1 /* 1 /* 2 * algif_rng: User-space interface for random 2 * algif_rng: User-space interface for random number generators 3 * 3 * 4 * This file provides the user-space API for r 4 * This file provides the user-space API for random number generators. 5 * 5 * 6 * Copyright (C) 2014, Stephan Mueller <smuell 6 * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de> 7 * 7 * 8 * Redistribution and use in source and binary 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that t 9 * modification, are permitted provided that the following conditions 10 * are met: 10 * are met: 11 * 1. Redistributions of source code must reta 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, and the entire permission notice 12 * notice, and the entire permission notice in its entirety, 13 * including the disclaimer of warranties. 13 * including the disclaimer of warranties. 14 * 2. Redistributions in binary form must repr 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials pro 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of the author may not be used t 17 * 3. The name of the author may not be used to endorse or promote 18 * products derived from this software with 18 * products derived from this software without specific prior 19 * written permission. 19 * written permission. 20 * 20 * 21 * ALTERNATIVELY, this product may be distribu 21 * ALTERNATIVELY, this product may be distributed under the terms of 22 * the GNU General Public License, in which ca 22 * the GNU General Public License, in which case the provisions of the GPL2 23 * are required INSTEAD OF the above restricti 23 * are required INSTEAD OF the above restrictions. (This clause is 24 * necessary due to a potential bad interactio 24 * necessary due to a potential bad interaction between the GPL and 25 * the restrictions contained in a BSD-style c 25 * the restrictions contained in a BSD-style copyright.) 26 * 26 * 27 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY 27 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29 * OF MERCHANTABILITY AND FITNESS FOR A PARTIC 29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF 30 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT S 30 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE 31 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL 31 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT L 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 33 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF US 33 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 34 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND O 34 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIAB 35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 37 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED O 37 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH 38 * DAMAGE. 38 * DAMAGE. 39 */ 39 */ 40 40 41 #include <linux/capability.h> << 42 #include <linux/module.h> 41 #include <linux/module.h> 43 #include <crypto/rng.h> 42 #include <crypto/rng.h> 44 #include <linux/random.h> 43 #include <linux/random.h> 45 #include <crypto/if_alg.h> 44 #include <crypto/if_alg.h> 46 #include <linux/net.h> 45 #include <linux/net.h> 47 #include <net/sock.h> 46 #include <net/sock.h> 48 47 49 MODULE_LICENSE("GPL"); 48 MODULE_LICENSE("GPL"); 50 MODULE_AUTHOR("Stephan Mueller <smueller@chron 49 MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>"); 51 MODULE_DESCRIPTION("User-space interface for r 50 MODULE_DESCRIPTION("User-space interface for random number generators"); 52 51 53 struct rng_ctx { 52 struct rng_ctx { 54 #define MAXSIZE 128 53 #define MAXSIZE 128 55 unsigned int len; 54 unsigned int len; 56 struct crypto_rng *drng; 55 struct crypto_rng *drng; 57 u8 *addtl; << 58 size_t addtl_len; << 59 }; 56 }; 60 57 61 struct rng_parent_ctx { !! 