18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * PRNG: Pseudo Random Number Generator 48c2ecf20Sopenharmony_ci * Based on NIST Recommended PRNG From ANSI X9.31 Appendix A.2.4 using 58c2ecf20Sopenharmony_ci * AES 128 cipher 68c2ecf20Sopenharmony_ci * 78c2ecf20Sopenharmony_ci * (C) Neil Horman <nhorman@tuxdriver.com> 88c2ecf20Sopenharmony_ci */ 98c2ecf20Sopenharmony_ci 108c2ecf20Sopenharmony_ci#include <crypto/internal/rng.h> 118c2ecf20Sopenharmony_ci#include <linux/err.h> 128c2ecf20Sopenharmony_ci#include <linux/init.h> 138c2ecf20Sopenharmony_ci#include <linux/module.h> 148c2ecf20Sopenharmony_ci#include <linux/moduleparam.h> 158c2ecf20Sopenharmony_ci#include <linux/string.h> 168c2ecf20Sopenharmony_ci 178c2ecf20Sopenharmony_ci#define DEFAULT_PRNG_KEY "0123456789abcdef" 188c2ecf20Sopenharmony_ci#define DEFAULT_PRNG_KSZ 16 198c2ecf20Sopenharmony_ci#define DEFAULT_BLK_SZ 16 208c2ecf20Sopenharmony_ci#define DEFAULT_V_SEED "zaybxcwdveuftgsh" 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_ci/* 238c2ecf20Sopenharmony_ci * Flags for the prng_context flags field 248c2ecf20Sopenharmony_ci */ 258c2ecf20Sopenharmony_ci 268c2ecf20Sopenharmony_ci#define PRNG_FIXED_SIZE 0x1 278c2ecf20Sopenharmony_ci#define PRNG_NEED_RESET 0x2 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_ci/* 308c2ecf20Sopenharmony_ci * Note: DT is our counter value 318c2ecf20Sopenharmony_ci * I is our intermediate value 328c2ecf20Sopenharmony_ci * V is our seed vector 338c2ecf20Sopenharmony_ci * See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf 348c2ecf20Sopenharmony_ci * for implementation details 358c2ecf20Sopenharmony_ci */ 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_ci 388c2ecf20Sopenharmony_cistruct prng_context { 398c2ecf20Sopenharmony_ci spinlock_t prng_lock; 408c2ecf20Sopenharmony_ci unsigned char rand_data[DEFAULT_BLK_SZ]; 418c2ecf20Sopenharmony_ci unsigned char last_rand_data[DEFAULT_BLK_SZ]; 428c2ecf20Sopenharmony_ci unsigned char DT[DEFAULT_BLK_SZ]; 438c2ecf20Sopenharmony_ci unsigned char I[DEFAULT_BLK_SZ]; 448c2ecf20Sopenharmony_ci unsigned char V[DEFAULT_BLK_SZ]; 458c2ecf20Sopenharmony_ci u32 rand_data_valid; 468c2ecf20Sopenharmony_ci struct crypto_cipher *tfm; 478c2ecf20Sopenharmony_ci u32 flags; 488c2ecf20Sopenharmony_ci}; 498c2ecf20Sopenharmony_ci 508c2ecf20Sopenharmony_cistatic int dbg; 518c2ecf20Sopenharmony_ci 528c2ecf20Sopenharmony_cistatic void hexdump(char *note, unsigned char *buf, unsigned int len) 538c2ecf20Sopenharmony_ci{ 548c2ecf20Sopenharmony_ci if (dbg) { 558c2ecf20Sopenharmony_ci printk(KERN_CRIT "%s", note); 568c2ecf20Sopenharmony_ci print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET, 578c2ecf20Sopenharmony_ci 16, 1, 588c2ecf20Sopenharmony_ci buf, len, false); 598c2ecf20Sopenharmony_ci } 608c2ecf20Sopenharmony_ci} 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ci#define