5 * Mark Crichton (crichton@gimp.org)
6 * Patrik Torstensson (p@rxc.se)
7 * Sebastien Pouliot (sebastien@ximian.com)
8 * Ludovic Henry (ludovic.henry@xamarin.com)
10 * Copyright 2001-2003 Ximian, Inc (http://www.ximian.com)
11 * Copyright 2004-2009 Novell, Inc (http://www.novell.com)
12 * Copyright 2001 Xamarin, Inc (http://www.novell.com)
20 #include "mono-rand.h"
21 #include "mono-threads.h"
22 #include "metadata/exception.h"
23 #include "metadata/object.h"
30 #ifndef PROV_INTEL_SEC
31 #define PROV_INTEL_SEC 22
33 #ifndef CRYPT_VERIFY_CONTEXT
34 #define CRYPT_VERIFY_CONTEXT 0xF0000000
40 /* FALSE == Local (instance) handle for randomness */
45 mono_rand_init (guchar *seed, gint seed_size)
47 HCRYPTPROV provider = 0;
49 /* There is no need to create a container for just random data,
50 * so we can use CRYPT_VERIFY_CONTEXT (one call) see:
51 * http://blogs.msdn.com/dangriff/archive/2003/11/19/51709.aspx */
53 /* We first try to use the Intel PIII RNG if drivers are present */
54 if (!CryptAcquireContext (&provider, NULL, NULL, PROV_INTEL_SEC, CRYPT_VERIFY_CONTEXT)) {
55 /* not a PIII or no drivers available, use default RSA CSP */
56 if (!CryptAcquireContext (&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFY_CONTEXT)) {
57 /* exception will be thrown in managed code */
62 /* seed the CSP with the supplied buffer (if present) */
63 if (provider != 0 && seed) {
64 /* the call we replace the seed with random - this isn't what is
65 * expected from the class library user */
66 guchar *data = g_malloc (seed_size);
68 memcpy (data, seed, seed_size);
69 /* add seeding material to the RNG */
70 CryptGenRandom (provider, seed_size, data);
71 /* zeroize and free */
72 memset (data, 0, seed_size);
77 return (gpointer) provider;
81 mono_rand_try_get_bytes (gpointer *handle, guchar *buffer, gint buffer_size)
86 provider = (HCRYPTPROV) *handle;
88 if (!CryptGenRandom (provider, buffer_size, buffer)) {
89 CryptReleaseContext (provider, 0);
90 /* we may have lost our context with CryptoAPI, but all hope isn't lost yet! */
91 provider = (HCRYPTPROV) mono_rand_init (NULL, 0);
92 if (!CryptGenRandom (provider, buffer_size, buffer)) {
93 /* exception will be thrown in managed code */
94 CryptReleaseContext (provider, 0);
103 mono_rand_close (gpointer handle)
105 CryptReleaseContext ((HCRYPTPROV) handle, 0);
108 #elif defined (HAVE_SYS_UN_H) && !defined(__native_client__)
113 #include <sys/socket.h>
114 #include <sys/types.h>
117 #ifndef NAME_DEV_URANDOM
118 #define NAME_DEV_URANDOM "/dev/urandom"
121 static gboolean use_egd = FALSE;
122 static gint file = -1;
125 get_entropy_from_egd (const char *path, guchar *buffer, int buffer_size)
127 struct sockaddr_un egd_addr;
132 file = socket (PF_UNIX, SOCK_STREAM, 0);
136 egd_addr.sun_family = AF_UNIX;
137 strncpy (egd_addr.sun_path, path, sizeof (egd_addr.sun_path) - 1);
138 egd_addr.sun_path [sizeof (egd_addr.sun_path) - 1] = '\0';
139 ret = connect (file, (struct sockaddr*) &egd_addr, sizeof (egd_addr));
144 g_warning ("Entropy problem! Can't create or connect to egd socket %s", path);
145 mono_raise_exception (mono_get_exception_execution_engine ("Failed to open egd socket"));
148 while (buffer_size > 0) {
152 /* block until daemon can return enough entropy */
154 request [1] = buffer_size < 255 ? buffer_size : 255;
156 int sent = write (file, request + count, 2 - count);
159 } else if (errno == EINTR) {
163 g_warning ("Send egd request failed %d", errno);
164 mono_raise_exception (mono_get_exception_execution_engine ("Failed to send request to egd socket"));
169 while (count != request [1]) {
171 received = read (file, buffer + offset, request [1] - count);
175 } else if (received < 0 && errno == EINTR) {
179 g_warning ("Receive egd request failed %d", errno);
180 mono_raise_exception (mono_get_exception_execution_engine ("Failed to get response from egd socket"));
184 buffer_size -= request [1];
191 mono_rand_open (void)
193 static gint32 status = 0;
194 if (status != 0 || InterlockedCompareExchange (&status, 1, 0) != 0) {
196 mono_thread_info_yield ();
200 #ifdef NAME_DEV_URANDOM
201 file = open (NAME_DEV_URANDOM, O_RDONLY);
203 #ifdef NAME_DEV_RANDOM
205 file = open (NAME_DEV_RANDOM, O_RDONLY);
208 use_egd = g_getenv("MONO_EGD_SOCKET") != NULL;
216 mono_rand_init (guchar *seed, gint seed_size)
218 /* if required exception will be thrown in managed code */
219 return (!use_egd && file < 0) ? NULL : GINT_TO_POINTER (file);
223 mono_rand_try_get_bytes (gpointer *handle, guchar *buffer, gint buffer_size)
228 const char *socket_path = g_getenv ("MONO_EGD_SOCKET");
229 /* exception will be thrown in managed code */
230 if (socket_path == NULL) {
234 get_entropy_from_egd (socket_path, buffer, buffer_size);
236 /* Read until the buffer is filled. This may block if using NAME_DEV_RANDOM. */
241 err = read (file, buffer + count, buffer_size - count);
245 g_warning("Entropy error! Error in read (%s).", strerror (errno));
246 /* exception will be thrown in managed code */
250 } while (count < buffer_size);
256 mono_rand_close (gpointer provider)
266 mono_rand_open (void)
268 static gint32 status = 0;
269 if (status != 0 || InterlockedCompareExchange (&status, 1, 0) != 0) {
271 mono_thread_info_yield ();
283 mono_rand_init (guchar *seed, gint seed_size)
289 mono_rand_try_get_bytes (gpointer *handle, guchar *buffer, gint buffer_size)
294 if (buffer_size - count >= sizeof (gint32) && RAND_MAX >= 0xFFFFFFFF) {
295 *(gint32*) buffer = rand();
296 count += sizeof (gint32);
297 buffer += sizeof (gint32) / sizeof (guchar);
298 } else if (buffer_size - count >= sizeof (gint16) && RAND_MAX >= 0xFFFF) {
299 *(gint16*) buffer = rand();
300 count += sizeof (gint16);
301 buffer += sizeof (gint16) / sizeof (guchar);
302 } else if (buffer_size - count >= sizeof (gint8) && RAND_MAX >= 0xFF) {
303 *(gint8*) buffer = rand();
304 count += sizeof (gint8);
305 buffer += sizeof (gint8) / sizeof (guchar);
307 } while (count < buffer_size);
313 mono_rand_close (gpointer provider)
320 mono_rand_try_get_uint32 (gpointer *handle, guint32 *val, guint32 min, guint32 max)
323 if (!mono_rand_try_get_bytes (handle, (guchar*) val, sizeof (guint32)))
326 *val = (guint32) (((gdouble) *val) / G_MAXUINT32 * (max - min) + min);
327 g_assert (*val >= min);
328 g_assert (*val <= max);