[mirror_ubuntu-zesty-kernel.git] / crypto / jitterentropy-kcapi.c

/*
 * Non-physical true random number generator based on timing jitter --
 * Linux Kernel Crypto API specific code
 *
 * Copyright Stephan Mueller <smueller@chronox.de>, 2015
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, and the entire permission notice in its entirety,
 *    including the disclaimer of warranties.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote
 *    products derived from this software without specific prior
 *    written permission.
 *
 * ALTERNATIVELY, this product may be distributed under the terms of
 * the GNU General Public License, in which case the provisions of the GPL2 are
 * required INSTEAD OF the above restrictions.  (This clause is
 * necessary due to a potential bad interaction between the GPL and
 * the restrictions contained in a BSD-style copyright.)
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
 * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
 * DAMAGE.
 */

#include <linux/module.h>
#include <linux/slab.h>
#include <linux/fips.h>
#include <linux/time.h>
#include <linux/crypto.h>
#include <crypto/internal/rng.h>

struct rand_data;
int jent_read_entropy(struct rand_data *ec, unsigned char *data,
		      unsigned int len);
int jent_entropy_init(void);
struct rand_data *jent_entropy_collector_alloc(unsigned int osr,
					       unsigned int flags);
void jent_entropy_collector_free(struct rand_data *entropy_collector);

/***************************************************************************
 * Helper function
 ***************************************************************************/

__u64 jent_rol64(__u64 word, unsigned int shift)
{
	return rol64(word, shift);
}

void *jent_zalloc(unsigned int len)
{
	return kzalloc(len, GFP_KERNEL);
}

void jent_zfree(void *ptr)
{
	kzfree(ptr);
}

int jent_fips_enabled(void)
{
	return fips_enabled;
}

void jent_panic(char *s)
{
	panic("%s", s);
}

void jent_memcpy(void *dest, const void *src, unsigned int n)
{
	memcpy(dest, src, n);
}

/*
 * Obtain a high-resolution time stamp value. The time stamp is used to measure
 * the execution time of a given code path and its variations. Hence, the time
 * stamp must have a sufficiently high resolution.
 *
 * Note, if the function returns zero because a given architecture does not
 * implement a high-resolution time stamp, the RNG code's runtime test
 * will detect it and will not produce output.
 */
void jent_get_nstime(__u64 *out)
{
	__u64 tmp = 0;

	tmp = random_get_entropy();

	/*
	 * If random_get_entropy does not return a value, i.e. it is not
	 * implemented for a given architecture, use a clock source.
	 * hoping that there are timers we can work with.
	 */
	if (tmp == 0)
		tmp = ktime_get_ns();

	*out = tmp;
}

/***************************************************************************
 * Kernel crypto API interface
 ***************************************************************************/

struct jitterentropy {
	spinlock_t jent_lock;
	struct rand_data *entropy_collector;
};

static int jent_kcapi_init(struct crypto_tfm *tfm)
{
	struct jitterentropy *rng = crypto_tfm_ctx(tfm);
	int ret = 0;

	rng->entropy_collector = jent_entropy_collector_alloc(1, 0);
	if (!rng->entropy_collector)
		ret = -ENOMEM;

	spin_lock_init(&rng->jent_lock);
	return ret;
}

static void jent_kcapi_cleanup(struct crypto_tfm *tfm)
{
	struct jitterentropy *rng = crypto_tfm_ctx(tfm);

	spin_lock(&rng->jent_lock);
	if (rng->entropy_collector)
		jent_entropy_collector_free(rng->entropy_collector);
	rng->entropy_collector = NULL;
	spin_unlock(&rng->jent_lock);
}

static int jent_kcapi_random(struct crypto_rng *tfm,
			     const u8 *src, unsigned int slen,
			     u8 *rdata, unsigned int dlen)
{
	struct jitterentropy *rng = crypto_rng_ctx(tfm);
	int ret = 0;

	spin_lock(&rng->jent_lock);
	ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);
	spin_unlock(&rng->jent_lock);

	return ret;
}

static int jent_kcapi_reset(struct crypto_rng *tfm,
			    const u8 *seed, unsigned int slen)
{
	return 0;
}

static struct rng_alg jent_alg = {
	.generate		= jent_kcapi_random,
	.seed			= jent_kcapi_reset,
	.seedsize		= 0,
	.base			= {
		.cra_name               = "jitterentropy_rng",
		.cra_driver_name        = "jitterentropy_rng",
		.cra_priority           = 100,
		.cra_ctxsize            = sizeof(struct jitterentropy),
		.cra_module             = THIS_MODULE,
		.cra_init               = jent_kcapi_init,
		.cra_exit               = jent_kcapi_cleanup,