dbgprint(format, args...) do {\ 638c2ecf20Sopenharmony_ciif (dbg)\ 648c2ecf20Sopenharmony_ci printk(format, ##args);\ 658c2ecf20Sopenharmony_ci} while (0) 668c2ecf20Sopenharmony_ci 678c2ecf20Sopenharmony_cistatic void xor_vectors(unsigned char *in1, unsigned char *in2, 688c2ecf20Sopenharmony_ci unsigned char *out, unsigned int size) 698c2ecf20Sopenharmony_ci{ 708c2ecf20Sopenharmony_ci int i; 718c2ecf20Sopenharmony_ci 728c2ecf20Sopenharmony_ci for (i = 0; i < size; i++) 738c2ecf20Sopenharmony_ci out[i] = in1[i] ^ in2[i]; 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci} 768c2ecf20Sopenharmony_ci/* 778c2ecf20Sopenharmony_ci * Returns DEFAULT_BLK_SZ bytes of random data per call 788c2ecf20Sopenharmony_ci * returns 0 if generation succeeded, <0 if something went wrong 798c2ecf20Sopenharmony_ci */ 808c2ecf20Sopenharmony_cistatic int _get_more_prng_bytes(struct prng_context *ctx, int cont_test) 818c2ecf20Sopenharmony_ci{ 828c2ecf20Sopenharmony_ci int i; 838c2ecf20Sopenharmony_ci unsigned char tmp[DEFAULT_BLK_SZ]; 848c2ecf20Sopenharmony_ci unsigned char *output = NULL; 858c2ecf20Sopenharmony_ci 868c2ecf20Sopenharmony_ci 878c2ecf20Sopenharmony_ci dbgprint(KERN_CRIT "Calling _get_more_prng_bytes for context %p\n", 888c2ecf20Sopenharmony_ci ctx); 898c2ecf20Sopenharmony_ci 908c2ecf20Sopenharmony_ci hexdump("Input DT: ", ctx->DT, DEFAULT_BLK_SZ); 918c2ecf20Sopenharmony_ci hexdump("Input I: ", ctx->I, DEFAULT_BLK_SZ); 928c2ecf20Sopenharmony_ci hexdump("Input V: ", ctx->V, DEFAULT_BLK_SZ); 938c2ecf20Sopenharmony_ci 948c2ecf20Sopenharmony_ci /* 958c2ecf20Sopenharmony_ci * This algorithm is a 3 stage state machine 968c2ecf20Sopenharmony_ci */ 978c2ecf20Sopenharmony_ci for (i = 0; i < 3; i++) { 988c2ecf20Sopenharmony_ci 998c2ecf20Sopenharmony_ci switch (i) { 1008c2ecf20Sopenharmony_ci case 0: 1018c2ecf20Sopenharmony_ci /* 1028c2ecf20Sopenharmony_ci * Start by encrypting the counter value 1038c2ecf20Sopenharmony_ci * This gives us an intermediate value I 1048c2ecf20Sopenharmony_ci */ 1058c2ecf20Sopenharmony_ci memcpy(tmp, ctx->DT, DEFAULT_BLK_SZ); 1068c2ecf20Sopenharmony_ci output = ctx->I; 1078c2ecf20Sopenharmony_ci hexdump("tmp stage 0: ", tmp, DEFAULT_BLK_SZ); 1088c2ecf20Sopenharmony_ci break; 1098c2ecf20Sopenharmony_ci case 1: 1108c2ecf20Sopenharmony_ci 1118c2ecf20Sopenharmony_ci /* 1128c2ecf20Sopenharmony_ci * Next xor I with our secret vector V 1138c2ecf20Sopenharmony_ci * encrypt that result to obtain our 1148c2ecf20Sopenharmony_ci * pseudo random data which we output 1158c2ecf20Sopenharmony_ci */ 1168c2ecf20Sopenharmony_ci xor_vectors(ctx->I, ctx->V, tmp, DEFAULT_BLK_SZ); 1178c2ecf20Sopenharmony_ci hexdump("tmp stage 1: ", tmp, DEFAULT_BLK_SZ); 1188c2ecf20Sopenharmony_ci output = ctx->rand_data; 1198c2ecf20Sopenharmony_ci break; 1208c2ecf20Sopenharmony_ci case 2: 1218c2ecf20Sopenharmony_ci /* 1228c2ecf20Sopenharmony_ci * First check that we didn't produce the same 1238c2ecf20Sopenharmony_ci * random data that we did last time around through this 1248c2ecf20Sopenharmony_ci */ 1258c2ecf20Sopenharmony_ci if (!memcmp(ctx->rand_data, ctx->last_rand_data, 1268c2ecf20Sopenharmony_ci DEFAULT_BLK_SZ)) { 1278c2ecf20Sopenharmony_ci if (cont_test) { 1288c2ecf20Sopenharmony_ci panic("cprng %p Failed repetition check!