1 /* 1 /*
2 * algif_rng: User-space interface for random 2 * algif_rng: User-space interface for random number generators
3 * 3 *
4 * This file provides the user-space API for r 4 * This file provides the user-space API for random number generators.
5 * 5 *
6 * Copyright (C) 2014, Stephan Mueller <smuell 6 * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
7 * 7 *
8 * Redistribution and use in source and binary 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that t 9 * modification, are permitted provided that the following conditions
10 * are met: 10 * are met:
11 * 1. Redistributions of source code must reta 11 * 1. Redistributions of source code must retain the above copyright
12 * notice, and the entire permission notice 12 * notice, and the entire permission notice in its entirety,
13 * including the disclaimer of warranties. 13 * including the disclaimer of warranties.
14 * 2. Redistributions in binary form must repr 14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the 15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials pro 16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of the author may not be used t 17 * 3. The name of the author may not be used to endorse or promote
18 * products derived from this software with 18 * products derived from this software without specific prior
19 * written permission. 19 * written permission.
20 * 20 *
21 * ALTERNATIVELY, this product may be distribu 21 * ALTERNATIVELY, this product may be distributed under the terms of
22 * the GNU General Public License, in which ca 22 * the GNU General Public License, in which case the provisions of the GPL2
23 * are required INSTEAD OF the above restricti 23 * are required INSTEAD OF the above restrictions. (This clause is
24 * necessary due to a potential bad interactio 24 * necessary due to a potential bad interaction between the GPL and
25 * the restrictions contained in a BSD-style c 25 * the restrictions contained in a BSD-style copyright.)
26 * 26 *
27 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY 27 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29 * OF MERCHANTABILITY AND FITNESS FOR A PARTIC 29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
30 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT S 30 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
31 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL 31 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT L 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
33 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF US 33 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
34 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND O 34 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIAB 35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED O 37 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE. 38 * DAMAGE.
39 */ 39 */
40 40
41 #include <linux/capability.h> <<
42 #include <linux/module.h> 41 #include <linux/module.h>
43 #include <crypto/rng.h> 42 #include <crypto/rng.h>
44 #include <linux/random.h> 43 #include <linux/random.h>
45 #include <crypto/if_alg.h> 44 #include <crypto/if_alg.h>
46 #include <linux/net.h> 45 #include <linux/net.h>
47 #include <net/sock.h> 46 #include <net/sock.h>
48 47
49 MODULE_LICENSE("GPL"); 48 MODULE_LICENSE("GPL");
50 MODULE_AUTHOR("Stephan Mueller <smueller@chron 49 MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
51 MODULE_DESCRIPTION("User-space interface for r 50 MODULE_DESCRIPTION("User-space interface for random number generators");
52 51
53 struct rng_ctx { 52 struct rng_ctx {
54 #define MAXSIZE 128 53 #define MAXSIZE 128
55 unsigned int len; 54 unsigned int len;
56 struct crypto_rng *drng; 55 struct crypto_rng *drng;
57 u8 *addtl; <<
58 size_t addtl_len; <<
59 }; 56 };
60 57
61 struct rng_parent_ctx { !! 58 static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
62 struct crypto_rng *drng; !! 59 int flags)
63 u8 *entropy; <<
64 }; <<
65 <<
66 static void rng_reset_addtl(struct rng_ctx *ct <<
67 { <<
68 kfree_sensitive(ctx->addtl); <<
69 ctx->addtl = NULL; <<
70 ctx->addtl_len = 0; <<
71 } <<
72 <<
73 static int _rng_recvmsg(struct crypto_rng *drn <<
74 u8 *addtl, size_t addt <<
75 { 60 {
76 int err = 0; !! 61 struct sock *sk = sock->sk;
>> 62 struct alg_sock *ask = alg_sk(sk);
>> 63 struct rng_ctx *ctx = ask->private;
>> 64 int err = -EFAULT;
77 int genlen = 0; 65 int genlen = 0;
78 u8 result[MAXSIZE]; 66 u8 result[MAXSIZE];
79 67
80 if (len == 0) 68 if (len == 0)
81 return 0; 69 return 0;
82 if (len > MAXSIZE) 70 if (len > MAXSIZE)
83 len = MAXSIZE; 71 len = MAXSIZE;
84 72
85 /* 73 /*
86 * although not strictly needed, this 74 * although not strictly needed, this is a precaution against coding
87 * errors 75 * errors
88 */ 76 */
89 memset(result, 0, len); 77 memset(result, 0, len);
90 78
91 /* 79 /*
92 * The enforcement of a proper seeding 80 * The enforcement of a proper seeding of an RNG is done within an
93 * RNG implementation. Some RNGs (DRBG 81 * RNG implementation. Some RNGs (DRBG, krng) do not need specific
94 * seeding as they automatically seed. 82 * seeding as they automatically seed. The X9.31 DRNG will return
95 * an error if it was not seeded prope 83 * an error if it was not seeded properly.