	}
};

static int __init jent_mod_init(void)
{
	int ret = 0;

	ret = jent_entropy_init();
	if (ret) {
		pr_info("jitterentropy: Initialization failed with host not compliant with requirements: %d\n", ret);
		return -EFAULT;
	}
	return crypto_register_rng(&jent_alg);
}

static void __exit jent_mod_exit(void)
{
	crypto_unregister_rng(&jent_alg);
}

module_init(jent_mod_init);
module_exit(jent_mod_exit);

MODULE_LICENSE("Dual BSD/GPL");
MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
MODULE_DESCRIPTION("Non-physical True Random Number Generator based on CPU Jitter");
MODULE_ALIAS_CRYPTO("jitterentropy_rng");
Commit	Line	Data
dfc9fa91 SM	1	/*
	2	* Non-physical true random number generator based on timing jitter --
	3	* Linux Kernel Crypto API specific code
	4	*
	5	* Copyright Stephan Mueller <smueller@chronox.de>, 2015
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, and the entire permission notice in its entirety,
	12	* including the disclaimer of warranties.
	13	* 2. Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in the
	15	* documentation and/or other materials provided with the distribution.
	16	* 3. The name of the author may not be used to endorse or promote
	17	* products derived from this software without specific prior
	18	* written permission.
	19	*
	20	* ALTERNATIVELY, this product may be distributed under the terms of
	21	* the GNU General Public License, in which case the provisions of the GPL2 are
	22	* required INSTEAD OF the above restrictions. (This clause is
	23	* necessary due to a potential bad interaction between the GPL and
	24	* the restrictions contained in a BSD-style copyright.)
	25	*
	26	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
	27	* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	28	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
	29	* WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
	30	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	31	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
	32	* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
	33	* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
	34	* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	35	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
	36	* USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
	37	* DAMAGE.
	38	*/
	39
	40	#include <linux/module.h>
	41	#include <linux/slab.h>
dfc9fa91 SM	42	#include <linux/fips.h>
	43	#include <linux/time.h>
	44	#include <linux/crypto.h>
	45	#include <crypto/internal/rng.h>
	46
	47	struct rand_data;
	48	int jent_read_entropy(struct rand_data ec, unsigned char data,
	49	unsigned int len);
	50	int jent_entropy_init(void);
	51	struct rand_data *jent_entropy_collector_alloc(unsigned int osr,
	52	unsigned int flags);
	53	void jent_entropy_collector_free(struct rand_data *entropy_collector);
	54
	55	/***************************************************************************
	56	* Helper function
	57	***************************************************************************/
	58
	59	__u64 jent_rol64(__u64 word, unsigned int shift)
	60	{
	61	return rol64(word, shift);
	62	}
	63
	64	void *jent_zalloc(unsigned int len)
	65	{
	66	return kzalloc(len, GFP_KERNEL);
	67	}
	68
	69	void jent_zfree(void *ptr)
	70	{
	71	kzfree(ptr);
	72	}
	73
	74	int jent_fips_enabled(void)
	75	{
	76	return fips_enabled;
	77	}
	78
	79	void jent_panic(char *s)
	80	{
0c5f0aa5	81	panic("%s", s);
dfc9fa91 SM	82	}
	83
	84	void jent_memcpy(void dest, const void src, unsigned int n)
	85	{
	86	memcpy(dest, src, n);
	87	}
	88
