Revert crypto: prng - Deterministic CPRNG

This patch is clearly not ready yet for prime time. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Herbert Xu <herbert@gondor.apana.org.au> 2008-07-15 11:46:24 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2008-07-15 11:46:24 -0400
commit: 7890ea1f95fa8968fa6f5bb5860e6632932abfd3 (patch)
tree: 2759b92fc817b3cae8cf88d9a8e5b74feeabb4cd /crypto
parent: 5a86102248592e178a9023359ccf7f0e489d8e35 (diff)
4 files changed, 1 insertions, 447 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index ea503572fcbe..d83185915eee 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -666,15 +666,6 @@ config CRYPTO_LZO
        help
          This is the LZO algorithm.
-comment "Random Number Generation"
-config CRYPTO_PRNG
-        tristate "Pseudo Random Number Generation for Cryptographic modules"
-        help
-          This option enables the generic pseudo random number generator
-          for cryptographic modules.  Uses the Algorithm specified in
-          ANSI X9.31 A.2.4
 source "drivers/crypto/Kconfig"
 endif   # if CRYPTO
diff --git a/crypto/Makefile b/crypto/Makefile
index ef61b3b64660..d4f3ed857df0 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -69,7 +69,7 @@ obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
 obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
 obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o
 obj-$(CONFIG_CRYPTO_LZO) += lzo.o
-obj-$(CONFIG_CRYPTO_PRNG) += prng.o
 obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
 #
diff --git a/crypto/prng.c b/crypto/prng.c
deleted file mode 100644
index 24e4f3282c56..000000000000
--- a/crypto/prng.c
+++ /dev/null
@@ -1,410 +0,0 @@
-/*
- * PRNG: Pseudo Random Number Generator
- *       Based on NIST Recommended PRNG From ANSI X9.31 Appendix A.2.4 using
- *       AES 128 cipher in RFC3686 ctr mode
- *
- *  (C) Neil Horman <nhorman@tuxdriver.com>
- *
- *  This program is free software; you can redistribute it and/or modify it
- *  under the terms of the GNU General Public License as published by the
- *  Free Software Foundation; either version 2 of the License, or (at your
- *  any later version.
- *
- *
- */
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/module.h>
-#include <linux/mm.h>
-#include <linux/slab.h>
-#include <linux/fs.h>
-#include <linux/scatterlist.h>
-#include <linux/string.h>
-#include <linux/crypto.h>
-#include <linux/highmem.h>
-#include <linux/moduleparam.h>
-#include <linux/jiffies.h>
-#include <linux/timex.h>
-#include <linux/interrupt.h>
-#include <linux/miscdevice.h>
-#include "prng.h"
-#define TEST_PRNG_ON_START 0
-#define DEFAULT_PRNG_KEY "0123456789abcdef1011"
-#define DEFAULT_PRNG_KSZ 20
-#define DEFAULT_PRNG_IV "defaultv"
-#define DEFAULT_PRNG_IVSZ 8
-#define DEFAULT_BLK_SZ 16
-#define DEFAULT_V_SEED "zaybxcwdveuftgsh"
-/*
- * Flags for the prng_context flags field
- */
-#define PRNG_FIXED_SIZE 0x1
-#define PRNG_NEED_RESET 0x2
-/*
- * Note: DT is our counter value
- *       I is our intermediate value
- *       V is our seed vector
- * See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
- * for implementation details
- */
-struct prng_context {
-        char *prng_key;
-        char *prng_iv;
-        spinlock_t prng_lock;
-        unsigned char rand_data[DEFAULT_BLK_SZ];
-        unsigned char last_rand_data[DEFAULT_BLK_SZ];
-        unsigned char DT[DEFAULT_BLK_SZ];
-        unsigned char I[DEFAULT_BLK_SZ];
-        unsigned char V[DEFAULT_BLK_SZ];
-        u32 rand_data_valid;
-        struct crypto_blkcipher *tfm;
-        u32 flags;
-};
-static int dbg;
-static void hexdump(char *note, unsigned char *buf, unsigned int len)
-{
-        if (dbg) {
-                printk(KERN_CRIT "%s", note);
-                print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
-                                16, 1,
-                                buf, len, false);
-        }
-}
-#define dbgprint(format, args...) do {if(dbg) printk(format, ##args);} while(0)
