]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - arch/s390/crypto/prng.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:


85b7f5efe06a9451fd23ea830c391014ac42ac48
[mirror_ubuntu-artful-kernel.git] / arch / s390 / crypto / prng.c
1 /*
2 * Copyright IBM Corp. 2006, 2015
3 * Author(s): Jan Glauber <jan.glauber@de.ibm.com>
4 * Harald Freudenberger <freude@de.ibm.com>
5 * Driver for the s390 pseudo random number generator
6 */
7
8 #define KMSG_COMPONENT "prng"
9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
10
11 #include <linux/fs.h>
12 #include <linux/fips.h>
13 #include <linux/init.h>
14 #include <linux/kernel.h>
15 #include <linux/device.h>
16 #include <linux/miscdevice.h>
17 #include <linux/module.h>
18 #include <linux/moduleparam.h>
19 #include <linux/mutex.h>
20 #include <linux/cpufeature.h>
21 #include <linux/random.h>
22 #include <linux/slab.h>
23 #include <asm/debug.h>
24 #include <linux/uaccess.h>
25 #include <asm/timex.h>
26 #include <asm/cpacf.h>
27
28 MODULE_LICENSE("GPL");
29 MODULE_AUTHOR("IBM Corporation");
30 MODULE_DESCRIPTION("s390 PRNG interface");
31
32
33 #define PRNG_MODE_AUTO 0
34 #define PRNG_MODE_TDES 1
35 #define PRNG_MODE_SHA512 2
36
37 static unsigned int prng_mode = PRNG_MODE_AUTO;
38 module_param_named(mode, prng_mode, int, 0);
39 MODULE_PARM_DESC(prng_mode, "PRNG mode: 0 - auto, 1 - TDES, 2 - SHA512");
40
41
42 #define PRNG_CHUNKSIZE_TDES_MIN 8
43 #define PRNG_CHUNKSIZE_TDES_MAX (64*1024)
44 #define PRNG_CHUNKSIZE_SHA512_MIN 64
45 #define PRNG_CHUNKSIZE_SHA512_MAX (64*1024)
46
47 static unsigned int prng_chunk_size = 256;
48 module_param_named(chunksize, prng_chunk_size, int, 0);
49 MODULE_PARM_DESC(prng_chunk_size, "PRNG read chunk size in bytes");
50
51
52 #define PRNG_RESEED_LIMIT_TDES 4096
53 #define PRNG_RESEED_LIMIT_TDES_LOWER 4096
54 #define PRNG_RESEED_LIMIT_SHA512 100000
55 #define PRNG_RESEED_LIMIT_SHA512_LOWER 10000
56
57 static unsigned int prng_reseed_limit;
58 module_param_named(reseed_limit, prng_reseed_limit, int, 0);
59 MODULE_PARM_DESC(prng_reseed_limit, "PRNG reseed limit");
60
61
62 /*
63 * Any one who considers arithmetical methods of producing random digits is,
64 * of course, in a state of sin. -- John von Neumann
65 */
66
67 static int prng_errorflag;
68
69 #define PRNG_GEN_ENTROPY_FAILED 1
70 #define PRNG_SELFTEST_FAILED 2
71 #define PRNG_INSTANTIATE_FAILED 3
72 #define PRNG_SEED_FAILED 4
73 #define PRNG_RESEED_FAILED 5
74 #define PRNG_GEN_FAILED 6
75
76 struct prng_ws_s {
77 u8 parm_block[32];
78 u32 reseed_counter;
79 u64 byte_counter;
80 };
81
82 struct ppno_ws_s {
83 u32 res;
84 u32 reseed_counter;
85 u64 stream_bytes;
86 u8 V[112];
87 u8 C[112];
88 };
89
90 struct prng_data_s {
91 struct mutex mutex;
92 union {
93 struct prng_ws_s prngws;
94 struct ppno_ws_s ppnows;
95 };
96 u8 *buf;
97 u32 rest;
98 u8 *prev;
99 };
100
101 static struct prng_data_s *prng_data;
102
103 /* initial parameter block for tdes mode, copied from libica */
104 static const u8 initial_parm_block[32] __initconst = {
105 0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52,
106 0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4,
107 0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF,
108 0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0 };
109
110
111 /*** helper functions ***/
112
113 /*
114 * generate_entropy:
115 * This algorithm produces 64 bytes of entropy data based on 1024
116 * individual stckf() invocations assuming that each stckf() value
117 * contributes 0.25 bits of entropy. So the caller gets 256 bit
118 * entropy per 64 byte or 4 bits entropy per byte.