\n", 1298c2ecf20Sopenharmony_ci ctx); 1308c2ecf20Sopenharmony_ci } 1318c2ecf20Sopenharmony_ci 1328c2ecf20Sopenharmony_ci printk(KERN_ERR 1338c2ecf20Sopenharmony_ci "ctx %p Failed repetition check!\n", 1348c2ecf20Sopenharmony_ci ctx); 1358c2ecf20Sopenharmony_ci 1368c2ecf20Sopenharmony_ci ctx->flags |= PRNG_NEED_RESET; 1378c2ecf20Sopenharmony_ci return -EINVAL; 1388c2ecf20Sopenharmony_ci } 1398c2ecf20Sopenharmony_ci memcpy(ctx->last_rand_data, ctx->rand_data, 1408c2ecf20Sopenharmony_ci DEFAULT_BLK_SZ); 1418c2ecf20Sopenharmony_ci 1428c2ecf20Sopenharmony_ci /* 1438c2ecf20Sopenharmony_ci * Lastly xor the random data with I 1448c2ecf20Sopenharmony_ci * and encrypt that to obtain a new secret vector V 1458c2ecf20Sopenharmony_ci */ 1468c2ecf20Sopenharmony_ci xor_vectors(ctx->rand_data, ctx->I, tmp, 1478c2ecf20Sopenharmony_ci DEFAULT_BLK_SZ); 1488c2ecf20Sopenharmony_ci output = ctx->V; 1498c2ecf20Sopenharmony_ci hexdump("tmp stage 2: ", tmp, DEFAULT_BLK_SZ); 1508c2ecf20Sopenharmony_ci break; 1518c2ecf20Sopenharmony_ci } 1528c2ecf20Sopenharmony_ci 1538c2ecf20Sopenharmony_ci 1548c2ecf20Sopenharmony_ci /* do the encryption */ 1558c2ecf20Sopenharmony_ci crypto_cipher_encrypt_one(ctx->tfm, output, tmp); 1568c2ecf20Sopenharmony_ci 1578c2ecf20Sopenharmony_ci } 1588c2ecf20Sopenharmony_ci 1598c2ecf20Sopenharmony_ci /* 1608c2ecf20Sopenharmony_ci * Now update our DT value 1618c2ecf20Sopenharmony_ci */ 1628c2ecf20Sopenharmony_ci for (i = DEFAULT_BLK_SZ - 1; i >= 0; i--) { 1638c2ecf20Sopenharmony_ci ctx->DT[i] += 1; 1648c2ecf20Sopenharmony_ci if (ctx->DT[i] != 0) 1658c2ecf20Sopenharmony_ci break; 1668c2ecf20Sopenharmony_ci } 1678c2ecf20Sopenharmony_ci 1688c2ecf20Sopenharmony_ci dbgprint("Returning new block for context %p\n", ctx); 1698c2ecf20Sopenharmony_ci ctx->rand_data_valid = 0; 1708c2ecf20Sopenharmony_ci 1718c2ecf20Sopenharmony_ci hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ); 1728c2ecf20Sopenharmony_ci hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ); 1738c2ecf20Sopenharmony_ci hexdump("Output V: ", ctx->V, DEFAULT_BLK_SZ); 1748c2ecf20Sopenharmony_ci hexdump("New Random Data: ", ctx->rand_data, DEFAULT_BLK_SZ); 1758c2ecf20Sopenharmony_ci 1768c2ecf20Sopenharmony_ci return 0; 1778c2ecf20Sopenharmony_ci} 1788c2ecf20Sopenharmony_ci 1798c2ecf20Sopenharmony_ci/* Our exported functions */ 1808c2ecf20Sopenharmony_cistatic int get_prng_bytes(char *buf, size_t nbytes, struct prng_context *ctx, 