitAbsNotImplemented, | |
155 NaClDescSignalNotImplemented, | |
156 NaClDescBroadcastNotImplemented, | |
157 NaClDescSendMsgNotImplemented, | |
158 NaClDescRecvMsgNotImplemented, | |
159 NaClDescLowLevelSendMsgNotImplemented, | |
160 NaClDescLowLevelRecvMsgNotImplemented, | |
161 NaClDescConnectAddrNotImplemented, | |
162 NaClDescAcceptConnNotImplemented, | |
163 NaClDescPostNotImplemented, | |
164 NaClDescSemWaitNotImplemented, | |
165 NaClDescGetValueNotImplemented, | |
166 NaClDescSetMetadata, | |
167 NaClDescGetMetadata, | |
168 NaClDescSetFlags, | |
169 NaClDescGetFlags, | |
170 NaClDescIsattyNotImplemented, | |
171 NACL_DESC_DEVICE_RNG, | |
172 }; | |
173 | |
174 int NaClDescRngInternalize(struct NaClDesc **out_desc, | |
175 struct NaClDescXferState *xfer, | |
176 struct NaClDescQuotaInterface *quota_interface) { | |
177 int rv; | |
178 struct NaClDescRng *rng = malloc(sizeof *rng); | |
179 | |
180 UNREFERENCED_PARAMETER(xfer); | |
181 UNREFERENCED_PARAMETER(quota_interface); | |
182 if (NULL == rng) { | |
183 rv = -NACL_ABI_ENOMEM; | |
184 goto cleanup; | |
185 } | |
186 if (!NaClDescInternalizeCtor((struct NaClDesc *) rng, xfer)) { | |
187 free(rng); | |
188 rng = NULL; | |
189 rv = -NACL_ABI_ENOMEM; | |
190 goto cleanup; | |
191 } | |
192 if (!NaClDescRngSubclassCtor(rng)) { | |
193 rv = -NACL_ABI_EIO; | |
194 goto cleanup; | |
195 } | |
196 *out_desc = (struct NaClDesc *) rng; | |
197 rv = 0; /* yay! */ | |
198 cleanup: | |
199 if (rv < 0) { | |
200 NaClDescSafeUnref((struct NaClDesc *) rng); | |
201 } | |
202 return rv; | |
203 } | |
OLD | NEW |