162306a36Sopenharmony_ci/* 262306a36Sopenharmony_ci * algif_rng: User-space interface for random number generators 362306a36Sopenharmony_ci * 462306a36Sopenharmony_ci * This file provides the user-space API for random number generators. 562306a36Sopenharmony_ci * 662306a36Sopenharmony_ci * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de> 762306a36Sopenharmony_ci * 862306a36Sopenharmony_ci * Redistribution and use in source and binary forms, with or without 962306a36Sopenharmony_ci * modification, are permitted provided that the following conditions 1062306a36Sopenharmony_ci * are met: 1162306a36Sopenharmony_ci * 1. Redistributions of source code must retain the above copyright 1262306a36Sopenharmony_ci * notice, and the entire permission notice in its entirety, 1362306a36Sopenharmony_ci * including the disclaimer of warranties. 1462306a36Sopenharmony_ci * 2. Redistributions in binary form must reproduce the above copyright 1562306a36Sopenharmony_ci * notice, this list of conditions and the following disclaimer in the 1662306a36Sopenharmony_ci * documentation and/or other materials provided with the distribution. 1762306a36Sopenharmony_ci * 3. The name of the author may not be used to endorse or promote 1862306a36Sopenharmony_ci * products derived from this software without specific prior 1962306a36Sopenharmony_ci * written permission. 2062306a36Sopenharmony_ci * 2162306a36Sopenharmony_ci * ALTERNATIVELY, this product may be distributed under the terms of 2262306a36Sopenharmony_ci * the GNU General Public License, in which case the provisions of the GPL2 2362306a36Sopenharmony_ci * are required INSTEAD OF the above restrictions. (This clause is 2462306a36Sopenharmony_ci * necessary due to a potential bad interaction between the GPL and 2562306a36Sopenharmony_ci * the restrictions contained in a BSD-style copyright.) 2662306a36Sopenharmony_ci * 2762306a36Sopenharmony_ci * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 2862306a36Sopenharmony_ci * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 2962306a36Sopenharmony_ci * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF 3062306a36Sopenharmony_ci * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE 3162306a36Sopenharmony_ci * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 3262306a36Sopenharmony_ci * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 3362306a36Sopenharmony_ci * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 3462306a36Sopenharmony_ci * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 3562306a36Sopenharmony_ci * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 3662306a36Sopenharmony_ci * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 3762306a36Sopenharmony_ci * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH 3862306a36Sopenharmony_ci * DAMAGE. 3962306a36Sopenharmony_ci */ 4062306a36Sopenharmony_ci 4162306a36Sopenharmony_ci#include <linux/capability.h> 4262306a36Sopenharmony_ci#include <linux/module.h> 4362306a36Sopenharmony_ci#include <crypto/rng.h> 4462306a36Sopenharmony_ci#include <linux/random.h> 4562306a36Sopenharmony_ci#include <crypto/if_alg.h> 4662306a36Sopenharmony_ci#include <linux/net.h> 4762306a36Sopenharmony_ci#include <net/sock.h> 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_ciMODULE_LICENSE("GPL"); 5062306a36Sopenharmony_ciMODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>"); 5162306a36Sopenharmony_ciMODULE_DESCRIPTION("User-space