1
2
3
4
5
6
7
8#define KMSG_COMPONENT "prng"
9#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
10
11#include <linux/fs.h>
12#include <linux/fips.h>
13#include <linux/init.h>
14#include <linux/kernel.h>
15#include <linux/device.h>
16#include <linux/miscdevice.h>
17#include <linux/module.h>
18#include <linux/moduleparam.h>
19#include <linux/mutex.h>
20#include <linux/cpufeature.h>
21#include <linux/random.h>
22#include <linux/slab.h>
23#include <asm/debug.h>
24#include <asm/uaccess.h>
25#include <asm/timex.h>
26
27#include "crypt_s390.h"
28
29MODULE_LICENSE("GPL");
30MODULE_AUTHOR("IBM Corporation");
31MODULE_DESCRIPTION("s390 PRNG interface");
32
33
34#define PRNG_MODE_AUTO 0
35#define PRNG_MODE_TDES 1
36#define PRNG_MODE_SHA512 2
37
38static unsigned int prng_mode = PRNG_MODE_AUTO;
39module_param_named(mode, prng_mode, int, 0);
40MODULE_PARM_DESC(prng_mode, "PRNG mode: 0 - auto, 1 - TDES, 2 - SHA512");
41
42
43#define PRNG_CHUNKSIZE_TDES_MIN 8
44#define PRNG_CHUNKSIZE_TDES_MAX (64*1024)
45#define PRNG_CHUNKSIZE_SHA512_MIN 64
46#define PRNG_CHUNKSIZE_SHA512_MAX (64*1024)
47
48static unsigned int prng_chunk_size = 256;
49module_param_named(chunksize, prng_chunk_size, int, 0);
50MODULE_PARM_DESC(prng_chunk_size, "PRNG read chunk size in bytes");
51
52
53#define PRNG_RESEED_LIMIT_TDES 4096
54#define PRNG_RESEED_LIMIT_TDES_LOWER 4096
55#define PRNG_RESEED_LIMIT_SHA512 100000
56#define PRNG_RESEED_LIMIT_SHA512_LOWER 10000
57
58static unsigned int prng_reseed_limit;
59module_param_named(reseed_limit, prng_reseed_limit, int, 0);
60MODULE_PARM_DESC(prng_reseed_limit, "PRNG reseed limit");
61
62
63
64
65
66
67
68static int prng_errorflag;
69
70#define PRNG_GEN_ENTROPY_FAILED 1
71#define PRNG_SELFTEST_FAILED 2
72#define PRNG_INSTANTIATE_FAILED 3
73#define PRNG_SEED_FAILED 4
74#define PRNG_RESEED_FAILED 5
75#define PRNG_GEN_FAILED 6
76
77struct prng_ws_s {
78 u8 parm_block[32];
79 u32 reseed_counter;
80 u64 byte_counter;
81};
82
83struct ppno_ws_s {
84 u32 res;
85 u32 reseed_counter;
86 u64 stream_bytes;
87 u8 V[112];
88 u8 C[112];
89};
90
91struct prng_data_s {
92 struct mutex mutex;
93 union {
94 struct prng_ws_s prngws;
95 struct ppno_ws_s ppnows;
96 };
97 u8 *buf;
98 u32 rest;
99 u8 *prev;
100};
101
102static struct prng_data_s *prng_data;
103
104
105static const u8 initial_parm_block[32] __initconst = {
106 0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52,
107 0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4,
108 0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF,
109 0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0 };
110
111
112
113
114static int generate_entropy(u8 *ebuf, size_t nbytes)
115{
116 int n, ret = 0;
117 u8 *pg, *h, hash[32];
118
119 pg = (u8 *) __get_free_page(GFP_KERNEL);
120 if (!pg) {
121 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