-static void xor_vectors(unsigned char *in1, unsigned char *in2,
-                        unsigned char *out, unsigned int size)
-{
-        int i;
-        for (i=0;i<size;i++)
-                out[i] = in1[i] ^ in2[i];
-}
-/*
- * Returns DEFAULT_BLK_SZ bytes of random data per call
- * returns 0 if generation succeded, <0 if something went wrong
- */
-static int _get_more_prng_bytes(struct prng_context *ctx)
-{
-        int i;
-        struct blkcipher_desc desc;
-        struct scatterlist sg_in, sg_out;
-        int ret;
-        unsigned char tmp[DEFAULT_BLK_SZ];
-        desc.tfm = ctx->tfm;
-        desc.flags = 0;
-        dbgprint(KERN_CRIT "Calling _get_more_prng_bytes for context %p\n",ctx);
-        hexdump("Input DT: ", ctx->DT, DEFAULT_BLK_SZ);
-        hexdump("Input I: ", ctx->I, DEFAULT_BLK_SZ);
-        hexdump("Input V: ", ctx->V, DEFAULT_BLK_SZ);
-        /*
-         * This algorithm is a 3 stage state machine
-         */
-        for (i=0;i<3;i++) {
-                desc.tfm = ctx->tfm;
-                desc.flags = 0;
-                switch (i) {
-                        case 0:
-                                /*
-                                 * Start by encrypting the counter value
-                                 * This gives us an intermediate value I
-                                 */
-                                memcpy(tmp, ctx->DT, DEFAULT_BLK_SZ);
-                                sg_init_one(&sg_out, &ctx->I[0], DEFAULT_BLK_SZ);
-                                hexdump("tmp stage 0: ", tmp, DEFAULT_BLK_SZ);
-                                break;
-                        case 1:
-                                /*
-                                 * Next xor I with our secret vector V
-                                 * encrypt that result to obtain our
-                                 * pseudo random data which we output
-                                 */
-                                xor_vectors(ctx->I, ctx->V, tmp, DEFAULT_BLK_SZ);
-                                sg_init_one(&sg_out, &ctx->rand_data[0], DEFAULT_BLK_SZ);
-                                hexdump("tmp stage 1: ", tmp, DEFAULT_BLK_SZ);
-                                break;
-                        case 2:
-                                /*
-                                 * First check that we didn't produce the same random data
-                                 * that we did last time around through this
-                                 */
-                                if (!memcmp(ctx->rand_data, ctx->last_rand_data, DEFAULT_BLK_SZ)) {
-                                        printk(KERN_ERR "ctx %p Failed repetition check!\n",
-                                                ctx);
-                                        ctx->flags |= PRNG_NEED_RESET;
-                                        return -1;
-                                }
-                                memcpy(ctx->last_rand_data, ctx->rand_data, DEFAULT_BLK_SZ);
-                                /*
-                                 * Lastly xor the random data with I
-                                 * and encrypt that to obtain a new secret vector V
-                                 */
-                                xor_vectors(ctx->rand_data, ctx->I, tmp, DEFAULT_BLK_SZ);
-                                sg_init_one(&sg_out, &ctx->V[0], DEFAULT_BLK_SZ);
-                                hexdump("tmp stage 2: ", tmp, DEFAULT_BLK_SZ);
-                                break;
-                }
-                /* Initialize our input buffer */
-                sg_init_one(&sg_in, &tmp[0], DEFAULT_BLK_SZ);
-                /* do the encryption */
-                ret = crypto_blkcipher_encrypt(&desc, &sg_out, &sg_in, DEFAULT_BLK_SZ);
-                /* And check the result */
-                if (ret) {
-                        dbgprint(KERN_CRIT "Encryption of new block failed for context %p\n",ctx);
-                        ctx->rand_data_valid = DEFAULT_BLK_SZ;
-                        return -1;
