lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080814122137.GA10969@hmsendeavour.rdu.redhat.com>
Date:	Thu, 14 Aug 2008 08:21:37 -0400
From:	Neil Horman <nhorman@...driver.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
	davem@...emloft.net
Subject: Re: [PATCH] crypto: obscure state information on free

On Thu, Aug 14, 2008 at 09:51:38PM +1000, Herbert Xu wrote:
> On Mon, Aug 11, 2008 at 04:26:07PM -0400, Neil Horman wrote:
> > Patch to obscure state information on free in prng code.  Keeps prying eyes from
> > sifting through your trash :)
> 
> Thanks Neil.  I've merged this with the original patch and made
> some small changes on the API side, such as adding a reset helper
> and adding a krng that just uses get_random_bytes.
> 
> Here is the final result against cryptodev-2.6.  Let me know if
> you're OK with it and I'll push it out.
> 
> Cheers,


Looks great to me.  Thanks Herbert!

Best
Neil

> -- 
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> --
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 776f90d..15823a6 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -38,6 +38,10 @@ config CRYPTO_HASH
>  	tristate
>  	select CRYPTO_ALGAPI
>  
> +config CRYPTO_RNG
> +	tristate
> +	select CRYPTO_ALGAPI
> +
>  config CRYPTO_MANAGER
>  	tristate "Cryptographic algorithm manager"
>  	select CRYPTO_AEAD
> @@ -681,6 +685,18 @@ config CRYPTO_LZO
>  	help
>  	  This is the LZO algorithm.
>  
> +comment "Random Number Generation"
> +
> +config CRYPTO_ANSI_CPRNG
> +	tristate "Pseudo Random Number Generation for Cryptographic modules"
> +	select CRYPTO_AES
> +	select CRYPTO_CTR
> +	select CRYPTO_RNG
> +	help
> +	  This option enables the generic pseudo random number generator
> +	  for cryptographic modules.  Uses the Algorithm specified in
> +	  ANSI X9.31 A.2.4
> +
>  source "drivers/crypto/Kconfig"
>  
>  endif	# if CRYPTO
> diff --git a/crypto/Makefile b/crypto/Makefile
> index 59ab500..a14ed7d 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -24,6 +24,8 @@ obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o
>  
>  cryptomgr-objs := algboss.o testmgr.o
>  
> +rng-objs := rngapi.o krng.o
> +
>  obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o
>  obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
>  obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
> @@ -71,7 +73,8 @@ obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
>  obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
>  obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o
>  obj-$(CONFIG_CRYPTO_LZO) += lzo.o
> -
> +obj-$(CONFIG_CRYPTO_RNG) += rng.o
> +obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o
>  obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
>  
>  #
> diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
> new file mode 100644
> index 0000000..c20642e
> --- /dev/null
> +++ b/crypto/ansi_cprng.c
> @@ -0,0 +1,417 @@
> +/*
> + * PRNG: Pseudo Random Number Generator
> + *       Based on NIST Recommended PRNG From ANSI X9.31 Appendix A.2.4 using
> + *       AES 128 cipher
> + *
> + *  (C) Neil Horman <nhorman@...driver.com>
> + *
> + *  This program is free software; you can redistribute it and/or modify it
> + *  under the terms of the GNU General Public License as published by the
> + *  Free Software Foundation; either version 2 of the License, or (at your
> + *  any later version.
> + *
> + *
> + */
> +
> +#include <crypto/internal/rng.h>
> +#include <linux/err.h>
> +#include <linux/init.h>
> +#include <linux/module.h>
> +#include <linux/moduleparam.h>
> +#include <linux/string.h>
