1 /*
2 * algif_rng: User-space interface for random number generators
3 *
4 * This file provides the user-space API for random number generators.
5 *
6 * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, and the entire permission notice in its entirety,
13 * including the disclaimer of warranties.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of the author may not be used to endorse or promote
18 * products derived from this software without specific prior
19 * written permission.
20 *
21 * ALTERNATIVELY, this product may be distributed under the terms of
22 * the GNU General Public License, in which case the provisions of the GPL2
23 * are required INSTEAD OF the above restrictions. (This clause is
24 * necessary due to a potential bad interaction between the GPL and
25 * the restrictions contained in a BSD-style copyright.)
26 *
27 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
30 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
31 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
33 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
34 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
39 */
40
41 #include <linux/module.h>
42 #include <crypto/rng.h>
43 #include <linux/random.h>
44 #include <crypto/if_alg.h>
45 #include <linux/net.h>
46 #include <net/sock.h>
47
48 MODULE_LICENSE("GPL");
49 MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
50 MODULE_DESCRIPTION("User-space interface for random number generators");
51
52 struct rng_ctx {
53 #define MAXSIZE 128
54 unsigned int len;
55 struct crypto_rng *drng;
56 };
57
rng_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)58 static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
59 int flags)
60 {
61 struct sock *sk = sock->sk;
62 struct alg_sock *ask = alg_sk(sk);
63 struct rng_ctx *ctx = ask->private;
64 int err = -EFAULT;
65 int genlen = 0;
66 u8 result[MAXSIZE];
67
68 if (len == 0)
69 return 0;
70 if (len > MAXSIZE)
71 len = MAXSIZE;
72
73 /*
74 * although not strictly needed, this is a precaution against coding
75 * errors
76 */
77 memset(result, 0, len);
78
79 /*
80 * The enforcement of a proper seeding of an RNG is done within an
81 * RNG implementation. Some RNGs (DRBG, krng) do not need specific
82 * seeding as they automatically seed. The X9.31 DRNG will return
83 * an error if it was not seeded properly.
84 */
85 genlen = crypto_rng_get_bytes(ctx->drng, result, len);
86 if (genlen < 0)
87 return genlen;
88
89 err = memcpy_to_msg(msg, result, len);
90 memzero_explicit(result, len);
91
92 return err ? err : len;
93 }
94
95 static struct proto_ops algif_rng_ops = {
96 .family = PF_ALG,
97
98 .connect = sock_no_connect,
99 .socketpair = sock_no_socketpair,
100 .getname = sock_no_getname,
101 .ioctl = sock_no_ioctl,
102 .listen = sock_no_listen,
103 .shutdown = sock_no_shutdown,
104 .getsockopt = sock_no_getsockopt,
105 .mmap = sock_no_mmap,
106 .bind = sock_no_bind,
107 .accept = sock_no_accept,
108 .setsockopt = sock_no_setsockopt,
109 .sendmsg = sock_no_sendmsg,
110 .sendpage = sock_no_sendpage,
111
112 .release = af_alg_release,
113 .recvmsg = rng_recvmsg,
114 };
115
rng_bind(const char * name,u32 type,u32 mask)116 static void *rng_bind(const char *name, u32 type, u32 mask)
117 {
118 return crypto_alloc_rng(name, type, mask);
119 }
120
rng_release(void * private)121 static void rng_release(void *private)
122 {
123 crypto_free_rng(private);
124 }
125
rng_sock_destruct(struct sock * sk)126 static void rng_sock_destruct(struct sock *sk)
127 {
128 struct alg_sock *ask = alg_sk(sk);
129 struct rng_ctx *ctx = ask->private;
130
131 sock_kfree_s(sk, ctx, ctx->len);
132 af_alg_release_parent(sk);
133 }
134
rng_accept_parent(void * private,struct sock * sk)135 static int rng_accept_parent(void *private, struct sock *sk)
136 {
137 struct rng_ctx *ctx;
138 struct alg_sock *ask = alg_sk(sk);
139 unsigned int len = sizeof(*ctx);
140
141 ctx = sock_kmalloc(sk, len, GFP_KERNEL);
142 if (!ctx)
143 return -ENOMEM;
144
145 ctx->len = len;
146
147 /*
148 * No seeding done at that point -- if multiple accepts are
149 * done on one RNG instance, each resulting FD points to the same
150 * state of the RNG.
151 */
152
153 ctx->drng = private;
154 ask->private = ctx;
155 sk->sk_destruct = rng_sock_destruct;
156
157 return 0;
158 }
159
rng_setkey(void * private,const u8 * seed,unsigned int seedlen)160 static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
161 {
162 /*
163 * Check whether seedlen is of sufficient size is done in RNG
164 * implementations.
165 */
166 return crypto_rng_reset(private, seed, seedlen);
167 }
168
169 static const struct af_alg_type algif_type_rng = {
170 .bind = rng_bind,
171 .release = rng_release,
172 .accept = rng_accept_parent,
173 .setkey = rng_setkey,
174 .ops = &algif_rng_ops,
175 .name = "rng",
176 .owner = THIS_MODULE
177 };
178
rng_init(void)179 static int __init rng_init(void)
180 {
181 return af_alg_register_type(&algif_type_rng);
182 }
183
rng_exit(void)184 static void __exit rng_exit(void)
185 {
186 int err = af_alg_unregister_type(&algif_type_rng);
187 BUG_ON(err);
188 }
189
190 module_init(rng_init);
191 module_exit(rng_exit);
192