aboutsummaryrefslogtreecommitdiffstats
path: root/arch/s390
diff options
context:
space:
mode:
authorHarald Freudenberger <freude@linux.vnet.ibm.com>2015-03-16 09:52:52 -0400
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2015-04-23 10:56:21 -0400
commit57127645d79d2e83e801f141f7d03f64accf28aa (patch)
tree6503d13da57110c71442d8f0fd2740ea92fdc292 /arch/s390
parenta1c843b82541fdd4c4644607c942dabc7c7e6f6c (diff)
s390/zcrypt: Introduce new SHA-512 based Pseudo Random Generator.
Rework of the prandom device with introduction of a new SHA-512 based NIST SP 800-90 conform deterministic random bit generator. Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390')
-rw-r--r--arch/s390/crypto/crypt_s390.h122
-rw-r--r--arch/s390/crypto/prng.c850
2 files changed, 870 insertions, 102 deletions
diff --git a/arch/s390/crypto/crypt_s390.h b/arch/s390/crypto/crypt_s390.h
index ba3b2aefddf5..d9c4c313fbc6 100644
--- a/arch/s390/crypto/crypt_s390.h
+++ b/arch/s390/crypto/crypt_s390.h
@@ -3,9 +3,10 @@
3 * 3 *
4 * Support for s390 cryptographic instructions. 4 * Support for s390 cryptographic instructions.
5 * 5 *
6 * Copyright IBM Corp. 2003, 2007 6 * Copyright IBM Corp. 2003, 2015
7 * Author(s): Thomas Spatzier 7 * Author(s): Thomas Spatzier
8 * Jan Glauber (jan.glauber@de.ibm.com) 8 * Jan Glauber (jan.glauber@de.ibm.com)
9 * Harald Freudenberger (freude@de.ibm.com)
9 * 10 *
10 * This program is free software; you can redistribute it and/or modify it 11 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free 12 * under the terms of the GNU General Public License as published by the Free
@@ -28,15 +29,17 @@
28#define CRYPT_S390_MSA 0x1 29#define CRYPT_S390_MSA 0x1
29#define CRYPT_S390_MSA3 0x2 30#define CRYPT_S390_MSA3 0x2
30#define CRYPT_S390_MSA4 0x4 31#define CRYPT_S390_MSA4 0x4
32#define CRYPT_S390_MSA5 0x8
31 33
32/* s390 cryptographic operations */ 34/* s390 cryptographic operations */
33enum crypt_s390_operations { 35enum crypt_s390_operations {
34 CRYPT_S390_KM = 0x0100, 36 CRYPT_S390_KM = 0x0100,
35 CRYPT_S390_KMC = 0x0200, 37 CRYPT_S390_KMC = 0x0200,
36 CRYPT_S390_KIMD = 0x0300, 38 CRYPT_S390_KIMD = 0x0300,
37 CRYPT_S390_KLMD = 0x0400, 39 CRYPT_S390_KLMD = 0x0400,
38 CRYPT_S390_KMAC = 0x0500, 40 CRYPT_S390_KMAC = 0x0500,
39 CRYPT_S390_KMCTR = 0x0600 41 CRYPT_S390_KMCTR = 0x0600,
42 CRYPT_S390_PPNO = 0x0700
40}; 43};
41 44
42/* 45/*
@@ -138,6 +141,16 @@ enum crypt_s390_kmac_func {
138 KMAC_TDEA_192 = CRYPT_S390_KMAC | 3 141 KMAC_TDEA_192 = CRYPT_S390_KMAC | 3
139}; 142};
140 143
144/*
145 * function codes for PPNO (PERFORM PSEUDORANDOM NUMBER
146 * OPERATION) instruction
147 */
148enum crypt_s390_ppno_func {
149 PPNO_QUERY = CRYPT_S390_PPNO | 0,
150 PPNO_SHA512_DRNG_GEN = CRYPT_S390_PPNO | 3,
151 PPNO_SHA512_DRNG_SEED = CRYPT_S390_PPNO | 0x83
152};
153
141/** 154/**
142 * crypt_s390_km: 155 * crypt_s390_km:
143 * @func: the function code passed to KM; see crypt_s390_km_func 156 * @func: the function code passed to KM; see crypt_s390_km_func
@@ -162,11 +175,11 @@ static inline int crypt_s390_km(long func, void *param,
162 int ret; 175 int ret;
163 176
164 asm volatile( 177 asm volatile(
165 "0: .insn rre,0xb92e0000,%3,%1 \n" /* KM opcode */ 178 "0: .insn rre,0xb92e0000,%3,%1\n" /* KM opcode */
166 "1: brc 1,0b \n" /* handle partial completion */ 179 "1: brc 1,0b\n" /* handle partial completion */
167 " la %0,0\n" 180 " la %0,0\n"
168 "2:\n" 181 "2:\n"
169 EX_TABLE(0b,2b) EX_TABLE(1b,2b) 182 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
170 : "=d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest) 183 : "=d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest)
171 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory"); 184 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
172 if (ret < 0) 185 if (ret < 0)
@@ -198,11 +211,11 @@ static inline int crypt_s390_kmc(long func, void *param,
198 int ret; 211 int ret;
199 212
200 asm volatile( 213 asm volatile(
201 "0: .insn rre,0xb92f0000,%3,%1 \n" /* KMC opcode */ 214 "0: .insn rre,0xb92f0000,%3,%1\n" /* KMC opcode */
202 "1: brc 1,0b \n" /* handle partial completion */ 215 "1: brc 1,0b\n" /* handle partial completion */
203 " la %0,0\n" 216 " la %0,0\n"
204 "2:\n" 217 "2:\n"
205 EX_TABLE(0b,2b) EX_TABLE(1b,2b) 218 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
206 : "=d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest) 219 : "=d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest)
207 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory"); 220 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
208 if (ret < 0) 221 if (ret < 0)
@@ -233,11 +246,11 @@ static inline int crypt_s390_kimd(long func, void *param,
233 int ret; 246 int ret;
234 247
235 asm volatile( 248 asm volatile(
236 "0: .insn rre,0xb93e0000,%1,%1 \n" /* KIMD opcode */ 249 "0: .insn rre,0xb93e0000,%1,%1\n" /* KIMD opcode */
237 "1: brc 1,0b \n" /* handle partial completion */ 250 "1: brc 1,0b\n" /* handle partial completion */
238 " la %0,0\n" 251 " la %0,0\n"
239 "2:\n" 252 "2:\n"
240 EX_TABLE(0b,2b) EX_TABLE(1b,2b) 253 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
