algif_rng.c (0ea8a56de21be24cb79abb03dee79aabcd60a316) algif_rng.c (77ebdabe8de7c02f43c6de3357f79ff96f9f0579)
1/*
2 * algif_rng: User-space interface for random number generators
3 *
4 * This file provides the user-space API for random number generators.
5 *
6 * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
7 *
8 * Redistribution and use in source and binary forms, with or without

--- 24 unchanged lines hidden (view full) ---

33 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
34 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
39 */
40
1/*
2 * algif_rng: User-space interface for random number generators
3 *
4 * This file provides the user-space API for random number generators.
5 *
6 * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
7 *
8 * Redistribution and use in source and binary forms, with or without

--- 24 unchanged lines hidden (view full) ---

33 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
34 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
39 */
40
41#include <linux/capability.h>
41#include <linux/module.h>
42#include <crypto/rng.h>
43#include <linux/random.h>
44#include <crypto/if_alg.h>
45#include <linux/net.h>
46#include <net/sock.h>
47
48MODULE_LICENSE("GPL");
49MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
50MODULE_DESCRIPTION("User-space interface for random number generators");
51
52struct rng_ctx {
53#define MAXSIZE 128
54 unsigned int len;
55 struct crypto_rng *drng;
42#include <linux/module.h>
43#include <crypto/rng.h>
44#include <linux/random.h>
45#include <crypto/if_alg.h>
46#include <linux/net.h>
47#include <net/sock.h>
48
49MODULE_LICENSE("GPL");
50MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
51MODULE_DESCRIPTION("User-space interface for random number generators");
52
53struct rng_ctx {
54#define MAXSIZE 128
55 unsigned int len;
56 struct crypto_rng *drng;
57 u8 *addtl;
58 size_t addtl_len;
56};
57
59};
60
58static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
59 int flags)
61struct rng_parent_ctx {
62 struct crypto_rng *drng;
63 u8 *entropy;
64};
65
66static void rng_reset_addtl(struct rng_ctx *ctx)
60{
67{
61 struct sock *sk = sock->sk;
62 struct alg_sock *ask = alg_sk(sk);
63 struct rng_ctx *ctx = ask->private;
64 int err;
68 kfree_sensitive(ctx->addtl);
69 ctx->addtl = NULL;
70 ctx->addtl_len = 0;
71}
72
73static int _rng_recvmsg(struct crypto_rng *drng, struct msghdr *msg, size_t len,
74 u8 *addtl, size_t addtl_len)
75{
76 int err = 0;
65 int genlen = 0;
66 u8 result[MAXSIZE];
67
68 if (len == 0)
69 return 0;
70 if (len > MAXSIZE)
71 len = MAXSIZE;
72

--- 4 unchanged lines hidden (view full) ---

77 memset(result, 0, len);
78
79 /*
80 * The enforcement of a proper seeding of an RNG is done within an
81 * RNG implementation. Some RNGs (DRBG, krng) do not need specific
82 * seeding as they automatically seed. The X9.31 DRNG will return
83 * an error if it was not seeded properly.
84 */
77 int genlen = 0;
78 u8 result[MAXSIZE];
79
80 if (len == 0)
81 return 0;
82 if (len > MAXSIZE)
83 len = MAXSIZE;
84

