15afdfd22SStephan Mueller /* 25afdfd22SStephan Mueller * algif_rng: User-space interface for random number generators 35afdfd22SStephan Mueller * 45afdfd22SStephan Mueller * This file provides the user-space API for random number generators. 55afdfd22SStephan Mueller * 65afdfd22SStephan Mueller * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de> 75afdfd22SStephan Mueller * 85afdfd22SStephan Mueller * Redistribution and use in source and binary forms, with or without 95afdfd22SStephan Mueller * modification, are permitted provided that the following conditions 105afdfd22SStephan Mueller * are met: 115afdfd22SStephan Mueller * 1. Redistributions of source code must retain the above copyright 125afdfd22SStephan Mueller * notice, and the entire permission notice in its entirety, 135afdfd22SStephan Mueller * including the disclaimer of warranties. 145afdfd22SStephan Mueller * 2. Redistributions in binary form must reproduce the above copyright 155afdfd22SStephan Mueller * notice, this list of conditions and the following disclaimer in the 165afdfd22SStephan Mueller * documentation and/or other materials provided with the distribution. 175afdfd22SStephan Mueller * 3. The name of the author may not be used to endorse or promote 185afdfd22SStephan Mueller * products derived from this software without specific prior 195afdfd22SStephan Mueller * written permission. 205afdfd22SStephan Mueller * 215afdfd22SStephan Mueller * ALTERNATIVELY, this product may be distributed under the terms of 225afdfd22SStephan Mueller * the GNU General Public License, in which case the provisions of the GPL2 235afdfd22SStephan Mueller * are required INSTEAD OF the above restrictions. (This clause is 245afdfd22SStephan Mueller * necessary due to a potential bad interaction between the GPL and 255afdfd22SStephan Mueller * the restrictions contained in a BSD-style copyright.) 265afdfd22SStephan Mueller * 275afdfd22SStephan Mueller * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 285afdfd22SStephan Mueller * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 295afdfd22SStephan Mueller * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF 305afdfd22SStephan Mueller * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE 315afdfd22SStephan Mueller * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 325afdfd22SStephan Mueller * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 335afdfd22SStephan Mueller * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 345afdfd22SStephan Mueller * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 355afdfd22SStephan Mueller * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 365afdfd22SStephan Mueller * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 375afdfd22SStephan Mueller * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH 385afdfd22SStephan Mueller * DAMAGE. 395afdfd22SStephan Mueller */ 405afdfd22SStephan Mueller 415afdfd22SStephan Mueller #include <linux/module.h> 425afdfd22SStephan Mueller #include <crypto/rng.h> 435afdfd22SStephan Mueller #include <linux/random.h> 445afdfd22SStephan Mueller #include <crypto/if_alg.h> 455afdfd22SStephan Mueller #include <linux/net.h> 465afdfd22SStephan Mueller #include <net/sock.h> 475afdfd22SStephan Mueller 485afdfd22SStephan Mueller MODULE_LICENSE("GPL"); 495afdfd22SStephan Mueller MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>"); 505afdfd22SStephan Mueller MODULE_DESCRIPTION("User-space