122 return -ENOMEM;
123 }
124
125 while (nbytes) {
126
127 get_random_bytes(pg, PAGE_SIZE);
128
129 for (n = 0; n < PAGE_SIZE / sizeof(u64); n++) {
130 u64 *p = ((u64 *)pg) + n;
131 *p ^= get_tod_clock_fast();
132 }
133 n = (nbytes < sizeof(hash)) ? nbytes : sizeof(hash);
134 if (n < sizeof(hash))
135 h = hash;
136 else
137 h = ebuf;
138
139 if (crypt_s390_kimd(KIMD_SHA_256, h,
140 pg, PAGE_SIZE) != PAGE_SIZE) {
141 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
142 ret = -EIO;
143 goto out;
144 }
145 if (n < sizeof(hash))
146 memcpy(ebuf, hash, n);
147 ret += n;
148 ebuf += n;
149 nbytes -= n;
150 }
151
152out:
153 free_page((unsigned long)pg);
154 return ret;
155}
156
157
158
159
160static void prng_tdes_add_entropy(void)
161{
162 __u64 entropy[4];
163 unsigned int i;
164 int ret;
165
166 for (i = 0; i < 16; i++) {
167 ret = crypt_s390_kmc(KMC_PRNG, prng_data->prngws.parm_block,
168 (char *)entropy, (char *)entropy,
169 sizeof(entropy));
170 BUG_ON(ret < 0 || ret != sizeof(entropy));
171 memcpy(prng_data->prngws.parm_block, entropy, sizeof(entropy));
172 }
173}
174
175
176static void prng_tdes_seed(int nbytes)
177{
178 char buf[16];
179 int i = 0;
180
181 BUG_ON(nbytes > sizeof(buf));
182
183 get_random_bytes(buf, nbytes);
184
185
186 while (nbytes >= 8) {
187 *((__u64 *)prng_data->prngws.parm_block) ^= *((__u64 *)(buf+i));
188 prng_tdes_add_entropy();
189 i += 8;
190 nbytes -= 8;
191 }
192 prng_tdes_add_entropy();
193 prng_data->prngws.reseed_counter = 0;
194}
195
196
197static int __init prng_tdes_instantiate(void)
198{
199 int datalen;
200
201 pr_debug("prng runs in TDES mode with "
202 "chunksize=%d and reseed_limit=%u\n",
203 prng_chunk_size, prng_reseed_limit);
204
205
206 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
207 prng_data = kzalloc(datalen, GFP_KERNEL);
208 if (!prng_data) {
209 prng_errorflag = PRNG_INSTANTIATE_FAILED;
210 return -ENOMEM;
211 }
212 mutex_init(&prng_data->mutex);
213 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
214 memcpy(prng_data->prngws.parm_block, initial_parm_block, 32);
215
216
217 prng_tdes_seed(16);
218
219 return 0;
220}
221
222
223static void prng_tdes_deinstantiate(void)
224{
225 pr_debug("The prng module stopped "
226 "after running in triple DES mode\n");
227 kzfree(prng_data);
228}
229
230
231
232
233static int __init prng_sha512_selftest(void)
234{
235
236 static const u8 seed[] __initconst = {
237 0x6b, 0x50, 0xa7, 0xd8, 0xf8, 0xa5, 0x5d, 0x7a,
238 0x3d, 0xf8, 0xbb, 0x40, 0xbc, 0xc3, 0xb7, 0x22,
239 0xd8, 0x70, 0x8d, 0xe6, 0x7f, 0xda, 0x01, 0x0b,
240 0x03, 0xc4, 0xc8, 0x4d, 0x72, 0x09, 0x6f, 0x8c,
241 0x3e, 0xc6, 0x49, 0xcc, 0x62, 0x56, 0xd9, 0xfa,
242 0x31, 0xdb, 0x7a, 0x29, 0x04, 0xaa, 0xf0, 0x25 };
243 static const u8 V0[] __initconst = {