--- 4 unchanged lines hidden (view full) ---

89 memset(result, 0, len);
90
91 /*
92 * The enforcement of a proper seeding of an RNG is done within an
93 * RNG implementation. Some RNGs (DRBG, krng) do not need specific
94 * seeding as they automatically seed. The X9.31 DRNG will return
95 * an error if it was not seeded properly.
96 */
85 genlen = crypto_rng_get_bytes(ctx->drng, result, len);
97 genlen = crypto_rng_generate(drng, addtl, addtl_len, result, len);
86 if (genlen < 0)
87 return genlen;
88
89 err = memcpy_to_msg(msg, result, len);
90 memzero_explicit(result, len);
91
92 return err ? err : len;
93}
94
98 if (genlen < 0)
99 return genlen;
100
101 err = memcpy_to_msg(msg, result, len);
102 memzero_explicit(result, len);
103
104 return err ? err : len;
105}
106
107static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
108 int flags)
109{
110 struct sock *sk = sock->sk;
111 struct alg_sock *ask = alg_sk(sk);
112 struct rng_ctx *ctx = ask->private;
113
114 return _rng_recvmsg(ctx->drng, msg, len, NULL, 0);
115}
116
117static int rng_test_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
118 int flags)
119{
120 struct sock *sk = sock->sk;
121 struct alg_sock *ask = alg_sk(sk);
122 struct rng_ctx *ctx = ask->private;
123 int ret;
124
125 lock_sock(sock->sk);
126 ret = _rng_recvmsg(ctx->drng, msg, len, ctx->addtl, ctx->addtl_len);
127 rng_reset_addtl(ctx);
128 release_sock(sock->sk);
129
130 return ret;
131}
132
133static int rng_test_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
134{
135 int err;
136 struct alg_sock *ask = alg_sk(sock->sk);
137 struct rng_ctx *ctx = ask->private;
138
139 lock_sock(sock->sk);
140 if (len > MAXSIZE) {
141 err = -EMSGSIZE;
142 goto unlock;
143 }
144
145 rng_reset_addtl(ctx);
146 ctx->addtl = kmalloc(len, GFP_KERNEL);
147 if (!ctx->addtl) {
148 err = -ENOMEM;
149 goto unlock;
150 }
151
152 err = memcpy_from_msg(ctx->addtl, msg, len);
153 if (err) {
154 rng_reset_addtl(ctx);
155 goto unlock;
156 }
157 ctx->addtl_len = len;
158
159unlock:
160 release_sock(sock->sk);
161 return err ? err : len;
162}
163
95static struct proto_ops algif_rng_ops = {
96 .family = PF_ALG,
97
98 .connect = sock_no_connect,
99 .socketpair = sock_no_socketpair,
100 .getname = sock_no_getname,
101 .ioctl = sock_no_ioctl,
102 .listen = sock_no_listen,
103 .shutdown = sock_no_shutdown,
104 .mmap = sock_no_mmap,
105 .bind = sock_no_bind,
106 .accept = sock_no_accept,
107 .sendmsg = sock_no_sendmsg,
108 .sendpage = sock_no_sendpage,
109
110 .release = af_alg_release,
111 .recvmsg = rng_recvmsg,
112};
113
164static struct proto_ops algif_rng_ops = {
165 .family = PF_ALG,
166
167 .connect = sock_no_connect,
168 .socketpair = sock_no_socketpair,
169 .getname = sock_no_getname,
170 .ioctl = sock_no_ioctl,
171 .listen = sock_no_listen,
172 .shutdown = sock_no_shutdown,
173 .mmap = sock_no_mmap,
174 .bind = sock_no_bind,
175 .accept = sock_no_accept,
176 .sendmsg = sock_no_sendmsg,
177 .sendpage = sock_no_sendpage,
178
179 .release = af_alg_release,
180 .recvmsg = rng_recvmsg,
181};
182
183static struct proto_ops __maybe_unused algif_rng_test_ops = {
184 .family = PF_ALG,
185
186 .connect = sock_no_connect,
187 .socketpair = sock_no_socketpair,
188 .getname = sock_no_getname,
189 .ioctl = sock_no_ioctl,
190 .listen = sock_no_listen,
191 .shutdown = sock_no_shutdown,
192 .mmap = sock_no_mmap,
193 .bind = sock_no_bind,
194 .accept = sock_no_accept,
195 .sendpage = sock_no_sendpage,
196
197 .release = af_alg_release,
198 .recvmsg = rng_test_recvmsg,
199 .sendmsg = rng_test_sendmsg,
200};
201
114static void *rng_bind(const char *name, u32 type, u32 mask)
115{
202static void *rng_bind(const char *name, u32 type, u32 mask)
203{
116 return crypto_alloc_rng(name, type, mask);
204 struct rng_parent_ctx *pctx;
205 struct crypto_rng *rng;
206
207 pctx = kzalloc(sizeof(*pctx), GFP_KERNEL);
208 if (!pctx)
209 return ERR_PTR(-ENOMEM);
210
211 rng = crypto_alloc_rng(name, type, mask);
212 if (IS_ERR(rng)) {
213 kfree(pctx);
214 return ERR_CAST(rng);
215 }
216
217 pctx->drng = rng;
218 return pctx;
117}
118
119static void rng_release(void *private)
120{
219}
220
221static void rng_release(void *private)
222{
121 crypto_free_rng(private);
223 struct rng_parent_ctx *pctx = private;
224
225 if (unlikely(!pctx))
226 return;
227 crypto_free_rng(pctx->drng);
228 kfree_sensitive(pctx->entropy);
229 kfree_sensitive(pctx);
