crypto/algif_rng.c

   1 /*
   2  * algif_rng: User-space interface for random number generators
   3  *
   4  * This file provides the user-space API for random number generators.
   5  *
   6  * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  * 1. Redistributions of source code must retain the above copyright
  12  *    notice, and the entire permission notice in its entirety,
  13  *    including the disclaimer of warranties.
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  * 3. The name of the author may not be used to endorse or promote
  18  *    products derived from this software without specific prior
  19  *    written permission.
  20  *
  21  * ALTERNATIVELY, this product may be distributed under the terms of
  22  * the GNU General Public License, in which case the provisions of the GPL2
  23  * are required INSTEAD OF the above restrictions.  (This clause is
  24  * necessary due to a potential bad interaction between the GPL and
  25  * the restrictions contained in a BSD-style copyright.)
  26  *
  27  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  28  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  29  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
  30  * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
  31  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  32  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
  33  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  34  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  35  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  36  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
  37  * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
  38  * DAMAGE.
  39  */
  40
  41 #include <linux/module.h>
  42 #include <crypto/rng.h>
  43 #include <linux/random.h>
  44 #include <crypto/if_alg.h>
  45 #include <linux/net.h>
  46 #include <net/sock.h>
  47
  48 MODULE_LICENSE("GPL");
  49 MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
  50 MODULE_DESCRIPTION("User-space interface for random number generators");
  51
  52 struct rng_ctx {
  53 #define MAXSIZE 128
  54         unsigned int len;
  55         struct crypto_rng *drng;
  56 };
  57
  58 static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
  59                        int flags)
  60 {
  61         struct sock *sk = sock->sk;
  62         struct alg_sock *ask = alg_sk(sk);
  63         struct rng_ctx *ctx = ask->private;
  64         int err = -EFAULT;
  65         int genlen = 0;
  66         u8 result[MAXSIZE];
  67
  68         if (len == 0)
  69                 return 0;
  70         if (len > MAXSIZE)
  71                 len = MAXSIZE;
  72
  73         /*
  74          * although not strictly needed, this is a precaution against coding
  75          * errors
  76          */
  77         memset(result, 0, len);
  78
  79         /*
  80          * The enforcement of a proper seeding of an RNG is done within an
  81          * RNG implementation. Some RNGs (DRBG, krng) do not need specific
  82          * seeding as they automatically seed. The X9.31 DRNG will return
  83          * an error if it was not seeded properly.
  84          */
  85         genlen = crypto_rng_get_bytes(ctx->drng, result, len);
  86         if (genlen < 0)
  87                 return genlen;
  88
  89         err = memcpy_to_msg(msg, result, len);
  90         memzero_explicit(result, len);
  91
  92         return err ? err : len;
  93 }
  94
  95 static struct proto_ops algif_rng_ops = {
  96         .family         =       PF_ALG,
  97
  98         .connect        =       sock_no_connect,
  99         .socketpair     =       sock_no_socketpair,
 100         .getname        =       sock_no_getname,
 101         .ioctl          =       sock_no_ioctl,
 102         .listen         =       sock_no_listen,
 103         .shutdown       =       sock_no_shutdown,
 104         .getsockopt     =       sock_no_getsockopt,
 105         .mmap           =       sock_no_mmap,
 106         .bind           =       sock_no_bind,
 107         .accept         =       sock_no_accept,
 108         .setsockopt     =       sock_no_setsockopt,
 109         .sendmsg        =       sock_no_sendmsg,
 110         .sendpage       =       sock_no_sendpage,
 111
 112         .release        =       af_alg_release,
 113         .recvmsg        =       rng_recvmsg,
 114 };
 115
 116 static void *rng_bind(const char *name, u32 type, u32 mask)
 117 {
 118         return crypto_alloc_rng(name, type, mask);
 119 }
 120
 121 static void rng_release(void *private)
 122 {
 123         crypto_free_rng(private);
 124 }
 125
 126 static void rng_sock_destruct(struct sock *sk)
 127 {
 128         struct alg_sock *ask = alg_sk(sk);
 129         struct rng_ctx *ctx = ask->private;
 130
 131         sock_kfree_s(sk, ctx, ctx->len);
 132         af_alg_release_parent(sk);
 133 }
 134
 135 static int rng_accept_parent(void *private, struct sock *sk)
 136 {
 137         struct rng_ctx *ctx;
 138         struct alg_sock *ask = alg_sk(sk);
 139         unsigned int len = sizeof(*ctx);
 140
 141         ctx = sock_kmalloc(sk, len, GFP_KERNEL);
 142         if (!ctx)
 143                 return -ENOMEM;
 144
 145         ctx->len = len;
 146
 147         /*
 148          * No seeding done at that point -- if multiple accepts are
 149          * done on one RNG instance, each resulting FD points to the same
 150          * state of the RNG.
 151          */
 152
 153         ctx->drng = private;
 154         ask->private = ctx;
 155         sk->sk_destruct = rng_sock_destruct;
 156
 157         return 0;
 158 }
 159
 160 static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
 161 {
 162         /*
 163          * Check whether seedlen is of sufficient size is done in RNG
 164          * implementations.
 165          */
 166         return crypto_rng_reset(private, seed, seedlen);
 167 }
 168
 169 static const struct af_alg_type algif_type_rng = {
 170         .bind           =       rng_bind,
 171         .release        =       rng_release,
 172         .accept         =       rng_accept_parent,
 173         .setkey         =       rng_setkey,
 174         .ops            =       &algif_rng_ops,
 175         .name           =       "rng",
 176         .owner          =       THIS_MODULE
 177 };
 178
 179 static int __init rng_init(void)
 180 {
 181         return af_alg_register_type(&algif_type_rng);
 182 }
 183
 184 static void __exit rng_exit(void)
 185 {
 186         int err = af_alg_unregister_type(&algif_type_rng);
 187         BUG_ON(err);
 188 }
 189
 190 module_init(rng_init);
 191 module_exit(rng_exit);