119 */
120 static int generate_entropy(u8 *ebuf, size_t nbytes)
121 {
122 int n, ret = 0;
123 u8 *pg, *h, hash[64];
124
125 /* allocate 2 pages */
126 pg = (u8 *) __get_free_pages(GFP_KERNEL, 1);
127 if (!pg) {
128 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
129 return -ENOMEM;
130 }
131
132 while (nbytes) {
133 /* fill pages with urandom bytes */
134 get_random_bytes(pg, 2*PAGE_SIZE);
135 /* exor pages with 1024 stckf values */
136 for (n = 0; n < 2 * PAGE_SIZE / sizeof(u64); n++) {
137 u64 *p = ((u64 *)pg) + n;
138 *p ^= get_tod_clock_fast();
139 }
140 n = (nbytes < sizeof(hash)) ? nbytes : sizeof(hash);
141 if (n < sizeof(hash))
142 h = hash;
143 else
144 h = ebuf;
145 /* hash over the filled pages */
146 cpacf_kimd(CPACF_KIMD_SHA_512, h, pg, 2*PAGE_SIZE);
147 if (n < sizeof(hash))
148 memcpy(ebuf, hash, n);
149 ret += n;
150 ebuf += n;
151 nbytes -= n;
152 }
153
154 free_pages((unsigned long)pg, 1);
155 return ret;
156 }
157
158
159 /*** tdes functions ***/
160
161 static void prng_tdes_add_entropy(void)
162 {
163 __u64 entropy[4];
164 unsigned int i;
165
166 for (i = 0; i < 16; i++) {
167 cpacf_kmc(CPACF_KMC_PRNG, prng_data->prngws.parm_block,
168 (char *) entropy, (char *) entropy,
169 sizeof(entropy));
170 memcpy(prng_data->prngws.parm_block, entropy, sizeof(entropy));
171 }
172 }
173
174
175 static void prng_tdes_seed(int nbytes)
176 {
177 char buf[16];
178 int i = 0;
179
180 BUG_ON(nbytes > sizeof(buf));
181
182 get_random_bytes(buf, nbytes);
183
184 /* Add the entropy */
185 while (nbytes >= 8) {
186 *((__u64 *)prng_data->prngws.parm_block) ^= *((__u64 *)(buf+i));
187 prng_tdes_add_entropy();
188 i += 8;
189 nbytes -= 8;
190 }
191 prng_tdes_add_entropy();
192 prng_data->prngws.reseed_counter = 0;
193 }
194
195
196 static int __init prng_tdes_instantiate(void)
197 {
198 int datalen;
199
200 pr_debug("prng runs in TDES mode with "
201 "chunksize=%d and reseed_limit=%u\n",
202 prng_chunk_size, prng_reseed_limit);
203
204 /* memory allocation, prng_data struct init, mutex init */
205 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
206 prng_data = kzalloc(datalen, GFP_KERNEL);
207 if (!prng_data) {
208 prng_errorflag = PRNG_INSTANTIATE_FAILED;
209 return -ENOMEM;
210 }
211 mutex_init(&prng_data->mutex);
212 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
213 memcpy(prng_data->prngws.parm_block, initial_parm_block, 32);
214
215 /* initialize the PRNG, add 128 bits of entropy */
216 prng_tdes_seed(16);
217
218 return 0;
219 }
220
221
222 static void prng_tdes_deinstantiate(void)
223 {
224 pr_debug("The prng module stopped "
225 "after running in triple DES mode\n");
226 kzfree(prng_data);
227 }
228
229
230 /*** sha512 functions ***/
231
232 static int __init prng_sha512_selftest(void)
233 {
234 /* NIST DRBG testvector for Hash Drbg, Sha-512, Count #0 */
235 static const u8 seed[] __initconst = {
236 0x6b, 0x50, 0xa7, 0xd8, 0xf8, 0xa5, 0x5d, 0x7a,
237 0x3d, 0xf8, 0xbb, 0x40, 0xbc, 0xc3, 0xb7, 0x22,