122}
123
124static void rng_sock_destruct(struct sock *sk)
125{
126 struct alg_sock *ask = alg_sk(sk);
127 struct rng_ctx *ctx = ask->private;
128
230}
231
232static void rng_sock_destruct(struct sock *sk)
233{
234 struct alg_sock *ask = alg_sk(sk);
235 struct rng_ctx *ctx = ask->private;
236
237 rng_reset_addtl(ctx);
129 sock_kfree_s(sk, ctx, ctx->len);
130 af_alg_release_parent(sk);
131}
132
133static int rng_accept_parent(void *private, struct sock *sk)
134{
135 struct rng_ctx *ctx;
238 sock_kfree_s(sk, ctx, ctx->len);
239 af_alg_release_parent(sk);
240}
241
242static int rng_accept_parent(void *private, struct sock *sk)
243{
244 struct rng_ctx *ctx;
245 struct rng_parent_ctx *pctx = private;
136 struct alg_sock *ask = alg_sk(sk);
137 unsigned int len = sizeof(*ctx);
138
139 ctx = sock_kmalloc(sk, len, GFP_KERNEL);
140 if (!ctx)
141 return -ENOMEM;
142
143 ctx->len = len;
246 struct alg_sock *ask = alg_sk(sk);
247 unsigned int len = sizeof(*ctx);
248
249 ctx = sock_kmalloc(sk, len, GFP_KERNEL);
250 if (!ctx)
251 return -ENOMEM;
252
253 ctx->len = len;
254 ctx->addtl = NULL;
255 ctx->addtl_len = 0;
144
145 /*
146 * No seeding done at that point -- if multiple accepts are
147 * done on one RNG instance, each resulting FD points to the same
148 * state of the RNG.
149 */
150
256
257 /*
258 * No seeding done at that point -- if multiple accepts are
259 * done on one RNG instance, each resulting FD points to the same
260 * state of the RNG.
261 */
262
151 ctx->drng = private;
263 ctx->drng = pctx->drng;
152 ask->private = ctx;
153 sk->sk_destruct = rng_sock_destruct;
154
264 ask->private = ctx;
265 sk->sk_destruct = rng_sock_destruct;
266
267 /*
268 * Non NULL pctx->entropy means that CAVP test has been initiated on
269 * this socket, replace proto_ops algif_rng_ops with algif_rng_test_ops.
270 */
271 if (IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP) && pctx->entropy)
272 sk->sk_socket->ops = &algif_rng_test_ops;
273
155 return 0;
156}
157
158static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
159{
274 return 0;
275}
276
277static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
278{
279 struct rng_parent_ctx *pctx = private;
160 /*
161 * Check whether seedlen is of sufficient size is done in RNG
162 * implementations.
163 */
280 /*
281 * Check whether seedlen is of sufficient size is done in RNG
282 * implementations.
283 */
164 return crypto_rng_reset(private, seed, seedlen);
284 return crypto_rng_reset(pctx->drng, seed, seedlen);
165}
166
285}
286
287static int __maybe_unused rng_setentropy(void *private, sockptr_t entropy,
288 unsigned int len)
289{
290 struct rng_parent_ctx *pctx = private;
291 u8 *kentropy = NULL;
292
293 if (!capable(CAP_SYS_ADMIN))
294 return -EACCES;
295
296 if (pctx->entropy)
297 return -EINVAL;
298
299 if (len > MAXSIZE)
300 return -EMSGSIZE;
301
302 if (len) {
303 kentropy = memdup_sockptr(entropy, len);
304 if (IS_ERR(kentropy))
305 return PTR_ERR(kentropy);
306 }
307
308 crypto_rng_alg(pctx->drng)->set_ent(pctx->drng, kentropy, len);
309 /*
310 * Since rng doesn't perform any memory management for the entropy
311 * buffer, save kentropy pointer to pctx now to free it after use.
312 */
313 pctx->entropy = kentropy;
314 return 0;
315}
316
167static const struct af_alg_type algif_type_rng = {
168 .bind = rng_bind,
169 .release = rng_release,
170 .accept = rng_accept_parent,
171 .setkey = rng_setkey,
317static const struct af_alg_type algif_type_rng = {
318 .bind = rng_bind,
319 .release = rng_release,
320 .accept = rng_accept_parent,
321 .setkey = rng_setkey,
322#ifdef CONFIG_CRYPTO_USER_API_RNG_CAVP
323 .setentropy = rng_setentropy,
324#endif
172 .ops = &algif_rng_ops,
173 .name = "rng",
174 .owner = THIS_MODULE
175};
176
177static int __init rng_init(void)
178{
179 return af_alg_register_type(&algif_type_rng);
180}
181
182static void __exit rng_exit(void)
183{
184 int err = af_alg_unregister_type(&algif_type_rng);
185 BUG_ON(err);
186}
187
188module_init(rng_init);
189module_exit(rng_exit);
325 .ops = &algif_rng_ops,
326 .name = "rng",
327 .owner = THIS_MODULE
328};
329
330static int __init rng_init(void)
331{
332 return af_alg_register_type(&algif_type_rng);
333}
334
335static void __exit rng_exit(void)
336{
337 int err = af_alg_unregister_type(&algif_type_rng);
338 BUG_ON(err);
339}
340
341module_init(rng_init);
342module_exit(rng_exit);