1*5afdfd22SStephan Mueller /* 2*5afdfd22SStephan Mueller * algif_rng: User-space interface for random number generators 3*5afdfd22SStephan Mueller * 4*5afdfd22SStephan Mueller * This file provides the user-space API for random number generators. 5*5afdfd22SStephan Mueller * 6*5afdfd22SStephan Mueller * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de> 7*5afdfd22SStephan Mueller * 8*5afdfd22SStephan Mueller * Redistribution and use in source and binary forms, with or without 9*5afdfd22SStephan Mueller * modification, are permitted provided that the following conditions 10*5afdfd22SStephan Mueller * are met: 11*5afdfd22SStephan Mueller * 1. Redistributions of source code must retain the above copyright 12*5afdfd22SStephan Mueller * notice, and the entire permission notice in its entirety, 13*5afdfd22SStephan Mueller * including the disclaimer of warranties. 14*5afdfd22SStephan Mueller * 2. Redistributions in binary form must reproduce the above copyright 15*5afdfd22SStephan Mueller * notice, this list of conditions and the following disclaimer in the 16*5afdfd22SStephan Mueller * documentation and/or other materials provided with the distribution. 17*5afdfd22SStephan Mueller * 3. The name of the author may not be used to endorse or promote 18*5afdfd22SStephan Mueller * products derived from this software without specific prior 19*5afdfd22SStephan Mueller * written permission. 20*5afdfd22SStephan Mueller * 21*5afdfd22SStephan Mueller * ALTERNATIVELY, this product may be distributed under the terms of 22*5afdfd22SStephan Mueller * the GNU General Public License, in which case the provisions of the GPL2 23*5afdfd22SStephan Mueller * are required INSTEAD OF the above restrictions. (This clause is 24*5afdfd22SStephan Mueller * necessary due to a potential bad interaction between the GPL and 25*5afdfd22SStephan Mueller * the restrictions contained in a BSD-style copyright.) 26*5afdfd22SStephan Mueller * 27*5afdfd22SStephan Mueller * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 28*5afdfd22SStephan Mueller * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29*5afdfd22SStephan Mueller * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF 30*5afdfd22SStephan Mueller * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE 31*5afdfd22SStephan Mueller * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32*5afdfd22SStephan Mueller * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 33*5afdfd22SStephan Mueller * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 34*5afdfd22SStephan Mueller * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 35*5afdfd22SStephan Mueller * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36*5afdfd22SStephan Mueller * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 37*5afdfd22SStephan Mueller * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH 38*5afdfd22SStephan Mueller * DAMAGE. 39*5afdfd22SStephan Mueller */ 40*5afdfd22SStephan Mueller 41*5afdfd22SStephan Mueller #include <linux/module.h> 42*5afdfd22SStephan Mueller #include <crypto/rng.h> 43*5afdfd22SStephan Mueller #include <linux/random.h> 44*5afdfd22SStephan Mueller #include <crypto/if_alg.h> 45*5afdfd22SStephan Mueller #include <linux/net.h> 46*5afdfd22SStephan Mueller #include <net/sock.h> 47*5afdfd22SStephan Mueller 48*5afdfd22SStephan Mueller MODULE_LICENSE("GPL"); 49*5afdfd22SStephan Mueller MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>"); 50*5afdfd22SStephan Mueller MODULE_DESCRIPTION("User-space interface for random