244 0x00, 0xad, 0xe3, 0x6f, 0x9a, 0x01, 0xc7, 0x76,
245 0x61, 0x34, 0x35, 0xf5, 0x4e, 0x24, 0x74, 0x22,
246 0x21, 0x9a, 0x29, 0x89, 0xc7, 0x93, 0x2e, 0x60,
247 0x1e, 0xe8, 0x14, 0x24, 0x8d, 0xd5, 0x03, 0xf1,
248 0x65, 0x5d, 0x08, 0x22, 0x72, 0xd5, 0xad, 0x95,
249 0xe1, 0x23, 0x1e, 0x8a, 0xa7, 0x13, 0xd9, 0x2b,
250 0x5e, 0xbc, 0xbb, 0x80, 0xab, 0x8d, 0xe5, 0x79,
251 0xab, 0x5b, 0x47, 0x4e, 0xdd, 0xee, 0x6b, 0x03,
252 0x8f, 0x0f, 0x5c, 0x5e, 0xa9, 0x1a, 0x83, 0xdd,
253 0xd3, 0x88, 0xb2, 0x75, 0x4b, 0xce, 0x83, 0x36,
254 0x57, 0x4b, 0xf1, 0x5c, 0xca, 0x7e, 0x09, 0xc0,
255 0xd3, 0x89, 0xc6, 0xe0, 0xda, 0xc4, 0x81, 0x7e,
256 0x5b, 0xf9, 0xe1, 0x01, 0xc1, 0x92, 0x05, 0xea,
257 0xf5, 0x2f, 0xc6, 0xc6, 0xc7, 0x8f, 0xbc, 0xf4 };
258 static const u8 C0[] __initconst = {
259 0x00, 0xf4, 0xa3, 0xe5, 0xa0, 0x72, 0x63, 0x95,
260 0xc6, 0x4f, 0x48, 0xd0, 0x8b, 0x5b, 0x5f, 0x8e,
261 0x6b, 0x96, 0x1f, 0x16, 0xed, 0xbc, 0x66, 0x94,
262 0x45, 0x31, 0xd7, 0x47, 0x73, 0x22, 0xa5, 0x86,
263 0xce, 0xc0, 0x4c, 0xac, 0x63, 0xb8, 0x39, 0x50,
264 0xbf, 0xe6, 0x59, 0x6c, 0x38, 0x58, 0x99, 0x1f,
265 0x27, 0xa7, 0x9d, 0x71, 0x2a, 0xb3, 0x7b, 0xf9,
266 0xfb, 0x17, 0x86, 0xaa, 0x99, 0x81, 0xaa, 0x43,
267 0xe4, 0x37, 0xd3, 0x1e, 0x6e, 0xe5, 0xe6, 0xee,
268 0xc2, 0xed, 0x95, 0x4f, 0x53, 0x0e, 0x46, 0x8a,
269 0xcc, 0x45, 0xa5, 0xdb, 0x69, 0x0d, 0x81, 0xc9,
270 0x32, 0x92, 0xbc, 0x8f, 0x33, 0xe6, 0xf6, 0x09,
271 0x7c, 0x8e, 0x05, 0x19, 0x0d, 0xf1, 0xb6, 0xcc,
272 0xf3, 0x02, 0x21, 0x90, 0x25, 0xec, 0xed, 0x0e };
273 static const u8 random[] __initconst = {
274 0x95, 0xb7, 0xf1, 0x7e, 0x98, 0x02, 0xd3, 0x57,
275 0x73, 0x92, 0xc6, 0xa9, 0xc0, 0x80, 0x83, 0xb6,
276 0x7d, 0xd1, 0x29, 0x22, 0x65, 0xb5, 0xf4, 0x2d,
277 0x23, 0x7f, 0x1c, 0x55, 0xbb, 0x9b, 0x10, 0xbf,
278 0xcf, 0xd8, 0x2c, 0x77, 0xa3, 0x78, 0xb8, 0x26,
279 0x6a, 0x00, 0x99, 0x14, 0x3b, 0x3c, 0x2d, 0x64,
280 0x61, 0x1e, 0xee, 0xb6, 0x9a, 0xcd, 0xc0, 0x55,
281 0x95, 0x7c, 0x13, 0x9e, 0x8b, 0x19, 0x0c, 0x7a,
282 0x06, 0x95, 0x5f, 0x2c, 0x79, 0x7c, 0x27, 0x78,
283 0xde, 0x94, 0x03, 0x96, 0xa5, 0x01, 0xf4, 0x0e,
284 0x91, 0x39, 0x6a, 0xcf, 0x8d, 0x7e, 0x45, 0xeb,
285 0xdb, 0xb5, 0x3b, 0xbf, 0x8c, 0x97, 0x52, 0x30,
286 0xd2, 0xf0, 0xff, 0x91, 0x06, 0xc7, 0x61, 0x19,
287 0xae, 0x49, 0x8e, 0x7f, 0xbc, 0x03, 0xd9, 0x0f,
288 0x8e, 0x4c, 0x51, 0x62, 0x7a, 0xed, 0x5c, 0x8d,
289 0x42, 0x63, 0xd5, 0xd2, 0xb9, 0x78, 0x87, 0x3a,
290 0x0d, 0xe5, 0x96, 0xee, 0x6d, 0xc7, 0xf7, 0xc2,
291 0x9e, 0x37, 0xee, 0xe8, 0xb3, 0x4c, 0x90, 0xdd,
292 0x1c, 0xf6, 0xa9, 0xdd, 0xb2, 0x2b, 0x4c, 0xbd,
293 0x08, 0x6b, 0x14, 0xb3, 0x5d, 0xe9, 0x3d, 0xa2,
294 0xd5, 0xcb, 0x18, 0x06, 0x69, 0x8c, 0xbd, 0x7b,
295 0xbb, 0x67, 0xbf, 0xe3, 0xd3, 0x1f, 0xd2, 0xd1,
296 0xdb, 0xd2, 0xa1, 0xe0, 0x58, 0xa3, 0xeb, 0x99,
297 0xd7, 0xe5, 0x1f, 0x1a, 0x93, 0x8e, 0xed, 0x5e,
298 0x1c, 0x1d, 0xe2, 0x3a, 0x6b, 0x43, 0x45, 0xd3,