interface for random number generators"); 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_cistruct rng_ctx { 5462306a36Sopenharmony_ci#define MAXSIZE 128 5562306a36Sopenharmony_ci unsigned int len; 5662306a36Sopenharmony_ci struct crypto_rng *drng; 5762306a36Sopenharmony_ci u8 *addtl; 5862306a36Sopenharmony_ci size_t addtl_len; 5962306a36Sopenharmony_ci}; 6062306a36Sopenharmony_ci 6162306a36Sopenharmony_cistruct rng_parent_ctx { 6262306a36Sopenharmony_ci struct crypto_rng *drng; 6362306a36Sopenharmony_ci u8 *entropy; 6462306a36Sopenharmony_ci}; 6562306a36Sopenharmony_ci 6662306a36Sopenharmony_cistatic void rng_reset_addtl(struct rng_ctx *ctx) 6762306a36Sopenharmony_ci{ 6862306a36Sopenharmony_ci kfree_sensitive(ctx->addtl); 6962306a36Sopenharmony_ci ctx->addtl = NULL; 7062306a36Sopenharmony_ci ctx->addtl_len = 0; 7162306a36Sopenharmony_ci} 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_cistatic int _rng_recvmsg(struct crypto_rng *drng, struct msghdr *msg, size_t len, 7462306a36Sopenharmony_ci u8 *addtl, size_t addtl_len) 7562306a36Sopenharmony_ci{ 7662306a36Sopenharmony_ci int err = 0; 7762306a36Sopenharmony_ci int genlen = 0; 7862306a36Sopenharmony_ci u8 result[MAXSIZE]; 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_ci if (len == 0) 8162306a36Sopenharmony_ci return 0; 8262306a36Sopenharmony_ci if (len > MAXSIZE) 8362306a36Sopenharmony_ci len = MAXSIZE; 8462306a36Sopenharmony_ci 8562306a36Sopenharmony_ci /* 8662306a36Sopenharmony_ci * although not strictly needed, this is a precaution against coding 8762306a36Sopenharmony_ci * errors 8862306a36Sopenharmony_ci */ 8962306a36Sopenharmony_ci memset(result, 0, len); 9062306a36Sopenharmony_ci 9162306a36Sopenharmony_ci /* 9262306a36Sopenharmony_ci * The enforcement of a proper seeding of an RNG is done within an 9362306a36Sopenharmony_ci * RNG implementation. Some RNGs (DRBG, krng) do not need specific 9462306a36Sopenharmony_ci * seeding as they automatically seed. The X9.31 DRNG will return 9562306a36Sopenharmony_ci * an error if it was not seeded properly. 9662306a36Sopenharmony_ci */ 9762306a36Sopenharmony_ci genlen = crypto_rng_generate(drng, addtl, addtl_len, result, len); 9862306a36Sopenharmony_ci if (genlen < 0) 9962306a36Sopenharmony_ci return genlen; 10062306a36Sopenharmony_ci 10162306a36Sopenharmony_ci err = memcpy_to_msg(msg, result, len); 10262306a36Sopenharmony_ci memzero_explicit(result, len); 10362306a36Sopenharmony_ci 10462306a36Sopenharmony_ci return err ? err : len; 10562306a36Sopenharmony_ci} 10662306a36Sopenharmony_ci 10762306a36Sopenharmony_cistatic int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, 10862306a36Sopenharmony_ci int flags) 10962306a36Sopenharmony_ci{ 11062306a36Sopenharmony_ci struct sock *sk = sock->sk; 11162306a36Sopenharmony_ci struct alg_sock *ask = alg_sk(sk); 11262306a36Sopenharmony_ci struct rng_ctx *ctx = ask->private; 11362306a36Sopenharmony_ci 11462306a36Sopenharmony_ci return _rng_recvmsg(ctx->drng, msg, len, NULL, 0); 11562306a36Sopenharmony_ci} 11662306a36Sopenharmony_ci 11762306a36Sopenharmony_cistatic int rng_test_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, 11862306a36Sopenharmony_ci int flags) 11962306a36Sopenharmony_ci{ 12062306a36Sopenharmony_ci struct sock *sk = sock->sk; 12162306a36Sopenharmony_ci struct alg_sock *ask = alg_sk(sk); 12262306a36Sopenharmony_ci struct rng_ctx *ctx = ask->private; 