238 0xd8, 0x70, 0x8d, 0xe6, 0x7f, 0xda, 0x01, 0x0b,
239 0x03, 0xc4, 0xc8, 0x4d, 0x72, 0x09, 0x6f, 0x8c,
240 0x3e, 0xc6, 0x49, 0xcc, 0x62, 0x56, 0xd9, 0xfa,
241 0x31, 0xdb, 0x7a, 0x29, 0x04, 0xaa, 0xf0, 0x25 };
242 static const u8 V0[] __initconst = {
243 0x00, 0xad, 0xe3, 0x6f, 0x9a, 0x01, 0xc7, 0x76,
244 0x61, 0x34, 0x35, 0xf5, 0x4e, 0x24, 0x74, 0x22,
245 0x21, 0x9a, 0x29, 0x89, 0xc7, 0x93, 0x2e, 0x60,
246 0x1e, 0xe8, 0x14, 0x24, 0x8d, 0xd5, 0x03, 0xf1,
247 0x65, 0x5d, 0x08, 0x22, 0x72, 0xd5, 0xad, 0x95,
248 0xe1, 0x23, 0x1e, 0x8a, 0xa7, 0x13, 0xd9, 0x2b,
249 0x5e, 0xbc, 0xbb, 0x80, 0xab, 0x8d, 0xe5, 0x79,
250 0xab, 0x5b, 0x47, 0x4e, 0xdd, 0xee, 0x6b, 0x03,
251 0x8f, 0x0f, 0x5c, 0x5e, 0xa9, 0x1a, 0x83, 0xdd,
252 0xd3, 0x88, 0xb2, 0x75, 0x4b, 0xce, 0x83, 0x36,
253 0x57, 0x4b, 0xf1, 0x5c, 0xca, 0x7e, 0x09, 0xc0,
254 0xd3, 0x89, 0xc6, 0xe0, 0xda, 0xc4, 0x81, 0x7e,
255 0x5b, 0xf9, 0xe1, 0x01, 0xc1, 0x92, 0x05, 0xea,
256 0xf5, 0x2f, 0xc6, 0xc6, 0xc7, 0x8f, 0xbc, 0xf4 };
257 static const u8 C0[] __initconst = {
258 0x00, 0xf4, 0xa3, 0xe5, 0xa0, 0x72, 0x63, 0x95,
259 0xc6, 0x4f, 0x48, 0xd0, 0x8b, 0x5b, 0x5f, 0x8e,
260 0x6b, 0x96, 0x1f, 0x16, 0xed, 0xbc, 0x66, 0x94,
261 0x45, 0x31, 0xd7, 0x47, 0x73, 0x22, 0xa5, 0x86,
262 0xce, 0xc0, 0x4c, 0xac, 0x63, 0xb8, 0x39, 0x50,
263 0xbf, 0xe6, 0x59, 0x6c, 0x38, 0x58, 0x99, 0x1f,
264 0x27, 0xa7, 0x9d, 0x71, 0x2a, 0xb3, 0x7b, 0xf9,
265 0xfb, 0x17, 0x86, 0xaa, 0x99, 0x81, 0xaa, 0x43,
266 0xe4, 0x37, 0xd3, 0x1e, 0x6e, 0xe5, 0xe6, 0xee,
267 0xc2, 0xed, 0x95, 0x4f, 0x53, 0x0e, 0x46, 0x8a,
268 0xcc, 0x45, 0xa5, 0xdb, 0x69, 0x0d, 0x81, 0xc9,
269 0x32, 0x92, 0xbc, 0x8f, 0x33, 0xe6, 0xf6, 0x09,
270 0x7c, 0x8e, 0x05, 0x19, 0x0d, 0xf1, 0xb6, 0xcc,
271 0xf3, 0x02, 0x21, 0x90, 0x25, 0xec, 0xed, 0x0e };
272 static const u8 random[] __initconst = {
273 0x95, 0xb7, 0xf1, 0x7e, 0x98, 0x02, 0xd3, 0x57,
274 0x73, 0x92, 0xc6, 0xa9, 0xc0, 0x80, 0x83, 0xb6,
275 0x7d, 0xd1, 0x29, 0x22, 0x65, 0xb5, 0xf4, 0x2d,
276 0x23, 0x7f, 0x1c, 0x55, 0xbb, 0x9b, 0x10, 0xbf,
277 0xcf, 0xd8, 0x2c, 0x77, 0xa3, 0x78, 0xb8, 0x26,
278 0x6a, 0x00, 0x99, 0x14, 0x3b, 0x3c, 0x2d, 0x64,
279 0x61, 0x1e, 0xee, 0xb6, 0x9a, 0xcd, 0xc0, 0x55,
280 0x95, 0x7c, 0x13, 0x9e, 0x8b, 0x19, 0x0c, 0x7a,
281 0x06, 0x95, 0x5f, 0x2c, 0x79, 0x7c, 0x27, 0x78,
282 0xde, 0x94, 0x03, 0x96, 0xa5, 0x01, 0xf4, 0x0e,
283 0x91, 0x39, 0x6a, 0xcf, 0x8d, 0x7e, 0x45, 0xeb,
284 0xdb, 0xb5, 0x3b, 0xbf, 0x8c, 0x97, 0x52, 0x30,
285 0xd2, 0xf0, 0xff, 0x91, 0x06, 0xc7, 0x61, 0x19,
286 0xae, 0x49, 0x8e, 0x7f, 0xbc, 0x03, 0xd9, 0x0f,
287 0x8e, 0x4c, 0x51, 0x62, 0x7a, 0xed, 0x5c, 0x8d,
288 0x42, 0x63, 0xd5, 0xd2, 0xb9, 0x78, 0x87, 0x3a,
289 0x0d, 0xe5, 0x96, 0xee, 0x6d, 0xc7, 0xf7, 0xc2,
290 0x9e, 0x37, 0xee, 0xe8, 0xb3, 0x4c, 0x90, 0xdd,
291 0x1c, 0xf6, 0xa9, 0xdd, 0xb2, 0x2b, 0x4c, 0xbd,
292 0x08, 0x6b, 0x14, 0xb3, 0x5d, 0xe9, 0x3d, 0xa2,
293 0xd5, 0xcb, 0x18, 0x06, 0x69, 0x8c, 0xbd, 0x7b,
294 0xbb, 0x67, 0xbf, 0xe3, 0xd3, 0x1f, 0xd2, 0xd1,