299 0x19, 0x14, 0x09, 0xf9, 0x2f, 0x39, 0xb3, 0x67,
300 0x0d, 0x8d, 0xbf, 0xb6, 0x35, 0xd8, 0xe6, 0xa3,
301 0x69, 0x32, 0xd8, 0x10, 0x33, 0xd1, 0x44, 0x8d,
302 0x63, 0xb4, 0x03, 0xdd, 0xf8, 0x8e, 0x12, 0x1b,
303 0x6e, 0x81, 0x9a, 0xc3, 0x81, 0x22, 0x6c, 0x13,
304 0x21, 0xe4, 0xb0, 0x86, 0x44, 0xf6, 0x72, 0x7c,
305 0x36, 0x8c, 0x5a, 0x9f, 0x7a, 0x4b, 0x3e, 0xe2 };
306
307 int ret = 0;
308 u8 buf[sizeof(random)];
309 struct ppno_ws_s ws;
310
311 memset(&ws, 0, sizeof(ws));
312
313
314 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
315 &ws, NULL, 0,
316 seed, sizeof(seed));
317 if (ret < 0) {
318 pr_err("The prng self test seed operation for the "
319 "SHA-512 mode failed with rc=%d\n", ret);
320 prng_errorflag = PRNG_SELFTEST_FAILED;
321 return -EIO;
322 }
323
324
325 if (memcmp(ws.V, V0, sizeof(V0)) != 0
326 || memcmp(ws.C, C0, sizeof(C0)) != 0) {
327 pr_err("The prng self test state test "
328 "for the SHA-512 mode failed\n");
329 prng_errorflag = PRNG_SELFTEST_FAILED;
330 return -EIO;
331 }
332
333
334 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
335 &ws, buf, sizeof(buf),
336 NULL, 0);
337 if (ret < 0) {
338 pr_err("The prng self test generate operation for "
339 "the SHA-512 mode failed with rc=%d\n", ret);
340 prng_errorflag = PRNG_SELFTEST_FAILED;
341 return -EIO;
342 }
343 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
344 &ws, buf, sizeof(buf),
345 NULL, 0);
346 if (ret < 0) {
347 pr_err("The prng self test generate operation for "
348 "the SHA-512 mode failed with rc=%d\n", ret);
349 prng_errorflag = PRNG_SELFTEST_FAILED;
350 return -EIO;
351 }
352
353
354 if (memcmp(buf, random, sizeof(random)) != 0) {
355 pr_err("The prng self test data test "
356 "for the SHA-512 mode failed\n");
357 prng_errorflag = PRNG_SELFTEST_FAILED;
358 return -EIO;
359 }
360
361 return 0;
362}
363
364
365static int __init prng_sha512_instantiate(void)
366{
367 int ret, datalen;
368 u8 seed[64];
369
370 pr_debug("prng runs in SHA-512 mode "
371 "with chunksize=%d and reseed_limit=%u\n",
372 prng_chunk_size, prng_reseed_limit);
373
374
375 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
376 if (fips_enabled)
377 datalen += prng_chunk_size;
378 prng_data = kzalloc(datalen, GFP_KERNEL);
379 if (!prng_data) {
380 prng_errorflag = PRNG_INSTANTIATE_FAILED;
381 return -ENOMEM;
382 }
383 mutex_init(&prng_data->mutex);
384 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
385
386
387 ret = prng_sha512_selftest();
388 if (ret)
389 goto outfree;
390
391
392 ret = generate_entropy(seed, 48);
393 if (ret != 48)
394 goto outfree;
395
396 get_tod_clock_ext(seed + 48);
397
398
399 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
400 &prng_data->ppnows, NULL, 0,
401 seed, sizeof(seed));
402 if (ret < 0) {
403 prng_errorflag = PRNG_SEED_FAILED;