1818c2ecf20Sopenharmony_ci int do_cont_test) 1828c2ecf20Sopenharmony_ci{ 1838c2ecf20Sopenharmony_ci unsigned char *ptr = buf; 1848c2ecf20Sopenharmony_ci unsigned int byte_count = (unsigned int)nbytes; 1858c2ecf20Sopenharmony_ci int err; 1868c2ecf20Sopenharmony_ci 1878c2ecf20Sopenharmony_ci 1888c2ecf20Sopenharmony_ci spin_lock_bh(&ctx->prng_lock); 1898c2ecf20Sopenharmony_ci 1908c2ecf20Sopenharmony_ci err = -EINVAL; 1918c2ecf20Sopenharmony_ci if (ctx->flags & PRNG_NEED_RESET) 1928c2ecf20Sopenharmony_ci goto done; 1938c2ecf20Sopenharmony_ci 1948c2ecf20Sopenharmony_ci /* 1958c2ecf20Sopenharmony_ci * If the FIXED_SIZE flag is on, only return whole blocks of 1968c2ecf20Sopenharmony_ci * pseudo random data 1978c2ecf20Sopenharmony_ci */ 1988c2ecf20Sopenharmony_ci err = -EINVAL; 1998c2ecf20Sopenharmony_ci if (ctx->flags & PRNG_FIXED_SIZE) { 2008c2ecf20Sopenharmony_ci if (nbytes < DEFAULT_BLK_SZ) 2018c2ecf20Sopenharmony_ci goto done; 2028c2ecf20Sopenharmony_ci byte_count = DEFAULT_BLK_SZ; 2038c2ecf20Sopenharmony_ci } 2048c2ecf20Sopenharmony_ci 2058c2ecf20Sopenharmony_ci /* 2068c2ecf20Sopenharmony_ci * Return 0 in case of success as mandated by the kernel 2078c2ecf20Sopenharmony_ci * crypto API interface definition. 2088c2ecf20Sopenharmony_ci */ 2098c2ecf20Sopenharmony_ci err = 0; 2108c2ecf20Sopenharmony_ci 2118c2ecf20Sopenharmony_ci dbgprint(KERN_CRIT "getting %d random bytes for context %p\n", 2128c2ecf20Sopenharmony_ci byte_count, ctx); 2138c2ecf20Sopenharmony_ci 2148c2ecf20Sopenharmony_ci 2158c2ecf20Sopenharmony_ciremainder: 2168c2ecf20Sopenharmony_ci if (ctx->rand_data_valid == DEFAULT_BLK_SZ) { 2178c2ecf20Sopenharmony_ci if (_get_more_prng_bytes(ctx, do_cont_test) < 0) { 2188c2ecf20Sopenharmony_ci memset(buf, 0, nbytes); 2198c2ecf20Sopenharmony_ci err = -EINVAL; 2208c2ecf20Sopenharmony_ci goto done; 2218c2ecf20Sopenharmony_ci } 2228c2ecf20Sopenharmony_ci } 2238c2ecf20Sopenharmony_ci 2248c2ecf20Sopenharmony_ci /* 2258c2ecf20Sopenharmony_ci * Copy any data less than an entire block 2268c2ecf20Sopenharmony_ci */ 2278c2ecf20Sopenharmony_ci if (byte_count < DEFAULT_BLK_SZ) { 2288c2ecf20Sopenharmony_ciempty_rbuf: 2298c2ecf20Sopenharmony_ci while (ctx->rand_data_valid < DEFAULT_BLK_SZ) { 2308c2ecf20Sopenharmony_ci *ptr = ctx->rand_data[ctx->rand_data_valid]; 2318c2ecf20Sopenharmony_ci ptr++; 2328c2ecf20Sopenharmony_ci byte_count--; 2338c2ecf20Sopenharmony_ci ctx->rand_data_valid++; 2348c2ecf20Sopenharmony_ci if (byte_count == 0) 2358c2ecf20Sopenharmony_ci goto done; 2368c2ecf20Sopenharmony_ci } 2378c2ecf20Sopenharmony_ci } 2388c2ecf20Sopenharmony_ci 2398c2ecf20Sopenharmony_ci /* 2408c2ecf20Sopenharmony_ci * Now copy whole blocks 2418c2ecf20Sopenharmony_ci */ 2428c2ecf20Sopenharmony_ci for (; byte_count >= DEFAULT_BLK_SZ; byte_count -= DEFAULT_BLK_SZ) { 2438c2ecf20Sopenharmony_ci if (ctx->rand_data_valid == DEFAULT_BLK_SZ) { 