12362306a36Sopenharmony_ci int ret; 12462306a36Sopenharmony_ci 12562306a36Sopenharmony_ci lock_sock(sock->sk); 12662306a36Sopenharmony_ci ret = _rng_recvmsg(ctx->drng, msg, len, ctx->addtl, ctx->addtl_len); 12762306a36Sopenharmony_ci rng_reset_addtl(ctx); 12862306a36Sopenharmony_ci release_sock(sock->sk); 12962306a36Sopenharmony_ci 13062306a36Sopenharmony_ci return ret; 13162306a36Sopenharmony_ci} 13262306a36Sopenharmony_ci 13362306a36Sopenharmony_cistatic int rng_test_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) 13462306a36Sopenharmony_ci{ 13562306a36Sopenharmony_ci int err; 13662306a36Sopenharmony_ci struct alg_sock *ask = alg_sk(sock->sk); 13762306a36Sopenharmony_ci struct rng_ctx *ctx = ask->private; 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_ci lock_sock(sock->sk); 14062306a36Sopenharmony_ci if (len > MAXSIZE) { 14162306a36Sopenharmony_ci err = -EMSGSIZE; 14262306a36Sopenharmony_ci goto unlock; 14362306a36Sopenharmony_ci } 14462306a36Sopenharmony_ci 14562306a36Sopenharmony_ci rng_reset_addtl(ctx); 14662306a36Sopenharmony_ci ctx->addtl = kmalloc(len, GFP_KERNEL); 14762306a36Sopenharmony_ci if (!ctx->addtl) { 14862306a36Sopenharmony_ci err = -ENOMEM; 14962306a36Sopenharmony_ci goto unlock; 15062306a36Sopenharmony_ci } 15162306a36Sopenharmony_ci 15262306a36Sopenharmony_ci err = memcpy_from_msg(ctx->addtl, msg, len); 15362306a36Sopenharmony_ci if (err) { 15462306a36Sopenharmony_ci rng_reset_addtl(ctx); 15562306a36Sopenharmony_ci goto unlock; 15662306a36Sopenharmony_ci } 15762306a36Sopenharmony_ci ctx->addtl_len = len; 15862306a36Sopenharmony_ci 15962306a36Sopenharmony_ciunlock: 16062306a36Sopenharmony_ci release_sock(sock->sk); 16162306a36Sopenharmony_ci return err ? err : len; 16262306a36Sopenharmony_ci} 16362306a36Sopenharmony_ci 16462306a36Sopenharmony_cistatic struct proto_ops algif_rng_ops = { 16562306a36Sopenharmony_ci .family = PF_ALG, 16662306a36Sopenharmony_ci 16762306a36Sopenharmony_ci .connect = sock_no_connect, 16862306a36Sopenharmony_ci .socketpair = sock_no_socketpair, 16962306a36Sopenharmony_ci .getname = sock_no_getname, 17062306a36Sopenharmony_ci .ioctl = sock_no_ioctl, 17162306a36Sopenharmony_ci .listen = sock_no_listen, 17262306a36Sopenharmony_ci .shutdown = sock_no_shutdown, 17362306a36Sopenharmony_ci .mmap = sock_no_mmap, 17462306a36Sopenharmony_ci .bind = sock_no_bind, 17562306a36Sopenharmony_ci .accept = sock_no_accept, 17662306a36Sopenharmony_ci .sendmsg = sock_no_sendmsg, 17762306a36Sopenharmony_ci 17862306a36Sopenharmony_ci .release = af_alg_release, 17962306a36Sopenharmony_ci .recvmsg = rng_recvmsg, 18062306a36Sopenharmony_ci}; 18162306a36Sopenharmony_ci 18262306a36Sopenharmony_cistatic struct proto_ops __maybe_unused algif_rng_test_ops = { 18362306a36Sopenharmony_ci .family = PF_ALG, 18462306a36Sopenharmony_ci 18562306a36Sopenharmony_ci .connect = sock_no_connect, 18662306a36Sopenharmony_ci .socketpair = sock_no_socketpair, 18762306a36Sopenharmony_ci .getname = sock_no_getname, 18862306a36Sopenharmony_ci .ioctl = sock_no_ioctl, 18962306a36Sopenharmony_ci .listen = sock_no_listen, 19062306a36Sopenharmony_ci .shutdown = sock_no_shutdown, 19162306a36Sopenharmony_ci .mmap = sock_no_mmap, 19262306a36Sopenharmony_ci .bind = sock_no_bind, 19362306a36Sopenharmony_ci .accept = sock_no_accept, 19462306a36Sopenharmony_ci 19562306a36Sopenharmony_ci .release = af_alg_release, 19662306a36Sopenharmony_ci .recvmsg = rng_test_recvmsg, 19762306a36Sopenharmony_ci .sendmsg = rng_test_sendmsg, 19862306a36Sopenharmony_ci}; 19962306a36Sopenharmony_ci 20062306a36Sopenharmony_cistatic void *rng_bind(const char *name, u32 type, u32 mask) 20162306a36Sopenharmony_ci{ 20262306a36Sopenharmony_ci struct rng_parent_ctx *pctx; 20362306a36Sopenharmony_ci struct crypto_rng *rng; 20462306a36Sopenharmony_ci 20562306a36Sopenharmony_ci pctx = kzalloc(sizeof(*pctx), GFP_KERNEL); 20662306a36Sopenharmony_ci if (!pctx) 20762306a36Sopenharmony_ci return ERR_PTR(-ENOMEM); 20862306a36Sopenharmony_ci 20962306a36Sopenharmony_ci rng = crypto_alloc_rng(name, type, mask); 21062306a36Sopenharmony_ci if (IS_ERR(rng)) { 21162306a36Sopenharmony_ci kfree(pctx); 21262306a36Sopenharmony_ci return ERR_CAST(rng); 21362306a36Sopenharmony_ci } 21462306a36Sopenharmony_ci 21562306a36Sopenharmony_ci pctx->drng = rng; 21662306a36Sopenharmony_ci return pctx; 21762306a36Sopenharmony_ci} 21862306a36Sopenharmony_ci 21962306a36Sopenharmony_cistatic void rng_release(void *private) 22062306a36Sopenharmony_ci{ 22162306a36Sopenharmony_ci struct rng_parent_ctx *pctx = private; 22262306a36Sopenharmony_ci 22362306a36Sopenharmony_ci if (unlikely(!pctx)) 22462306a36Sopenharmony_ci return; 22562306a36Sopenharmony_ci crypto_free_rng(pctx->drng); 22662306a36Sopenharmony_ci kfree_sensitive(pctx->entropy); 22762306a36Sopenharmony_ci kfree_sensitive(pctx); 22862306a36Sopenharmony_ci} 22962306a36Sopenharmony_ci 23062306a36Sopenharmony_cistatic void rng_sock_destruct(struct sock *sk) 23162306a36Sopenharmony_ci{ 23262306a36Sopenharmony_ci struct alg_sock *ask = alg_sk(sk); 23362306a36Sopenharmony_ci struct rng_ctx *ctx = ask->private; 23462306a36Sopenharmony_ci 23562306a36Sopenharmony_ci rng_reset_addtl(ctx); 23662306a36Sopenharmony_ci sock_kfree_s(sk, ctx, ctx->len); 23762306a36Sopenharmony_ci af_alg_release_parent(sk); 23862306a36Sopenharmony_ci} 23962306a36Sopenharmony_ci 24062306a36Sopenharmony_cistatic int rng_accept_parent(void *private, struct sock *sk) 24162306a36Sopenharmony_ci{ 24262306a36Sopenharmony_ci struct rng_ctx *ctx; 24362306a36Sopenharmony_ci struct rng_parent_ctx *pctx = private; 24462306a36Sopenharmony_ci struct alg_sock *ask = alg_sk(sk); 24562306a36Sopenharmony_ci unsigned int len = sizeof(*ctx); 24662306a36Sopenharmony_ci 24762306a36Sopenharmony_ci ctx = sock_kmalloc(sk, len, GFP_KERNEL); 24862306a36Sopenharmony_ci if (!ctx) 24962306a36Sopenharmony_ci return -ENOMEM; 25062306a36Sopenharmony_ci 25162306a36Sopenharmony_ci ctx->len = len; 25262306a36Sopenharmony_ci ctx->addtl = NULL; 25362306a36Sopenharmony_ci ctx->addtl_len = 0; 25462306a36Sopenharmony_ci 25562306a36Sopenharmony_ci /* 25662306a36Sopenharmony_ci * No seeding done at that point -- if multiple accepts are 25762306a36Sopenharmony_ci * done on one RNG instance, each resulting FD points to the same 25862306a36Sopenharmony_ci * state of the RNG. 25962306a36Sopenharmony_ci */ 26062306a36Sopenharmony_ci 26162306a36Sopenharmony_ci ctx->drng = pctx->drng; 26262306a36Sopenharmony_ci ask->private = ctx; 26362306a36Sopenharmony_ci sk->sk_destruct = rng_sock_destruct; 26462306a36Sopenharmony_ci 26562306a36Sopenharmony_ci /* 26662306a36Sopenharmony_ci * Non NULL pctx->entropy means that CAVP test has been initiated on 26762306a36Sopenharmony_ci * this socket, replace proto_ops algif_rng_ops with algif_rng_test_ops. 26862306a36Sopenharmony_ci */ 26962306a36Sopenharmony_ci