kernel: remove unused utsname_set_machine()

[unleashed.git] / usr / src / uts / sun4v / io / n2rng / n2rng_provider.c

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
 */

#include <sys/types.h>
#include <sys/sysmacros.h>
#include <sys/modctl.h>
#include <sys/conf.h>
#include <sys/devops.h>
#include <sys/cmn_err.h>
#include <sys/kmem.h>
#include <sys/stat.h>
#include <sys/open.h>
#include <sys/file.h>
#include <sys/cpuvar.h>
#include <sys/disp.h>
#include <sys/hsvc.h>
#include <sys/machsystm.h>
#include <sys/ksynch.h>
#include <sys/hypervisor_api.h>
#include <sys/n2rng.h>
#include <sys/sha1.h>
#include <sys/ddi.h>  /* near end to get min and max macros right */
#include <sys/sunddi.h>
#include <rng/fips_random.h>

/* n must be a power of 2 */
#define ROUNDUP(k, n)           (((k) + (n) - 1) & ~((n) - 1))

/*
 * Policy.  ENTROPY_STARVATION is the maximum number of calls each
 * FIPS instance will accept without successfully getting more
 * entropy.  It needs to be large enough to allow RNG operations to
 * not stall because of health checks, etc.  But we don't want it too
 * large.  FIPS 186-2 change 1 (5 October 2001) states that no more
 * that 2,000,000 DSA signatures (done using this algorithm) should be
 * done without reseeding.  We make sure we add 64 bits of entropy at
 * most every 10000 operations, hence we will have stirred in 160 bits
 * of entropy at most once every 30000 operations.  Normally, we stir
 * in 64 bits of entropy for every number generated.
 */
#define ENTROPY_STARVATION      10000ULL


int
fips_random(n2rng_t *n2rng, uint8_t *out, size_t nbytes)
{
        int                     i;
        fipsrandomstruct_t      *frsp;
        int                     rv;
        union {
                uint32_t        as32[SHA1WORDS];
                uint64_t        as64[ROUNDUP(SHA1WORDS, 2) >> 1];
        } entropy = {0};
        uint32_t                tempout[SHA1WORDS];


        for (i = 0; i < nbytes; i += SHA1BYTES) {
                frsp = &n2rng->n_frs.fipsarray[
                    atomic_inc_32_nv(&n2rng->n_frs.fips_round_robin_j) %
                    N2RNG_FIPS_INSTANCES];
                /*
                 * Since in the new scheme of things, the RNG latency
                 * will be high on reads after the first, we get just
                 * one word of entropy per call.
                 */
                if ((rv = n2rng_getentropy(n2rng, (void *)&entropy.as64[1],
                    sizeof (uint64_t))) != 0) {

                        /*
                         * If all rngs have failed, dispatch task to unregister
                         * from kcf and put the driver in an error state.  If
                         * recoverable errors persist, a configuration retry
                         * will be initiated.
                         */
                        if (rv == EPERM) {
                                n2rng_failure(n2rng);
                                return (EIO);
                        }
                        /* Failure with possible recovery */
                        entropy.as64[1] = 0;
                }

                /*
                 * The idea here is that a Niagara2 chip is highly
                 * parallel, with many strands.  If we have just one
                 * instance of the FIPS data, then only one FIPS
                 * computation can happen at a time, serializeing all
                 * the RNG stuff.  So we make N2RNG_FIPS_INSTANCES,
                 * and use them round-robin, with the counter being
                 * n2rng->n_frs.fips_round_robin_j.  We increment the
                 * counter with an atomic op, avoiding having to have
                 * a global muxtex.  The atomic ops are also
                 * significantly faster than mutexes.  The mutex is
                 * put inside the loop, otherwise one thread reading
                 * many blocks could stall all other strands.
                 */
                frsp = &n2rng->n_frs.fipsarray[
                    atomic_inc_32_nv(&n2rng->n_frs.fips_round_robin_j) %
                    N2RNG_FIPS_INSTANCES];

                mutex_enter(&frsp->mtx);

                if (entropy.as64[1] == 0) {
                        /*
                         * If we did not get any entropy, entropyword
                         * is zero.  We get a false positive with
                         * probablitity 2^-64.  It's not worth a few
                         * extra stores and tests eliminate the false
                         * positive.
                         */
                        if (++frsp->entropyhunger > ENTROPY_STARVATION) {
                                mutex_exit(&frsp->mtx);
                                n2rng_unconfigured(n2rng);
                                return (EIO);
                        }
                } else {
                        frsp->entropyhunger = 0;
                }

                /* nbytes - i is bytes to go */
                fips_random_inner(frsp->XKEY, tempout, entropy.as32);

                bcopy(tempout, &out[i], min(nbytes - i, SHA1BYTES));

                mutex_exit(&frsp->mtx);
        }

        /* Zeroize sensitive information */

        entropy.as64[1] = 0;
        bzero(tempout, SHA1BYTES);

        return (0);
}

/*
 * Initializes one FIPS RNG instance.  Must be called once for each
 * instance.
 */
int
n2rng_fips_random_init(n2rng_t *n2rng, fipsrandomstruct_t *frsp)
{
        /*
         * All FIPS-approved algorithms will operate as cryptograpic
         * quality PRNGs even if there is no entropy source.  (In
         * fact, this the only one that accepts entropy on the fly.)
         * One motivation for this is that they system keeps on
         * delivering cryptographic quality random numbers, even if
         * the entropy source fails.
         */

        int rv;
        static uint32_t FIPS_RNG_NO_USER_INPUT[] = {0, 0, 0, 0, 0};

        rv = n2rng_getentropy(n2rng, (void *)frsp->XKEY, ROUNDUP(SHA1BYTES, 8));
        if (rv) {
                return (rv);
        }
        frsp->entropyhunger = 0;
        mutex_init(&frsp->mtx, NULL, MUTEX_DRIVER, NULL);

        /* compute the first (compare only) random value */
        fips_random_inner(frsp->XKEY, frsp->x_jminus1, FIPS_RNG_NO_USER_INPUT);

        return (0);
}

void
n2rng_fips_random_fini(fipsrandomstruct_t *frsp)
{
        mutex_destroy(&frsp->mtx);
        /*
         * Zeroise fips data.  Not really necessary, since the
         * algorithm has backtracking resistance, but do it anyway.
         */
        bzero(frsp, sizeof (fipsrandomstruct_t));
}