241 : "=d" (ret), "+a" (__src), "+d" (__src_len) 254 : "=d" (ret), "+a" (__src), "+d" (__src_len)
242 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory"); 255 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
243 if (ret < 0) 256 if (ret < 0)
@@ -267,11 +280,11 @@ static inline int crypt_s390_klmd(long func, void *param,
267 int ret; 280 int ret;
268 281
269 asm volatile( 282 asm volatile(
270 "0: .insn rre,0xb93f0000,%1,%1 \n" /* KLMD opcode */ 283 "0: .insn rre,0xb93f0000,%1,%1\n" /* KLMD opcode */
271 "1: brc 1,0b \n" /* handle partial completion */ 284 "1: brc 1,0b\n" /* handle partial completion */
272 " la %0,0\n" 285 " la %0,0\n"
273 "2:\n" 286 "2:\n"
274 EX_TABLE(0b,2b) EX_TABLE(1b,2b) 287 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
275 : "=d" (ret), "+a" (__src), "+d" (__src_len) 288 : "=d" (ret), "+a" (__src), "+d" (__src_len)
276 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory"); 289 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
277 if (ret < 0) 290 if (ret < 0)
@@ -302,11 +315,11 @@ static inline int crypt_s390_kmac(long func, void *param,
302 int ret; 315 int ret;
303 316
304 asm volatile( 317 asm volatile(
305 "0: .insn rre,0xb91e0000,%1,%1 \n" /* KLAC opcode */ 318 "0: .insn rre,0xb91e0000,%1,%1\n" /* KLAC opcode */
306 "1: brc 1,0b \n" /* handle partial completion */ 319 "1: brc 1,0b\n" /* handle partial completion */
307 " la %0,0\n" 320 " la %0,0\n"
308 "2:\n" 321 "2:\n"
309 EX_TABLE(0b,2b) EX_TABLE(1b,2b) 322 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
310 : "=d" (ret), "+a" (__src), "+d" (__src_len) 323 : "=d" (ret), "+a" (__src), "+d" (__src_len)
311 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory"); 324 : "d" (__func), "a" (__param), "0" (-1) : "cc", "memory");
312 if (ret < 0) 325 if (ret < 0)
@@ -340,11 +353,11 @@ static inline int crypt_s390_kmctr(long func, void *param, u8 *dest,
340 int ret = -1; 353 int ret = -1;
341 354
342 asm volatile( 355 asm volatile(
343 "0: .insn rrf,0xb92d0000,%3,%1,%4,0 \n" /* KMCTR opcode */ 356 "0: .insn rrf,0xb92d0000,%3,%1,%4,0\n" /* KMCTR opcode */
344 "1: brc 1,0b \n" /* handle partial completion */ 357 "1: brc 1,0b\n" /* handle partial completion */
345 " la %0,0\n" 358 " la %0,0\n"
346 "2:\n" 359 "2:\n"
347 EX_TABLE(0b,2b) EX_TABLE(1b,2b) 360 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
348 : "+d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest), 361 : "+d" (ret), "+a" (__src), "+d" (__src_len), "+a" (__dest),
349 "+a" (__ctr) 362 "+a" (__ctr)
350 : "d" (__func), "a" (__param) : "cc", "memory"); 363 : "d" (__func), "a" (__param) : "cc", "memory");
@@ -354,6 +367,47 @@ static inline int crypt_s390_kmctr(long func, void *param, u8 *dest,
354} 367}
355 368
356/** 369/**
370 * crypt_s390_ppno:
371 * @func: the function code passed to PPNO; see crypt_s390_ppno_func
372 * @param: address of parameter block; see POP for details on each func
373 * @dest: address of destination memory area
374 * @dest_len: size of destination memory area in bytes
375 * @seed: address of seed data
376 * @seed_len: size of seed data in bytes
377 *
378 * Executes the PPNO (PERFORM PSEUDORANDOM NUMBER OPERATION)
379 * operation of the CPU.
380 *
381 * Returns -1 for failure, 0 for the query func, number of random
382 * bytes stored in dest buffer for generate function
383 */
384static inline int crypt_s390_ppno(long func, void *param,
385 u8 *dest, long dest_len,
386 const u8 *seed, long seed_len)
387{
388 register long __func asm("0") = func & CRYPT_S390_FUNC_MASK;
389 register void *__param asm("1") = param; /* param block (240 bytes) */
390 register u8 *__dest asm("2") = dest; /* buf for recv random bytes */
391 register long __dest_len asm("3") = dest_len; /* requested random bytes */
392 register const u8 *__seed asm("4") = seed; /* buf with seed data */
393 register long __seed_len asm("5") = seed_len; /* bytes in seed buf */
394 int ret = -1;
395
396 asm volatile (
397 "0: .insn rre,0xb93c0000,%1,%5\n" /* PPNO opcode */
398 "1: brc 1,0b\n" /* handle partial completion */
399 " la %0,0\n"
400 "2:\n"
401 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
402 : "+d" (ret), "+a"(__dest), "+d"(__dest_len)
403 : "d"(__func), "a"(__param), "a"(__seed), "d"(__seed_len)
404 : "cc", "memory");
405 if (ret < 0)
406 return ret;
407 return (func & CRYPT_S390_FUNC_MASK) ? dest_len - __dest_len : 0;
408}
409
410/**
357 * crypt_s390_func_available: 411 * crypt_s390_func_available:
358 * @func: the function code of the specific function; 0 if op in general 412 * @func: the function code of the specific function; 0 if op in general
359 * 413 *
@@ -373,6 +427,9 @@ static inline int crypt_s390_func_available(int func,
373 return 0; 427 return 0;
374 if (facility_mask & CRYPT_S390_MSA4 && !test_facility(77)) 428 if (facility_mask & CRYPT_S390_MSA4 && !test_facility(77))
375 return 0; 429 return 0;
430 if (facility_mask & CRYPT_S390_MSA5 && !test_facility(57))
431 return 0;
432
376 switch (func & CRYPT_S390_OP_MASK) { 433 switch (func & CRYPT_S390_OP_MASK) {
377 case CRYPT_S390_KM: 434 case CRYPT_S390_KM:
378 ret = crypt_s390_km(KM_QUERY, &status, NULL, NULL, 0); 435 ret = crypt_s390_km(KM_QUERY, &status, NULL, NULL, 0);
