2015-02-13 13:20:23 +01:00
|
|
|
/**
|
|
|
|
* \brief Add random support for CGD
|
|
|
|
* \author Sebastian Sumpf
|
2017-02-08 13:54:47 +01:00
|
|
|
* \author Josef Soentgen
|
2015-02-13 13:20:23 +01:00
|
|
|
* \date 2015-02-13
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2017-02-08 13:54:47 +01:00
|
|
|
* Copyright (C) 2015-2017 Genode Labs GmbH
|
2015-02-13 13:20:23 +01:00
|
|
|
*
|
|
|
|
* This file is part of the Genode OS framework, which is distributed
|
2017-02-20 13:23:52 +01:00
|
|
|
* under the terms of the GNU Affero General Public License version 3.
|
2015-02-13 13:20:23 +01:00
|
|
|
*/
|
|
|
|
|
2017-02-08 13:54:47 +01:00
|
|
|
/* Genode includes */
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
#include <base/log.h>
|
2017-02-08 13:54:47 +01:00
|
|
|
|
|
|
|
/* local rump includes */
|
|
|
|
#include <rump/env.h>
|
2015-02-13 13:20:23 +01:00
|
|
|
#include <util/random.h>
|
|
|
|
|
2017-02-08 13:54:47 +01:00
|
|
|
/* library includes */
|
|
|
|
#include <jitterentropy.h>
|
2015-02-13 13:20:23 +01:00
|
|
|
|
|
|
|
typedef Genode::size_t size_t;
|
|
|
|
|
|
|
|
|
|
|
|
/***********************************
|
|
|
|
** Jitter entropy for randomness **
|
|
|
|
***********************************/
|
|
|
|
|
|
|
|
struct Entropy
|
|
|
|
{
|
2017-02-08 13:54:47 +01:00
|
|
|
struct rand_data *ec_stir;
|
2015-02-13 13:20:23 +01:00
|
|
|
|
2017-02-08 13:54:47 +01:00
|
|
|
struct Initialization_failed : Genode::Exception { };
|
2015-02-13 13:20:23 +01:00
|
|
|
|
2017-02-08 13:54:47 +01:00
|
|
|
Entropy(Genode::Allocator &alloc)
|
2015-02-13 13:20:23 +01:00
|
|
|
{
|
2017-02-08 13:54:47 +01:00
|
|
|
jitterentropy_init(alloc);
|
|
|
|
|
|
|
|
int err = jent_entropy_init();
|
|
|
|
if (err) {
|
|
|
|
Genode::error("could not initialize jitterentropy library");
|
|
|
|
throw Initialization_failed();
|
|
|
|
}
|
|
|
|
|
|
|
|
ec_stir = jent_entropy_collector_alloc(0, 0);
|
|
|
|
if (ec_stir == nullptr) {
|
|
|
|
Genode::error("could not initialize jitterentropy library");
|
|
|
|
throw Initialization_failed();
|
|
|
|
}
|
2015-02-13 13:20:23 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
size_t read(char *buf, size_t len)
|
|
|
|
{
|
|
|
|
int err;
|
2017-02-08 13:54:47 +01:00
|
|
|
if ((err = jent_read_entropy(ec_stir, buf, len) < 0)) {
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
Genode::error("failed to read entropy: ", err);
|
2015-02-13 13:20:23 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2017-02-08 13:54:47 +01:00
|
|
|
static Genode::Constructible<Entropy> _entropy;
|
|
|
|
static bool _init_failed;
|
|
|
|
|
|
|
|
|
2017-01-18 15:43:38 +01:00
|
|
|
int rumpuser_getrandom_backend(void *buf, size_t buflen, int flags, Genode::size_t *retp)
|
2015-02-13 13:20:23 +01:00
|
|
|
{
|
2017-02-08 13:54:47 +01:00
|
|
|
if (!_entropy.constructed()) {
|
|
|
|
if (_init_failed) {
|
|
|
|
*retp = 0;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
try { _entropy.construct(Rump::env().heap()); }
|
|
|
|
catch (Entropy::Initialization_failed) {
|
|
|
|
_init_failed = true;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
*retp = _entropy->read((char *)buf, buflen);
|
2015-02-13 13:20:23 +01:00
|
|
|
return 0;
|
|
|
|
}
|