1 /* 2 * RNG: Random Number Generator algorithms under the crypto API 3 * 4 * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com> 5 * Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au> 6 * 7 * This program is free software; you can redistribute it and/or modify it 8 * under the terms of the GNU General Public License as published by the Free 9 * Software Foundation; either version 2 of the License, or (at your option) 10 * any later version. 11 * 12 */ 13 14 #ifndef _CRYPTO_RNG_H 15 #define _CRYPTO_RNG_H 16 17 #include <linux/crypto.h> 18 19 struct crypto_rng; 20 21 /** 22 * struct rng_alg - random number generator definition 23 * 24 * @generate: The function defined by this variable obtains a 25 * random number. The random number generator transform 26 * must generate the random number out of the context 27 * provided with this call, plus any additional data 28 * if provided to the call. 29 * @seed: Seed or reseed the random number generator. With the 30 * invocation of this function call, the random number 31 * generator shall become ready for generation. If the 32 * random number generator requires a seed for setting 33 * up a new state, the seed must be provided by the 34 * consumer while invoking this function. The required 35 * size of the seed is defined with @seedsize . 36 * @set_ent: Set entropy that would otherwise be obtained from 37 * entropy source. Internal use only. 38 * @seedsize: The seed size required for a random number generator 39 * initialization defined with this variable. Some 40 * random number generators does not require a seed 41 * as the seeding is implemented internally without 42 * the need of support by the consumer. In this case, 43 * the seed size is set to zero. 44 * @base: Common crypto API algorithm data structure. 45 */ 46 struct rng_alg { 47 int (*generate)(struct crypto_rng *tfm, 48 const u8 *src, unsigned int slen, 49 u8 *dst, unsigned int dlen); 50 int (*seed)(struct crypto_rng *tfm, const u8 *seed, unsigned int slen); 51 void (*set_ent)(struct crypto_rng *tfm, const u8 *data, 52 unsigned int len); 53 54 unsigned int seedsize; 55 56 struct crypto_alg base; 57 }; 58 59 struct crypto_rng { 60 struct crypto_tfm base; 61 }; 62 63 extern struct crypto_rng *crypto_default_rng; 64 65 int crypto_get_default_rng(void); 66 void crypto_put_default_rng(void); 67 68 /** 69 * DOC: Random number generator API 70 * 71 * The random number generator API is used with the ciphers of type 72 * CRYPTO_ALG_TYPE_RNG (listed as type "rng" in /proc/crypto) 73 */ 74 75 /** 76 * crypto_alloc_rng() -- allocate RNG handle 77 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 78 * message digest cipher 79 * @type: specifies the type of the cipher 80 * @mask: specifies the mask for the cipher 81 * 82 * Allocate a cipher handle for a random number generator. The returned struct 83 * crypto_rng is the cipher handle that is required for any subsequent 84 * API invocation for that random number generator. 85 * 86 * For all random number generators, this call creates a new private copy of 87 * the random number generator that does not share a state with other 88 * instances. The only exception is the "krng" random number generator which 89 * is a kernel crypto API use case for the get_random_bytes() function of the 90 * /dev/random driver. 91 * 92 * Return: allocated cipher handle in case of success; IS_ERR() is true in case 93 * of an error, PTR_ERR() returns the error code. 94 */ 95 struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask); 96 97 static inline struct crypto_tfm *crypto_rng_tfm(struct crypto_rng *tfm) 98 { 99 return &tfm->base; 100 } 101 102 /** 103 * crypto_rng_alg - obtain name of RNG 104 * @tfm: cipher handle 105 * 106 * Return the generic name (cra_name) of the initialized random number generator 107 * 108 * Return: generic name string 109 */ 110 static inline struct rng_alg *crypto_rng_alg(struct crypto_rng *tfm) 111 { 112 return container_of(crypto_rng_tfm(tfm)->__crt_alg, 113 struct rng_alg, base); 114 } 115 116 /** 117 * crypto_free_rng() - zeroize and free RNG handle 118 * @tfm: cipher handle to be freed 119 */ 120 static inline void crypto_free_rng(struct crypto_rng *tfm) 121 { 122 crypto_destroy_tfm(tfm, crypto_rng_tfm(tfm)); 123 } 124 125 static inline void crypto_stat_rng_seed(struct crypto_rng *tfm, int ret) 126 { 127 #ifdef CONFIG_CRYPTO_STATS 128 if (ret && ret != -EINPROGRESS && ret != -EBUSY) 129 atomic_inc(&tfm->base.