2  * Non-physical true random number generator based on timing jitter --
5  * Copyright Stephan Mueller <smueller@chronox.de>, 2015 - 2023
24  * the restrictions contained in a BSD-style copyright.)
47 #include <crypto/internal/rng.h>
51 #define JENT_CONDITIONING_HASH	"sha3-256"
78  * Obtain a high-resolution time stamp value. The time stamp is used to measure
83  * implement a high-resolution time stamp, the RNG code's runtime test
109 	SHASH_DESC_ON_STACK(desc, hash_state_desc->tfm);  in jent_hash_time()
114 	desc->tfm = hash_state_desc->tfm;  in jent_hash_time()
116 	if (sizeof(intermediary) != crypto_shash_digestsize(desc->tfm)) {  in jent_hash_time()
118 		return -EINVAL;  in jent_hash_time()
129 	 * considering the terminology from SP800-90A without any entropy.  in jent_hash_time()
157 	 * when the time stamp has no entropy, SP800-90B requires that any  in jent_hash_time()
178 	/* Obtain data from entropy pool and re-initialize it */  in jent_read_random_block()
204 	struct jitterentropy *rng = crypto_tfm_ctx(tfm);  in jent_kcapi_cleanup()  local
206 	spin_lock(&rng->jent_lock);  in jent_kcapi_cleanup()
208 	if (rng->sdesc) {  in jent_kcapi_cleanup()
209 		shash_desc_zero(rng->sdesc);  in jent_kcapi_cleanup()
210 		kfree(rng->sdesc);  in jent_kcapi_cleanup()
212 	rng->sdesc = NULL;  in jent_kcapi_cleanup()
214 	if (rng->tfm)  in jent_kcapi_cleanup()
215 		crypto_free_shash(rng->tfm);  in jent_kcapi_cleanup()
216 	rng->tfm = NULL;  in jent_kcapi_cleanup()
218 	if (rng->entropy_collector)  in jent_kcapi_cleanup()
219 		jent_entropy_collector_free(rng->entropy_collector);  in jent_kcapi_cleanup()
220 	rng->entropy_collector = NULL;  in jent_kcapi_cleanup()
221 	spin_unlock(&rng->jent_lock);  in jent_kcapi_cleanup()
226 	struct jitterentropy *rng = crypto_tfm_ctx(tfm);  in jent_kcapi_init()  local
231 	spin_lock_init(&rng->jent_lock);  in jent_kcapi_init()
233 	/* Use SHA3-256 as conditioner */  in jent_kcapi_init()
239 	rng->tfm = hash;  in jent_kcapi_init()
244 		ret = -ENOMEM;  in jent_kcapi_init()
248 	sdesc->tfm = hash;  in jent_kcapi_init()
250 	rng->sdesc = sdesc;  in jent_kcapi_init()
252 	rng->entropy_collector =  in jent_kcapi_init()
255 	if (!rng->entropy_collector) {  in jent_kcapi_init()
256 		ret = -ENOMEM;  in jent_kcapi_init()
260 	spin_lock_init(&rng->jent_lock);  in jent_kcapi_init()
272 	struct jitterentropy *rng = crypto_rng_ctx(tfm);  in jent_kcapi_random()  local
275 	spin_lock(&rng->jent_lock);  in jent_kcapi_random()
277 	ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);  in jent_kcapi_random()
279 	if (ret == -3) {  in jent_kcapi_random()
284 		 * an SP800-90B permanent health test error is treated as  in jent_kcapi_random()
288 			panic("Jitter RNG permanent health test failure\n");  in jent_kcapi_random()
290 		pr_err("Jitter RNG permanent health test failure\n");  in jent_kcapi_random()
291 		ret = -EFAULT;  in jent_kcapi_random()
292 	} else if (ret == -2) {  in jent_kcapi_random()
294 		pr_warn_ratelimited("Reset Jitter RNG due to intermittent health test failure\n");  in jent_kcapi_random()
295 		ret = -EAGAIN;  in jent_kcapi_random()
296 	} else if (ret == -1) {  in jent_kcapi_random()
298 		ret = -EINVAL;  in jent_kcapi_random()
301 	spin_unlock(&rng->jent_lock);  in jent_kcapi_random()
341 	desc->tfm = tfm;  in jent_mod_init()
353 		return -EFAULT;  in jent_mod_init()
369 MODULE_DESCRIPTION("Non-physical True Random Number Generator based on CPU Jitter");