1ef9461baSKonstantin Belousov /*- 27c3547baSKonstantin Belousov * Copyright (c) 2013 The FreeBSD Foundation 35711939bSDavid E. O'Brien * Copyright (c) 2013 David E. O'Brien <obrien@NUXI.org> 4ef9461baSKonstantin Belousov * Copyright (c) 2012 Konstantin Belousov <kib@FreeBSD.org> 5ef9461baSKonstantin Belousov * All rights reserved. 6ef9461baSKonstantin Belousov * 77c3547baSKonstantin Belousov * Portions of this software were developed by Konstantin Belousov 87c3547baSKonstantin Belousov * under sponsorship from the FreeBSD Foundation. 97c3547baSKonstantin Belousov * 10ef9461baSKonstantin Belousov * Redistribution and use in source and binary forms, with or without 11ef9461baSKonstantin Belousov * modification, are permitted provided that the following conditions 12ef9461baSKonstantin Belousov * are met: 13ef9461baSKonstantin Belousov * 1. Redistributions of source code must retain the above copyright 14ef9461baSKonstantin Belousov * notice, this list of conditions and the following disclaimer 15ef9461baSKonstantin Belousov * in this position and unchanged. 16ef9461baSKonstantin Belousov * 2. Redistributions in binary form must reproduce the above copyright 17ef9461baSKonstantin Belousov * notice, this list of conditions and the following disclaimer in the 18ef9461baSKonstantin Belousov * documentation and/or other materials provided with the distribution. 19ef9461baSKonstantin Belousov * 20ef9461baSKonstantin Belousov * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21ef9461baSKonstantin Belousov * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22ef9461baSKonstantin Belousov * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23ef9461baSKonstantin Belousov * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24ef9461baSKonstantin Belousov * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25ef9461baSKonstantin Belousov * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26ef9461baSKonstantin Belousov * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27ef9461baSKonstantin Belousov * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28ef9461baSKonstantin Belousov * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29ef9461baSKonstantin Belousov * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30ef9461baSKonstantin Belousov * 31ef9461baSKonstantin Belousov */ 32ef9461baSKonstantin Belousov 33ef9461baSKonstantin Belousov #include <sys/cdefs.h> 34ef9461baSKonstantin Belousov __FBSDID("$FreeBSD$"); 35ef9461baSKonstantin Belousov 36ef9461baSKonstantin Belousov #include <sys/param.h> 375711939bSDavid E. O'Brien #include <sys/kernel.h> 3810cb2424SMark Murray #include <sys/conf.h> 39ef9461baSKonstantin Belousov #include <sys/lock.h> 40095ed2c9SMark Murray #include <sys/malloc.h> 415711939bSDavid E. O'Brien #include <sys/module.h> 42f02e47dcSMark Murray #include <sys/random.h> 43*cb285f7cSConrad Meyer #include <sys/sysctl.h> 44ef9461baSKonstantin Belousov #include <sys/systm.h> 455711939bSDavid E. O'Brien 465711939bSDavid E. O'Brien #include <machine/md_var.h> 475711939bSDavid E. O'Brien #include <machine/specialreg.h> 482cb54a80SConrad Meyer #include <x86/ifunc.h> 495711939bSDavid E. O'Brien 50095ed2c9SMark Murray #include <dev/random/randomdev.h> 51ef9461baSKonstantin Belousov 52ef9461baSKonstantin Belousov #define RETRY_COUNT 10 53ef9461baSKonstantin Belousov 542cb54a80SConrad Meyer static bool has_rdrand, has_rdseed; 5510cb2424SMark Murray static u_int random_ivy_read(void *, u_int); 56ef9461baSKonstantin Belousov 57d1b06863SMark Murray static struct random_source random_ivy = { 58d1b06863SMark Murray .rs_ident = "Intel Secure Key RNG", 59d1b06863SMark Murray .rs_source = RANDOM_PURE_RDRAND, 60d1b06863SMark Murray .rs_read = random_ivy_read 61ef9461baSKonstantin Belousov }; 62ef9461baSKonstantin Belousov 63*cb285f7cSConrad Meyer SYSCTL_NODE(_kern_random, OID_AUTO, rdrand, CTLFLAG_RW, 0, 64*cb285f7cSConrad Meyer "rdrand (ivy) entropy source"); 65*cb285f7cSConrad Meyer static bool acquire_independent_seed_samples = false; 66*cb285f7cSConrad Meyer SYSCTL_BOOL(_kern_random_rdrand, OID_AUTO, rdrand_independent_seed, 67*cb285f7cSConrad Meyer CTLFLAG_RWTUN, &acquire_independent_seed_samples, 0, 68*cb285f7cSConrad Meyer "If non-zero, use more expensive and slow, but safer, seeded samples " 69*cb285f7cSConrad Meyer "where RDSEED is not present."); 70*cb285f7cSConrad Meyer 71c41faf55SConrad Meyer static bool 722cb54a80SConrad Meyer x86_rdrand_store(u_long *buf) 73ef9461baSKonstantin Belousov { 74*cb285f7cSConrad Meyer u_long rndval, seed_iterations, i; 757c3547baSKonstantin Belousov int retry; 76ef9461baSKonstantin Belousov 77*cb285f7cSConrad Meyer /* Per [1], "§ 5.2.6 Generating Seeds from RDRAND," 78*cb285f7cSConrad Meyer * machines lacking RDSEED will guarantee RDRAND is reseeded every 8kB 79*cb285f7cSConrad Meyer * of generated output. 80*cb285f7cSConrad Meyer * 81*cb285f7cSConrad Meyer * [1]: https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide#inpage-nav-6-8 82*cb285f7cSConrad Meyer */ 83*cb285f7cSConrad Meyer if (acquire_independent_seed_samples) 84*cb285f7cSConrad Meyer seed_iterations = 8 * 1024 / sizeof(*buf); 85*cb285f7cSConrad Meyer else 86*cb285f7cSConrad Meyer seed_iterations = 1; 87*cb285f7cSConrad Meyer 88*cb285f7cSConrad Meyer for (i = 0; i < seed_iterations; i++) { 897c3547baSKonstantin Belousov retry = RETRY_COUNT; 90ef9461baSKonstantin Belousov __asm __volatile( 917c3547baSKonstantin Belousov "1:\n\t" 92843c718fSKonstantin Belousov "rdrand %1\n\t" /* read randomness into rndval */ 9376c16ab9SKonstantin Belousov "jc 2f\n\t" /* CF is set on success, exit retry loop */ 947c3547baSKonstantin Belousov "dec %0\n\t" /* otherwise, retry-- */ 957c3547baSKonstantin Belousov "jne 1b\n\t" /* and loop if retries are not exhausted */ 9676c16ab9SKonstantin Belousov "2:" 9776c16ab9SKonstantin Belousov : "+r" (retry), "=r" (rndval) : : "cc"); 98*cb285f7cSConrad Meyer if (retry == 0) 99*cb285f7cSConrad Meyer return (false); 100*cb285f7cSConrad Meyer } 10176c16ab9SKonstantin Belousov *buf = rndval; 102*cb285f7cSConrad Meyer return (true); 1032cb54a80SConrad Meyer } 1042cb54a80SConrad Meyer 105c41faf55SConrad Meyer static bool 1062cb54a80SConrad Meyer x86_rdseed_store(u_long *buf) 1072cb54a80SConrad Meyer { 1082cb54a80SConrad Meyer u_long rndval; 1092cb54a80SConrad Meyer int retry; 1102cb54a80SConrad Meyer 1112cb54a80SConrad Meyer retry = RETRY_COUNT; 1122cb54a80SConrad Meyer __asm __volatile( 1132cb54a80SConrad Meyer "1:\n\t" 1142cb54a80SConrad Meyer "rdseed %1\n\t" /* read randomness into rndval */ 1152cb54a80SConrad Meyer "jc 2f\n\t" /* CF is set on success, exit retry loop */ 1162cb54a80SConrad Meyer "dec %0\n\t" /* otherwise, retry-- */ 1172cb54a80SConrad Meyer "jne 1b\n\t" /* and loop if retries are not exhausted */ 1182cb54a80SConrad Meyer "2:" 1192cb54a80SConrad Meyer : "+r" (retry), "=r" (rndval) : : "cc"); 1202cb54a80SConrad Meyer *buf = rndval; 