-                }
-        }
-        /*
-         * Now update our DT value
-         */
-        for (i=DEFAULT_BLK_SZ-1;i>0;i--) {
-                ctx->DT[i] = ctx->DT[i-1];
-        }
-        ctx->DT[0] += 1;
-        dbgprint("Returning new block for context %p\n",ctx);
-        ctx->rand_data_valid = 0;
-        hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ);
-        hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ);
-        hexdump("Output V: ", ctx->V, DEFAULT_BLK_SZ);
-        hexdump("New Random Data: ", ctx->rand_data, DEFAULT_BLK_SZ);
-        return 0;
-}
-/* Our exported functions */
-int get_prng_bytes(char *buf, int nbytes, struct prng_context *ctx)
-{
-        unsigned long flags;
-        unsigned char *ptr = buf;
-        unsigned int byte_count = (unsigned int)nbytes;
-        int err;
-        if (nbytes < 0)
-                return -EINVAL;
-        spin_lock_irqsave(&ctx->prng_lock, flags);
-        err = -EFAULT;
-        if (ctx->flags & PRNG_NEED_RESET)
-                goto done;
-        /*
-         * If the FIXED_SIZE flag is on, only return whole blocks of
-         * pseudo random data
-         */
-        err = -EINVAL;
-        if (ctx->flags & PRNG_FIXED_SIZE) {
-                if (nbytes < DEFAULT_BLK_SZ)
-                        goto done;
-                byte_count = DEFAULT_BLK_SZ;
-        }
-        err = byte_count;
-        dbgprint(KERN_CRIT "getting %d random bytes for context %p\n",byte_count, ctx);
-remainder:
-        if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
-                if (_get_more_prng_bytes(ctx) < 0) {
-                        memset(buf, 0, nbytes);
-                        err = -EFAULT;
-                        goto done;
-                }
-        }
-        /*
-         * Copy up to the next whole block size
-         */
-        if (byte_count < DEFAULT_BLK_SZ) {
-                for (;ctx->rand_data_valid < DEFAULT_BLK_SZ; ctx->rand_data_valid++) {
-                        *ptr = ctx->rand_data[ctx->rand_data_valid];
-                        ptr++;
-                        byte_count--;
-                        if (byte_count == 0)
-                                goto done;
-                }
-        }
-        /*
-         * Now copy whole blocks
-         */
-        for(;byte_count >= DEFAULT_BLK_SZ; byte_count -= DEFAULT_BLK_SZ) {
-                if (_get_more_prng_bytes(ctx) < 0) {
-                        memset(buf, 0, nbytes);
-                        err = -1;
-                        goto done;
-                }
-                memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ);
-                ctx->rand_data_valid += DEFAULT_BLK_SZ;
-                ptr += DEFAULT_BLK_SZ;
-        }
-        /*
-         * Now copy any extra partial data
-         */
-        if (byte_count)
-                goto remainder;
-done:
-        spin_unlock_irqrestore(&ctx->prng_lock, flags);
-        dbgprint(KERN_CRIT "returning %d from get_prng_bytes in context %p\n",err, ctx);
-        return err;
-}
-EXPORT_SYMBOL_GPL(get_prng_bytes);
-struct prng_context *alloc_prng_context(void)
-{
-        struct prng_context *ctx=kzalloc(sizeof(struct prng_context), GFP_KERNEL);
-        spin_lock_init(&ctx->prng_lock);
-        if (reset_prng_context(ctx, NULL, NULL, NULL, NULL)) {
-                kfree(ctx);
-                ctx = NULL;
-        }
-        dbgprint(KERN_CRIT "returning context %p\n",ctx);
-        return ctx;
-}
-EXPORT_SYMBOL_GPL(alloc_prng_context);
-void free_prng_context(struct prng_context *ctx)
-{
-        crypto_free_blkcipher(ctx->tfm);
-        kfree(ctx);
-}
-EXPORT_SYMBOL_GPL(free_prng_context);
-int reset_prng_context(struct prng_context *ctx,
-                       unsigned char *key, unsigned char *iv,
-                       unsigned char *V, unsigned char *DT)
-{
-        int ret;
-        int iv_len;
-        int rc = -EFAULT;
-        spin_lock(&ctx->prng_lock);
-        ctx->flags |= PRNG_NEED_RESET;