number generators"); 51*5afdfd22SStephan Mueller 52*5afdfd22SStephan Mueller struct rng_ctx { 53*5afdfd22SStephan Mueller #define MAXSIZE 128 54*5afdfd22SStephan Mueller unsigned int len; 55*5afdfd22SStephan Mueller struct crypto_rng *drng; 56*5afdfd22SStephan Mueller }; 57*5afdfd22SStephan Mueller 58*5afdfd22SStephan Mueller static int rng_recvmsg(struct kiocb *unused, struct socket *sock, 59*5afdfd22SStephan Mueller struct msghdr *msg, size_t len, int flags) 60*5afdfd22SStephan Mueller { 61*5afdfd22SStephan Mueller struct sock *sk = sock->sk; 62*5afdfd22SStephan Mueller struct alg_sock *ask = alg_sk(sk); 63*5afdfd22SStephan Mueller struct rng_ctx *ctx = ask->private; 64*5afdfd22SStephan Mueller int err = -EFAULT; 65*5afdfd22SStephan Mueller int genlen = 0; 66*5afdfd22SStephan Mueller u8 result[MAXSIZE]; 67*5afdfd22SStephan Mueller 68*5afdfd22SStephan Mueller if (len == 0) 69*5afdfd22SStephan Mueller return 0; 70*5afdfd22SStephan Mueller if (len > MAXSIZE) 71*5afdfd22SStephan Mueller len = MAXSIZE; 72*5afdfd22SStephan Mueller 73*5afdfd22SStephan Mueller /* 74*5afdfd22SStephan Mueller * although not strictly needed, this is a precaution against coding 75*5afdfd22SStephan Mueller * errors 76*5afdfd22SStephan Mueller */ 77*5afdfd22SStephan Mueller memset(result, 0, len); 78*5afdfd22SStephan Mueller 79*5afdfd22SStephan Mueller /* 80*5afdfd22SStephan Mueller * The enforcement of a proper seeding of an RNG is done within an 81*5afdfd22SStephan Mueller * RNG implementation. Some RNGs (DRBG, krng) do not need specific 82*5afdfd22SStephan Mueller * seeding as they automatically seed. The X9.31 DRNG will return 83*5afdfd22SStephan Mueller * an error if it was not seeded properly. 84*5afdfd22SStephan Mueller */ 85*5afdfd22SStephan Mueller genlen = crypto_rng_get_bytes(ctx->drng, result, len); 86*5afdfd22SStephan Mueller if (genlen < 0) 87*5afdfd22SStephan Mueller return genlen; 88*5afdfd22SStephan Mueller 89*5afdfd22SStephan Mueller err = memcpy_to_msg(msg, result, len); 90*5afdfd22SStephan Mueller memzero_explicit(result, genlen); 91*5afdfd22SStephan Mueller 92*5afdfd22SStephan Mueller return err ? err : len; 93*5afdfd22SStephan Mueller } 94*5afdfd22SStephan Mueller 95*5afdfd22SStephan Mueller static struct proto_ops algif_rng_ops = { 96*5afdfd22SStephan Mueller .family = PF_ALG, 97*5afdfd22SStephan Mueller 98*5afdfd22SStephan Mueller .connect = sock_no_connect, 99*5afdfd22SStephan Mueller .socketpair = sock_no_socketpair, 100*5afdfd22SStephan Mueller .getname = sock_no_getname, 101*5afdfd22SStephan Mueller .ioctl = sock_no_ioctl, 102*5afdfd22SStephan Mueller .listen = sock_no_listen, 103*5afdfd22SStephan Mueller .shutdown = sock_no_shutdown, 104*5afdfd22SStephan Mueller .getsockopt = sock_no_getsockopt, 105*5afdfd22SStephan Mueller .mmap = sock_no_mmap, 106*5afdfd22SStephan Mueller .bind = sock_no_bind, 107*5afdfd22SStephan Mueller .accept = sock_no_accept, 108*5afdfd22SStephan Mueller .setsockopt = sock_no_setsockopt, 109*5afdfd22SStephan Mueller .poll = sock_no_poll, 110*5afdfd22SStephan Mueller .sendmsg = sock_no_sendmsg, 111*5afdfd22SStephan Mueller .sendpage = sock_no_sendpage, 112*5afdfd22SStephan Mueller 113*5afdfd22SStephan Mueller .release = af_alg_release, 114*5afdfd22SStephan Mueller .recvmsg = rng_recvmsg, 115*5afdfd22SStephan Mueller }; 116*5afdfd22SStephan Mueller 117*5afdfd22SStephan Mueller static void *rng_bind(const char *name, u32 type, u32 mask) 118*5afdfd22SStephan Mueller { 119*5afdfd22SStephan Mueller return