@@ -390,8 +447,12 @@ static inline int crypt_s390_func_available(int func,
390 ret = crypt_s390_kmac(KMAC_QUERY, &status, NULL, 0); 447 ret = crypt_s390_kmac(KMAC_QUERY, &status, NULL, 0);
391 break; 448 break;
392 case CRYPT_S390_KMCTR: 449 case CRYPT_S390_KMCTR:
393 ret = crypt_s390_kmctr(KMCTR_QUERY, &status, NULL, NULL, 0, 450 ret = crypt_s390_kmctr(KMCTR_QUERY, &status,
394 NULL); 451 NULL, NULL, 0, NULL);
452 break;
453 case CRYPT_S390_PPNO:
454 ret = crypt_s390_ppno(PPNO_QUERY, &status,
455 NULL, 0, NULL, 0);
395 break; 456 break;
396 default: 457 default:
397 return 0; 458 return 0;
@@ -419,15 +480,14 @@ static inline int crypt_s390_pcc(long func, void *param)
419 int ret = -1; 480 int ret = -1;
420 481
421 asm volatile( 482 asm volatile(
422 "0: .insn rre,0xb92c0000,0,0 \n" /* PCC opcode */ 483 "0: .insn rre,0xb92c0000,0,0\n" /* PCC opcode */
423 "1: brc 1,0b \n" /* handle partial completion */ 484 "1: brc 1,0b\n" /* handle partial completion */
424 " la %0,0\n" 485 " la %0,0\n"
425 "2:\n" 486 "2:\n"
426 EX_TABLE(0b,2b) EX_TABLE(1b,2b) 487 EX_TABLE(0b, 2b) EX_TABLE(1b, 2b)
427 : "+d" (ret) 488 : "+d" (ret)
428 : "d" (__func), "a" (__param) : "cc", "memory"); 489 : "d" (__func), "a" (__param) : "cc", "memory");
429 return ret; 490 return ret;
430} 491}
431 492
432
433#endif /* _CRYPTO_ARCH_S390_CRYPT_S390_H */ 493#endif /* _CRYPTO_ARCH_S390_CRYPT_S390_H */
diff --git a/arch/s390/crypto/prng.c b/arch/s390/crypto/prng.c
index 94a35a4c1b48..1f374b39a4ec 100644
--- a/arch/s390/crypto/prng.c
+++ b/arch/s390/crypto/prng.c
@@ -1,106 +1,529 @@
1/* 1/*
2 * Copyright IBM Corp. 2006, 2007 2 * Copyright IBM Corp. 2006, 2015
3 * Author(s): Jan Glauber <jan.glauber@de.ibm.com> 3 * Author(s): Jan Glauber <jan.glauber@de.ibm.com>
4 * Harald Freudenberger <freude@de.ibm.com>
4 * Driver for the s390 pseudo random number generator 5 * Driver for the s390 pseudo random number generator
5 */ 6 */
7
8#define KMSG_COMPONENT "prng"
9#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
10
6#include <linux/fs.h> 11#include <linux/fs.h>
12#include <linux/fips.h>
7#include <linux/init.h> 13#include <linux/init.h>
8#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/device.h>
9#include <linux/miscdevice.h> 16#include <linux/miscdevice.h>
10#include <linux/module.h> 17#include <linux/module.h>
11#include <linux/moduleparam.h> 18#include <linux/moduleparam.h>
19#include <linux/mutex.h>
12#include <linux/random.h> 20#include <linux/random.h>
13#include <linux/slab.h> 21#include <linux/slab.h>
14#include <asm/debug.h> 22#include <asm/debug.h>
15#include <asm/uaccess.h> 23#include <asm/uaccess.h>
24#include <asm/timex.h>
16 25
17#include "crypt_s390.h" 26#include "crypt_s390.h"
18 27
19MODULE_LICENSE("GPL"); 28MODULE_LICENSE("GPL");
20MODULE_AUTHOR("Jan Glauber <jan.glauber@de.ibm.com>"); 29MODULE_AUTHOR("IBM Corporation");
21MODULE_DESCRIPTION("s390 PRNG interface"); 30MODULE_DESCRIPTION("s390 PRNG interface");
22 31
23static int prng_chunk_size = 256; 32
24module_param(prng_chunk_size, int, S_IRUSR | S_IRGRP | S_IROTH); 33#define PRNG_MODE_AUTO 0
34#define PRNG_MODE_TDES 1
35#define PRNG_MODE_SHA512 2
36
37static unsigned int prng_mode = PRNG_MODE_AUTO;
38module_param_named(mode, prng_mode, int, 0);
39MODULE_PARM_DESC(prng_mode, "PRNG mode: 0 - auto, 1 - TDES, 2 - SHA512");
40
41
42#define PRNG_CHUNKSIZE_TDES_MIN 8
43#define PRNG_CHUNKSIZE_TDES_MAX (64*1024)
44#define PRNG_CHUNKSIZE_SHA512_MIN 64
45#define PRNG_CHUNKSIZE_SHA512_MAX (64*1024)
46
47static unsigned int prng_chunk_size = 256;
48module_param_named(chunksize, prng_chunk_size, int, 0);
25MODULE_PARM_DESC(prng_chunk_size, "PRNG read chunk size in bytes"); 49MODULE_PARM_DESC(prng_chunk_size, "PRNG read chunk size in bytes");
26 50
27static int prng_entropy_limit = 4096; 51
28module_param(prng_entropy_limit, int, S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR); 52#define PRNG_RESEED_LIMIT_TDES 4096
29MODULE_PARM_DESC(prng_entropy_limit, 53#define PRNG_RESEED_LIMIT_TDES_LOWER 4096
30 "PRNG add entropy after that much bytes were produced"); 54#define PRNG_RESEED_LIMIT_SHA512 100000
55#define PRNG_RESEED_LIMIT_SHA512_LOWER 10000
56
57static unsigned int prng_reseed_limit;
58module_param_named(reseed_limit, prng_reseed_limit, int, 0);
59MODULE_PARM_DESC(prng_reseed_limit, "PRNG reseed limit");
60
31 61
32/* 62/*
33 * Any one who considers arithmetical methods of producing random digits is, 63 * Any one who considers arithmetical methods of producing random digits is,
34 * of course, in a state of sin. -- John von Neumann 64 * of course, in a state of sin. -- John von Neumann
35 */ 65 */
36 66
37struct s390_prng_data { 67static int prng_errorflag;
38 unsigned long count; /* how many bytes were produced */ 68
39 char *buf; 69#define PRNG_GEN_ENTROPY_FAILED 1
70#define PRNG_SELFTEST_FAILED 2
71#define PRNG_INSTANTIATE_FAILED 3
72#define PRNG_SEED_FAILED 4
73#define PRNG_RESEED_FAILED 5
74#define PRNG_GEN_FAILED 6
75
76struct prng_ws_s {
77 u8 parm_block[32];
78 u32 reseed_counter;
79 u64 byte_counter;
40}; 80};
41 81
42static struct s390_prng_data *p; 82struct ppno_ws_s {
83 u32 res;
84 u32 reseed_counter;