96 */ 84 */
97 genlen = crypto_rng_generate(drng, add !! 85 genlen = crypto_rng_get_bytes(ctx->drng, result, len);
98 if (genlen < 0) 86 if (genlen < 0)
99 return genlen; 87 return genlen;
100 88
101 err = memcpy_to_msg(msg, result, len); 89 err = memcpy_to_msg(msg, result, len);
102 memzero_explicit(result, len); 90 memzero_explicit(result, len);
103 91
104 return err ? err : len; 92 return err ? err : len;
105 } 93 }
106 94
107 static int rng_recvmsg(struct socket *sock, st <<
108 int flags) <<
109 { <<
110 struct sock *sk = sock->sk; <<
111 struct alg_sock *ask = alg_sk(sk); <<
112 struct rng_ctx *ctx = ask->private; <<
113 <<
114 return _rng_recvmsg(ctx->drng, msg, le <<
115 } <<
116 <<
117 static int rng_test_recvmsg(struct socket *soc <<
118 int flags) <<
119 { <<
120 struct sock *sk = sock->sk; <<
121 struct alg_sock *ask = alg_sk(sk); <<
122 struct rng_ctx *ctx = ask->private; <<
123 int ret; <<
124 <<
125 lock_sock(sock->sk); <<
126 ret = _rng_recvmsg(ctx->drng, msg, len <<
127 rng_reset_addtl(ctx); <<
128 release_sock(sock->sk); <<
129 <<
130 return ret; <<
131 } <<
132 <<
133 static int rng_test_sendmsg(struct socket *soc <<
134 { <<
135 int err; <<
136 struct alg_sock *ask = alg_sk(sock->sk <<
137 struct rng_ctx *ctx = ask->private; <<
138 <<
139 lock_sock(sock->sk); <<
140 if (len > MAXSIZE) { <<
141 err = -EMSGSIZE; <<
142 goto unlock; <<
143 } <<
144 <<
145 rng_reset_addtl(ctx); <<
146 ctx->addtl = kmalloc(len, GFP_KERNEL); <<
147 if (!ctx->addtl) { <<
148 err = -ENOMEM; <<
149 goto unlock; <<
150 } <<
151 <<
152 err = memcpy_from_msg(ctx->addtl, msg, <<
153 if (err) { <<
154 rng_reset_addtl(ctx); <<
155 goto unlock; <<
156 } <<
157 ctx->addtl_len = len; <<
158 <<
159 unlock: <<
160 release_sock(sock->sk); <<
161 return err ? err : len; <<
162 } <<
163 <<
164 static struct proto_ops algif_rng_ops = { 95 static struct proto_ops algif_rng_ops = {
165 .family = PF_ALG, 96 .family = PF_ALG,
166 97
167 .connect = sock_no_connec 98 .connect = sock_no_connect,
168 .socketpair = sock_no_socket 99 .socketpair = sock_no_socketpair,
169 .getname = sock_no_getnam 100 .getname = sock_no_getname,
170 .ioctl = sock_no_ioctl, 101 .ioctl = sock_no_ioctl,
171 .listen = sock_no_listen 102 .listen = sock_no_listen,
172 .shutdown = sock_no_shutdo 103 .shutdown = sock_no_shutdown,
>> 104 .getsockopt = sock_no_getsockopt,
173 .mmap = sock_no_mmap, 105 .mmap = sock_no_mmap,
174 .bind = sock_no_bind, 106 .bind = sock_no_bind,
175 .accept = sock_no_accept 107 .accept = sock_no_accept,
>> 108 .setsockopt = sock_no_setsockopt,
>> 109 .poll = sock_no_poll,
176 .sendmsg = sock_no_sendms 110 .sendmsg = sock_no_sendmsg,
>> 111 .sendpage = sock_no_sendpage,
177 112
178 .release = af_alg_release 113 .release = af_alg_release,
179 .recvmsg = rng_recvmsg, 114 .recvmsg = rng_recvmsg,
