1/*
2 * algif_rng: User-space interface for random number generators
3 *
4 * This file provides the user-space API for random number generators.
5 *
6 * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, and the entire permission notice in its entirety,
13 *    including the disclaimer of warranties.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in the
16 *    documentation and/or other materials provided with the distribution.
17 * 3. The name of the author may not be used to endorse or promote
18 *    products derived from this software without specific prior
19 *    written permission.
20 *
21 * ALTERNATIVELY, this product may be distributed under the terms of
22 * the GNU General Public License, in which case the provisions of the GPL2
23 * are required INSTEAD OF the above restrictions.  (This clause is
24 * necessary due to a potential bad interaction between the GPL and
25 * the restrictions contained in a BSD-style copyright.)
26 *
27 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
30 * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
31 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
33 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
34 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
39 */
40
41#include <linux/module.h>
42#include <crypto/rng.h>
43#include <linux/random.h>
44#include <crypto/if_alg.h>
45#include <linux/net.h>
46#include <net/sock.h>
47
48MODULE_LICENSE("GPL");
49MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
50MODULE_DESCRIPTION("User-space interface for random number generators");
51
52struct rng_ctx {
53#define MAXSIZE 128
54	unsigned int len;
55	struct crypto_rng *drng;
56};
57
58static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
59		       int flags)
60{
61	struct sock *sk = sock->sk;
62	struct alg_sock *ask = alg_sk(sk);
63	struct rng_ctx *ctx = ask->private;
64	int err = -EFAULT;
65	int genlen = 0;
66	u8 result[MAXSIZE];
67
68	if (len == 0)
69		return 0;
70	if (len > MAXSIZE)
71		len = MAXSIZE;
72
73	/*
74	 * although not strictly needed, this is a precaution against coding
75	 * errors
76	 */
77	memset(result, 0, len);
78
79	/*
80	 * The enforcement of a proper seeding of an RNG is done within an
81	 * RNG implementation. Some RNGs (DRBG, krng) do not need specific
82	 * seeding as they automatically seed. The X9.31 DRNG will return
83	 * an error if it was not seeded properly.
84	 */
85	genlen = crypto_rng_get_bytes(ctx->drng, result, len);
86	if (genlen < 0)
87		return genlen;
88
89	err = memcpy_to_msg(msg, result, len);
90	memzero_explicit(result, len);
91
92	return err ? err : len;
93}
94
95static struct proto_ops algif_rng_ops = {
96	.family		=	PF_ALG,
97
98	.connect	=	sock_no_connect,
99	.socketpair	=	sock_no_socketpair,
100	.getname	=	sock_no_getname,
101	.ioctl		=	sock_no_ioctl,
102	.listen		=	sock_no_listen,
103	.shutdown	=	sock_no_shutdown,
104	.getsockopt	=	sock_no_getsockopt,
105	.mmap		=	sock_no_mmap,
106	.bind		=	sock_no_bind,
107	.accept		=	sock_no_accept,
108	.setsockopt	=	sock_no_setsockopt,
109	.poll		=	sock_no_poll,
110	.sendmsg	=	sock_no_sendmsg,
111	.sendpage	=	sock_no_sendpage,
112
113	.release	=	af_alg_release,
114	.recvmsg	=	rng_recvmsg,
115};
116
117static void *rng_bind(const char *name, u32 type, u32 mask)
118{
119	return crypto_alloc_rng(name, type, mask);
120}
121
122static void rng_release(void *private)
123{
124	crypto_free_rng(private);
125}
126
127static void rng_sock_destruct(struct sock *sk)
128{
129	struct alg_sock *ask = alg_sk(sk);
130	struct rng_ctx *ctx = ask->private;
131
132	sock_kfree_s(sk, ctx, ctx->len);
133	af_alg_release_parent(sk);
134}
135
136static int rng_accept_parent(void *private, struct sock *sk)
137{
138	struct rng_ctx *ctx;
139	struct alg_sock *ask = alg_sk(sk);
140	unsigned int len = sizeof(*ctx);
141
142	ctx = sock_kmalloc(sk, len, GFP_KERNEL);
143	if (!ctx)
144		return -ENOMEM;
145
146	ctx->len = len;
147
148	/*
149	 * No seeding done at that point -- if multiple accepts are
150	 * done on one RNG instance, each resulting FD points to the same
151	 * state of the RNG.
152	 */
153
154	ctx->drng = private;
155	ask->private = ctx;
156	sk->sk_destruct = rng_sock_destruct;
157
158	return 0;
159}
160
161static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
162{
163	/*
164	 * Check whether seedlen is of sufficient size is done in RNG
165	 * implementations.
166	 */
167	return crypto_rng_reset(private, (u8 *)seed, seedlen);
168}
169
170static const struct af_alg_type algif_type_rng = {
171	.bind		=	rng_bind,
172	.release	=	rng_release,
173	.accept		=	rng_accept_parent,
174	.setkey		=	rng_setkey,
175	.ops		=	&algif_rng_ops,
176	.name		=	"rng",
177	.owner		=	THIS_MODULE
178};
179
180static int __init rng_init(void)
181{
182	return af_alg_register_type(&algif_type_rng);
183}
184
185static void __exit rng_exit(void)
186{
187	int err = af_alg_unregister_type(&algif_type_rng);
188	BUG_ON(err);
189}
190
191module_init(rng_init);
192module_exit(rng_exit);
193