85 u64 stream_bytes;
86 u8 V[112];
87 u8 C[112];
88};
43 89
44/* copied from libica, use a non-zero initial parameter block */ 90struct prng_data_s {
45static unsigned char parm_block[32] = { 91 struct mutex mutex;
460x0F,0x2B,0x8E,0x63,0x8C,0x8E,0xD2,0x52,0x64,0xB7,0xA0,0x7B,0x75,0x28,0xB8,0xF4, 92 union {
470x75,0x5F,0xD2,0xA6,0x8D,0x97,0x11,0xFF,0x49,0xD8,0x23,0xF3,0x7E,0x21,0xEC,0xA0, 93 struct prng_ws_s prngws;
94 struct ppno_ws_s ppnows;
95 };
96 u8 *buf;
97 u32 rest;
98 u8 *prev;
48}; 99};
49 100
50static int prng_open(struct inode *inode, struct file *file) 101static struct prng_data_s *prng_data;
102
103/* initial parameter block for tdes mode, copied from libica */
104static const u8 initial_parm_block[32] __initconst = {
105 0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52,
106 0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4,
107 0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF,
108 0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0 };
109
110
111/*** helper functions ***/
112
113static int generate_entropy(u8 *ebuf, size_t nbytes)
51{ 114{
52 return nonseekable_open(inode, file); 115 int n, ret = 0;
116 u8 *pg, *h, hash[32];
117
118 pg = (u8 *) __get_free_page(GFP_KERNEL);
119 if (!pg) {
120 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
121 return -ENOMEM;
122 }
123
124 while (nbytes) {
125 /* fill page with urandom bytes */
126 get_random_bytes(pg, PAGE_SIZE);
127 /* exor page with stckf values */
128 for (n = 0; n < sizeof(PAGE_SIZE/sizeof(u64)); n++) {
129 u64 *p = ((u64 *)pg) + n;
130 *p ^= get_tod_clock_fast();
131 }
132 n = (nbytes < sizeof(hash)) ? nbytes : sizeof(hash);
133 if (n < sizeof(hash))
134 h = hash;
135 else
136 h = ebuf;
137 /* generate sha256 from this page */
138 if (crypt_s390_kimd(KIMD_SHA_256, h,
139 pg, PAGE_SIZE) != PAGE_SIZE) {
140 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
141 ret = -EIO;
142 goto out;
143 }
144 if (n < sizeof(hash))
145 memcpy(ebuf, hash, n);
146 ret += n;
147 ebuf += n;
148 nbytes -= n;
149 }
150
151out:
152 free_page((unsigned long)pg);
153 return ret;
53} 154}
54 155
55static void prng_add_entropy(void) 156
157/*** tdes functions ***/
158
159static void prng_tdes_add_entropy(void)
56{ 160{
57 __u64 entropy[4]; 161 __u64 entropy[4];
58 unsigned int i; 162 unsigned int i;
59 int ret; 163 int ret;
60 164
61 for (i = 0; i < 16; i++) { 165 for (i = 0; i < 16; i++) {
62 ret = crypt_s390_kmc(KMC_PRNG, parm_block, (char *)entropy, 166 ret = crypt_s390_kmc(KMC_PRNG, prng_data->prngws.parm_block,
63 (char *)entropy, sizeof(entropy)); 167 (char *)entropy, (char *)entropy,
168 sizeof(entropy));
64 BUG_ON(ret < 0 || ret != sizeof(entropy)); 169 BUG_ON(ret < 0 || ret != sizeof(entropy));
65 memcpy(parm_block, entropy, sizeof(entropy)); 170 memcpy(prng_data->prngws.parm_block, entropy, sizeof(entropy));
66 } 171 }
67} 172}
68 173
69static void prng_seed(int nbytes) 174
175static void prng_tdes_seed(int nbytes)
70{ 176{
71 char buf[16]; 177 char buf[16];
72 int i = 0; 178 int i = 0;
73 179
74 BUG_ON(nbytes > 16); 180 BUG_ON(nbytes > sizeof(buf));
181
75 get_random_bytes(buf, nbytes); 182 get_random_bytes(buf, nbytes);
76 183
77 /* Add the entropy */ 184 /* Add the entropy */
78 while (nbytes >= 8) { 185 while (nbytes >= 8) {
79 *((__u64 *)parm_block) ^= *((__u64 *)(buf+i)); 186 *((__u64 *)prng_data->prngws.parm_block) ^= *((__u64 *)(buf+i));
80 prng_add_entropy(); 187 prng_tdes_add_entropy();
81 i += 8; 188 i += 8;
82 nbytes -= 8; 189 nbytes -= 8;
83 } 190 }
84 prng_add_entropy(); 191 prng_tdes_add_entropy();
192 prng_data->prngws.reseed_counter = 0;
193}
194
195
196static int __init prng_tdes_instantiate(void)
197{
198 int datalen;
199
200 pr_debug("prng runs in TDES mode with "
201 "chunksize=%d and reseed_limit=%u\n",
202 prng_chunk_size, prng_reseed_limit);
203
204 /* memory allocation, prng_data struct init, mutex init */
205 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
206 prng_data = kzalloc(datalen, GFP_KERNEL);
207 if (!prng_data) {
208 prng_errorflag = PRNG_INSTANTIATE_FAILED;
209 return -ENOMEM;
210 }
211 mutex_init(&prng_data->mutex);
212 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
213 memcpy(prng_data->prngws.parm_block, initial_parm_block, 32);
214
215 /* initialize the PRNG, add 128 bits of entropy */
216 prng_tdes_seed(16);
217
218 return 0;
85} 219}
86 220
87static ssize_t prng_read(struct file *file, char __user *ubuf, size_t nbytes, 221
88 loff_t *ppos) 222static void prng_tdes_deinstantiate(void)
223{
224 pr_debug("The prng module stopped "
225 "after running in triple DES mode\n");
226 kzfree(prng_data);
227}
228
229
230/*** sha512 functions ***/
231
232static int __init prng_sha512_selftest(void)
89{ 233{
90 int chunk, n; 234 /* NIST DRBG testvector for Hash Drbg, Sha-512, Count #0 */
235 static const u8 seed[] __initconst = {
236 0x6b, 0x50, 0xa7, 0xd8, 0xf8, 0xa5, 0x5d, 0x7a,
237 0x3d, 0xf8, 0xbb, 0x40, 0xbc, 0xc3, 0xb7, 0x22,
238 0xd8, 0x70, 0x8d, 0xe6, 0x7f, 0xda, 0x01, 0x0b,
239 0x03, 0xc4, 0xc8, 0x4d, 0x72, 0x09, 0x6f, 0x8c,
240 0x3e, 0xc6, 0x49, 0xcc, 0x62, 0x56, 0xd9, 0xfa,
241 0x31, 0xdb, 0x7a, 0x29, 0x04, 0xaa, 0xf0, 0x25 };