58 static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, 62 struct crypto_rng *drng; !! 59 int flags) 63 u8 *entropy; << 64 }; << 65 << 66 static void rng_reset_addtl(struct rng_ctx *ct << 67 { << 68 kfree_sensitive(ctx->addtl); << 69 ctx->addtl = NULL; << 70 ctx->addtl_len = 0; << 71 } << 72 << 73 static int _rng_recvmsg(struct crypto_rng *drn << 74 u8 *addtl, size_t addt << 75 { 60 { 76 int err = 0; !! 61 struct sock *sk = sock->sk; >> 62 struct alg_sock *ask = alg_sk(sk); >> 63 struct rng_ctx *ctx = ask->private; >> 64 int err = -EFAULT; 77 int genlen = 0; 65 int genlen = 0; 78 u8 result[MAXSIZE]; 66 u8 result[MAXSIZE]; 79 67 80 if (len == 0) 68 if (len == 0) 81 return 0; 69 return 0; 82 if (len > MAXSIZE) 70 if (len > MAXSIZE) 83 len = MAXSIZE; 71 len = MAXSIZE; 84 72 85 /* 73 /* 86 * although not strictly needed, this 74 * although not strictly needed, this is a precaution against coding 87 * errors 75 * errors 88 */ 76 */ 89 memset(result, 0, len); 77 memset(result, 0, len); 90 78 91 /* 79 /* 92 * The enforcement of a proper seeding 80 * The enforcement of a proper seeding of an RNG is done within an 93 * RNG implementation. Some RNGs (DRBG 81 * RNG implementation. Some RNGs (DRBG, krng) do not need specific 94 * seeding as they automatically seed. 82 * seeding as they automatically seed. The X9.31 DRNG will return 95 * an error if it was not seeded prope 83 * an error if it was not seeded properly. 96 */ 84 */ 97 genlen = crypto_rng_generate(drng, add !! 85 genlen = crypto_rng_get_bytes(ctx->drng, result, len); 98 if (genlen < 0) 86 if (genlen < 0) 99 return genlen; 87 return genlen; 100 88 101 err = memcpy_to_msg(msg, result, len); 89 err = memcpy_to_msg(msg, result, len); 102 memzero_explicit(result, len); 90 memzero_explicit(result, len); 103 91 104 return err ? err : len; 92 return err ? err : len; 105 } 93 } 106 94 107 static int rng_recvmsg(struct socket *sock, st << 108 int flags) << 109 { << 110 struct sock *sk = sock->sk; << 111 struct alg_sock *ask = alg_sk(sk); << 112 struct rng_ctx *ctx = ask->private; << 113 << 114 return _rng_recvmsg(ctx->drng, msg, le << 115 } << 116 << 117 static int rng_test_recvmsg(struct socket *soc << 118 int flags) << 119 { << 120 struct sock *sk = sock->sk; << 121 struct alg_sock *ask = alg_sk(sk); << 122 struct rng_ctx *ctx = ask->private; << 123 int ret; << 124 << 125 lock_sock(sock->sk); << 126 ret = _rng_recvmsg(ctx->drng, msg, len << 127 rng_reset_addtl(ctx); << 128 release_sock(sock->sk); << 129 << 130 return ret; << 131 } << 132 << 133 static int rng_test_sendmsg(struct socket *soc << 134 { << 135 int err; << 136 struct alg_sock *ask = alg_sk(sock->sk << 137 struct rng_ctx *ctx = ask->private; << 138 << 139 lock_sock(sock->sk); << 140 if (len > MAXSIZE) { << 141 err = -EMSGSIZE; << 142 goto unlock; << 143 } << 144 << 145 rng_reset_addtl(ctx); << 146 ctx->addtl = kmalloc(len, GFP_KERNEL); << 147 if (!ctx->addtl) { << 148 err = -ENOMEM; << 149 goto unlock; << 150 } << 151 << 152 err = memcpy_from_msg(ctx->addtl, msg, << 153 