__crt_alg->rng_err_cnt); 130 else 131 atomic_inc(&tfm->base.__crt_alg->seed_cnt); 132 #endif 133 } 134 135 static inline void crypto_stat_rng_generate(struct crypto_rng *tfm, 136 unsigned int dlen, int ret) 137 { 138 #ifdef CONFIG_CRYPTO_STATS 139 if (ret && ret != -EINPROGRESS && ret != -EBUSY) { 140 atomic_inc(&tfm->base.__crt_alg->rng_err_cnt); 141 } else { 142 atomic_inc(&tfm->base.__crt_alg->generate_cnt); 143 atomic64_add(dlen, &tfm->base.__crt_alg->generate_tlen); 144 } 145 #endif 146 } 147 148 /** 149 * crypto_rng_generate() - get random number 150 * @tfm: cipher handle 151 * @src: Input buffer holding additional data, may be NULL 152 * @slen: Length of additional data 153 * @dst: output buffer holding the random numbers 154 * @dlen: length of the output buffer 155 * 156 * This function fills the caller-allocated buffer with random 157 * numbers using the random number generator referenced by the 158 * cipher handle. 159 * 160 * Return: 0 function was successful; < 0 if an error occurred 161 */ 162 static inline int crypto_rng_generate(struct crypto_rng *tfm, 163 const u8 *src, unsigned int slen, 164 u8 *dst, unsigned int dlen) 165 { 166 int ret; 167 168 ret = crypto_rng_alg(tfm)->generate(tfm, src, slen, dst, dlen); 169 crypto_stat_rng_generate(tfm, dlen, ret); 170 return ret; 171 } 172 173 /** 174 * crypto_rng_get_bytes() - get random number 175 * @tfm: cipher handle 176 * @rdata: output buffer holding the random numbers 177 * @dlen: length of the output buffer 178 * 179 * This function fills the caller-allocated buffer with random numbers using the 180 * random number generator referenced by the cipher handle. 181 * 182 * Return: 0 function was successful; < 0 if an error occurred 183 */ 184 static inline int crypto_rng_get_bytes(struct crypto_rng *tfm, 185 u8 *rdata, unsigned int dlen) 186 { 187 return crypto_rng_generate(tfm, NULL, 0, rdata, dlen); 188 } 189 190 /** 191 * crypto_rng_reset() - re-initialize the RNG 192 * @tfm: cipher handle 193 * @seed: seed input data 194 * @slen: length of the seed input data 195 * 196 * The reset function completely re-initializes the random number generator 197 * referenced by the cipher handle by clearing the current state. The new state 198 * is initialized with the caller provided seed or automatically, depending 199 * on the random number generator type (the ANSI X9.31 RNG requires 200 * caller-provided seed, the SP800-90A DRBGs perform an automatic seeding). 201 * The seed is provided as a parameter to this function call. The provided seed 202 * should have the length of the seed size defined for the random number 203 * generator as defined by crypto_rng_seedsize. 204 * 205 * Return: 0 if the setting of the key was successful; < 0 if an error occurred 206 */ 207 int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, 208 unsigned int slen); 209 210 /** 211 * crypto_rng_seedsize() - obtain seed size of RNG 212 * @tfm: cipher handle 213 * 214 * The function returns the seed size for the random number generator 215 * referenced by the cipher handle. This value may be zero if the random 216 * number generator does not implement or require a reseeding. For example, 217 * the SP800-90A DRBGs implement an automated reseeding after reaching a 218 * pre-defined threshold. 219 * 220 * Return: seed size for the random number generator 221 */ 222 static inline int crypto_rng_seedsize(struct crypto_rng *tfm) 223 { 224 return crypto_rng_alg(tfm)->seedsize; 225 } 226 227 #endif 228