242 static const u8 V0[] __initconst = {
243 0x00, 0xad, 0xe3, 0x6f, 0x9a, 0x01, 0xc7, 0x76,
244 0x61, 0x34, 0x35, 0xf5, 0x4e, 0x24, 0x74, 0x22,
245 0x21, 0x9a, 0x29, 0x89, 0xc7, 0x93, 0x2e, 0x60,
246 0x1e, 0xe8, 0x14, 0x24, 0x8d, 0xd5, 0x03, 0xf1,
247 0x65, 0x5d, 0x08, 0x22, 0x72, 0xd5, 0xad, 0x95,
248 0xe1, 0x23, 0x1e, 0x8a, 0xa7, 0x13, 0xd9, 0x2b,
249 0x5e, 0xbc, 0xbb, 0x80, 0xab, 0x8d, 0xe5, 0x79,
250 0xab, 0x5b, 0x47, 0x4e, 0xdd, 0xee, 0x6b, 0x03,
251 0x8f, 0x0f, 0x5c, 0x5e, 0xa9, 0x1a, 0x83, 0xdd,
252 0xd3, 0x88, 0xb2, 0x75, 0x4b, 0xce, 0x83, 0x36,
253 0x57, 0x4b, 0xf1, 0x5c, 0xca, 0x7e, 0x09, 0xc0,
254 0xd3, 0x89, 0xc6, 0xe0, 0xda, 0xc4, 0x81, 0x7e,
255 0x5b, 0xf9, 0xe1, 0x01, 0xc1, 0x92, 0x05, 0xea,
256 0xf5, 0x2f, 0xc6, 0xc6, 0xc7, 0x8f, 0xbc, 0xf4 };
257 static const u8 C0[] __initconst = {
258 0x00, 0xf4, 0xa3, 0xe5, 0xa0, 0x72, 0x63, 0x95,
259 0xc6, 0x4f, 0x48, 0xd0, 0x8b, 0x5b, 0x5f, 0x8e,
260 0x6b, 0x96, 0x1f, 0x16, 0xed, 0xbc, 0x66, 0x94,
261 0x45, 0x31, 0xd7, 0x47, 0x73, 0x22, 0xa5, 0x86,
262 0xce, 0xc0, 0x4c, 0xac, 0x63, 0xb8, 0x39, 0x50,
263 0xbf, 0xe6, 0x59, 0x6c, 0x38, 0x58, 0x99, 0x1f,
264 0x27, 0xa7, 0x9d, 0x71, 0x2a, 0xb3, 0x7b, 0xf9,
265 0xfb, 0x17, 0x86, 0xaa, 0x99, 0x81, 0xaa, 0x43,
266 0xe4, 0x37, 0xd3, 0x1e, 0x6e, 0xe5, 0xe6, 0xee,
267 0xc2, 0xed, 0x95, 0x4f, 0x53, 0x0e, 0x46, 0x8a,
268 0xcc, 0x45, 0xa5, 0xdb, 0x69, 0x0d, 0x81, 0xc9,
269 0x32, 0x92, 0xbc, 0x8f, 0x33, 0xe6, 0xf6, 0x09,
270 0x7c, 0x8e, 0x05, 0x19, 0x0d, 0xf1, 0xb6, 0xcc,
271 0xf3, 0x02, 0x21, 0x90, 0x25, 0xec, 0xed, 0x0e };
272 static const u8 random[] __initconst = {
273 0x95, 0xb7, 0xf1, 0x7e, 0x98, 0x02, 0xd3, 0x57,
274 0x73, 0x92, 0xc6, 0xa9, 0xc0, 0x80, 0x83, 0xb6,
275 0x7d, 0xd1, 0x29, 0x22, 0x65, 0xb5, 0xf4, 0x2d,
276 0x23, 0x7f, 0x1c, 0x55, 0xbb, 0x9b, 0x10, 0xbf,
277 0xcf, 0xd8, 0x2c, 0x77, 0xa3, 0x78, 0xb8, 0x26,
278 0x6a, 0x00, 0x99, 0x14, 0x3b, 0x3c, 0x2d, 0x64,
279 0x61, 0x1e, 0xee, 0xb6, 0x9a, 0xcd, 0xc0, 0x55,
280 0x95, 0x7c, 0x13, 0x9e, 0x8b, 0x19, 0x0c, 0x7a,
281 0x06, 0x95, 0x5f, 0x2c, 0x79, 0x7c, 0x27, 0x78,
282 0xde, 0x94, 0x03, 0x96, 0xa5, 0x01, 0xf4, 0x0e,
283 0x91, 0x39, 0x6a, 0xcf, 0x8d, 0x7e, 0x45, 0xeb,
284 0xdb, 0xb5, 0x3b, 0xbf, 0x8c, 0x97, 0x52, 0x30,
285 0xd2, 0xf0, 0xff, 0x91, 0x06, 0xc7, 0x61, 0x19,
286 0xae, 0x49, 0x8e, 0x7f, 0xbc, 0x03, 0xd9, 0x0f,
287 0x8e, 0x4c, 0x51, 0x62, 0x7a, 0xed, 0x5c, 0x8d,
288 0x42, 0x63, 0xd5, 0xd2, 0xb9, 0x78, 0x87, 0x3a,
289 0x0d, 0xe5, 0x96, 0xee, 0x6d, 0xc7, 0xf7, 0xc2,
290 0x9e, 0x37, 0xee, 0xe8, 0xb3, 0x4c, 0x90, 0xdd,
291 0x1c, 0xf6, 0xa9, 0xdd, 0xb2, 0x2b, 0x4c, 0xbd,
292 0x08, 0x6b, 0x14, 0xb3, 0x5d, 0xe9, 0x3d, 0xa2,
293 0xd5, 0xcb, 0x18, 0x06, 0x69, 0x8c, 0xbd, 0x7b,
294 0xbb, 0x67, 0xbf, 0xe3, 0xd3, 0x1f, 0xd2, 0xd1,
295 0xdb, 0xd2, 0xa1, 0xe0, 0x58, 0xa3, 0xeb, 0x99,
296 0xd7, 0xe5, 0x1f, 0x1a, 0x93, 0x8e, 0xed, 0x5e,
297 0x1c, 0x1d, 0xe2, 0x3a, 0x6b, 0x43, 0x45, 0xd3,
298 0x19, 0x14, 0x09, 0xf9, 0x2f, 0x39, 0xb3, 0x67,
299 0x0d, 0x8d, 0xbf, 0xb6, 0x35, 0xd8, 0xe6, 0xa3,
300 0x69, 0x32, 0xd8, 0x10, 0x33, 0xd1, 0x44, 0x8d,
301 0x63, 0xb4, 0x03, 0xdd, 0xf8, 0x8e, 0x12, 0x1b,
302 0x6e, 0x81, 0x9a, 0xc3, 0x81, 0x22, 0x6c, 0x13,
303 0x21, 0xe4, 0xb0, 0x86, 0x44, 0xf6, 0x72, 0x7c,
304 0x36, 0x8c, 0x5a, 0x9f, 0x7a, 0x4b, 0x3e, 0xe2 };
305
91 int ret = 0; 306 int ret = 0;
92 int tmp; 307 u8 buf[sizeof(random)];
308 struct ppno_ws_s ws;
309
310 memset(&ws, 0, sizeof(ws));
311
312 /* initial seed */
313 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
314 &ws, NULL, 0,
315 seed, sizeof(seed));
316 if (ret < 0) {
317 pr_err("The prng self test seed operation for the "
318 "SHA-512 mode failed with rc=%d\n", ret);
319 prng_errorflag = PRNG_SELFTEST_FAILED;
320 return -EIO;
321 }
322
323 /* check working states V and C */
324 if (memcmp(ws.V, V0, sizeof(V0)) != 0
325 || memcmp(ws.C, C0, sizeof(C0)) != 0) {
326 pr_err("The prng self test state test "
327 "for the SHA-512 mode failed\n");
328 prng_errorflag = PRNG_SELFTEST_FAILED;
329 return -EIO;
330 }
331
332 /* generate random bytes */
333 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
334 &ws, buf, sizeof(buf),
335 NULL, 0);
336 if (ret < 0) {
337 pr_err("The prng self test generate operation for "
338 "the SHA-512 mode failed with rc=%d\n", ret);
339 prng_errorflag = PRNG_SELFTEST_FAILED;
340 return -EIO;
341 }
342 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
343 &ws, buf, sizeof(buf),
344 NULL, 0);
345 if (ret < 0) {
346 pr_err("The prng self test generate operation for "
347 "the SHA-512 mode failed with rc=%d\n", ret);
348 prng_errorflag = PRNG_SELFTEST_FAILED;
349 return -EIO;
350 }
351
352 /* check against expected data */
353 if (memcmp(buf, random, sizeof(random)) != 0) {
354 pr_err("The prng self test data test "
355 "for the SHA-512 mode failed\n");
356 prng_errorflag = PRNG_SELFTEST_FAILED;
357 return -EIO;
358 }
359
360 return 0;
361}
362
363
364static int __init prng_sha512_instantiate(void)
365{
366 int ret, datalen;
367 u8 seed[64];
368
369 pr_debug("prng runs in SHA-512 mode "
370 "with chunksize=%d and reseed_limit=%u\n",
371 prng_chunk_size, prng_reseed_limit);
372
373 /* memory allocation, prng_data struct init, mutex init */