-        if (key)
-                memcpy(ctx->prng_key,key,strlen(ctx->prng_key));
-        else
-                ctx->prng_key = DEFAULT_PRNG_KEY;
-        if (iv)
-                memcpy(ctx->prng_iv,iv, strlen(ctx->prng_iv));
-        else
-                ctx->prng_iv = DEFAULT_PRNG_IV;
-        if (V)
-                memcpy(ctx->V,V,DEFAULT_BLK_SZ);
-        else
-                memcpy(ctx->V,DEFAULT_V_SEED,DEFAULT_BLK_SZ);
-        if (DT)
-                memcpy(ctx->DT, DT, DEFAULT_BLK_SZ);
-        else
-                memset(ctx->DT, 0, DEFAULT_BLK_SZ);
-        memset(ctx->rand_data,0,DEFAULT_BLK_SZ);
-        memset(ctx->last_rand_data,0,DEFAULT_BLK_SZ);
-        if (ctx->tfm)
-                crypto_free_blkcipher(ctx->tfm);
-        ctx->tfm = crypto_alloc_blkcipher("rfc3686(ctr(aes))",0,0);
-        if (!ctx->tfm) {
-                dbgprint(KERN_CRIT "Failed to alloc crypto tfm for context %p\n",ctx->tfm);
-                goto out;
-        }
-        ctx->rand_data_valid = DEFAULT_BLK_SZ;
-        ret = crypto_blkcipher_setkey(ctx->tfm, ctx->prng_key, strlen(ctx->prng_key));
-        if (ret) {
-                dbgprint(KERN_CRIT "PRNG: setkey() failed flags=%x\n",
-                        crypto_blkcipher_get_flags(ctx->tfm));
-                crypto_free_blkcipher(ctx->tfm);
-                goto out;
-        }
-        iv_len = crypto_blkcipher_ivsize(ctx->tfm);
-        if (iv_len) {
-                crypto_blkcipher_set_iv(ctx->tfm, ctx->prng_iv, iv_len);
-        }
-        rc = 0;
-        ctx->flags &= ~PRNG_NEED_RESET;
-out:
-        spin_unlock(&ctx->prng_lock);
-        return rc;
-}
-EXPORT_SYMBOL_GPL(reset_prng_context);
-/* Module initalization */
-static int __init prng_mod_init(void)
-{
-#ifdef TEST_PRNG_ON_START
-        int i;
-        unsigned char tmpbuf[DEFAULT_BLK_SZ];
-        struct prng_context *ctx = alloc_prng_context();
-        if (ctx == NULL)
-                return -EFAULT;
-        for (i=0;i<16;i++) {
-                if (get_prng_bytes(tmpbuf, DEFAULT_BLK_SZ, ctx) < 0) {
-                        free_prng_context(ctx);
-                        return -EFAULT;
-                }
-        }
-        free_prng_context(ctx);
-#endif
-        return 0;
-}
-static void __exit prng_mod_fini(void)
-{
-        return;
-}
-MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("Software Pseudo Random Number Generator");
-MODULE_AUTHOR("Neil Horman <nhorman@tuxdriver.com>");
-module_param(dbg, int, 0);
-MODULE_PARM_DESC(dbg, "Boolean to enable debugging (0/1 == off/on)");
-module_init(prng_mod_init);
-module_exit(prng_mod_fini);
diff --git a/crypto/prng.h b/crypto/prng.h
deleted file mode 100644
index 1ac9be5009b7..000000000000
--- a/crypto/prng.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * PRNG: Pseudo Random Number Generator
- *
- *  (C) Neil Horman <nhorman@tuxdriver.com>
- *
- *  This program is free software; you can redistribute it and/or modify it
- *  under the terms of the GNU General Public License as published by the
- *  Free Software Foundation; either version 2 of the License, or (at your
- *  any later version.
- *
- *
- */
-#ifndef _PRNG_H_
-#define _PRNG_H_
-struct prng_context;
-int get_prng_bytes(char *buf, int nbytes, struct prng_context *ctx);
-struct prng_context *alloc_prng_context(void);
-int reset_prng_context(struct prng_context *ctx,
-                        unsigned char *key, unsigned char *iv,
-                        unsigned char *V,
-                        unsigned char *DT);
-void free_prng_context(struct prng_context *ctx);
-#endif
author	Herbert Xu <herbert@gondor.apana.org.au>	2008-07-15 11:46:24 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2008-07-15 11:46:24 -0400
commit	7890ea1f95fa8968fa6f5bb5860e6632932abfd3 (patch)
tree	2759b92fc817b3cae8cf88d9a8e5b74feeabb4cd /crypto
parent	5a86102248592e178a9023359ccf7f0e489d8e35 (diff)

diff --git a/crypto/Kconfig b/crypto/Kconfig index ea503572fcbe..d83185915eee 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig
@@ -666,15 +666,6 @@ config CRYPTO_LZO
666	help	666	help
667	This is the LZO algorithm.	667	This is the LZO algorithm.
668		668
669	comment "Random Number Generation"
670
671	config CRYPTO_PRNG
672	tristate "Pseudo Random Number Generation for Cryptographic modules"
673	help
674	This option enables the generic pseudo random number generator
675	for cryptographic modules. Uses the Algorithm specified in
676	ANSI X9.31 A.2.4
677
678	source "drivers/crypto/Kconfig"	669	source "drivers/crypto/Kconfig"
679		670
680	endif # if CRYPTO	671	endif # if CRYPTO


diff --git a/crypto/Makefile b/crypto/Makefile index ef61b3b64660..d4f3ed857df0 100644 --- a/crypto/Makefile +++ b/crypto/Makefile
@@ -69,7 +69,7 @@ obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
69	obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o	69	obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
70	obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o	70	obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o
71	obj-$(CONFIG_CRYPTO_LZO) += lzo.o	71	obj-$(CONFIG_CRYPTO_LZO) += lzo.o
72	obj-$(CONFIG_CRYPTO_PRNG) += prng.o	72
73	obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o	73	obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
74		74
75	#	75	#


diff --git a/crypto/prng.c b/crypto/prng.c deleted file mode 100644 index 24e4f3282c56..000000000000 --- a/crypto/prng.c +++ /dev/null
@@ -1,410 +0,0 @@
1	/*
2	* PRNG: Pseudo Random Number Generator
3	* Based on NIST Recommended PRNG From ANSI X9.31 Appendix A.2.4 using
4	* AES 128 cipher in RFC3686 ctr mode
5	*
6	* (C) Neil Horman <nhorman@tuxdriver.com>
7	*
8	* This program is free software; you can redistribute it and/or modify it
9	* under the terms of the GNU General Public License as published by the
10	* Free Software Foundation; either version 2 of the License, or (at your
11	* any later version.
12	*
13	*
14	*/
15
16	#include <linux/err.h>
17	#include <linux/init.h>
18	#include <linux/module.h>
19	#include <linux/mm.h>
20	#include <linux/slab.h>
21	#include <linux/fs.h>
22	#include <linux/scatterlist.h>
23	#include <linux/string.h>
24	#include <linux/crypto.h>
25	#include <linux/highmem.h>
26	#include <linux/moduleparam.h>
27	#include <linux/jiffies.h>
28	#include <linux/timex.h>
29	#include <linux/interrupt.h>
30	#include <linux/miscdevice.h>
31	#include "prng.h"
32
33	#define TEST_PRNG_ON_START 0
34
35	#define DEFAULT_PRNG_KEY "0123456789abcdef1011"
36	#define DEFAULT_PRNG_KSZ 20
37	#define DEFAULT_PRNG_IV "defaultv"
38	#define DEFAULT_PRNG_IVSZ 8
39	#define DEFAULT_BLK_SZ 16
40	#define DEFAULT_V_SEED "zaybxcwdveuftgsh"
41
42	/*
43	* Flags for the prng_context flags field
44	*/
45
46	#define PRNG_FIXED_SIZE 0x1
47	#define PRNG_NEED_RESET 0x2
48
49	/*
50	* Note: DT is our counter value
51	* I is our intermediate value
52	* V is our seed vector
53	* See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
54	* for implementation details
55	*/
56
57
58	struct prng_context {
59	char *prng_key;
60	char *prng_iv;
61	spinlock_t prng_lock;
62	unsigned char rand_data[DEFAULT_BLK_SZ];
63	unsigned char last_rand_data[DEFAULT_BLK_SZ];
64	unsigned char DT[DEFAULT_BLK_SZ];
65	unsigned char I[DEFAULT_BLK_SZ];
