| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * Copyright (c) 2012 The Native Client Authors. All rights reserved. | |
| 3 * Use of this source code is governed by a BSD-style license that can be | |
| 4 * found in the LICENSE file. | |
| 5 */ | |
| 6 | |
| 7 /* | |
| 8 * A NaClDesc subclass that exposes the platform secure RNG | |
| 9 * implementation. | |
| 10 */ | |
| 11 | |
| 12 #include <string.h> | |
| 13 | |
| 14 #include "native_client/src/trusted/desc/nacl_desc_rng.h" | |
| 15 | |
| 16 #include "native_client/src/shared/platform/nacl_secure_random.h" | |
| 17 #include "native_client/src/shared/platform/nacl_secure_random_base.h" | |
| 18 #include "native_client/src/trusted/desc/nacl_desc_base.h" | |
| 19 | |
| 20 #include "native_client/src/trusted/service_runtime/include/sys/stat.h" | |
| 21 #include "native_client/src/trusted/service_runtime/include/sys/errno.h" | |
| 22 | |
| 23 static struct NaClDescVtbl const kNaClDescRngVtbl; /* fwd */ | |
| 24 | |
| 25 static int NaClDescRngSubclassCtor(struct NaClDescRng *self) { | |
| 26 if (!NaClSecureRngCtor(&self->rng)) { | |
| 27 goto rng_ctor_fail; | |
| 28 } | |
| 29 NACL_VTBL(NaClRefCount, self) = | |
| 30 (struct NaClRefCountVtbl *) &kNaClDescRngVtbl; | |
| 31 return 1; | |
| 32 | |
| 33 /* failure cleanup */ | |
| 34 rng_ctor_fail: | |
| 35 (*NACL_VTBL(NaClRefCount, self)->Dtor)((struct NaClRefCount *) self); | |
| 36 return 0; | |
| 37 } | |
| 38 | |
| 39 int NaClDescRngCtor(struct NaClDescRng *self) { | |
| 40 int rv; | |
| 41 if (!NaClDescCtor((struct NaClDesc *) self)) { | |
| 42 return 0; | |
| 43 } | |
| 44 rv = NaClDescRngSubclassCtor(self); | |
| 45 if (!rv) { | |
| 46 (*NACL_VTBL(NaClRefCount, self)->Dtor)((struct NaClRefCount *) self); | |
| 47 } | |
| 48 return rv; | |
| 49 } | |
| 50 | |
| 51 static void NaClDescRngDtor(struct NaClRefCount *vself) { | |
| 52 struct NaClDescRng *self = (struct NaClDescRng *) vself; | |
| 53 | |
| 54 (*NACL_VTBL(NaClSecureRngIf, &self->rng)->Dtor)( | |
| 55 (struct NaClSecureRngIf *) &self->rng); | |
| 56 NACL_VTBL(NaClDesc, self) = &kNaClDescVtbl; | |
| 57 (*NACL_VTBL(NaClRefCount, self)->Dtor)((struct NaClRefCount *) self); | |
| 58 } | |
| 59 | |
| 60 static ssize_t NaClDescRngRead(struct NaClDesc *vself, | |
| 61 void *buf, | |
| 62 size_t len) { | |
| 63 struct NaClDescRng *self = (struct NaClDescRng *) vself; | |
| 64 | |
| 65 (*NACL_VTBL(NaClSecureRngIf, &self->rng)->GenBytes)( | |
| 66 (struct NaClSecureRngIf *) &self->rng, buf, len); | |
| 67 return len; | |
| 68 } | |
| 69 | |
| 70 static ssize_t NaClDescRngWrite(struct NaClDesc *vself, | |
| 71 void const *buf, | |
| 72 size_t len) { | |
| 73 UNREFERENCED_PARAMETER(vself); | |
| 74 UNREFERENCED_PARAMETER(buf); | |
| 75 | |
| 76 /* | |
| 77 * Eventually we may want to have secure pseudorandom number | |
| 78 * generators that permit mixing user-supplied data -- presumably | |
| 79 * low entropy, from timing of events or something like that -- into | |
| 80 * the generator state. This must be done carefully, of course, | |
| 81 * since we would not want the user-supplied data to destroy the | |
| 82 * internal generator's entropy. | |
| 83 */ | |
| 84 return len; | |
| 85 } | |
| 86 | |
| 87 static int NaClDescRngFstat(struct NaClDesc *vself, | |
| 88 struct nacl_abi_stat *statbuf) { | |
| 89 UNREFERENCED_PARAMETER(vself); | |
| 90 | |
| 91 memset(statbuf, 0, sizeof *statbuf); | |
| 92 statbuf->nacl_abi_st_dev = 0; | |
| 93 #if defined(NACL_MASK_INODES) | |
| 94 statbuf->nacl_abi_st_ino = NACL_FAKE_INODE_NUM; | |
| 95 #else | |
| 96 statbuf->nacl_abi_st_ino = 0; | |
| 97 #endif | |
| 98 statbuf->nacl_abi_st_mode = NACL_ABI_S_IRUSR | NACL_ABI_S_IFCHR; | |
| 99 statbuf->nacl_abi_st_nlink = 1; | |
| 100 statbuf->nacl_abi_st_uid = -1; | |
| 101 statbuf->nacl_abi_st_gid = -1; | |
| 102 statbuf->nacl_abi_st_rdev = 0; | |