404 ret = -EIO;
405 goto outfree;
406 }
407
408
409
410 if (fips_enabled) {
411 prng_data->prev = prng_data->buf + prng_chunk_size;
412 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
413 &prng_data->ppnows,
414 prng_data->prev,
415 prng_chunk_size,
416 NULL, 0);
417 if (ret < 0 || ret != prng_chunk_size) {
418 prng_errorflag = PRNG_GEN_FAILED;
419 ret = -EIO;
420 goto outfree;
421 }
422 }
423
424 return 0;
425
426outfree:
427 kfree(prng_data);
428 return ret;
429}
430
431
432static void prng_sha512_deinstantiate(void)
433{
434 pr_debug("The prng module stopped after running in SHA-512 mode\n");
435 kzfree(prng_data);
436}
437
438
439static int prng_sha512_reseed(void)
440{
441 int ret;
442 u8 seed[32];
443
444
445 ret = generate_entropy(seed, sizeof(seed));
446 if (ret != sizeof(seed))
447 return ret;
448
449
450 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
451 &prng_data->ppnows, NULL, 0,
452 seed, sizeof(seed));
453 if (ret) {
454 prng_errorflag = PRNG_RESEED_FAILED;
455 return -EIO;
456 }
457
458 return 0;
459}
460
461
462static int prng_sha512_generate(u8 *buf, size_t nbytes)
463{
464 int ret;
465
466
467 if (prng_data->ppnows.reseed_counter > prng_reseed_limit) {
468 ret = prng_sha512_reseed();
469 if (ret)
470 return ret;
471 }
472
473
474 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
475 &prng_data->ppnows, buf, nbytes,
476 NULL, 0);
477 if (ret < 0 || ret != nbytes) {
478 prng_errorflag = PRNG_GEN_FAILED;
479 return -EIO;
480 }
481
482
483 if (fips_enabled) {
484 if (!memcmp(prng_data->prev, buf, nbytes)) {
485 prng_errorflag = PRNG_GEN_FAILED;
486 return -EILSEQ;
487 }
488 memcpy(prng_data->prev, buf, nbytes);
489 }
490
491 return ret;
492}
493
494
495
496
497static int prng_open(struct inode *inode, struct file *file)
498{
499 return nonseekable_open(inode, file);
500}
501
502
503static ssize_t prng_tdes_read(struct file *file, char __user *ubuf,
504 size_t nbytes, loff_t *ppos)
505{
506 int chunk, n, tmp, ret = 0;
507
508
509 if (mutex_lock_interruptible(&prng_data->mutex))
510 return -ERESTARTSYS;
511
512 while (nbytes) {
513 if (need_resched()) {
514 if (signal_pending(current)) {
515 if (ret == 0)
516 ret = -ERESTARTSYS;
517 break;
518 }
519
520 mutex_unlock(&prng_data->mutex);
521 schedule();
522
523 if (mutex_lock_interruptible(&prng_data->mutex)) {
524 if (ret == 0)
525 ret = -ERESTARTSYS;
526 return ret;
527 }
528 }
529
530
531
532
533
534 chunk = min_t(int, nbytes, prng_chunk_size);
535
536
537 n = (chunk + 7) & -8;
538
539 if (prng_data->prngws.reseed_counter > prng_reseed_limit)
540 prng_tdes_seed(8);
541
542
543 *((unsigned long long *)prng_data->buf) = get_tod_clock_fast();
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558 tmp = crypt_s390_kmc(KMC_PRNG, prng_data->prngws.parm_block,
559 prng_data->buf, prng_data->buf, n);
