2  * Non-physical true random number generator based on timing jitter --
5  * Copyright Stephan Mueller <smueller@chronox.de>, 2015 - 2023
13  * 2. Redistributions in binary form must reproduce the above copyright
24  * the restrictions contained in a BSD-style copyright.)
42 #include <linux/fips.h>
51 #define JENT_CONDITIONING_HASH	"sha3-256-generic"
68  * Obtain a high-resolution time stamp value. The time stamp is used to measure
73  * implement a high-resolution time stamp, the RNG code's runtime test
99 	SHASH_DESC_ON_STACK(desc, hash_state_desc->tfm);  in jent_hash_time()
104 	desc->tfm = hash_state_desc->tfm;  in jent_hash_time()
106 	if (sizeof(intermediary) != crypto_shash_digestsize(desc->tfm)) {  in jent_hash_time()
108 		return -EINVAL;  in jent_hash_time()
118 	 * considering the terminology from SP800-90A without any entropy.  in jent_hash_time()
146 	 * when the time stamp has no entropy, SP800-90B requires that any  in jent_hash_time()
166 	/* Obtain data from entropy pool and re-initialize it */  in jent_read_random_block()
194 	spin_lock(&rng->jent_lock);  in jent_kcapi_cleanup()
196 	if (rng->sdesc) {  in jent_kcapi_cleanup()
197 		shash_desc_zero(rng->sdesc);  in jent_kcapi_cleanup()
198 		kfree(rng->sdesc);  in jent_kcapi_cleanup()
200 	rng->sdesc = NULL;  in jent_kcapi_cleanup()
202 	if (rng->tfm)  in jent_kcapi_cleanup()
203 		crypto_free_shash(rng->tfm);  in jent_kcapi_cleanup()
204 	rng->tfm = NULL;  in jent_kcapi_cleanup()
206 	if (rng->entropy_collector)  in jent_kcapi_cleanup()
207 		jent_entropy_collector_free(rng->entropy_collector);  in jent_kcapi_cleanup()
208 	rng->entropy_collector = NULL;  in jent_kcapi_cleanup()
209 	spin_unlock(&rng->jent_lock);  in jent_kcapi_cleanup()
219 	spin_lock_init(&rng->jent_lock);  in jent_kcapi_init()
222 	 * Use SHA3-256 as conditioner. We allocate only the generic  in jent_kcapi_init()
223 	 * implementation as we are not interested in high-performance. The  in jent_kcapi_init()
235 	rng->tfm = hash;  in jent_kcapi_init()
240 		ret = -ENOMEM;  in jent_kcapi_init()
244 	sdesc->tfm = hash;  in jent_kcapi_init()
246 	rng->sdesc = sdesc;  in jent_kcapi_init()
248 	rng->entropy_collector = jent_entropy_collector_alloc(1, 0, sdesc);  in jent_kcapi_init()
249 	if (!rng->entropy_collector) {  in jent_kcapi_init()
250 		ret = -ENOMEM;  in jent_kcapi_init()
254 	spin_lock_init(&rng->jent_lock);  in jent_kcapi_init()
269 	spin_lock(&rng->jent_lock);  in jent_kcapi_random()
271 	ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);  in jent_kcapi_random()
273 	if (ret == -3) {  in jent_kcapi_random()
276 		 * If the kernel was booted with fips=1, it implies that  in jent_kcapi_random()
277 		 * the entire kernel acts as a FIPS 140 module. In this case  in jent_kcapi_random()
278 		 * an SP800-90B permanent health test error is treated as  in jent_kcapi_random()
279 		 * a FIPS module error.  in jent_kcapi_random()
285 		ret = -EFAULT;  in jent_kcapi_random()
286 	} else if (ret == -2) {  in jent_kcapi_random()
289 		ret = -EAGAIN;  in jent_kcapi_random()
290 	} else if (ret == -1) {  in jent_kcapi_random()
292 		ret = -EINVAL;  in jent_kcapi_random()
295 	spin_unlock(&rng->jent_lock);  in jent_kcapi_random()
335 	desc->tfm = tfm;  in jent_mod_init()
347 		return -EFAULT;  in jent_mod_init()
363 MODULE_DESCRIPTION("Non-physical True Random Number Generator based on CPU Jitter");