| 103 statbuf->nacl_abi_st_size = 0; | |
| 104 statbuf->nacl_abi_st_blksize = 0; | |
| 105 statbuf->nacl_abi_st_blocks = 0; | |
| 106 statbuf->nacl_abi_st_atime = 0; | |
| 107 statbuf->nacl_abi_st_atimensec = 0; | |
| 108 statbuf->nacl_abi_st_mtime = 0; | |
| 109 statbuf->nacl_abi_st_mtimensec = 0; | |
| 110 statbuf->nacl_abi_st_ctime = 0; | |
| 111 statbuf->nacl_abi_st_ctimensec = 0; | |
| 112 | |
| 113 return 0; | |
| 114 } | |
| 115 | |
| 116 /* | |
| 117 * We allow descriptor "transfer", where in reality we create a | |
| 118 * separate rng locally at the recipient end. This is arguably | |
| 119 * semantically different since there is no shared access to the same | |
| 120 * generator; on the other hand, it should be polynomial-time | |
| 121 * indistinguishable since the output is supposed to be | |
| 122 * cryptographically secure. | |
| 123 */ | |
| 124 static int NaClDescRngExternalizeSize(struct NaClDesc *vself, | |
| 125 size_t *nbytes, | |
| 126 size_t *nhandles) { | |
| 127 return NaClDescExternalizeSize(vself, nbytes, nhandles); | |
| 128 } | |
| 129 | |
| 130 static int NaClDescRngExternalize(struct NaClDesc *vself, | |
| 131 struct NaClDescXferState *xfer) { | |
| 132 return NaClDescExternalize(vself, xfer); | |
| 133 } | |
| 134 | |
| 135 static struct NaClDescVtbl const kNaClDescRngVtbl = { | |
| 136 { | |
| 137 NaClDescRngDtor, | |
| 138 }, | |
| 139 NaClDescMapNotImplemented, | |
| 140 NACL_DESC_UNMAP_NOT_IMPLEMENTED | |
| 141 NaClDescRngRead, | |
| 142 NaClDescRngWrite, | |
| 143 NaClDescSeekNotImplemented, | |
| 144 NaClDescPReadNotImplemented, | |
| 145 NaClDescPWriteNotImplemented, | |
| 146 NaClDescRngFstat, | |
| 147 NaClDescGetdentsNotImplemented, | |
| 148 NaClDescRngExternalizeSize, | |
| 149 NaClDescRngExternalize, | |
| 150 NaClDescLockNotImplemented, | |
| 151 NaClDescTryLockNotImplemented, | |
| 152 NaClDescUnlockNotImplemented, | |
| 153 NaClDescWaitNotImplemented, | |
| 154 NaClDescTimedWaitAbsNotImplemented, | |
| 155 NaClDescSignalNotImplemented, | |
| 156 NaClDescBroadcastNotImplemented, | |
| 157 NaClDescSendMsgNotImplemented, | |
| 158 NaClDescRecvMsgNotImplemented, | |
| 159 NaClDescLowLevelSendMsgNotImplemented, | |
| 160 NaClDescLowLevelRecvMsgNotImplemented, | |
| 161 NaClDescConnectAddrNotImplemented, | |
| 162 NaClDescAcceptConnNotImplemented, | |
| 163 NaClDescPostNotImplemented, | |
| 164 NaClDescSemWaitNotImplemented, | |
| 165 NaClDescGetValueNotImplemented, | |
| 166 NaClDescSetMetadata, | |
| 167 NaClDescGetMetadata, | |
| 168 NaClDescSetFlags, | |
| 169 NaClDescGetFlags, | |
| 170 NaClDescIsattyNotImplemented, | |
| 171 NACL_DESC_DEVICE_RNG, | |
| 172 }; | |
| 173 | |
| 174 int NaClDescRngInternalize(struct NaClDesc **out_desc, | |
| 175 struct NaClDescXferState *xfer, | |
| 176 struct NaClDescQuotaInterface *quota_interface) { | |
| 177 int rv; | |
| 178 struct NaClDescRng *rng = malloc(sizeof *rng); | |
| 179 | |
| 180 UNREFERENCED_PARAMETER(xfer); | |
| 181 UNREFERENCED_PARAMETER(quota_interface); | |
| 182 if (NULL == rng) { | |
| 183 rv = -NACL_ABI_ENOMEM; | |
| 184 goto cleanup; | |
| 185 } | |
| 186 if (!NaClDescInternalizeCtor((struct NaClDesc *) rng, xfer)) { | |
| 187 free(rng); | |
| 188 rng = NULL; | |
| 189 rv = -NACL_ABI_ENOMEM; | |
| 190 goto cleanup; | |
| 191 } | |
| 192 if (!NaClDescRngSubclassCtor(rng)) { | |
| 193 rv = -NACL_ABI_EIO; | |
| 194 goto cleanup; | |
| 195 } | |
| 196 *out_desc = (struct NaClDesc *) rng; | |
| 197 rv = 0; /* yay! */ | |
| 198 cleanup: | |
| 199 if (rv < 0) { | |
| 200 NaClDescSafeUnref((struct NaClDesc *) rng); | |
| 201 } | |
| 202 return rv; | |
| 203 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 550523002:
Remove the old "SecureRandom" service, formerly used by get_random_bytes() (Closed)
Base URL: svn://svn.chromium.org/native_client/trunk/src/native_client