b578456c SM	89	/*
	90	* Obtain a high-resolution time stamp value. The time stamp is used to measure
	91	* the execution time of a given code path and its variations. Hence, the time
	92	* stamp must have a sufficiently high resolution.
	93	*
	94	* Note, if the function returns zero because a given architecture does not
	95	* implement a high-resolution time stamp, the RNG code's runtime test
	96	* will detect it and will not produce output.
	97	*/
dfc9fa91 SM	98	void jent_get_nstime(__u64 *out)
dfc9fa91 SM	99	{
dfc9fa91 SM	100	__u64 tmp = 0;
	101
	102	tmp = random_get_entropy();
	103
	104	/*
b578456c SM	105	* If random_get_entropy does not return a value, i.e. it is not
b578456c SM	106	* implemented for a given architecture, use a clock source.
dfc9fa91	107	* hoping that there are timers we can work with.
dfc9fa91	108	*/
b578456c SM	109	if (tmp == 0)
b578456c SM	110	tmp = ktime_get_ns();
dfc9fa91 SM	111
	112	*out = tmp;
	113	}
	114
	115	/***************************************************************************
	116	* Kernel crypto API interface
	117	***************************************************************************/
	118
	119	struct jitterentropy {
	120	spinlock_t jent_lock;
	121	struct rand_data *entropy_collector;
	122	};
	123
	124	static int jent_kcapi_init(struct crypto_tfm *tfm)
	125	{
	126	struct jitterentropy *rng = crypto_tfm_ctx(tfm);
	127	int ret = 0;
	128
	129	rng->entropy_collector = jent_entropy_collector_alloc(1, 0);
	130	if (!rng->entropy_collector)
	131	ret = -ENOMEM;
	132
	133	spin_lock_init(&rng->jent_lock);
	134	return ret;
	135	}
	136
	137	static void jent_kcapi_cleanup(struct crypto_tfm *tfm)
	138	{
	139	struct jitterentropy *rng = crypto_tfm_ctx(tfm);
	140
	141	spin_lock(&rng->jent_lock);
	142	if (rng->entropy_collector)
	143	jent_entropy_collector_free(rng->entropy_collector);
	144	rng->entropy_collector = NULL;
	145	spin_unlock(&rng->jent_lock);
	146	}
	147
	148	static int jent_kcapi_random(struct crypto_rng *tfm,
	149	const u8 *src, unsigned int slen,
	150	u8 *rdata, unsigned int dlen)
	151	{
	152	struct jitterentropy *rng = crypto_rng_ctx(tfm);
	153	int ret = 0;
	154
	155	spin_lock(&rng->jent_lock);
	156	ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);
	157	spin_unlock(&rng->jent_lock);
	158
	159	return ret;
	160	}
	161
	162	static int jent_kcapi_reset(struct crypto_rng *tfm,
	163	const u8 *seed, unsigned int slen)
	164	{
	165	return 0;
	166	}
	167
	168	static struct rng_alg jent_alg = {
	169	.generate = jent_kcapi_random,
	170	.seed = jent_kcapi_reset,
	171	.seedsize = 0,
	172	.base = {
	173	.cra_name = "jitterentropy_rng",
	174	.cra_driver_name = "jitterentropy_rng",
175	.cra_priority = 100,
176	.cra_ctxsize = sizeof(struct jitterentropy),
177	.cra_module = THIS_MODULE,
178	.cra_init = jent_kcapi_init,
179	.cra_exit = jent_kcapi_cleanup,
180
181	}
182	};
183
184	static int __init jent_mod_init(void)
185	{
186	int ret = 0;
187
188	ret = jent_entropy_init();
189	if (ret) {
190	pr_info("jitterentropy: Initialization failed with host not compliant with requirements: %d\n", ret);
191	return -EFAULT;
192	}
193	return crypto_register_rng(&jent_alg);
194	}
195
196	static void __exit jent_mod_exit(void)
197	{
198	crypto_unregister_rng(&jent_alg);
199	}
200
201	module_init(jent_mod_init);
202	module_exit(jent_mod_exit);
203
204	MODULE_LICENSE("Dual BSD/GPL");
205	MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
206	MODULE_DESCRIPTION("Non-physical True Random Number Generator based on CPU Jitter");
207	MODULE_ALIAS_CRYPTO("jitterentropy_rng");