560 if (tmp < 0 || tmp != n) {
561 ret = -EIO;
562 break;
563 }
564
565 prng_data->prngws.byte_counter += n;
566 prng_data->prngws.reseed_counter += n;
567
568 if (copy_to_user(ubuf, prng_data->buf, chunk))
569 return -EFAULT;
570
571 nbytes -= chunk;
572 ret += chunk;
573 ubuf += chunk;
574 }
575
576
577 mutex_unlock(&prng_data->mutex);
578
579 return ret;
580}
581
582
583static ssize_t prng_sha512_read(struct file *file, char __user *ubuf,
584 size_t nbytes, loff_t *ppos)
585{
586 int n, ret = 0;
587 u8 *p;
588
589
590 if (prng_errorflag)
591 return -EPIPE;
592
593
594 if (mutex_lock_interruptible(&prng_data->mutex))
595 return -ERESTARTSYS;
596
597 while (nbytes) {
598 if (need_resched()) {
599 if (signal_pending(current)) {
600 if (ret == 0)
601 ret = -ERESTARTSYS;
602 break;
603 }
604
605 mutex_unlock(&prng_data->mutex);
606 schedule();
607
608 if (mutex_lock_interruptible(&prng_data->mutex)) {
609 if (ret == 0)
610 ret = -ERESTARTSYS;
611 return ret;
612 }
613 }
614 if (prng_data->rest) {
615
616 p = prng_data->buf + prng_chunk_size - prng_data->rest;
617 n = (nbytes < prng_data->rest) ?
618 nbytes : prng_data->rest;
619 prng_data->rest -= n;
620 } else {
621
622 p = prng_data->buf;
623 n = prng_sha512_generate(p, prng_chunk_size);
624 if (n < 0) {
625 ret = n;
626 break;
627 }
628 if (nbytes < prng_chunk_size) {
629 n = nbytes;
630 prng_data->rest = prng_chunk_size - n;
631 } else {
632 n = prng_chunk_size;
633 prng_data->rest = 0;
634 }
635 }
636 if (copy_to_user(ubuf, p, n)) {
637 ret = -EFAULT;
638 break;
639 }
640 ubuf += n;
641 nbytes -= n;
642 ret += n;
643 }
644
645
646 mutex_unlock(&prng_data->mutex);
647
648 return ret;
649}
650
651
652
653
654static const struct file_operations prng_sha512_fops = {
655 .owner = THIS_MODULE,
656 .open = &prng_open,
657 .release = NULL,
658 .read = &prng_sha512_read,
659 .llseek = noop_llseek,
660};
661static const struct file_operations prng_tdes_fops = {
662 .owner = THIS_MODULE,
663 .open = &prng_open,
664 .release = NULL,
665 .read = &prng_tdes_read,
666 .llseek = noop_llseek,
667};
668
669static struct miscdevice prng_sha512_dev = {
670 .name = "prandom",
671 .minor = MISC_DYNAMIC_MINOR,
672 .mode = 0644,
673 .fops = &prng_sha512_fops,
674};
675static struct miscdevice prng_tdes_dev = {
676 .name = "prandom",
677 .minor = MISC_DYNAMIC_MINOR,
678 .mode = 0644,
679 .fops = &prng_tdes_fops,
680};
681
682
683
684static ssize_t prng_chunksize_show(struct device *dev,
685 struct device_attribute *attr,
686 char *buf)
687{
688 return snprintf(buf, PAGE_SIZE, "%u\n", prng_chunk_size);
689}
690static DEVICE_ATTR(chunksize, 0444, prng_chunksize_show, NULL);
691
692
693static ssize_t prng_counter_show(struct device *dev,
694 struct device_attribute *attr,
695 char *buf)
696{
697 u64 counter;
698