374 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
375 if (fips_enabled)
376 datalen += prng_chunk_size;
377 prng_data = kzalloc(datalen, GFP_KERNEL);
378 if (!prng_data) {
379 prng_errorflag = PRNG_INSTANTIATE_FAILED;
380 return -ENOMEM;
381 }
382 mutex_init(&prng_data->mutex);
383 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
384
385 /* selftest */
386 ret = prng_sha512_selftest();
387 if (ret)
388 goto outfree;
389
390 /* generate initial seed bytestring, first 48 bytes of entropy */
391 ret = generate_entropy(seed, 48);
392 if (ret != 48)
393 goto outfree;
394 /* followed by 16 bytes of unique nonce */
395 get_tod_clock_ext(seed + 48);
396
397 /* initial seed of the ppno drng */
398 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
399 &prng_data->ppnows, NULL, 0,
400 seed, sizeof(seed));
401 if (ret < 0) {
402 prng_errorflag = PRNG_SEED_FAILED;
403 ret = -EIO;
404 goto outfree;
405 }
406
407 /* if fips mode is enabled, generate a first block of random
408 bytes for the FIPS 140-2 Conditional Self Test */
409 if (fips_enabled) {
410 prng_data->prev = prng_data->buf + prng_chunk_size;
411 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
412 &prng_data->ppnows,
413 prng_data->prev,
414 prng_chunk_size,
415 NULL, 0);
416 if (ret < 0 || ret != prng_chunk_size) {
417 prng_errorflag = PRNG_GEN_FAILED;
418 ret = -EIO;
419 goto outfree;
420 }
421 }
422
423 return 0;
424
425outfree:
426 kfree(prng_data);
427 return ret;
428}
429
430
431static void prng_sha512_deinstantiate(void)
432{
433 pr_debug("The prng module stopped after running in SHA-512 mode\n");
434 kzfree(prng_data);
435}
436
437
438static int prng_sha512_reseed(void)
439{
440 int ret;
441 u8 seed[32];
442
443 /* generate 32 bytes of fresh entropy */
444 ret = generate_entropy(seed, sizeof(seed));
445 if (ret != sizeof(seed))
446 return ret;
447
448 /* do a reseed of the ppno drng with this bytestring */
449 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
450 &prng_data->ppnows, NULL, 0,
451 seed, sizeof(seed));
452 if (ret) {
453 prng_errorflag = PRNG_RESEED_FAILED;
454 return -EIO;
455 }
456
457 return 0;
458}
459
460
461static int prng_sha512_generate(u8 *buf, size_t nbytes)
462{
463 int ret;
464
465 /* reseed needed ? */
466 if (prng_data->ppnows.reseed_counter > prng_reseed_limit) {
467 ret = prng_sha512_reseed();
468 if (ret)
469 return ret;
470 }
471
472 /* PPNO generate */
473 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
474 &prng_data->ppnows, buf, nbytes,
475 NULL, 0);
476 if (ret < 0 || ret != nbytes) {
477 prng_errorflag = PRNG_GEN_FAILED;
478 return -EIO;
479 }
480
481 /* FIPS 140-2 Conditional Self Test */
482 if (fips_enabled) {
483 if (!memcmp(prng_data->prev, buf, nbytes)) {
484 prng_errorflag = PRNG_GEN_FAILED;
485 return -EILSEQ;
486 }
487 memcpy(prng_data->prev, buf, nbytes);
488 }
489
490 return ret;
491}
492
493
494/*** file io functions ***/
495
496static int prng_open(struct inode *inode, struct file *file)
497{
498 return nonseekable_open(inode, file);
499}
500
501
502static ssize_t prng_tdes_read(struct file *file, char __user *ubuf,
503 size_t nbytes, loff_t *ppos)
504{
505 int chunk, n, tmp, ret = 0;
506
507 /* lock prng_data struct */
508 if (mutex_lock_interruptible(&prng_data->mutex))
509 return -ERESTARTSYS;
93 510
94 /* nbytes can be arbitrary length, we split it into chunks */
95 while (nbytes) { 511 while (nbytes) {
96 /* same as in extract_entropy_user in random.c */
97 if (need_resched()) { 512 if (need_resched()) {
98 if (signal_pending(current)) { 513 if (signal_pending(current)) {
99 if (ret == 0) 514 if (ret == 0)
100 ret = -ERESTARTSYS; 515 ret = -ERESTARTSYS;
101 break; 516 break;
102 } 517 }
518 /* give mutex free before calling schedule() */
519 mutex_unlock(&prng_data->mutex);
103 schedule(); 520 schedule();
521 /* occopy mutex again */
522 if (mutex_lock_interruptible(&prng_data->mutex)) {
523 if (ret == 0)
524 ret = -ERESTARTSYS;
525 return ret;
526 }
104 } 527 }
105 528
106 /* 529 /*
@@ -112,12 +535,11 @@ static ssize_t prng_read(struct file *file, char __user *ubuf, size_t nbytes,
112 /* PRNG only likes multiples of 8 bytes */ 535 /* PRNG only likes multiples of 8 bytes */
113 n = (chunk + 7) & -8; 536 n = (chunk + 7) & -8;
114 537
115 if (p->count > prng_entropy_limit) 538 if (prng_data->prngws.reseed_counter > prng_reseed_limit)
116 prng_seed(8); 539 prng_tdes_seed(8);
117 540
118 /* if the CPU supports PRNG stckf is present too */ 541 /* if the CPU supports PRNG stckf is present too */
119 asm volatile(".insn s,0xb27c0000,%0" 542 *((unsigned long long *)prng_data->buf) = get_tod_clock_fast();
120 : "=m" (*((unsigned long long *)p->buf)) : : "cc");
121 543
122 /* 544 /*
123 * Beside the STCKF the input for the TDES-EDE is the output 545 * Beside the STCKF the input for the TDES-EDE is the output
@@ -132,35 +554,259 @@ static ssize_t prng_read(struct file *file, char __user *ubuf, size_t nbytes,
132 * Note: you can still get strict X9.17 conformity by setting 554 * Note: you can still get strict X9.17 conformity by setting
133 * prng_chunk_size to 8 bytes. 555 * prng_chunk_size to 8 bytes.