66	unsigned char V[DEFAULT_BLK_SZ];
67	u32 rand_data_valid;
68	struct crypto_blkcipher *tfm;
69	u32 flags;
70	};
71
72	static int dbg;
73
74	static void hexdump(char note, unsigned char buf, unsigned int len)
75	{
76	if (dbg) {
77	printk(KERN_CRIT "%s", note);
78	print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
79	16, 1,
80	buf, len, false);
81	}
82	}
83
84	#define dbgprint(format, args...) do {if(dbg) printk(format, ##args);} while(0)
85
86	static void xor_vectors(unsigned char in1, unsigned char in2,
87	unsigned char *out, unsigned int size)
88	{
89	int i;
90
91	for (i=0;i<size;i++)
92	out[i] = in1[i] ^ in2[i];
93
94	}
95	/*
96	* Returns DEFAULT_BLK_SZ bytes of random data per call
97	* returns 0 if generation succeded, <0 if something went wrong
98	*/
99	static int _get_more_prng_bytes(struct prng_context *ctx)
100	{
101	int i;
102	struct blkcipher_desc desc;
103	struct scatterlist sg_in, sg_out;
104	int ret;
105	unsigned char tmp[DEFAULT_BLK_SZ];
106
107	desc.tfm = ctx->tfm;
108	desc.flags = 0;
109
110
111	dbgprint(KERN_CRIT "Calling _get_more_prng_bytes for context %p\n",ctx);
112
113	hexdump("Input DT: ", ctx->DT, DEFAULT_BLK_SZ);
114	hexdump("Input I: ", ctx->I, DEFAULT_BLK_SZ);
115	hexdump("Input V: ", ctx->V, DEFAULT_BLK_SZ);
116
117	/*
118	* This algorithm is a 3 stage state machine
119	*/
120	for (i=0;i<3;i++) {
121
122	desc.tfm = ctx->tfm;
123	desc.flags = 0;
124	switch (i) {
125	case 0:
126	/*
127	* Start by encrypting the counter value
128	* This gives us an intermediate value I
129	*/
130	memcpy(tmp, ctx->DT, DEFAULT_BLK_SZ);
131	sg_init_one(&sg_out, &ctx->I[0], DEFAULT_BLK_SZ);
132	hexdump("tmp stage 0: ", tmp, DEFAULT_BLK_SZ);
133	break;
134	case 1:
135
136	/*
137	* Next xor I with our secret vector V
138	* encrypt that result to obtain our
139	* pseudo random data which we output
140	*/
141	xor_vectors(ctx->I, ctx->V, tmp, DEFAULT_BLK_SZ);
142	sg_init_one(&sg_out, &ctx->rand_data[0], DEFAULT_BLK_SZ);
143	hexdump("tmp stage 1: ", tmp, DEFAULT_BLK_SZ);
144	break;
145	case 2:
146	/*
147	* First check that we didn't produce the same random data
148	* that we did last time around through this
149	*/
150	if (!memcmp(ctx->rand_data, ctx->last_rand_data, DEFAULT_BLK_SZ)) {
151	printk(KERN_ERR "ctx %p Failed repetition check!\n",
152	ctx);
153	ctx->flags \|= PRNG_NEED_RESET;
154	return -1;
155	}
156	memcpy(ctx->last_rand_data, ctx->rand_data, DEFAULT_BLK_SZ);
157
158	/*
159	* Lastly xor the random data with I
160	* and encrypt that to obtain a new secret vector V
161	*/
162	xor_vectors(ctx->rand_data, ctx->I, tmp, DEFAULT_BLK_SZ);
163	sg_init_one(&sg_out, &ctx->V[0], DEFAULT_BLK_SZ);
164	hexdump("tmp stage 2: ", tmp, DEFAULT_BLK_SZ);
165	break;
166	}
167
168	/* Initialize our input buffer */
169	sg_init_one(&sg_in, &tmp[0], DEFAULT_BLK_SZ);
170
171	/* do the encryption */
172	ret = crypto_blkcipher_encrypt(&desc, &sg_out, &sg_in, DEFAULT_BLK_SZ);
173
174	/* And check the result */
175	if (ret) {
176	dbgprint(KERN_CRIT "Encryption of new block failed for context %p\n",ctx);
177	ctx->rand_data_valid = DEFAULT_BLK_SZ;
178	return -1;
179	}
180
181	}
182
183	/*
184	* Now update our DT value
185	*/
186	for (i=DEFAULT_BLK_SZ-1;i>0;i--) {