180 }; 115 };
181 116
182 static struct proto_ops __maybe_unused algif_r <<
183 .family = PF_ALG, <<
184 <<
185 .connect = sock_no_connec <<
186 .socketpair = sock_no_socket <<
187 .getname = sock_no_getnam <<
188 .ioctl = sock_no_ioctl, <<
189 .listen = sock_no_listen <<
190 .shutdown = sock_no_shutdo <<
191 .mmap = sock_no_mmap, <<
192 .bind = sock_no_bind, <<
193 .accept = sock_no_accept <<
194 <<
195 .release = af_alg_release <<
196 .recvmsg = rng_test_recvm <<
197 .sendmsg = rng_test_sendm <<
198 }; <<
199 <<
200 static void *rng_bind(const char *name, u32 ty 117 static void *rng_bind(const char *name, u32 type, u32 mask)
201 { 118 {
202 struct rng_parent_ctx *pctx; !! 119 return crypto_alloc_rng(name, type, mask);
203 struct crypto_rng *rng; <<
204 <<
205 pctx = kzalloc(sizeof(*pctx), GFP_KERN <<
206 if (!pctx) <<
207 return ERR_PTR(-ENOMEM); <<
208 <<
209 rng = crypto_alloc_rng(name, type, mas <<
210 if (IS_ERR(rng)) { <<
211 kfree(pctx); <<
212 return ERR_CAST(rng); <<
213 } <<
214 <<
215 pctx->drng = rng; <<
216 return pctx; <<
217 } 120 }
218 121
219 static void rng_release(void *private) 122 static void rng_release(void *private)
220 { 123 {
221 struct rng_parent_ctx *pctx = private; !! 124 crypto_free_rng(private);
222 <<
223 if (unlikely(!pctx)) <<
224 return; <<
225 crypto_free_rng(pctx->drng); <<
226 kfree_sensitive(pctx->entropy); <<
227 kfree_sensitive(pctx); <<
228 } 125 }
229 126
230 static void rng_sock_destruct(struct sock *sk) 127 static void rng_sock_destruct(struct sock *sk)
231 { 128 {
232 struct alg_sock *ask = alg_sk(sk); 129 struct alg_sock *ask = alg_sk(sk);
233 struct rng_ctx *ctx = ask->private; 130 struct rng_ctx *ctx = ask->private;
234 131
235 rng_reset_addtl(ctx); <<
236 sock_kfree_s(sk, ctx, ctx->len); 132 sock_kfree_s(sk, ctx, ctx->len);
237 af_alg_release_parent(sk); 133 af_alg_release_parent(sk);
238 } 134 }
239 135
240 static int rng_accept_parent(void *private, st 136 static int rng_accept_parent(void *private, struct sock *sk)
241 { 137 {
242 struct rng_ctx *ctx; 138 struct rng_ctx *ctx;
243 struct rng_parent_ctx *pctx = private; <<
244 struct alg_sock *ask = alg_sk(sk); 139 struct alg_sock *ask = alg_sk(sk);
245 unsigned int len = sizeof(*ctx); 140 unsigned int len = sizeof(*ctx);
246 141
247 ctx = sock_kmalloc(sk, len, GFP_KERNEL 142 ctx = sock_kmalloc(sk, len, GFP_KERNEL);
248 if (!ctx) 143 if (!ctx)
249 return -ENOMEM; 144 return -ENOMEM;
250 145
251 ctx->len = len; 146 ctx->len = len;
252 ctx->addtl = NULL; <<
253 ctx->addtl_len = 0; <<
254 147
255 /* 148 /*
256 * No seeding done at that point -- if 149 * No seeding done at that point -- if multiple accepts are
257 * done on one RNG instance, each resu 150 * done on one RNG instance, each resulting FD points to the same
258 * state of the RNG. 151 * state of the RNG.
