xref: /linux/crypto/algif_rng.c (revision e0bf6c5ca2d3281f231c5f0c9bf145e9513644de)
1 /*
2  * algif_rng: User-space interface for random number generators
3  *
4  * This file provides the user-space API for random number generators.
5  *
6  * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, and the entire permission notice in its entirety,
13  *    including the disclaimer of warranties.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. The name of the author may not be used to endorse or promote
18  *    products derived from this software without specific prior
19  *    written permission.
20  *
21  * ALTERNATIVELY, this product may be distributed under the terms of
22  * the GNU General Public License, in which case the provisions of the GPL2
23  * are required INSTEAD OF the above restrictions.  (This clause is
24  * necessary due to a potential bad interaction between the GPL and
25  * the restrictions contained in a BSD-style copyright.)
26  *
27  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
28  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
30  * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
31  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
33  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
34  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37  * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
38  * DAMAGE.
39  */
40 
41 #include <linux/module.h>
42 #include <crypto/rng.h>
43 #include <linux/random.h>
44 #include <crypto/if_alg.h>
45 #include <linux/net.h>
46 #include <net/sock.h>
47 
48 MODULE_LICENSE("GPL");
49 MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
50 MODULE_DESCRIPTION("User-space interface for random number generators");
51 
52 struct rng_ctx {
53 #define MAXSIZE 128
54 	unsigned int len;
55 	struct crypto_rng *drng;
56 };
57 
58 static int rng_recvmsg(struct kiocb *unused, struct socket *sock,
59 		       struct msghdr *msg, size_t len, int flags)
60 {
61 	struct sock *sk = sock->sk;
62 	struct alg_sock *ask = alg_sk(sk);
63 	struct rng_ctx *ctx = ask->private;
64 	int err = -EFAULT;
65 	int genlen = 0;
66 	u8 result[MAXSIZE];
67 
68 	if (len == 0)
69 		return 0;
70 	if (len > MAXSIZE)
71 		len = MAXSIZE;
72 
73 	/*
74 	 * although not strictly needed, this is a precaution against coding
75 	 * errors
76 	 */
77 	memset(result, 0, len);
78 
79 	/*
80 	 * The enforcement of a proper seeding of an RNG is done within an
81 	 * RNG implementation. Some RNGs (DRBG, krng) do not need specific
82 	 * seeding as they automatically seed. The X9.31 DRNG will return
83 	 * an error if it was not seeded properly.
84 	 */
85 	genlen = crypto_rng_get_bytes(ctx->drng, result, len);
86 	if (genlen < 0)
87 		return genlen;
88 
89 	err = memcpy_to_msg(msg, result, len);
90 	memzero_explicit(result, genlen);
91 
92 	return err ? err : len;
93 }
94 
95 static struct proto_ops algif_rng_ops = {
96 	.family		=	PF_ALG,
97 
98 	.connect	=	sock_no_connect,
99 	.socketpair	=	sock_no_socketpair,
100 	.getname	=	sock_no_getname,
101 	.ioctl		=	sock_no_ioctl,
102 	.listen		=	sock_no_listen,
103 	.shutdown	=	sock_no_shutdown,
104 	.getsockopt	=	sock_no_getsockopt,
105 	.mmap		=	sock_no_mmap,
106 	.bind		=	sock_no_bind,
107 	.accept		=	sock_no_accept,
108 	.setsockopt	=	sock_no_setsockopt,
109 	.poll		=	sock_no_poll,
110 	.sendmsg	=	sock_no_sendmsg,
111 	.sendpage	=	sock_no_sendpage,
112 
113 	.release	=	af_alg_release,
114 	.recvmsg	=	rng_recvmsg,
115 };
116 
117 static void *rng_bind(const char *name, u32 type, u32 mask)
118 {
119 	return crypto_alloc_rng(name, type, mask);
120 }
121 
122 static void rng_release(void *private)
123 {
124 	crypto_free_rng(private);
125 }
126 
127 static void rng_sock_destruct(struct sock *sk)
128 {
129 	struct alg_sock *ask = alg_sk(sk);
130 	struct rng_ctx *ctx = ask->private;
131 
132 	sock_kfree_s(sk, ctx, ctx->len);
133 	af_alg_release_parent(sk);
134 }
135 
136 static int rng_accept_parent(void *private, struct sock *sk)
137 {
138 	struct rng_ctx *ctx;
139 	struct alg_sock *ask = alg_sk(sk);
140 	unsigned int len = sizeof(*ctx);
141 
142 	ctx = sock_kmalloc(sk, len, GFP_KERNEL);
143 	if (!ctx)
144 		return -ENOMEM;
145 
146 	ctx->len = len;
147 
148 	/*
149 	 * No seeding done at that point -- if multiple accepts are
150 	 * done on one RNG instance, each resulting FD points to the same
151 	 * state of the RNG.
152 	 */
153 
154 	ctx->drng = private;
155 	ask->private = ctx;
156 	sk->sk_destruct = rng_sock_destruct;
157 
158 	return 0;
159 }
160 
161 static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
162 {
163 	/*
164 	 * Check whether seedlen is of sufficient size is done in RNG
165 	 * implementations.
166 	 */
167 	return crypto_rng_reset(private, (u8 *)seed, seedlen);
168 }
169 
170 static const struct af_alg_type algif_type_rng = {
171 	.bind		=	rng_bind,
172 	.release	=	rng_release,
173 	.accept		=	rng_accept_parent,
174 	.setkey		=	rng_setkey,
175 	.ops		=	&algif_rng_ops,
176 	.name		=	"rng",
177 	.owner		=	THIS_MODULE
178 };
179 
180 static int __init rng_init(void)
181 {
182 	return af_alg_register_type(&algif_type_rng);
183 }
184 
185 static void __exit rng_exit(void)
186 {
187 	int err = af_alg_unregister_type(&algif_type_rng);
188 	BUG_ON(err);
189 }
190 
191 module_init(rng_init);
192 module_exit(rng_exit);
193