2448c2ecf20Sopenharmony_ci if (_get_more_prng_bytes(ctx, do_cont_test) < 0) { 2458c2ecf20Sopenharmony_ci memset(buf, 0, nbytes); 2468c2ecf20Sopenharmony_ci err = -EINVAL; 2478c2ecf20Sopenharmony_ci goto done; 2488c2ecf20Sopenharmony_ci } 2498c2ecf20Sopenharmony_ci } 2508c2ecf20Sopenharmony_ci if (ctx->rand_data_valid > 0) 2518c2ecf20Sopenharmony_ci goto empty_rbuf; 2528c2ecf20Sopenharmony_ci memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ); 2538c2ecf20Sopenharmony_ci ctx->rand_data_valid += DEFAULT_BLK_SZ; 2548c2ecf20Sopenharmony_ci ptr += DEFAULT_BLK_SZ; 2558c2ecf20Sopenharmony_ci } 2568c2ecf20Sopenharmony_ci 2578c2ecf20Sopenharmony_ci /* 2588c2ecf20Sopenharmony_ci * Now go back and get any remaining partial block 2598c2ecf20Sopenharmony_ci */ 2608c2ecf20Sopenharmony_ci if (byte_count) 2618c2ecf20Sopenharmony_ci goto remainder; 2628c2ecf20Sopenharmony_ci 2638c2ecf20Sopenharmony_cidone: 2648c2ecf20Sopenharmony_ci spin_unlock_bh(&ctx->prng_lock); 2658c2ecf20Sopenharmony_ci dbgprint(KERN_CRIT "returning %d from get_prng_bytes in context %p\n", 2668c2ecf20Sopenharmony_ci err, ctx); 2678c2ecf20Sopenharmony_ci return err; 2688c2ecf20Sopenharmony_ci} 2698c2ecf20Sopenharmony_ci 2708c2ecf20Sopenharmony_cistatic void free_prng_context(struct prng_context *ctx) 2718c2ecf20Sopenharmony_ci{ 2728c2ecf20Sopenharmony_ci crypto_free_cipher(ctx->tfm); 2738c2ecf20Sopenharmony_ci} 2748c2ecf20Sopenharmony_ci 2758c2ecf20Sopenharmony_cistatic int reset_prng_context(struct prng_context *ctx, 2768c2ecf20Sopenharmony_ci const unsigned char *key, size_t klen, 2778c2ecf20Sopenharmony_ci const unsigned char *V, const unsigned char *DT) 2788c2ecf20Sopenharmony_ci{ 2798c2ecf20Sopenharmony_ci int ret; 2808c2ecf20Sopenharmony_ci const unsigned char *prng_key; 2818c2ecf20Sopenharmony_ci 2828c2ecf20Sopenharmony_ci spin_lock_bh(&ctx->prng_lock); 2838c2ecf20Sopenharmony_ci ctx->flags |= PRNG_NEED_RESET; 2848c2ecf20Sopenharmony_ci 2858c2ecf20Sopenharmony_ci prng_key = (key != NULL) ? key : (unsigned char *)DEFAULT_PRNG_KEY; 2868c2ecf20Sopenharmony_ci 2878c2ecf20Sopenharmony_ci if (!key) 2888c2ecf20Sopenharmony_ci klen = DEFAULT_PRNG_KSZ; 2898c2ecf20Sopenharmony_ci 2908c2ecf20Sopenharmony_ci if (V) 2918c2ecf20Sopenharmony_ci memcpy(ctx->V, V, DEFAULT_BLK_SZ); 2928c2ecf20Sopenharmony_ci else 2938c2ecf20Sopenharmony_ci memcpy(ctx->V, DEFAULT_V_SEED, DEFAULT_BLK_SZ); 2948c2ecf20Sopenharmony_ci 2958c2ecf20Sopenharmony_ci if (DT) 2968c2ecf20Sopenharmony_ci memcpy(ctx->DT, DT, DEFAULT_BLK_SZ); 2978c2ecf20Sopenharmony_ci else 2988c2ecf20Sopenharmony_ci memset(ctx->DT, 0, DEFAULT_BLK_SZ); 2998c2ecf20Sopenharmony_ci 3008c2ecf20Sopenharmony_ci memset(ctx->rand_data, 0, DEFAULT_BLK_SZ); 3018c2ecf20Sopenharmony_ci memset(ctx->last_rand_data, 0, DEFAULT_BLK_SZ); 3028c2ecf20Sopenharmony_ci 3038c2ecf20Sopenharmony_ci ctx->rand_data_valid = DEFAULT_BLK_SZ; 3048c2ecf20Sopenharmony_ci 3058c2ecf20Sopenharmony_ci ret = crypto_cipher_setkey(ctx->tfm, prng_key, klen); 3068c2ecf20Sopenharmony_ci if (ret) { 3078c2ecf20Sopenharmony_ci dbgprint(KERN_CRIT "PRNG: setkey() failed flags=%x\n", 3088c2ecf20Sopenharmony_ci crypto_cipher_get_flags(ctx->tfm)); 3098c2ecf20Sopenharmony_ci goto out; 3108c2ecf20Sopenharmony_ci } 3118c2ecf20Sopenharmony_ci 3128c2ecf20Sopenharmony_ci ret = 0; 3138c2ecf20Sopenharmony_ci ctx->flags &= ~PRNG_NEED_RESET; 3148c2ecf20Sopenharmony_ciout: 3158c2ecf20Sopenharmony_ci spin_unlock_bh(&ctx->prng_lock); 3168c2ecf20Sopenharmony_ci return ret; 3178c2ecf20Sopenharmony_ci} 3188c2ecf20Sopenharmony_ci 3198c2ecf20Sopenharmony_cistatic int cprng_init(struct crypto_tfm *tfm) 3208c2ecf20Sopenharmony_ci{ 3218c2ecf20Sopenharmony_ci struct prng_context *ctx = crypto_tfm_ctx(tfm); 3228c2ecf20Sopenharmony_ci 3238c2ecf20Sopenharmony_ci spin_lock_init(&ctx->prng_lock); 3248c2ecf20Sopenharmony_ci ctx->tfm = crypto_alloc_cipher("aes", 0, 0); 3258c2ecf20Sopenharmony_ci if (IS_ERR(ctx->tfm)) { 3268c2ecf20Sopenharmony_ci dbgprint(KERN_CRIT "Failed to alloc tfm for context %p\n", 3278c2ecf20Sopenharmony_ci ctx); 3288c2ecf20Sopenharmony_ci return PTR_ERR(ctx->tfm); 3298c2ecf20Sopenharmony_ci } 3308c2ecf20Sopenharmony_ci 3318c2ecf20Sopenharmony_ci if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0) 3328c2ecf20Sopenharmony_ci return -EINVAL; 3338c2ecf20Sopenharmony_ci 3348c2ecf20Sopenharmony_ci /* 3358c2ecf20Sopenharmony_ci * after allocation, we should always force the user to reset 3368c2ecf20Sopenharmony_ci * so they don't inadvertently use the insecure default values 3378c2ecf20Sopenharmony_ci * without specifying them intentially 3388c2ecf20Sopenharmony_ci */ 3398c2ecf20Sopenharmony_ci ctx->flags |= PRNG_NEED_RESET; 3408c2ecf20Sopenharmony_ci return 0; 3418c2ecf20Sopenharmony_ci} 3428c2ecf20Sopenharmony_ci 3438c2ecf20Sopenharmony_cistatic void cprng_exit(struct crypto_tfm *tfm) 3448c2ecf20Sopenharmony_ci{ 3458c2ecf20Sopenharmony_ci free_prng_context(crypto_tfm_ctx(tfm)); 3468c2ecf20Sopenharmony_ci} 3478c2ecf20Sopenharmony_ci 3488c2ecf20Sopenharmony_cistatic int cprng_get_random(struct crypto_rng *tfm, 3498c2ecf20Sopenharmony_ci const u8 *src, unsigned int slen, 3508c2ecf20Sopenharmony_ci u8 *rdata, unsigned int dlen) 3518c2ecf20Sopenharmony_ci{ 3528c2ecf20Sopenharmony_ci struct prng_context *prng = crypto_rng_ctx(tfm); 3538c2ecf20Sopenharmony_ci 3548c2ecf20Sopenharmony_ci return get_prng_bytes(rdata, dlen, prng, 0); 3558c2ecf20Sopenharmony_ci} 3568c2ecf20Sopenharmony_ci 3578c2ecf20Sopenharmony_ci/* 3588c2ecf20Sopenharmony_ci * This is the cprng_registered reset method the seed value is 3598c2ecf20Sopenharmony_ci * interpreted as the tuple { V KEY DT} 3608c2ecf20Sopenharmony_ci * V and KEY are required during reset, and DT is optional, detected 