cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

jitterentropy-kcapi.c (6268B)

      1/*
      2 * Non-physical true random number generator based on timing jitter --
      3 * Linux Kernel Crypto API specific code
      4 *
      5 * Copyright Stephan Mueller <smueller@chronox.de>, 2015
      6 *
      7 * Redistribution and use in source and binary forms, with or without
      8 * modification, are permitted provided that the following conditions
      9 * are met:
     10 * 1. Redistributions of source code must retain the above copyright
     11 *    notice, and the entire permission notice in its entirety,
     12 *    including the disclaimer of warranties.
     13 * 2. Redistributions in binary form must reproduce the above copyright
     14 *    notice, this list of conditions and the following disclaimer in the
     15 *    documentation and/or other materials provided with the distribution.
     16 * 3. The name of the author may not be used to endorse or promote
     17 *    products derived from this software without specific prior
     18 *    written permission.
     19 *
     20 * ALTERNATIVELY, this product may be distributed under the terms of
     21 * the GNU General Public License, in which case the provisions of the GPL2 are
     22 * required INSTEAD OF the above restrictions.  (This clause is
     23 * necessary due to a potential bad interaction between the GPL and
     24 * the restrictions contained in a BSD-style copyright.)
     25 *
     26 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
     27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
     29 * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
     30 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
     32 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
     33 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
     34 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
     36 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
     37 * DAMAGE.
     38 */
     39
     40#include <linux/kernel.h>
     41#include <linux/module.h>
     42#include <linux/slab.h>
     43#include <linux/time.h>
     44#include <crypto/internal/rng.h>
     45
     46#include "jitterentropy.h"
     47
     48/***************************************************************************
     49 * Helper function
     50 ***************************************************************************/
     51
     52void *jent_zalloc(unsigned int len)
     53{
     54	return kzalloc(len, GFP_KERNEL);
     55}
     56
     57void jent_zfree(void *ptr)
     58{
     59	kfree_sensitive(ptr);
     60}
     61
     62void jent_panic(char *s)
     63{
     64	panic("%s", s);
     65}
     66
     67void jent_memcpy(void *dest, const void *src, unsigned int n)
     68{
     69	memcpy(dest, src, n);
     70}
     71
     72/*
     73 * Obtain a high-resolution time stamp value. The time stamp is used to measure
     74 * the execution time of a given code path and its variations. Hence, the time
     75 * stamp must have a sufficiently high resolution.
     76 *
     77 * Note, if the function returns zero because a given architecture does not
     78 * implement a high-resolution time stamp, the RNG code's runtime test
     79 * will detect it and will not produce output.
     80 */
     81void jent_get_nstime(__u64 *out)
     82{
     83	__u64 tmp = 0;
     84
     85	tmp = random_get_entropy();
     86
     87	/*
     88	 * If random_get_entropy does not return a value, i.e. it is not
     89	 * implemented for a given architecture, use a clock source.
     90	 * hoping that there are timers we can work with.
     91	 */
     92	if (tmp == 0)
     93		tmp = ktime_get_ns();
     94
     95	*out = tmp;
     96}
     97
     98/***************************************************************************
     99 * Kernel crypto API interface
    100 ***************************************************************************/
    101
    102struct jitterentropy {
    103	spinlock_t jent_lock;
    104	struct rand_data *entropy_collector;
    105	unsigned int reset_cnt;
    106};
    107
    108static int jent_kcapi_init(struct crypto_tfm *tfm)
    109{
    110	struct jitterentropy *rng = crypto_tfm_ctx(tfm);
    111	int ret = 0;
    112
    113	rng->entropy_collector = jent_entropy_collector_alloc(1, 0);
    114	if (!rng->entropy_collector)
    115		ret = -ENOMEM;
    116
    117	spin_lock_init(&rng->jent_lock);
    118	return ret;
    119}
    120
    121static void jent_kcapi_cleanup(struct crypto_tfm *tfm)
    122{
    123	struct jitterentropy *rng = crypto_tfm_ctx(tfm);
    124
    125	spin_lock(&rng->jent_lock);
    126	if (rng->entropy_collector)
    127		jent_entropy_collector_free(rng->entropy_collector);
    128	rng->entropy_collector = NULL;
    129	spin_unlock(&rng->jent_lock);
    130}
    131
    132static int jent_kcapi_random(struct crypto_rng *tfm,
    133			     const u8 *src, unsigned int slen,
    134			     u8 *rdata, unsigned int dlen)
    135{
    136	struct jitterentropy *rng = crypto_rng_ctx(tfm);
    137	int ret = 0;
    138
    139	spin_lock(&rng->jent_lock);
    140
    141	/* Return a permanent error in case we had too many resets in a row. */
    142	if (rng->reset_cnt > (1<<10)) {
    143		ret = -EFAULT;
    144		goto out;
    145	}
    146
    147	ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);
    148
    149	/* Reset RNG in case of health failures */
    150	if (ret < -1) {
    151		pr_warn_ratelimited("Reset Jitter RNG due to health test failure: %s failure\n",
    152				    (ret == -2) ? "Repetition Count Test" :
    153						  "Adaptive Proportion Test");
    154
    155		rng->reset_cnt++;
    156
    157		ret = -EAGAIN;
    158	} else {
    159		rng->reset_cnt = 0;
    160
    161		/* Convert the Jitter RNG error into a usable error code */
    162		if (ret == -1)
    163			ret = -EINVAL;
    164	}
    165
    166out:
    167	spin_unlock(&rng->jent_lock);
    168
    169	return ret;
    170}
    171
    172static int jent_kcapi_reset(struct crypto_rng *tfm,
    173			    const u8 *seed, unsigned int slen)
    174{
    175	return 0;
    176}
    177
    178static struct rng_alg jent_alg = {
    179	.generate		= jent_kcapi_random,
    180	.seed			= jent_kcapi_reset,
    181	.seedsize		= 0,
    182	.base			= {
    183		.cra_name               = "jitterentropy_rng",
    184		.cra_driver_name        = "jitterentropy_rng",
    185		.cra_priority           = 100,
    186		.cra_ctxsize            = sizeof(struct jitterentropy),
    187		.cra_module             = THIS_MODULE,
    188		.cra_init               = jent_kcapi_init,
    189		.cra_exit               = jent_kcapi_cleanup,
    190
    191	}
    192};
    193
    194static int __init jent_mod_init(void)
    195{
    196	int ret = 0;
    197
    198	ret = jent_entropy_init();
    199	if (ret) {
    200		pr_info("jitterentropy: Initialization failed with host not compliant with requirements: %d\n", ret);
    201		return -EFAULT;
    202	}
    203	return crypto_register_rng(&jent_alg);
    204}
    205
    206static void __exit jent_mod_exit(void)
    207{
    208	crypto_unregister_rng(&jent_alg);
    209}
    210
    211module_init(jent_mod_init);
    212module_exit(jent_mod_exit);
    213
    214MODULE_LICENSE("Dual BSD/GPL");
    215MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
    216MODULE_DESCRIPTION("Non-physical True Random Number Generator based on CPU Jitter");
    217MODULE_ALIAS_CRYPTO("jitterentropy_rng");