259 */ 152 */
260 153
261 ctx->drng = pctx->drng; !! 154 ctx->drng = private;
262 ask->private = ctx; 155 ask->private = ctx;
263 sk->sk_destruct = rng_sock_destruct; 156 sk->sk_destruct = rng_sock_destruct;
264 157
265 /* <<
266 * Non NULL pctx->entropy means that C <<
267 * this socket, replace proto_ops algi <<
268 */ <<
269 if (IS_ENABLED(CONFIG_CRYPTO_USER_API_ <<
270 sk->sk_socket->ops = &algif_rn <<
271 <<
272 return 0; 158 return 0;
273 } 159 }
274 160
275 static int rng_setkey(void *private, const u8 161 static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
276 { 162 {
277 struct rng_parent_ctx *pctx = private; <<
278 /* 163 /*
279 * Check whether seedlen is of suffici 164 * Check whether seedlen is of sufficient size is done in RNG
280 * implementations. 165 * implementations.
281 */ 166 */
282 return crypto_rng_reset(pctx->drng, se !! 167 return crypto_rng_reset(private, seed, seedlen);
283 } <<
284 <<
285 static int __maybe_unused rng_setentropy(void <<
286 unsig <<
287 { <<
288 struct rng_parent_ctx *pctx = private; <<
289 u8 *kentropy = NULL; <<
290 <<
291 if (!capable(CAP_SYS_ADMIN)) <<
292 return -EACCES; <<
293 <<
294 if (pctx->entropy) <<
295 return -EINVAL; <<
296 <<
297 if (len > MAXSIZE) <<
298 return -EMSGSIZE; <<
299 <<
300 if (len) { <<
301 kentropy = memdup_sockptr(entr <<
302 if (IS_ERR(kentropy)) <<
303 return PTR_ERR(kentrop <<
304 } <<
305 <<
306 crypto_rng_alg(pctx->drng)->set_ent(pc <<
307 /* <<
308 * Since rng doesn't perform any memor <<
309 * buffer, save kentropy pointer to pc <<
310 */ <<
311 pctx->entropy = kentropy; <<
312 return 0; <<
313 } 168 }
314 169
315 static const struct af_alg_type algif_type_rng 170 static const struct af_alg_type algif_type_rng = {
316 .bind = rng_bind, 171 .bind = rng_bind,
317 .release = rng_release, 172 .release = rng_release,
318 .accept = rng_accept_par 173 .accept = rng_accept_parent,
319 .setkey = rng_setkey, 174 .setkey = rng_setkey,
320 #ifdef CONFIG_CRYPTO_USER_API_RNG_CAVP <<
321 .setentropy = rng_setentropy <<
322 #endif <<
323 .ops = &algif_rng_ops 175 .ops = &algif_rng_ops,
324 .name = "rng", 176 .name = "rng",
325 .owner = THIS_MODULE 177 .owner = THIS_MODULE
326 }; 178 };
327 179
328 static int __init rng_init(void) 180 static int __init rng_init(void)
329 { 181 {
330 return af_alg_register_type(&algif_typ 182 return af_alg_register_type(&algif_type_rng);
331 } 183 }
332 184
333 static void __exit rng_exit(void) 185 static void __exit rng_exit(void)
334 { 186 {
335 int err = af_alg_unregister_type(&algi 187 int err = af_alg_unregister_type(&algif_type_rng);
336 BUG_ON(err); 188 BUG_ON(err);
337 } 189 }
338 190
339 module_init(rng_init); 191 module_init(rng_init);
340 module_exit(rng_exit); 192 module_exit(rng_exit);
341 193
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.