121c41faf55SConrad Meyer return (retry != 0); 1222cb54a80SConrad Meyer } 1232cb54a80SConrad Meyer 124c41faf55SConrad Meyer static bool 125b8701995SMark Johnston x86_unimpl_store(u_long *buf __unused) 126b8701995SMark Johnston { 127b8701995SMark Johnston 128b8701995SMark Johnston panic("%s called", __func__); 129b8701995SMark Johnston } 130b8701995SMark Johnston 131c41faf55SConrad Meyer DEFINE_IFUNC(static, bool, x86_rng_store, (u_long *buf)) 1322cb54a80SConrad Meyer { 1332cb54a80SConrad Meyer has_rdrand = (cpu_feature2 & CPUID2_RDRAND); 1342cb54a80SConrad Meyer has_rdseed = (cpu_stdext_feature & CPUID_STDEXT_RDSEED); 1352cb54a80SConrad Meyer 1362cb54a80SConrad Meyer if (has_rdseed) 1372cb54a80SConrad Meyer return (x86_rdseed_store); 1382cb54a80SConrad Meyer else if (has_rdrand) 1392cb54a80SConrad Meyer return (x86_rdrand_store); 1402cb54a80SConrad Meyer else 141b8701995SMark Johnston return (x86_unimpl_store); 142ef9461baSKonstantin Belousov } 143ef9461baSKonstantin Belousov 14476c16ab9SKonstantin Belousov /* It is required that buf length is a multiple of sizeof(u_long). */ 14510cb2424SMark Murray static u_int 14610cb2424SMark Murray random_ivy_read(void *buf, u_int c) 147ef9461baSKonstantin Belousov { 14876c16ab9SKonstantin Belousov u_long *b, rndval; 14910cb2424SMark Murray u_int count; 150ef9461baSKonstantin Belousov 15110cb2424SMark Murray KASSERT(c % sizeof(*b) == 0, ("partial read %d", c)); 15210cb2424SMark Murray b = buf; 15310cb2424SMark Murray for (count = c; count > 0; count -= sizeof(*b)) { 154c41faf55SConrad Meyer if (!x86_rng_store(&rndval)) 155ef9461baSKonstantin Belousov break; 15676c16ab9SKonstantin Belousov *b++ = rndval; 157ef9461baSKonstantin Belousov } 158ef9461baSKonstantin Belousov return (c - count); 159ef9461baSKonstantin Belousov } 160ef9461baSKonstantin Belousov 1615711939bSDavid E. O'Brien static int 1625711939bSDavid E. O'Brien rdrand_modevent(module_t mod, int type, void *unused) 1635711939bSDavid E. O'Brien { 164f02e47dcSMark Murray int error = 0; 1655711939bSDavid E. O'Brien 1665711939bSDavid E. O'Brien switch (type) { 1675711939bSDavid E. O'Brien case MOD_LOAD: 1682cb54a80SConrad Meyer if (has_rdrand || has_rdseed) { 169d1b06863SMark Murray random_source_register(&random_ivy); 170d1b06863SMark Murray printf("random: fast provider: \"%s\"\n", random_ivy.rs_ident); 17110cb2424SMark Murray } 172f02e47dcSMark Murray break; 173f02e47dcSMark Murray 174f02e47dcSMark Murray case MOD_UNLOAD: 1752cb54a80SConrad Meyer if (has_rdrand || has_rdseed) 176d1b06863SMark Murray random_source_deregister(&random_ivy); 177f02e47dcSMark Murray break; 178f02e47dcSMark Murray 179f02e47dcSMark Murray case MOD_SHUTDOWN: 180f02e47dcSMark Murray break; 181f02e47dcSMark Murray 182f02e47dcSMark Murray default: 183f02e47dcSMark Murray error = EOPNOTSUPP; 184f02e47dcSMark Murray break; 185f02e47dcSMark Murray 1865711939bSDavid E. O'Brien } 1875711939bSDavid E. O'Brien 188f02e47dcSMark Murray return (error); 1895711939bSDavid E. O'Brien } 1905711939bSDavid E. O'Brien 1917384206aSConrad Meyer static moduledata_t rdrand_mod = { 1927384206aSConrad Meyer "rdrand", 1937384206aSConrad Meyer rdrand_modevent, 1947384206aSConrad Meyer 0 1957384206aSConrad Meyer }; 1967384206aSConrad Meyer 1977384206aSConrad Meyer DECLARE_MODULE(rdrand, rdrand_mod, SI_SUB_RANDOM, SI_ORDER_FOURTH); 19810cb2424SMark Murray MODULE_VERSION(rdrand, 1); 1997384206aSConrad Meyer MODULE_DEPEND(rdrand, random_harvestq, 1, 1, 1); 200