187	ctx->DT[i] = ctx->DT[i-1];
188	}
189	ctx->DT[0] += 1;
190
191	dbgprint("Returning new block for context %p\n",ctx);
192	ctx->rand_data_valid = 0;
193
194	hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ);
195	hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ);
196	hexdump("Output V: ", ctx->V, DEFAULT_BLK_SZ);
197	hexdump("New Random Data: ", ctx->rand_data, DEFAULT_BLK_SZ);
198
199	return 0;
200	}
201
202	/* Our exported functions */
203	int get_prng_bytes(char buf, int nbytes, struct prng_context ctx)
204	{
205	unsigned long flags;
206	unsigned char *ptr = buf;
207	unsigned int byte_count = (unsigned int)nbytes;
208	int err;
209
210
211	if (nbytes < 0)
212	return -EINVAL;
213
214	spin_lock_irqsave(&ctx->prng_lock, flags);
215
216	err = -EFAULT;
217	if (ctx->flags & PRNG_NEED_RESET)
218	goto done;
219
220	/*
221	* If the FIXED_SIZE flag is on, only return whole blocks of
222	* pseudo random data
223	*/
224	err = -EINVAL;
225	if (ctx->flags & PRNG_FIXED_SIZE) {
226	if (nbytes < DEFAULT_BLK_SZ)
227	goto done;
228	byte_count = DEFAULT_BLK_SZ;
229	}
230
231	err = byte_count;
232
233	dbgprint(KERN_CRIT "getting %d random bytes for context %p\n",byte_count, ctx);
234
235
236	remainder:
237	if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
238	if (_get_more_prng_bytes(ctx) < 0) {
239	memset(buf, 0, nbytes);
240	err = -EFAULT;
241	goto done;
242	}
243	}
244
245	/*
246	* Copy up to the next whole block size
247	*/
248	if (byte_count < DEFAULT_BLK_SZ) {
249	for (;ctx->rand_data_valid < DEFAULT_BLK_SZ; ctx->rand_data_valid++) {
250	*ptr = ctx->rand_data[ctx->rand_data_valid];
251	ptr++;
252	byte_count--;
253	if (byte_count == 0)
254	goto done;
255	}
256	}
257
258	/*
259	* Now copy whole blocks
260	*/
261	for(;byte_count >= DEFAULT_BLK_SZ; byte_count -= DEFAULT_BLK_SZ) {
262	if (_get_more_prng_bytes(ctx) < 0) {
263	memset(buf, 0, nbytes);
264	err = -1;
265	goto done;
266	}
267	memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ);
268	ctx->rand_data_valid += DEFAULT_BLK_SZ;
269	ptr += DEFAULT_BLK_SZ;
270	}
271
272	/*
273	* Now copy any extra partial data
274	*/
275	if (byte_count)
276	goto remainder;
277
278	done:
279	spin_unlock_irqrestore(&ctx->prng_lock, flags);
280	dbgprint(KERN_CRIT "returning %d from get_prng_bytes in context %p\n",err, ctx);
281	return err;
282	}
283	EXPORT_SYMBOL_GPL(get_prng_bytes);
284
285	struct prng_context *alloc_prng_context(void)
286	{
287	struct prng_context *ctx=kzalloc(sizeof(struct prng_context), GFP_KERNEL);
288
289	spin_lock_init(&ctx->prng_lock);
290
291	if (reset_prng_context(ctx, NULL, NULL, NULL, NULL)) {
292	kfree(ctx);
293	ctx = NULL;
294	}
295
296	dbgprint(KERN_CRIT "returning context %p\n",ctx);
297	return ctx;
298	}
299
300	EXPORT_SYMBOL_GPL(alloc_prng_context);
301
302	void free_prng_context(struct prng_context *ctx)
303	{
304	crypto_free_blkcipher(ctx->tfm);
305	kfree(ctx);
306	}
307	EXPORT_SYMBOL_GPL(free_prng_context);
308
309	int reset_prng_context(struct prng_context *ctx,
310	unsigned char key, unsigned char iv,
311	unsigned char V, unsigned char DT)
312	{
313	int ret;
314	int iv_len;
315	int rc = -EFAULT;
316
317	spin_lock(&ctx->prng_lock);
318	ctx->flags \|= PRNG_NEED_RESET;