interface for random number generators"); 515afdfd22SStephan Mueller 525afdfd22SStephan Mueller struct rng_ctx { 535afdfd22SStephan Mueller #define MAXSIZE 128 545afdfd22SStephan Mueller unsigned int len; 555afdfd22SStephan Mueller struct crypto_rng *drng; 565afdfd22SStephan Mueller }; 575afdfd22SStephan Mueller 585afdfd22SStephan Mueller static int rng_recvmsg(struct kiocb *unused, struct socket *sock, 595afdfd22SStephan Mueller struct msghdr *msg, size_t len, int flags) 605afdfd22SStephan Mueller { 615afdfd22SStephan Mueller struct sock *sk = sock->sk; 625afdfd22SStephan Mueller struct alg_sock *ask = alg_sk(sk); 635afdfd22SStephan Mueller struct rng_ctx *ctx = ask->private; 645afdfd22SStephan Mueller int err = -EFAULT; 655afdfd22SStephan Mueller int genlen = 0; 665afdfd22SStephan Mueller u8 result[MAXSIZE]; 675afdfd22SStephan Mueller 685afdfd22SStephan Mueller if (len == 0) 695afdfd22SStephan Mueller return 0; 705afdfd22SStephan Mueller if (len > MAXSIZE) 715afdfd22SStephan Mueller len = MAXSIZE; 725afdfd22SStephan Mueller 735afdfd22SStephan Mueller /* 745afdfd22SStephan Mueller * although not strictly needed, this is a precaution against coding 755afdfd22SStephan Mueller * errors 765afdfd22SStephan Mueller */ 775afdfd22SStephan Mueller memset(result, 0, len); 785afdfd22SStephan Mueller 795afdfd22SStephan Mueller /* 805afdfd22SStephan Mueller * The enforcement of a proper seeding of an RNG is done within an 815afdfd22SStephan Mueller * RNG implementation. Some RNGs (DRBG, krng) do not need specific 825afdfd22SStephan Mueller * seeding as they automatically seed. The X9.31 DRNG will return 835afdfd22SStephan Mueller * an error if it was not seeded properly. 845afdfd22SStephan Mueller */ 855afdfd22SStephan Mueller genlen = crypto_rng_get_bytes(ctx->drng, result, len); 865afdfd22SStephan Mueller if (genlen < 0) 875afdfd22SStephan Mueller return genlen; 885afdfd22SStephan Mueller 895afdfd22SStephan Mueller err = memcpy_to_msg(msg, result, len); 90*2ef4d5c4SStephan Mueller memzero_explicit(result, len); 915afdfd22SStephan Mueller 925afdfd22SStephan Mueller return err ? err : len; 935afdfd22SStephan Mueller } 945afdfd22SStephan Mueller 955afdfd22SStephan Mueller static struct proto_ops algif_rng_ops = { 965afdfd22SStephan Mueller .family = PF_ALG, 975afdfd22SStephan Mueller 985afdfd22SStephan Mueller .connect = sock_no_connect, 995afdfd22SStephan Mueller .socketpair = sock_no_socketpair, 1005afdfd22SStephan Mueller .getname = sock_no_getname, 1015afdfd22SStephan Mueller .ioctl = sock_no_ioctl, 1025afdfd22SStephan Mueller .listen = sock_no_listen, 1035afdfd22SStephan Mueller .shutdown = sock_no_shutdown, 1045afdfd22SStephan Mueller .getsockopt = sock_no_getsockopt, 1055afdfd22SStephan Mueller .mmap = sock_no_mmap, 1065afdfd22SStephan Mueller .bind = sock_no_bind, 1075afdfd22SStephan Mueller .accept = sock_no_accept, 1085afdfd22SStephan Mueller .setsockopt = sock_no_setsockopt, 1095afdfd22SStephan Mueller .poll = sock_no_poll, 1105afdfd22SStephan Mueller .sendmsg = sock_no_sendmsg, 1115afdfd22SStephan Mueller .sendpage = sock_no_sendpage, 1125afdfd22SStephan Mueller 1135afdfd22SStephan Mueller .release = af_alg_release, 1145afdfd22SStephan Mueller .recvmsg = rng_recvmsg, 1155afdfd22SStephan Mueller }; 1165afdfd22SStephan Mueller 1175afdfd22SStephan Mueller static void *rng_bind(const char *name, u32 type, u32 mask) 1185afdfd22SStephan Mueller { 1195afdfd22SStephan Mueller return