if (IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP) && pctx->entropy) 27062306a36Sopenharmony_ci sk->sk_socket->ops = &algif_rng_test_ops; 27162306a36Sopenharmony_ci 27262306a36Sopenharmony_ci return 0; 27362306a36Sopenharmony_ci} 27462306a36Sopenharmony_ci 27562306a36Sopenharmony_cistatic int rng_setkey(void *private, const u8 *seed, unsigned int seedlen) 27662306a36Sopenharmony_ci{ 27762306a36Sopenharmony_ci struct rng_parent_ctx *pctx = private; 27862306a36Sopenharmony_ci /* 27962306a36Sopenharmony_ci * Check whether seedlen is of sufficient size is done in RNG 28062306a36Sopenharmony_ci * implementations. 28162306a36Sopenharmony_ci */ 28262306a36Sopenharmony_ci return crypto_rng_reset(pctx->drng, seed, seedlen); 28362306a36Sopenharmony_ci} 28462306a36Sopenharmony_ci 28562306a36Sopenharmony_cistatic int __maybe_unused rng_setentropy(void *private, sockptr_t entropy, 28662306a36Sopenharmony_ci unsigned int len) 28762306a36Sopenharmony_ci{ 28862306a36Sopenharmony_ci struct rng_parent_ctx *pctx = private; 28962306a36Sopenharmony_ci u8 *kentropy = NULL; 29062306a36Sopenharmony_ci 29162306a36Sopenharmony_ci if (!capable(CAP_SYS_ADMIN)) 29262306a36Sopenharmony_ci return -EACCES; 29362306a36Sopenharmony_ci 29462306a36Sopenharmony_ci if (pctx->entropy) 29562306a36Sopenharmony_ci return -EINVAL; 29662306a36Sopenharmony_ci 29762306a36Sopenharmony_ci if (len > MAXSIZE) 29862306a36Sopenharmony_ci return -EMSGSIZE; 29962306a36Sopenharmony_ci 30062306a36Sopenharmony_ci if (len) { 30162306a36Sopenharmony_ci kentropy = memdup_sockptr(entropy, len); 30262306a36Sopenharmony_ci if (IS_ERR(kentropy)) 30362306a36Sopenharmony_ci return PTR_ERR(kentropy); 30462306a36Sopenharmony_ci } 30562306a36Sopenharmony_ci 30662306a36Sopenharmony_ci crypto_rng_alg(pctx->drng)->set_ent(pctx->drng, kentropy, len); 30762306a36Sopenharmony_ci /* 30862306a36Sopenharmony_ci * Since rng doesn't perform any memory management for the entropy 30962306a36Sopenharmony_ci * buffer, save kentropy pointer to pctx now to free it after use. 31062306a36Sopenharmony_ci */ 31162306a36Sopenharmony_ci pctx->entropy = kentropy; 31262306a36Sopenharmony_ci return 0; 31362306a36Sopenharmony_ci} 31462306a36Sopenharmony_ci 31562306a36Sopenharmony_cistatic const struct af_alg_type algif_type_rng = { 31662306a36Sopenharmony_ci .bind = rng_bind, 31762306a36Sopenharmony_ci .release = rng_release, 31862306a36Sopenharmony_ci .accept = rng_accept_parent, 31962306a36Sopenharmony_ci .setkey = rng_setkey, 32062306a36Sopenharmony_ci#ifdef CONFIG_CRYPTO_USER_API_RNG_CAVP 32162306a36Sopenharmony_ci .setentropy = rng_setentropy, 32262306a36Sopenharmony_ci#endif 32362306a36Sopenharmony_ci .ops = &algif_rng_ops, 32462306a36Sopenharmony_ci .name = "rng", 32562306a36Sopenharmony_ci .owner = THIS_MODULE 32662306a36Sopenharmony_ci}; 32762306a36Sopenharmony_ci 32862306a36Sopenharmony_cistatic int __init rng_init(void) 32962306a36Sopenharmony_ci{ 33062306a36Sopenharmony_ci return af_alg_register_type(&algif_type_rng); 33162306a36Sopenharmony_ci} 33262306a36Sopenharmony_ci 33362306a36Sopenharmony_cistatic void __exit rng_exit(void) 33462306a36Sopenharmony_ci{ 33562306a36Sopenharmony_ci int err = af_alg_unregister_type(&algif_type_rng); 33662306a36Sopenharmony_ci BUG_ON(err); 33762306a36Sopenharmony_ci} 33862306a36Sopenharmony_ci 33962306a36Sopenharmony_cimodule_init(rng_init); 34062306a36Sopenharmony_cimodule_exit(rng_exit); 341