295 0xdb, 0xd2, 0xa1, 0xe0, 0x58, 0xa3, 0xeb, 0x99,
296 0xd7, 0xe5, 0x1f, 0x1a, 0x93, 0x8e, 0xed, 0x5e,
297 0x1c, 0x1d, 0xe2, 0x3a, 0x6b, 0x43, 0x45, 0xd3,
298 0x19, 0x14, 0x09, 0xf9, 0x2f, 0x39, 0xb3, 0x67,
299 0x0d, 0x8d, 0xbf, 0xb6, 0x35, 0xd8, 0xe6, 0xa3,
300 0x69, 0x32, 0xd8, 0x10, 0x33, 0xd1, 0x44, 0x8d,
301 0x63, 0xb4, 0x03, 0xdd, 0xf8, 0x8e, 0x12, 0x1b,
302 0x6e, 0x81, 0x9a, 0xc3, 0x81, 0x22, 0x6c, 0x13,
303 0x21, 0xe4, 0xb0, 0x86, 0x44, 0xf6, 0x72, 0x7c,
304 0x36, 0x8c, 0x5a, 0x9f, 0x7a, 0x4b, 0x3e, 0xe2 };
305
306 u8 buf[sizeof(random)];
307 struct ppno_ws_s ws;
308
309 memset(&ws, 0, sizeof(ws));
310
311 /* initial seed */
312 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
313 &ws, NULL, 0, seed, sizeof(seed));
314
315 /* check working states V and C */
316 if (memcmp(ws.V, V0, sizeof(V0)) != 0
317 || memcmp(ws.C, C0, sizeof(C0)) != 0) {
318 pr_err("The prng self test state test "
319 "for the SHA-512 mode failed\n");
320 prng_errorflag = PRNG_SELFTEST_FAILED;
321 return -EIO;
322 }
323
324 /* generate random bytes */
325 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
326 &ws, buf, sizeof(buf), NULL, 0);
327 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
328 &ws, buf, sizeof(buf), NULL, 0);
329
330 /* check against expected data */
331 if (memcmp(buf, random, sizeof(random)) != 0) {
332 pr_err("The prng self test data test "
333 "for the SHA-512 mode failed\n");
334 prng_errorflag = PRNG_SELFTEST_FAILED;
335 return -EIO;
336 }
337
338 return 0;
339 }
340
341
342 static int __init prng_sha512_instantiate(void)
343 {
344 int ret, datalen;
345 u8 seed[64 + 32 + 16];
346
347 pr_debug("prng runs in SHA-512 mode "
348 "with chunksize=%d and reseed_limit=%u\n",
349 prng_chunk_size, prng_reseed_limit);
350
351 /* memory allocation, prng_data struct init, mutex init */
352 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
353 if (fips_enabled)
354 datalen += prng_chunk_size;
355 prng_data = kzalloc(datalen, GFP_KERNEL);
356 if (!prng_data) {
357 prng_errorflag = PRNG_INSTANTIATE_FAILED;
358 return -ENOMEM;
359 }
360 mutex_init(&prng_data->mutex);
361 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
362
363 /* selftest */
364 ret = prng_sha512_selftest();
365 if (ret)
366 goto outfree;
367
368 /* generate initial seed bytestring, with 256 + 128 bits entropy */
369 ret = generate_entropy(seed, 64 + 32);
370 if (ret != 64 + 32)
371 goto outfree;
372 /* followed by 16 bytes of unique nonce */
373 get_tod_clock_ext(seed + 64 + 32);
374
375 /* initial seed of the ppno drng */
376 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
377 &prng_data->ppnows, NULL, 0, seed, sizeof(seed));
378
379 /* if fips mode is enabled, generate a first block of random
380 bytes for the FIPS 140-2 Conditional Self Test */
381 if (fips_enabled) {
382 prng_data->prev = prng_data->buf + prng_chunk_size;
383 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
384 &prng_data->ppnows,