3618c2ecf20Sopenharmony_ci * as being present by testing the length of the seed 3628c2ecf20Sopenharmony_ci */ 3638c2ecf20Sopenharmony_cistatic int cprng_reset(struct crypto_rng *tfm, 3648c2ecf20Sopenharmony_ci const u8 *seed, unsigned int slen) 3658c2ecf20Sopenharmony_ci{ 3668c2ecf20Sopenharmony_ci struct prng_context *prng = crypto_rng_ctx(tfm); 3678c2ecf20Sopenharmony_ci const u8 *key = seed + DEFAULT_BLK_SZ; 3688c2ecf20Sopenharmony_ci const u8 *dt = NULL; 3698c2ecf20Sopenharmony_ci 3708c2ecf20Sopenharmony_ci if (slen < DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ) 3718c2ecf20Sopenharmony_ci return -EINVAL; 3728c2ecf20Sopenharmony_ci 3738c2ecf20Sopenharmony_ci if (slen >= (2 * DEFAULT_BLK_SZ + DEFAULT_PRNG_KSZ)) 3748c2ecf20Sopenharmony_ci dt = key + DEFAULT_PRNG_KSZ; 3758c2ecf20Sopenharmony_ci 3768c2ecf20Sopenharmony_ci reset_prng_context(prng, key, DEFAULT_PRNG_KSZ, seed, dt); 3778c2ecf20Sopenharmony_ci 3788c2ecf20Sopenharmony_ci if (prng->flags & PRNG_NEED_RESET) 3798c2ecf20Sopenharmony_ci return -EINVAL; 3808c2ecf20Sopenharmony_ci return 0; 3818c2ecf20Sopenharmony_ci} 3828c2ecf20Sopenharmony_ci 3838c2ecf20Sopenharmony_ci#ifdef CONFIG_CRYPTO_FIPS 3848c2ecf20Sopenharmony_cistatic int fips_cprng_get_random(struct crypto_rng *tfm, 3858c2ecf20Sopenharmony_ci const u8 *src, unsigned int slen, 3868c2ecf20Sopenharmony_ci u8 *rdata, unsigned int dlen) 3878c2ecf20Sopenharmony_ci{ 3888c2ecf20Sopenharmony_ci struct prng_context *prng = crypto_rng_ctx(tfm); 3898c2ecf20Sopenharmony_ci 3908c2ecf20Sopenharmony_ci return get_prng_bytes(rdata, dlen, prng, 1); 3918c2ecf20Sopenharmony_ci} 3928c2ecf20Sopenharmony_ci 3938c2ecf20Sopenharmony_cistatic int fips_cprng_reset(struct crypto_rng *tfm, 3948c2ecf20Sopenharmony_ci const u8 *seed, unsigned int slen) 3958c2ecf20Sopenharmony_ci{ 3968c2ecf20Sopenharmony_ci u8 rdata[DEFAULT_BLK_SZ]; 3978c2ecf20Sopenharmony_ci const u8 *key = seed + DEFAULT_BLK_SZ; 3988c2ecf20Sopenharmony_ci int rc; 3998c2ecf20Sopenharmony_ci 4008c2ecf20Sopenharmony_ci struct prng_context *prng = crypto_rng_ctx(tfm); 4018c2ecf20Sopenharmony_ci 4028c2ecf20Sopenharmony_ci if (slen < DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ) 4038c2ecf20Sopenharmony_ci return -EINVAL; 4048c2ecf20Sopenharmony_ci 4058c2ecf20Sopenharmony_ci /* fips strictly requires seed != key */ 4068c2ecf20Sopenharmony_ci if (!memcmp(seed, key, DEFAULT_PRNG_KSZ)) 4078c2ecf20Sopenharmony_ci return -EINVAL; 4088c2ecf20Sopenharmony_ci 4098c2ecf20Sopenharmony_ci rc = cprng_reset(tfm, seed, slen); 4108c2ecf20Sopenharmony_ci 4118c2ecf20Sopenharmony_ci if (!rc) 4128c2ecf20Sopenharmony_ci goto out; 4138c2ecf20Sopenharmony_ci 4148c2ecf20Sopenharmony_ci /* this primes our continuity test */ 4158c2ecf20Sopenharmony_ci rc = get_prng_bytes(rdata, DEFAULT_BLK_SZ, prng, 0); 4168c2ecf20Sopenharmony_ci prng->rand_data_valid = DEFAULT_BLK_SZ; 4178c2ecf20Sopenharmony_ci 4188c2ecf20Sopenharmony_ciout: 4198c2ecf20Sopenharmony_ci return rc; 4208c2ecf20Sopenharmony_ci} 4218c2ecf20Sopenharmony_ci#endif 4228c2ecf20Sopenharmony_ci 4238c2ecf20Sopenharmony_cistatic struct rng_alg rng_algs[] = { { 4248c2ecf20Sopenharmony_ci .generate = cprng_get_random, 4258c2ecf20Sopenharmony_ci .seed = cprng_reset, 4268c2ecf20Sopenharmony_ci .seedsize = DEFAULT_PRNG_KSZ + 2 * DEFAULT_BLK_SZ, 4278c2ecf20Sopenharmony_ci .base = { 4288c2ecf20Sopenharmony_ci .cra_name = "stdrng", 4298c2ecf20Sopenharmony_ci .cra_driver_name = "ansi_cprng", 4308c2ecf20Sopenharmony_ci .cra_priority = 100, 4318c2ecf20Sopenharmony_ci .cra_ctxsize = sizeof(struct prng_context), 4328c2ecf20Sopenharmony_ci .cra_module = THIS_MODULE, 4338c2ecf20Sopenharmony_ci .cra_init = cprng_init, 4348c2ecf20Sopenharmony_ci .cra_exit = cprng_exit, 4358c2ecf20Sopenharmony_ci } 4368c2ecf20Sopenharmony_ci#ifdef CONFIG_CRYPTO_FIPS 4378c2ecf20Sopenharmony_ci}, { 4388c2ecf20Sopenharmony_ci .generate = fips_cprng_get_random, 4398c2ecf20Sopenharmony_ci .seed = fips_cprng_reset, 4408c2ecf20Sopenharmony_ci .seedsize = DEFAULT_PRNG_KSZ + 2 * DEFAULT_BLK_SZ, 4418c2ecf20Sopenharmony_ci .base = { 4428c2ecf20Sopenharmony_ci .cra_name = "fips(ansi_cprng)", 4438c2ecf20Sopenharmony_ci .cra_driver_name = "fips_ansi_cprng", 4448c2ecf20Sopenharmony_ci .cra_priority = 300, 4458c2ecf20Sopenharmony_ci .cra_ctxsize = sizeof(struct prng_context), 4468c2ecf20Sopenharmony_ci .cra_module = THIS_MODULE, 4478c2ecf20Sopenharmony_ci .cra_init = cprng_init, 4488c2ecf20Sopenharmony_ci .cra_exit = cprng_exit, 4498c2ecf20Sopenharmony_ci } 4508c2ecf20Sopenharmony_ci#endif 4518c2ecf20Sopenharmony_ci} }; 4528c2ecf20Sopenharmony_ci 4538c2ecf20Sopenharmony_ci/* Module initalization */ 4548c2ecf20Sopenharmony_cistatic int __init prng_mod_init(void) 4558c2ecf20Sopenharmony_ci{ 4568c2ecf20Sopenharmony_ci return crypto_register_rngs(rng_algs, ARRAY_SIZE(rng_algs)); 4578c2ecf20Sopenharmony_ci} 4588c2ecf20Sopenharmony_ci 4598c2ecf20Sopenharmony_cistatic void __exit prng_mod_fini(void) 4608c2ecf20Sopenharmony_ci{ 4618c2ecf20Sopenharmony_ci crypto_unregister_rngs(rng_algs, ARRAY_SIZE(rng_algs)); 4628c2ecf20Sopenharmony_ci} 4638c2ecf20Sopenharmony_ci 4648c2ecf20Sopenharmony_ciMODULE_LICENSE("GPL"); 4658c2ecf20Sopenharmony_ciMODULE_DESCRIPTION("Software Pseudo Random Number Generator"); 4668c2ecf20Sopenharmony_ciMODULE_AUTHOR("Neil Horman <nhorman@tuxdriver.com>"); 4678c2ecf20Sopenharmony_cimodule_param(dbg, int, 0); 4688c2ecf20Sopenharmony_ciMODULE_PARM_DESC(dbg, "Boolean to enable debugging (0/1 == off/on)"); 4698c2ecf20Sopenharmony_cisubsys_initcall(prng_mod_init); 4708c2ecf20Sopenharmony_cimodule_exit(prng_mod_fini); 4718c2ecf20Sopenharmony_ciMODULE_ALIAS_CRYPTO("stdrng"); 4728c2ecf20Sopenharmony_ciMODULE_ALIAS_CRYPTO("ansi_cprng"); 473