699 if (mutex_lock_interruptible(&prng_data->mutex))
700 return -ERESTARTSYS;
701 if (prng_mode == PRNG_MODE_SHA512)
702 counter = prng_data->ppnows.stream_bytes;
703 else
704 counter = prng_data->prngws.byte_counter;
705 mutex_unlock(&prng_data->mutex);
706
707 return snprintf(buf, PAGE_SIZE, "%llu\n", counter);
708}
709static DEVICE_ATTR(byte_counter, 0444, prng_counter_show, NULL);
710
711
712static ssize_t prng_errorflag_show(struct device *dev,
713 struct device_attribute *attr,
714 char *buf)
715{
716 return snprintf(buf, PAGE_SIZE, "%d\n", prng_errorflag);
717}
718static DEVICE_ATTR(errorflag, 0444, prng_errorflag_show, NULL);
719
720
721static ssize_t prng_mode_show(struct device *dev,
722 struct device_attribute *attr,
723 char *buf)
724{
725 if (prng_mode == PRNG_MODE_TDES)
726 return snprintf(buf, PAGE_SIZE, "TDES\n");
727 else
728 return snprintf(buf, PAGE_SIZE, "SHA512\n");
729}
730static DEVICE_ATTR(mode, 0444, prng_mode_show, NULL);
731
732
733static ssize_t prng_reseed_store(struct device *dev,
734 struct device_attribute *attr,
735 const char *buf, size_t count)
736{
737 if (mutex_lock_interruptible(&prng_data->mutex))
738 return -ERESTARTSYS;
739 prng_sha512_reseed();
740 mutex_unlock(&prng_data->mutex);
741
742 return count;
743}
744static DEVICE_ATTR(reseed, 0200, NULL, prng_reseed_store);
745
746
747static ssize_t prng_reseed_limit_show(struct device *dev,
748 struct device_attribute *attr,
749 char *buf)
750{
751 return snprintf(buf, PAGE_SIZE, "%u\n", prng_reseed_limit);
752}
753static ssize_t prng_reseed_limit_store(struct device *dev,
754 struct device_attribute *attr,
755 const char *buf, size_t count)
756{
757 unsigned limit;
758
759 if (sscanf(buf, "%u\n", &limit) != 1)
760 return -EINVAL;
761
762 if (prng_mode == PRNG_MODE_SHA512) {
763 if (limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
764 return -EINVAL;
765 } else {
766 if (limit < PRNG_RESEED_LIMIT_TDES_LOWER)
767 return -EINVAL;
768 }
769
770 prng_reseed_limit = limit;
771
772 return count;
773}
774static DEVICE_ATTR(reseed_limit, 0644,
775 prng_reseed_limit_show, prng_reseed_limit_store);
776
777
778static ssize_t prng_strength_show(struct device *dev,
779 struct device_attribute *attr,
780 char *buf)
781{
782 return snprintf(buf, PAGE_SIZE, "256\n");
783}
784static DEVICE_ATTR(strength, 0444, prng_strength_show, NULL);
785
786static struct attribute *prng_sha512_dev_attrs[] = {
787 &dev_attr_errorflag.attr,
788 &dev_attr_chunksize.attr,
789 &dev_attr_byte_counter.attr,
790 &dev_attr_mode.attr,
791 &dev_attr_reseed.attr,
792 &dev_attr_reseed_limit.attr,
793 &dev_attr_strength.attr,
794 NULL
795};
796static struct attribute *prng_tdes_dev_attrs[] = {
797 &dev_attr_chunksize.attr,
798 &dev_attr_byte_counter.attr,
799 &dev_attr_mode.attr,
800 NULL
801};
802