crypto_alloc_rng(name, type, mask); 1205afdfd22SStephan Mueller } 1215afdfd22SStephan Mueller 1225afdfd22SStephan Mueller static void rng_release(void *private) 1235afdfd22SStephan Mueller { 1245afdfd22SStephan Mueller crypto_free_rng(private); 1255afdfd22SStephan Mueller } 1265afdfd22SStephan Mueller 1275afdfd22SStephan Mueller static void rng_sock_destruct(struct sock *sk) 1285afdfd22SStephan Mueller { 1295afdfd22SStephan Mueller struct alg_sock *ask = alg_sk(sk); 1305afdfd22SStephan Mueller struct rng_ctx *ctx = ask->private; 1315afdfd22SStephan Mueller 1325afdfd22SStephan Mueller sock_kfree_s(sk, ctx, ctx->len); 1335afdfd22SStephan Mueller af_alg_release_parent(sk); 1345afdfd22SStephan Mueller } 1355afdfd22SStephan Mueller 1365afdfd22SStephan Mueller static int rng_accept_parent(void *private, struct sock *sk) 1375afdfd22SStephan Mueller { 1385afdfd22SStephan Mueller struct rng_ctx *ctx; 1395afdfd22SStephan Mueller struct alg_sock *ask = alg_sk(sk); 1405afdfd22SStephan Mueller unsigned int len = sizeof(*ctx); 1415afdfd22SStephan Mueller 1425afdfd22SStephan Mueller ctx = sock_kmalloc(sk, len, GFP_KERNEL); 1435afdfd22SStephan Mueller if (!ctx) 1445afdfd22SStephan Mueller return -ENOMEM; 1455afdfd22SStephan Mueller 1465afdfd22SStephan Mueller ctx->len = len; 1475afdfd22SStephan Mueller 1485afdfd22SStephan Mueller /* 1495afdfd22SStephan Mueller * No seeding done at that point -- if multiple accepts are 1505afdfd22SStephan Mueller * done on one RNG instance, each resulting FD points to the same 1515afdfd22SStephan Mueller * state of the RNG. 1525afdfd22SStephan Mueller */ 1535afdfd22SStephan Mueller 1545afdfd22SStephan Mueller ctx->drng = private; 1555afdfd22SStephan Mueller ask->private = ctx; 1565afdfd22SStephan Mueller sk->sk_destruct = rng_sock_destruct; 1575afdfd22SStephan Mueller 1585afdfd22SStephan Mueller return 0; 1595afdfd22SStephan Mueller } 1605afdfd22SStephan Mueller 1615afdfd22SStephan Mueller static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen) 1625afdfd22SStephan Mueller { 1635afdfd22SStephan Mueller /* 1645afdfd22SStephan Mueller * Check whether seedlen is of sufficient size is done in RNG 1655afdfd22SStephan Mueller * implementations. 1665afdfd22SStephan Mueller */ 1675afdfd22SStephan Mueller return crypto_rng_reset(private, (u8 *)seed, seedlen); 1685afdfd22SStephan Mueller } 1695afdfd22SStephan Mueller 1705afdfd22SStephan Mueller static const struct af_alg_type algif_type_rng = { 1715afdfd22SStephan Mueller .bind = rng_bind, 1725afdfd22SStephan Mueller .release = rng_release, 1735afdfd22SStephan Mueller .accept = rng_accept_parent, 1745afdfd22SStephan Mueller .setkey = rng_setkey, 1755afdfd22SStephan Mueller .ops = &algif_rng_ops, 1765afdfd22SStephan Mueller .name = "rng", 1775afdfd22SStephan Mueller .owner = THIS_MODULE 1785afdfd22SStephan Mueller }; 1795afdfd22SStephan Mueller 1805afdfd22SStephan Mueller static int __init rng_init(void) 1815afdfd22SStephan Mueller { 1825afdfd22SStephan Mueller return af_alg_register_type(&algif_type_rng); 1835afdfd22SStephan Mueller } 1845afdfd22SStephan Mueller 185598de369SWei Yongjun static void __exit rng_exit(void) 1865afdfd22SStephan Mueller { 1875afdfd22SStephan Mueller int err = af_alg_unregister_type(&algif_type_rng); 1885afdfd22SStephan Mueller BUG_ON(err); 1895afdfd22SStephan Mueller } 1905afdfd22SStephan Mueller 1915afdfd22SStephan Mueller module_init(rng_init); 1925afdfd22SStephan Mueller module_exit(rng_exit); 193