134 */ 556 */
135 tmp = crypt_s390_kmc(KMC_PRNG, parm_block, p->buf, p->buf, n); 557 tmp = crypt_s390_kmc(KMC_PRNG, prng_data->prngws.parm_block,
136 BUG_ON((tmp < 0) || (tmp != n)); 558 prng_data->buf, prng_data->buf, n);
559 if (tmp < 0 || tmp != n) {
560 ret = -EIO;
561 break;
562 }
137 563
138 p->count += n; 564 prng_data->prngws.byte_counter += n;
565 prng_data->prngws.reseed_counter += n;
139 566
140 if (copy_to_user(ubuf, p->buf, chunk)) 567 if (copy_to_user(ubuf, prng_data->buf, chunk))
141 return -EFAULT; 568 return -EFAULT;
142 569
143 nbytes -= chunk; 570 nbytes -= chunk;
144 ret += chunk; 571 ret += chunk;
145 ubuf += chunk; 572 ubuf += chunk;
146 } 573 }
574
575 /* unlock prng_data struct */
576 mutex_unlock(&prng_data->mutex);
577
147 return ret; 578 return ret;
148} 579}
149 580
150static const struct file_operations prng_fops = { 581
582static ssize_t prng_sha512_read(struct file *file, char __user *ubuf,
583 size_t nbytes, loff_t *ppos)
584{
585 int n, ret = 0;
586 u8 *p;
587
588 /* if errorflag is set do nothing and return 'broken pipe' */
589 if (prng_errorflag)
590 return -EPIPE;
591
592 /* lock prng_data struct */
593 if (mutex_lock_interruptible(&prng_data->mutex))
594 return -ERESTARTSYS;
595
596 while (nbytes) {
597 if (need_resched()) {
598 if (signal_pending(current)) {
599 if (ret == 0)
600 ret = -ERESTARTSYS;
601 break;
602 }
603 /* give mutex free before calling schedule() */
604 mutex_unlock(&prng_data->mutex);
605 schedule();
606 /* occopy mutex again */
607 if (mutex_lock_interruptible(&prng_data->mutex)) {
608 if (ret == 0)
609 ret = -ERESTARTSYS;
610 return ret;
611 }
612 }
613 if (prng_data->rest) {
614 /* push left over random bytes from the previous read */
615 p = prng_data->buf + prng_chunk_size - prng_data->rest;
616 n = (nbytes < prng_data->rest) ?
617 nbytes : prng_data->rest;
618 prng_data->rest -= n;
619 } else {
620 /* generate one chunk of random bytes into read buf */
621 p = prng_data->buf;
622 n = prng_sha512_generate(p, prng_chunk_size);
623 if (n < 0) {
624 ret = n;
625 break;
626 }
627 if (nbytes < prng_chunk_size) {
628 n = nbytes;
629 prng_data->rest = prng_chunk_size - n;
630 } else {
631 n = prng_chunk_size;
632 prng_data->rest = 0;
633 }
634 }
635 if (copy_to_user(ubuf, p, n)) {
636 ret = -EFAULT;
637 break;
638 }
639 ubuf += n;
640 nbytes -= n;
641 ret += n;
642 }
643
644 /* unlock prng_data struct */
645 mutex_unlock(&prng_data->mutex);
646
647 return ret;
648}
649
650
651/*** sysfs stuff ***/
652
653static const struct file_operations prng_sha512_fops = {
654 .owner = THIS_MODULE,
655 .open = &prng_open,
656 .release = NULL,
657 .read = &prng_sha512_read,
658 .llseek = noop_llseek,
659};
660static const struct file_operations prng_tdes_fops = {
151 .owner = THIS_MODULE, 661 .owner = THIS_MODULE,
152 .open = &prng_open, 662 .open = &prng_open,
153 .release = NULL, 663 .release = NULL,
154 .read = &prng_read, 664 .read = &prng_tdes_read,
155 .llseek = noop_llseek, 665 .llseek = noop_llseek,
156}; 666};
157 667
158static struct miscdevice prng_dev = { 668static struct miscdevice prng_sha512_dev = {
669 .name = "prandom",
670 .minor = MISC_DYNAMIC_MINOR,
671 .fops = &prng_sha512_fops,
672};
673static struct miscdevice prng_tdes_dev = {
159 .name = "prandom", 674 .name = "prandom",
160 .minor = MISC_DYNAMIC_MINOR, 675 .minor = MISC_DYNAMIC_MINOR,
161 .fops = &prng_fops, 676 .fops = &prng_tdes_fops,
162}; 677};
163 678
679
680/* chunksize attribute (ro) */
681static ssize_t prng_chunksize_show(struct device *dev,
682 struct device_attribute *attr,
683 char *buf)
684{
685 return snprintf(buf, PAGE_SIZE, "%u\n", prng_chunk_size);
686}
687static DEVICE_ATTR(chunksize, 0444, prng_chunksize_show, NULL);
688
689/* counter attribute (ro) */
690static ssize_t prng_counter_show(struct device *dev,
691 struct device_attribute *attr,
692 char *buf)
693{
694 u64 counter;
695
696 if (mutex_lock_interruptible(&prng_data->mutex))
697 return -ERESTARTSYS;
698 if (prng_mode == PRNG_MODE_SHA512)
699 counter = prng_data->ppnows.stream_bytes;
700 else
701 counter = prng_data->prngws.byte_counter;
702 mutex_unlock(&prng_data->mutex);
703
704 return snprintf(buf, PAGE_SIZE, "%llu\n", counter);
705}
706static DEVICE_ATTR(byte_counter, 0444, prng_counter_show, NULL);
707
708/* errorflag attribute (ro) */
709static ssize_t prng_errorflag_show(struct device *dev,
710 struct device_attribute *attr,
711 char *buf)
712{
713 return snprintf(buf, PAGE_SIZE, "%d\n", prng_errorflag);
714}
715static DEVICE_ATTR(errorflag, 0444, prng_errorflag_show, NULL);
716
717/* mode attribute (ro) */
718static ssize_t prng_mode_show(struct device *dev,
719 struct device_attribute *attr,
720 char *buf)
721{
722 if (prng_mode == PRNG_MODE_TDES)
723 return snprintf(buf, PAGE_SIZE, "TDES\n");
724 else
725 return snprintf(buf, PAGE_SIZE, "SHA512\n");
726}
727static DEVICE_ATTR(mode, 0444, prng_mode_show, NULL);
728
729/* reseed attribute (w) */
730static ssize_t prng_reseed_store(struct device *dev,
731 struct device_attribute *attr,
732 const char *buf, size_t count)
733{
734 if (mutex_lock_interruptible(&prng_data->mutex))
735 return -ERESTARTSYS;
736 prng_sha512_reseed();
737 mutex_unlock(&prng_data->mutex);
738
739 return count;
740}
741static DEVICE_ATTR(reseed, 0200, NULL, prng_reseed_store);
742
743/* reseed limit attribute (rw) */
744static ssize_t prng_reseed_limit_show(struct device *dev,