if (err) { << 154 rng_reset_addtl(ctx); << 155 goto unlock; << 156 } << 157 ctx->addtl_len = len; << 158 << 159 unlock: << 160 release_sock(sock->sk); << 161 return err ? err : len; << 162 } << 163 << 164 static struct proto_ops algif_rng_ops = { 95 static struct proto_ops algif_rng_ops = { 165 .family = PF_ALG, 96 .family = PF_ALG, 166 97 167 .connect = sock_no_connec 98 .connect = sock_no_connect, 168 .socketpair = sock_no_socket 99 .socketpair = sock_no_socketpair, 169 .getname = sock_no_getnam 100 .getname = sock_no_getname, 170 .ioctl = sock_no_ioctl, 101 .ioctl = sock_no_ioctl, 171 .listen = sock_no_listen 102 .listen = sock_no_listen, 172 .shutdown = sock_no_shutdo 103 .shutdown = sock_no_shutdown, >> 104 .getsockopt = sock_no_getsockopt, 173 .mmap = sock_no_mmap, 105 .mmap = sock_no_mmap, 174 .bind = sock_no_bind, 106 .bind = sock_no_bind, 175 .accept = sock_no_accept 107 .accept = sock_no_accept, >> 108 .setsockopt = sock_no_setsockopt, >> 109 .poll = sock_no_poll, 176 .sendmsg = sock_no_sendms 110 .sendmsg = sock_no_sendmsg, >> 111 .sendpage = sock_no_sendpage, 177 112 178 .release = af_alg_release 113 .release = af_alg_release, 179 .recvmsg = rng_recvmsg, 114 .recvmsg = rng_recvmsg, 180 }; 115 }; 181 116 182 static struct proto_ops __maybe_unused algif_r << 183 .family = PF_ALG, << 184 << 185 .connect = sock_no_connec << 186 .socketpair = sock_no_socket << 187 .getname = sock_no_getnam << 188 .ioctl = sock_no_ioctl, << 189 .listen = sock_no_listen << 190 .shutdown = sock_no_shutdo << 191 .mmap = sock_no_mmap, << 192 .bind = sock_no_bind, << 193 .accept = sock_no_accept << 194 << 195 .release = af_alg_release << 196 .recvmsg = rng_test_recvm << 197 .sendmsg = rng_test_sendm << 198 }; << 199 << 200 static void *rng_bind(const char *name, u32 ty 117 static void *rng_bind(const char *name, u32 type, u32 mask) 201 { 118 { 202 struct rng_parent_ctx *pctx; !! 119 return crypto_alloc_rng(name, type, mask); 203 struct crypto_rng *rng; << 204 << 205 pctx = kzalloc(sizeof(*pctx), GFP_KERN << 206 if (!pctx) << 207 return ERR_PTR(-ENOMEM); << 208 << 209 rng = crypto_alloc_rng(name, type, mas << 210 if (IS_ERR(rng)) { << 211 kfree(pctx); << 212 return ERR_CAST(rng); << 213 } << 214 << 215 pctx->drng = rng; << 216 return pctx; << 217 } 120 } 218 121 219 static void rng_release(void *private) 122 static void rng_release(void *private) 220 { 123 { 221 struct rng_parent_ctx *pctx = private; !! 124 crypto_free_rng(private); 222 << 223 if (unlikely(!pctx)) << 224 return; << 225 crypto_free_rng(pctx->drng); << 226 kfree_sensitive(pctx->entropy); << 227 kfree_sensitive(pctx); << 228 } 125 } 229 126 230 static void rng_sock_destruct(struct sock *sk) 127 static void rng_sock_destruct(struct sock *sk) 231 { 128 { 232 struct alg_sock *ask = alg_sk(sk); 129 struct alg_sock *ask = alg_sk(sk); 233 struct rng_ctx *ctx = ask->private; 130 struct rng_ctx *ctx = ask->private; 234 131 235 rng_reset_addtl(ctx); << 236 sock_kfree_s(sk, ctx, ctx->len); 132 sock_kfree_s(sk, ctx, ctx->len); 237 af_alg_release_parent(sk); 133 af_alg_release_parent(sk); 238 } 134 } 239 135 240 static int rng_accept_parent(void *private, st 136 static int rng_accept_parent(void *private, struct sock *sk) 241 { 137 { 242 struct rng_ctx *ctx; 138 struct rng_ctx *ctx; 243 struct rng_parent_ctx *pctx = private; << 244 struct alg_sock *ask = alg_sk(sk); 139 struct alg_sock *ask = alg_sk(sk); 245 unsigned int len = sizeof(*ctx); 140 unsigned int len = sizeof(*ctx); 246 141 247 ctx = sock_kmalloc(sk, len, GFP_KERNEL 142 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 248 if (!ctx) 143 if (!ctx) 249 return -ENOMEM; 144 return -ENOMEM; 250 145 251 ctx->len = len; 146 ctx->len = len; 252 ctx->addtl = NULL; << 253 ctx->addtl_len = 0; << 254 147 255 /* 148 /* 256 * No seeding done at that point -- if 149 * No seeding done at that point -- if multiple accepts are 257 * done on one RNG instance, each resu 150 * done on one RNG instance, each resulting FD points to the same 258 * state of the RNG. 151 * state of the RNG. 259 */ 152 */ 260 153 261 ctx->drng = pctx->drng; !! 154 ctx->drng = private; 262 ask->private = ctx; 155 ask->private = ctx; 263 sk->sk_destruct = rng_sock_destruct; 156 sk->sk_destruct = rng_sock_destruct; 264 157 265 /* << 266 * Non NULL pctx->entropy means that C << 267 * this socket, replace proto_ops algi << 268 */ << 269 if (IS_ENABLED(CONFIG_CRYPTO_USER_API_ << 270 sk->sk_socket->ops = &algif_rn << 271 << 272 return 0; 158 return 0; 273 } 159 } 274 160 275 static int rng_setkey(void *private, const u8 161 static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen) 276 { 162 { 277 struct rng_parent_ctx *pctx = private; << 278 /* 163 /* 279 * Check whether seedlen is of suffici 164 * Check whether seedlen is of sufficient size is done in RNG 280 * implementations. 165 * implementations. 281 */ 166 */ 282 return crypto_rng_reset(pctx->drng, se !! 167 return crypto_rng_reset(private, seed, seedlen); 283 } << 284 << 285 static int __maybe_unused rng_setentropy(void << 286 unsig << 287 { << 288 struct rng_parent_ctx *pctx = private; << 289 u8 *kentropy = NULL; << 290 << 291 if (!capable(CAP_SYS_ADMIN)) << 292 return -EACCES; << 293 << 294 if (pctx->entropy) << 295 return -EINVAL; << 296 << 297 if (len > MAXSIZE) << 298 return -EMSGSIZE; << 299 << 300 if (len) { << 301 kentropy = memdup_sockptr(entr << 302 if (IS_ERR(kentropy)) << 303 return PTR_ERR(kentrop << 304 } << 305 << 306 crypto_rng_alg(pctx->drng)->set_ent(pc << 307 /* << 308 * Since rng doesn't perform any memor << 309 * buffer, save kentropy pointer to pc << 310 */ << 311 pctx->entropy = kentropy; << 312 return 0; << 313 } 168 } 314 169 315 static const struct af_alg_type algif_type_rng 170 static const struct af_alg_type algif_type_rng = { 316 .bind = rng_bind, 171 .bind = rng_bind, 317 .release = rng_release, 172 .release = rng_release, 318 .accept = rng_accept_par 173 .accept = rng_accept_parent, 319 .setkey = rng_setkey, 174 .setkey = rng_setkey, 320 #ifdef CONFIG_CRYPTO_USER_API_RNG_CAVP << 321 .setentropy = rng_setentropy << 322 #endif << 323 .ops = &algif_rng_ops 175 .ops = &algif_rng_ops, 324 .name = "rng", 176 .name = "rng", 325 .owner = THIS_MODULE 177 .owner = THIS_MODULE 326 }; 178 }; 327 179 328 static int __init rng_init(void) 180 static int __init rng_init(void) 329 { 181 { 330 return af_alg_register_type(&algif_typ 182 return af_alg_register_type(&algif_type_rng); 331 } 183 } 332 184 333 static void __exit rng_exit(void) 185 static void __exit rng_exit(void) 334 { 186 { 335 int err = af_alg_unregister_type(&algi 187 int err = af_alg_unregister_type(&algif_type_rng); 336 BUG_ON(err); 188 BUG_ON(err); 337 } 189 } 338 190 339 module_init(rng_init); 191 module_init(rng_init); 340 module_exit(rng_exit); 192 module_exit(rng_exit); 341 193
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.