385 prng_data->prev, prng_chunk_size, NULL, 0);
386 }
387
388 return 0;
389
390 outfree:
391 kfree(prng_data);
392 return ret;
393 }
394
395
396 static void prng_sha512_deinstantiate(void)
397 {
398 pr_debug("The prng module stopped after running in SHA-512 mode\n");
399 kzfree(prng_data);
400 }
401
402
403 static int prng_sha512_reseed(void)
404 {
405 int ret;
406 u8 seed[64];
407
408 /* fetch 256 bits of fresh entropy */
409 ret = generate_entropy(seed, sizeof(seed));
410 if (ret != sizeof(seed))
411 return ret;
412
413 /* do a reseed of the ppno drng with this bytestring */
414 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
415 &prng_data->ppnows, NULL, 0, seed, sizeof(seed));
416
417 return 0;
418 }
419
420
421 static int prng_sha512_generate(u8 *buf, size_t nbytes)
422 {
423 int ret;
424
425 /* reseed needed ? */
426 if (prng_data->ppnows.reseed_counter > prng_reseed_limit) {
427 ret = prng_sha512_reseed();
428 if (ret)
429 return ret;
430 }
431
432 /* PPNO generate */
433 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
434 &prng_data->ppnows, buf, nbytes, NULL, 0);
435
436 /* FIPS 140-2 Conditional Self Test */
437 if (fips_enabled) {
438 if (!memcmp(prng_data->prev, buf, nbytes)) {
439 prng_errorflag = PRNG_GEN_FAILED;
440 return -EILSEQ;
441 }
442 memcpy(prng_data->prev, buf, nbytes);
443 }
444
445 return nbytes;
446 }
447
448
449 /*** file io functions ***/
450
451 static int prng_open(struct inode *inode, struct file *file)
452 {
453 return nonseekable_open(inode, file);
454 }
455
456
457 static ssize_t prng_tdes_read(struct file *file, char __user *ubuf,
458 size_t nbytes, loff_t *ppos)
459 {
460 int chunk, n, ret = 0;
461
462 /* lock prng_data struct */
463 if (mutex_lock_interruptible(&prng_data->mutex))
464 return -ERESTARTSYS;
465
466 while (nbytes) {
467 if (need_resched()) {
468 if (signal_pending(current)) {
469 if (ret == 0)
470 ret = -ERESTARTSYS;
471 break;
472 }
473 /* give mutex free before calling schedule() */
474 mutex_unlock(&prng_data->mutex);
475 schedule();
476 /* occopy mutex again */
477 if (mutex_lock_interruptible(&prng_data->mutex)) {
478 if (ret == 0)
479 ret = -ERESTARTSYS;
480 return ret;
481 }
482 }
483
484 /*
485 * we lose some random bytes if an attacker issues
486 * reads < 8 bytes, but we don't care
487 */
488 chunk = min_t(int, nbytes, prng_chunk_size);
489
490 /* PRNG only likes multiples of 8 bytes */
491 n = (chunk + 7) & -8;
492
493 if (prng_data->prngws.reseed_counter > prng_reseed_limit)
494 prng_tdes_seed(8);
495
496 /* if the CPU supports PRNG stckf is present too */
497 *((unsigned long long *)prng_data->buf) = get_tod_clock_fast();
498
499 /*
500 * Beside the STCKF the input for the TDES-EDE is the output
501 * of the last operation. We differ here from X9.17 since we
502 * only store one timestamp into the buffer. Padding the whole
503 * buffer with timestamps does not improve security, since
504 * successive stckf have nearly constant offsets.