319
320	if (key)
321	memcpy(ctx->prng_key,key,strlen(ctx->prng_key));
322	else
323	ctx->prng_key = DEFAULT_PRNG_KEY;
324
325	if (iv)
326	memcpy(ctx->prng_iv,iv, strlen(ctx->prng_iv));
327	else
328	ctx->prng_iv = DEFAULT_PRNG_IV;
329
330	if (V)
331	memcpy(ctx->V,V,DEFAULT_BLK_SZ);
332	else
333	memcpy(ctx->V,DEFAULT_V_SEED,DEFAULT_BLK_SZ);
334
335	if (DT)
336	memcpy(ctx->DT, DT, DEFAULT_BLK_SZ);
337	else
338	memset(ctx->DT, 0, DEFAULT_BLK_SZ);
339
340	memset(ctx->rand_data,0,DEFAULT_BLK_SZ);
341	memset(ctx->last_rand_data,0,DEFAULT_BLK_SZ);
342
343	if (ctx->tfm)
344	crypto_free_blkcipher(ctx->tfm);
345
346	ctx->tfm = crypto_alloc_blkcipher("rfc3686(ctr(aes))",0,0);
347	if (!ctx->tfm) {
348	dbgprint(KERN_CRIT "Failed to alloc crypto tfm for context %p\n",ctx->tfm);
349	goto out;
350	}
351
352	ctx->rand_data_valid = DEFAULT_BLK_SZ;
353
354	ret = crypto_blkcipher_setkey(ctx->tfm, ctx->prng_key, strlen(ctx->prng_key));
355	if (ret) {
356	dbgprint(KERN_CRIT "PRNG: setkey() failed flags=%x\n",
357	crypto_blkcipher_get_flags(ctx->tfm));
358	crypto_free_blkcipher(ctx->tfm);
359	goto out;
360	}
361
362	iv_len = crypto_blkcipher_ivsize(ctx->tfm);
363	if (iv_len) {
364	crypto_blkcipher_set_iv(ctx->tfm, ctx->prng_iv, iv_len);
365	}
366	rc = 0;
367	ctx->flags &= ~PRNG_NEED_RESET;
368	out:
369	spin_unlock(&ctx->prng_lock);
370
371	return rc;
372
373	}
374	EXPORT_SYMBOL_GPL(reset_prng_context);
375
376	/* Module initalization */
377	static int __init prng_mod_init(void)
378	{
379
380	#ifdef TEST_PRNG_ON_START
381	int i;
382	unsigned char tmpbuf[DEFAULT_BLK_SZ];
383
384	struct prng_context *ctx = alloc_prng_context();
385	if (ctx == NULL)
386	return -EFAULT;
387	for (i=0;i<16;i++) {
388	if (get_prng_bytes(tmpbuf, DEFAULT_BLK_SZ, ctx) < 0) {
389	free_prng_context(ctx);
390	return -EFAULT;
391	}
392	}
393	free_prng_context(ctx);
394	#endif
395
396	return 0;
397	}
398
399	static void __exit prng_mod_fini(void)
400	{
401	return;
402	}
403
404	MODULE_LICENSE("GPL");
405	MODULE_DESCRIPTION("Software Pseudo Random Number Generator");
406	MODULE_AUTHOR("Neil Horman <nhorman@tuxdriver.com>");
407	module_param(dbg, int, 0);
408	MODULE_PARM_DESC(dbg, "Boolean to enable debugging (0/1 == off/on)");
409	module_init(prng_mod_init);
410	module_exit(prng_mod_fini);


diff --git a/crypto/prng.h b/crypto/prng.h deleted file mode 100644 index 1ac9be5009b7..000000000000 --- a/crypto/prng.h +++ /dev/null
@@ -1,27 +0,0 @@
1	/*
2	* PRNG: Pseudo Random Number Generator
3	*
4	* (C) Neil Horman <nhorman@tuxdriver.com>
5	*
6	* This program is free software; you can redistribute it and/or modify it
7	* under the terms of the GNU General Public License as published by the
8	* Free Software Foundation; either version 2 of the License, or (at your
9	* any later version.
10	*
11	*
12	*/
13
14	#ifndef _PRNG_H_
15	#define _PRNG_H_
16	struct prng_context;
17
18	int get_prng_bytes(char buf, int nbytes, struct prng_context ctx);
19	struct prng_context *alloc_prng_context(void);
20	int reset_prng_context(struct prng_context *ctx,
21	unsigned char key, unsigned char iv,
22	unsigned char *V,
23	unsigned char *DT);
24	void free_prng_context(struct prng_context *ctx);
25
26	#endif
27