745 struct device_attribute *attr,
746 char *buf)
747{
748 return snprintf(buf, PAGE_SIZE, "%u\n", prng_reseed_limit);
749}
750static ssize_t prng_reseed_limit_store(struct device *dev,
751 struct device_attribute *attr,
752 const char *buf, size_t count)
753{
754 unsigned limit;
755
756 if (sscanf(buf, "%u\n", &limit) != 1)
757 return -EINVAL;
758
759 if (prng_mode == PRNG_MODE_SHA512) {
760 if (limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
761 return -EINVAL;
762 } else {
763 if (limit < PRNG_RESEED_LIMIT_TDES_LOWER)
764 return -EINVAL;
765 }
766
767 prng_reseed_limit = limit;
768
769 return count;
770}
771static DEVICE_ATTR(reseed_limit, 0644,
772 prng_reseed_limit_show, prng_reseed_limit_store);
773
774/* strength attribute (ro) */
775static ssize_t prng_strength_show(struct device *dev,
776 struct device_attribute *attr,
777 char *buf)
778{
779 return snprintf(buf, PAGE_SIZE, "256\n");
780}
781static DEVICE_ATTR(strength, 0444, prng_strength_show, NULL);
782
783static struct attribute *prng_sha512_dev_attrs[] = {
784 &dev_attr_errorflag.attr,
785 &dev_attr_chunksize.attr,
786 &dev_attr_byte_counter.attr,
787 &dev_attr_mode.attr,
788 &dev_attr_reseed.attr,
789 &dev_attr_reseed_limit.attr,
790 &dev_attr_strength.attr,
791 NULL
792};
793static struct attribute *prng_tdes_dev_attrs[] = {
794 &dev_attr_chunksize.attr,
795 &dev_attr_byte_counter.attr,
796 &dev_attr_mode.attr,
797 NULL
798};
799
800static struct attribute_group prng_sha512_dev_attr_group = {
801 .attrs = prng_sha512_dev_attrs
802};
803static struct attribute_group prng_tdes_dev_attr_group = {
804 .attrs = prng_tdes_dev_attrs
805};
806
807
808/*** module init and exit ***/
809
164static int __init prng_init(void) 810static int __init prng_init(void)
165{ 811{
166 int ret; 812 int ret;
@@ -169,43 +815,105 @@ static int __init prng_init(void)
169 if (!crypt_s390_func_available(KMC_PRNG, CRYPT_S390_MSA)) 815 if (!crypt_s390_func_available(KMC_PRNG, CRYPT_S390_MSA))
170 return -EOPNOTSUPP; 816 return -EOPNOTSUPP;
171 817
172 if (prng_chunk_size < 8) 818 /* choose prng mode */
173 return -EINVAL; 819 if (prng_mode != PRNG_MODE_TDES) {
820 /* check for MSA5 support for PPNO operations */
821 if (!crypt_s390_func_available(PPNO_SHA512_DRNG_GEN,
822 CRYPT_S390_MSA5)) {
823 if (prng_mode == PRNG_MODE_SHA512) {
824 pr_err("The prng module cannot "
825 "start in SHA-512 mode\n");
826 return -EOPNOTSUPP;
827 }
828 prng_mode = PRNG_MODE_TDES;
829 } else
830 prng_mode = PRNG_MODE_SHA512;
831 }
174 832
175 p = kmalloc(sizeof(struct s390_prng_data), GFP_KERNEL); 833 if (prng_mode == PRNG_MODE_SHA512) {
176 if (!p)
177 return -ENOMEM;
178 p->count = 0;
179 834
180 p->buf = kmalloc(prng_chunk_size, GFP_KERNEL); 835 /* SHA512 mode */
181 if (!p->buf) {
182 ret = -ENOMEM;
183 goto out_free;
184 }
185 836
186 /* initialize the PRNG, add 128 bits of entropy */ 837 if (prng_chunk_size < PRNG_CHUNKSIZE_SHA512_MIN
187 prng_seed(16); 838 || prng_chunk_size > PRNG_CHUNKSIZE_SHA512_MAX)
839 return -EINVAL;
840 prng_chunk_size = (prng_chunk_size + 0x3f) & ~0x3f;
188 841
189 ret = misc_register(&prng_dev); 842 if (prng_reseed_limit == 0)
190 if (ret) 843 prng_reseed_limit = PRNG_RESEED_LIMIT_SHA512;
191 goto out_buf; 844 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
192 return 0; 845 return -EINVAL;
846
847 ret = prng_sha512_instantiate();
848 if (ret)
849 goto out;
850
851 ret = misc_register(&prng_sha512_dev);
852 if (ret) {
853 prng_sha512_deinstantiate();
854 goto out;
855 }
856 ret = sysfs_create_group(&prng_sha512_dev.this_device->kobj,
857 &prng_sha512_dev_attr_group);
858 if (ret) {
859 misc_deregister(&prng_sha512_dev);
860 prng_sha512_deinstantiate();
861 goto out;
862 }
193 863
194out_buf: 864 } else {
195 kfree(p->buf); 865
196out_free: 866 /* TDES mode */
197 kfree(p); 867
868 if (prng_chunk_size < PRNG_CHUNKSIZE_TDES_MIN
869 || prng_chunk_size > PRNG_CHUNKSIZE_TDES_MAX)
870 return -EINVAL;
871 prng_chunk_size = (prng_chunk_size + 0x07) & ~0x07;
872
873 if (prng_reseed_limit == 0)
874 prng_reseed_limit = PRNG_RESEED_LIMIT_TDES;
875 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_TDES_LOWER)
876 return -EINVAL;
877
878 ret = prng_tdes_instantiate();
879 if (ret)
880 goto out;
881
882 ret = misc_register(&prng_tdes_dev);
883 if (ret) {
884 prng_tdes_deinstantiate();
885 goto out;
886 }
887 ret = sysfs_create_group(&prng_tdes_dev.this_device->kobj,
888 &prng_tdes_dev_attr_group);
889 if (ret) {
890 misc_deregister(&prng_tdes_dev);
891 prng_tdes_deinstantiate();
892 goto out;
893 }
894
895 }
896
897out:
198 return ret; 898 return ret;
199} 899}
200 900
901
201static void __exit prng_exit(void) 902static void __exit prng_exit(void)
202{ 903{
203 /* wipe me */ 904 if (prng_mode == PRNG_MODE_SHA512) {
204 kzfree(p->buf); 905 sysfs_remove_group(&prng_sha512_dev.this_device->kobj,
205 kfree(p); 906 &prng_sha512_dev_attr_group);
206 907 misc_deregister(&prng_sha512_dev);
207 misc_deregister(&prng_dev); 908 prng_sha512_deinstantiate();
909 } else {
910 sysfs_remove_group(&prng_tdes_dev.this_device->kobj,
911 &prng_tdes_dev_attr_group);
912 misc_deregister(&prng_tdes_dev);
913 prng_tdes_deinstantiate();
914 }
208} 915}
209 916
917
210module_init(prng_init); 918module_init(prng_init);
211module_exit(prng_exit); 919module_exit(prng_exit);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-01 04:42:53 -0500