803static struct attribute_group prng_sha512_dev_attr_group = {
804 .attrs = prng_sha512_dev_attrs
805};
806static struct attribute_group prng_tdes_dev_attr_group = {
807 .attrs = prng_tdes_dev_attrs
808};
809
810
811
812
813static int __init prng_init(void)
814{
815 int ret;
816
817
818 if (!crypt_s390_func_available(KMC_PRNG, CRYPT_S390_MSA))
819 return -EOPNOTSUPP;
820
821
822 if (prng_mode != PRNG_MODE_TDES) {
823
824 if (!crypt_s390_func_available(PPNO_SHA512_DRNG_GEN,
825 CRYPT_S390_MSA5)) {
826 if (prng_mode == PRNG_MODE_SHA512) {
827 pr_err("The prng module cannot "
828 "start in SHA-512 mode\n");
829 return -EOPNOTSUPP;
830 }
831 prng_mode = PRNG_MODE_TDES;
832 } else
833 prng_mode = PRNG_MODE_SHA512;
834 }
835
836 if (prng_mode == PRNG_MODE_SHA512) {
837
838
839
840 if (prng_chunk_size < PRNG_CHUNKSIZE_SHA512_MIN
841 || prng_chunk_size > PRNG_CHUNKSIZE_SHA512_MAX)
842 return -EINVAL;
843 prng_chunk_size = (prng_chunk_size + 0x3f) & ~0x3f;
844
845 if (prng_reseed_limit == 0)
846 prng_reseed_limit = PRNG_RESEED_LIMIT_SHA512;
847 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
848 return -EINVAL;
849
850 ret = prng_sha512_instantiate();
851 if (ret)
852 goto out;
853
854 ret = misc_register(&prng_sha512_dev);
855 if (ret) {
856 prng_sha512_deinstantiate();
857 goto out;
858 }
859 ret = sysfs_create_group(&prng_sha512_dev.this_device->kobj,
860 &prng_sha512_dev_attr_group);
861 if (ret) {
862 misc_deregister(&prng_sha512_dev);
863 prng_sha512_deinstantiate();
864 goto out;
865 }
866
867 } else {
868
869
870
871 if (prng_chunk_size < PRNG_CHUNKSIZE_TDES_MIN
872 || prng_chunk_size > PRNG_CHUNKSIZE_TDES_MAX)
873 return -EINVAL;
874 prng_chunk_size = (prng_chunk_size + 0x07) & ~0x07;
875
876 if (prng_reseed_limit == 0)
877 prng_reseed_limit = PRNG_RESEED_LIMIT_TDES;
878 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_TDES_LOWER)
879 return -EINVAL;
880
881 ret = prng_tdes_instantiate();
882 if (ret)
883 goto out;
884
885 ret = misc_register(&prng_tdes_dev);
886 if (ret) {
887 prng_tdes_deinstantiate();
888 goto out;
889 }
890 ret = sysfs_create_group(&prng_tdes_dev.this_device->kobj,
891 &prng_tdes_dev_attr_group);
892 if (ret) {
893 misc_deregister(&prng_tdes_dev);
894 prng_tdes_deinstantiate();
895 goto out;
896 }
897
898 }
899
900out:
901 return ret;
902}
903
904
905static void __exit prng_exit(void)
906{
907 if (prng_mode == PRNG_MODE_SHA512) {
908 sysfs_remove_group(&prng_sha512_dev.this_device->kobj,
909 &prng_sha512_dev_attr_group);
910 misc_deregister(&prng_sha512_dev);
911 prng_sha512_deinstantiate();
912 } else {
913 sysfs_remove_group(&prng_tdes_dev.this_device->kobj,
914 &prng_tdes_dev_attr_group);
915 misc_deregister(&prng_tdes_dev);
916 prng_tdes_deinstantiate();
917 }
918}
919
920module_cpu_feature_match(MSA, prng_init);
921module_exit(prng_exit);
922