crypto_alloc_rng(name, type, mask); 120*5afdfd22SStephan Mueller } 121*5afdfd22SStephan Mueller 122*5afdfd22SStephan Mueller static void rng_release(void *private) 123*5afdfd22SStephan Mueller { 124*5afdfd22SStephan Mueller crypto_free_rng(private); 125*5afdfd22SStephan Mueller } 126*5afdfd22SStephan Mueller 127*5afdfd22SStephan Mueller static void rng_sock_destruct(struct sock *sk) 128*5afdfd22SStephan Mueller { 129*5afdfd22SStephan Mueller struct alg_sock *ask = alg_sk(sk); 130*5afdfd22SStephan Mueller struct rng_ctx *ctx = ask->private; 131*5afdfd22SStephan Mueller 132*5afdfd22SStephan Mueller sock_kfree_s(sk, ctx, ctx->len); 133*5afdfd22SStephan Mueller af_alg_release_parent(sk); 134*5afdfd22SStephan Mueller } 135*5afdfd22SStephan Mueller 136*5afdfd22SStephan Mueller static int rng_accept_parent(void *private, struct sock *sk) 137*5afdfd22SStephan Mueller { 138*5afdfd22SStephan Mueller struct rng_ctx *ctx; 139*5afdfd22SStephan Mueller struct alg_sock *ask = alg_sk(sk); 140*5afdfd22SStephan Mueller unsigned int len = sizeof(*ctx); 141*5afdfd22SStephan Mueller 142*5afdfd22SStephan Mueller ctx = sock_kmalloc(sk, len, GFP_KERNEL); 143*5afdfd22SStephan Mueller if (!ctx) 144*5afdfd22SStephan Mueller return -ENOMEM; 145*5afdfd22SStephan Mueller 146*5afdfd22SStephan Mueller ctx->len = len; 147*5afdfd22SStephan Mueller 148*5afdfd22SStephan Mueller /* 149*5afdfd22SStephan Mueller * No seeding done at that point -- if multiple accepts are 150*5afdfd22SStephan Mueller * done on one RNG instance, each resulting FD points to the same 151*5afdfd22SStephan Mueller * state of the RNG. 152*5afdfd22SStephan Mueller */ 153*5afdfd22SStephan Mueller 154*5afdfd22SStephan Mueller ctx->drng = private; 155*5afdfd22SStephan Mueller ask->private = ctx; 156*5afdfd22SStephan Mueller sk->sk_destruct = rng_sock_destruct; 157*5afdfd22SStephan Mueller 158*5afdfd22SStephan Mueller return 0; 159*5afdfd22SStephan Mueller } 160*5afdfd22SStephan Mueller 161*5afdfd22SStephan Mueller static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen) 162*5afdfd22SStephan Mueller { 163*5afdfd22SStephan Mueller /* 164*5afdfd22SStephan Mueller * Check whether seedlen is of sufficient size is done in RNG 165*5afdfd22SStephan Mueller * implementations. 166*5afdfd22SStephan Mueller */ 167*5afdfd22SStephan Mueller return crypto_rng_reset(private, (u8 *)seed, seedlen); 168*5afdfd22SStephan Mueller } 169*5afdfd22SStephan Mueller 170*5afdfd22SStephan Mueller static const struct af_alg_type algif_type_rng = { 171*5afdfd22SStephan Mueller .bind = rng_bind, 172*5afdfd22SStephan Mueller .release = rng_release, 173*5afdfd22SStephan Mueller .accept = rng_accept_parent, 174*5afdfd22SStephan Mueller .setkey = rng_setkey, 175*5afdfd22SStephan Mueller .ops = &algif_rng_ops, 176*5afdfd22SStephan Mueller .name = "rng", 177*5afdfd22SStephan Mueller .owner = THIS_MODULE 178*5afdfd22SStephan Mueller }; 179*5afdfd22SStephan Mueller 180*5afdfd22SStephan Mueller static int __init rng_init(void) 181*5afdfd22SStephan Mueller { 182*5afdfd22SStephan Mueller return af_alg_register_type(&algif_type_rng); 183*5afdfd22SStephan Mueller } 184*5afdfd22SStephan Mueller 185*5afdfd22SStephan Mueller void __exit rng_exit(void) 186*5afdfd22SStephan Mueller { 187*5afdfd22SStephan Mueller int err = af_alg_unregister_type(&algif_type_rng); 188*5afdfd22SStephan Mueller BUG_ON(err); 189*5afdfd22SStephan Mueller } 190*5afdfd22SStephan Mueller 191*5afdfd22SStephan Mueller module_init(rng_init); 192*5afdfd22SStephan Mueller module_exit(rng_exit); 193