505 * If an attacker knows the first timestamp it would be
506 * trivial to guess the additional values. One timestamp
507 * is therefore enough and still guarantees unique input values.
508 *
509 * Note: you can still get strict X9.17 conformity by setting
510 * prng_chunk_size to 8 bytes.
511 */
512 cpacf_kmc(CPACF_KMC_PRNG, prng_data->prngws.parm_block,
513 prng_data->buf, prng_data->buf, n);
514
515 prng_data->prngws.byte_counter += n;
516 prng_data->prngws.reseed_counter += n;
517
518 if (copy_to_user(ubuf, prng_data->buf, chunk)) {
519 ret = -EFAULT;
520 break;
521 }
522
523 nbytes -= chunk;
524 ret += chunk;
525 ubuf += chunk;
526 }
527
528 /* unlock prng_data struct */
529 mutex_unlock(&prng_data->mutex);
530
531 return ret;
532 }
533
534
535 static ssize_t prng_sha512_read(struct file *file, char __user *ubuf,
536 size_t nbytes, loff_t *ppos)
537 {
538 int n, ret = 0;
539 u8 *p;
540
541 /* if errorflag is set do nothing and return 'broken pipe' */
542 if (prng_errorflag)
543 return -EPIPE;
544
545 /* lock prng_data struct */
546 if (mutex_lock_interruptible(&prng_data->mutex))
547 return -ERESTARTSYS;
548
549 while (nbytes) {
550 if (need_resched()) {
551 if (signal_pending(current)) {
552 if (ret == 0)
553 ret = -ERESTARTSYS;
554 break;
555 }
556 /* give mutex free before calling schedule() */
557 mutex_unlock(&prng_data->mutex);
558 schedule();
559 /* occopy mutex again */
560 if (mutex_lock_interruptible(&prng_data->mutex)) {
561 if (ret == 0)
562 ret = -ERESTARTSYS;
563 return ret;
564 }
565 }
566 if (prng_data->rest) {
567 /* push left over random bytes from the previous read */
568 p = prng_data->buf + prng_chunk_size - prng_data->rest;
569 n = (nbytes < prng_data->rest) ?
570 nbytes : prng_data->rest;
571 prng_data->rest -= n;
572 } else {
573 /* generate one chunk of random bytes into read buf */
574 p = prng_data->buf;
575 n = prng_sha512_generate(p, prng_chunk_size);
576 if (n < 0) {
577 ret = n;
578 break;
579 }
580 if (nbytes < prng_chunk_size) {
581 n = nbytes;
582 prng_data->rest = prng_chunk_size - n;
583 } else {
584 n = prng_chunk_size;
585 prng_data->rest = 0;
586 }
587 }
588 if (copy_to_user(ubuf, p, n)) {
589 ret = -EFAULT;
590 break;
591 }
592 ubuf += n;
593 nbytes -= n;
594 ret += n;
595 }
596
597 /* unlock prng_data struct */
598 mutex_unlock(&prng_data->mutex);
599
600 return ret;
601 }
602
603
604 /*** sysfs stuff ***/
605
606 static const struct file_operations prng_sha512_fops = {
607 .owner = THIS_MODULE,
608 .open = &prng_open,
609 .release = NULL,
610 .read = &prng_sha512_read,
611 .llseek = noop_llseek,
612 };
613 static const struct file_operations prng_tdes_fops = {
614 .owner = THIS_MODULE,
615 .open = &prng_open,
616 .release = NULL,
617 .read = &prng_tdes_read,
618 .llseek = noop_llseek,
619 };
620
621 static struct miscdevice prng_sha512_dev = {
622 .name = "prandom",
623 .minor = MISC_DYNAMIC_MINOR,
624 .mode = 0644,
625 .fops = &prng_sha512_fops,
626 };
627 static struct miscdevice prng_tdes_dev = {
628 .name = "prandom",
629 .minor = MISC_DYNAMIC_MINOR,
630 .mode = 0644,
631 .fops = &prng_tdes_fops,
632 };
633
634
635 /* chunksize attribute (ro) */
636 static ssize_t prng_chunksize_show(struct device *dev,
637 struct device_attribute *attr,
638 char *buf)
639 {
640 return snprintf(buf, PAGE_SIZE, "%u\n", prng_chunk_size);
641 }
642 static DEVICE_ATTR(chunksize, 0444, prng_chunksize_show, NULL);
643
644 /* counter attribute (ro) */
645 static ssize_t prng_counter_show(struct device *dev,
646 struct device_attribute *attr,
647 char *buf)
648 {
649 u64 counter;
650
651 if (mutex_lock_interruptible(&prng_data->mutex))
652 return -ERESTARTSYS;
653 if (prng_mode == PRNG_MODE_SHA512)
654 counter = prng_data->ppnows.stream_bytes;
655 else
656 counter = prng_data->prngws.byte_counter;
657 mutex_unlock(&prng_data->mutex);
658
659 return snprintf(buf, PAGE_SIZE, "%llu\n", counter);
660 }
661 static DEVICE_ATTR(byte_counter, 0444, prng_counter_show, NULL);
662
663 /* errorflag attribute (ro) */
664 static ssize_t prng_errorflag_show(struct device *dev,
665 struct device_attribute *attr,
666 char *buf)
667 {
668 return snprintf(buf, PAGE_SIZE, "%d\n", prng_errorflag);
669 }
670 static DEVICE_ATTR(errorflag, 0444, prng_errorflag_show, NULL);
671
672 /* mode attribute (ro) */
673 static ssize_t prng_mode_show(struct device *dev,
674 struct device_attribute *attr,
675 char *buf)
676 {
677 if (prng_mode == PRNG_MODE_TDES)
678 return snprintf(buf, PAGE_SIZE, "TDES\n");
679 else
680 return snprintf(buf, PAGE_SIZE, "SHA512\n");
681 }
682 static DEVICE_ATTR(mode, 0444, prng_mode_show, NULL);
683
684 /* reseed attribute (w) */
685 static ssize_t prng_reseed_store(struct device *dev,
686 struct device_attribute *attr,
687 const char *buf, size_t count)
688 {
689 if (mutex_lock_interruptible(&prng_data->mutex))
690 return -ERESTARTSYS;
691 prng_sha512_reseed();
692 mutex_unlock(&prng_data->mutex);
693
694 return count;
695 }
696 static DEVICE_ATTR(reseed, 0200, NULL, prng_reseed_store);
697
698 /* reseed limit attribute (rw) */
699 static ssize_t prng_reseed_limit_show(struct device *dev,
700 struct device_attribute *attr,
701 char *buf)
702 {
703 return snprintf(buf, PAGE_SIZE, "%u\n", prng_reseed_limit);
704 }
705 static ssize_t prng_reseed_limit_store(struct device *dev,
706 struct device_attribute *attr,
707 const char *buf, size_t count)
708 {
709 unsigned limit;
710
711 if (sscanf(buf, "%u\n", &limit) != 1)
712 return -EINVAL;
713
714 if (prng_mode == PRNG_MODE_SHA512) {
715 if (limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
716 return -EINVAL;
717 } else {
718 if (limit < PRNG_RESEED_LIMIT_TDES_LOWER)
719 return -EINVAL;
720 }
721
722 prng_reseed_limit = limit;
723
724 return count;
725 }
726 static DEVICE_ATTR(reseed_limit, 0644,
727 prng_reseed_limit_show, prng_reseed_limit_store);
728
729 /* strength attribute (ro) */
730 static ssize_t prng_strength_show(struct device *dev,
731 struct device_attribute *attr,
732 char *buf)
733 {
734 return snprintf(buf, PAGE_SIZE, "256\n");
735 }
736 static DEVICE_ATTR(strength, 0444, prng_strength_show, NULL);
737
738 static struct attribute *prng_sha512_dev_attrs[] = {
739 &dev_attr_errorflag.attr,
740 &dev_attr_chunksize.attr,
741 &dev_attr_byte_counter.attr,
742 &dev_attr_mode.attr,
743 &dev_attr_reseed.attr,
744 &dev_attr_reseed_limit.attr,
745 &dev_attr_strength.attr,
746 NULL
747 };
748 static struct attribute *prng_tdes_dev_attrs[] = {
749 &dev_attr_chunksize.attr,
750 &dev_attr_byte_counter.attr,
751 &dev_attr_mode.attr,
752 NULL
753 };
754
755 static struct attribute_group prng_sha512_dev_attr_group = {
756 .attrs = prng_sha512_dev_attrs
757 };
758 static struct attribute_group prng_tdes_dev_attr_group = {
759 .attrs = prng_tdes_dev_attrs
760 };
761
762
763 /*** module init and exit ***/
764
765 static int __init prng_init(void)
766 {
767 int ret;
768
769 /* check if the CPU has a PRNG */
770 if (!cpacf_query_func(CPACF_KMC, CPACF_KMC_PRNG))
771 return -EOPNOTSUPP;
772
773 /* choose prng mode */
774 if (prng_mode != PRNG_MODE_TDES) {
775 /* check for MSA5 support for PPNO operations */
776 if (!cpacf_query_func(CPACF_PPNO, CPACF_PPNO_SHA512_DRNG_GEN)) {
777 if (prng_mode == PRNG_MODE_SHA512) {
778 pr_err("The prng module cannot "
779 "start in SHA-512 mode\n");
780 return -EOPNOTSUPP;
781 }
782 prng_mode = PRNG_MODE_TDES;
783 } else
784 prng_mode = PRNG_MODE_SHA512;
785 }
786
787 if (prng_mode == PRNG_MODE_SHA512) {
788
789 /* SHA512 mode */
790
791 if (prng_chunk_size < PRNG_CHUNKSIZE_SHA512_MIN
792 || prng_chunk_size > PRNG_CHUNKSIZE_SHA512_MAX)
793 return -EINVAL;
794 prng_chunk_size = (prng_chunk_size + 0x3f) & ~0x3f;
795
796 if (prng_reseed_limit == 0)
797 prng_reseed_limit = PRNG_RESEED_LIMIT_SHA512;
798 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
799 return -EINVAL;
800
801 ret = prng_sha512_instantiate();
802 if (ret)
803 goto out;
804
805 ret = misc_register(&prng_sha512_dev);
806 if (ret) {
807 prng_sha512_deinstantiate();
808 goto out;
809 }
810 ret = sysfs_create_group(&prng_sha512_dev.this_device->kobj,
811 &prng_sha512_dev_attr_group);
812 if (ret) {
813 misc_deregister(&prng_sha512_dev);
814 prng_sha512_deinstantiate();
815 goto out;
816 }
817
818 } else {
819
820 /* TDES mode */
821
822 if (prng_chunk_size < PRNG_CHUNKSIZE_TDES_MIN
823 || prng_chunk_size > PRNG_CHUNKSIZE_TDES_MAX)
824 return -EINVAL;
825 prng_chunk_size = (prng_chunk_size + 0x07) & ~0x07;
826
827 if (prng_reseed_limit == 0)
828 prng_reseed_limit = PRNG_RESEED_LIMIT_TDES;
829 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_TDES_LOWER)
830 return -EINVAL;
831
832 ret = prng_tdes_instantiate();
833 if (ret)
834 goto out;
835
836 ret = misc_register(&prng_tdes_dev);
837 if (ret) {
838 prng_tdes_deinstantiate();
839 goto out;
840 }
841 ret = sysfs_create_group(&prng_tdes_dev.this_device->kobj,
842 &prng_tdes_dev_attr_group);
843 if (ret) {
844 misc_deregister(&prng_tdes_dev);
845 prng_tdes_deinstantiate();
846 goto out;
847 }
848
849 }
850
851 out:
852 return ret;
853 }
854
855
856 static void __exit prng_exit(void)
857 {
858 if (prng_mode == PRNG_MODE_SHA512) {
859 sysfs_remove_group(&prng_sha512_dev.this_device->kobj,
860 &prng_sha512_dev_attr_group);
861 misc_deregister(&prng_sha512_dev);
862 prng_sha512_deinstantiate();
863 } else {
864 sysfs_remove_group(&prng_tdes_dev.this_device->kobj,
865 &prng_tdes_dev_attr_group);
866 misc_deregister(&prng_tdes_dev);
867 prng_tdes_deinstantiate();
868 }
869 }
870
871 module_cpu_feature_match(MSA, prng_init);
872 module_exit(prng_exit);
Ubuntu Artful kernel mirror