> +
> +#include "internal.h"
> +
> +#define DEFAULT_PRNG_KEY "0123456789abcdef"
> +#define DEFAULT_PRNG_KSZ 16
> +#define DEFAULT_BLK_SZ 16
> +#define DEFAULT_V_SEED "zaybxcwdveuftgsh"
> +
> +/*
> + * Flags for the prng_context flags field
> + */
> +
> +#define PRNG_FIXED_SIZE 0x1
> +#define PRNG_NEED_RESET 0x2
> +
> +/*
> + * Note: DT is our counter value
> + * 	 I is our intermediate value
> + *	 V is our seed vector
> + * See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
> + * for implementation details
> + */
> +
> +
> +struct prng_context {
> +	spinlock_t prng_lock;
> +	unsigned char rand_data[DEFAULT_BLK_SZ];
> +	unsigned char last_rand_data[DEFAULT_BLK_SZ];
> +	unsigned char DT[DEFAULT_BLK_SZ];
> +	unsigned char I[DEFAULT_BLK_SZ];
> +	unsigned char V[DEFAULT_BLK_SZ];
> +	u32 rand_data_valid;
> +	struct crypto_cipher *tfm;
> +	u32 flags;
> +};
> +
> +static int dbg;
> +
> +static void hexdump(char *note, unsigned char *buf, unsigned int len)
> +{
> +	if (dbg) {
> +		printk(KERN_CRIT "%s", note);
> +		print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
> +				16, 1,
> +				buf, len, false);
> +	}
> +}
> +
> +#define dbgprint(format, args...) do {\
> +if (dbg)\
> +	printk(format, ##args);\
> +} while (0)
> +
> +static void xor_vectors(unsigned char *in1, unsigned char *in2,
> +			unsigned char *out, unsigned int size)
> +{
> +	int i;
> +
> +	for (i = 0; i < size; i++)
> +		out[i] = in1[i] ^ in2[i];
> +
> +}
> +/*
> + * Returns DEFAULT_BLK_SZ bytes of random data per call
> + * returns 0 if generation succeded, <0 if something went wrong
> + */
> +static int _get_more_prng_bytes(struct prng_context *ctx)
> +{
> +	int i;
> +	unsigned char tmp[DEFAULT_BLK_SZ];
> +	unsigned char *output = NULL;
> +
> +
> +	dbgprint(KERN_CRIT "Calling _get_more_prng_bytes for context %p\n",
> +		ctx);
> +
> +	hexdump("Input DT: ", ctx->DT, DEFAULT_BLK_SZ);
> +	hexdump("Input I: ", ctx->I, DEFAULT_BLK_SZ);
> +	hexdump("Input V: ", ctx->V, DEFAULT_BLK_SZ);
> +
> +	/*
> +	 * This algorithm is a 3 stage state machine
> +	 */
> +	for (i = 0; i < 3; i++) {
> +
> +		switch (i) {
> +		case 0:
> +			/*
> +			 * Start by encrypting the counter value
> +			 * This gives us an intermediate value I
> +			 */
> +			memcpy(tmp, ctx->DT, DEFAULT_BLK_SZ);
> +			output = ctx->I;
> +			hexdump("tmp stage 0: ", tmp, DEFAULT_BLK_SZ);
> +			break;
> +		case 1:
> +
> +			/*
> +			 * Next xor I with our secret vector V
> +			 * encrypt that result to obtain our
> +			 * pseudo random data which we output
> +			 */
> +			xor_vectors(ctx->I, ctx->V, tmp, DEFAULT_BLK_SZ);
> +			hexdump("tmp stage 1: ", tmp, DEFAULT_BLK_SZ);
> +			output = ctx->rand_data;
> +			break;
> +		case 2:
> +			/*
> +			 * First check that we didn't produce the same
> +			 * random data that we did last time around through this
> +			 */
> +			if (!memcmp(ctx->rand_data, ctx->last_rand_data,
> +					DEFAULT_BLK_SZ)) {
> +				printk(KERN_ERR
> +					"ctx %p Failed repetition check!\n",
> +					ctx);
> +				ctx->flags |= PRNG_NEED_RESET;
> +				return -EINVAL;
> +			}
> +			memcpy(ctx->last_rand_data, ctx->rand_data,
> +				DEFAULT_BLK_SZ);
> +
> +			/*
> +			 * Lastly xor the random data with I
> +			 * and encrypt that to obtain a new secret vector V
> +			 */
> +			xor_vectors(ctx->rand_data, ctx->I, tmp,
> +				DEFAULT_BLK_SZ);
> +			output = ctx->V;
> +			hexdump("tmp stage 2: ", tmp, DEFAULT_BLK_SZ);
> +			break;
> +		}
> +
> +
> +		/* do the encryption */
> +		crypto_cipher_encrypt_one(ctx->tfm, output, tmp);
> +
> +	}
> +
> +	/*
> +	 * Now update our DT value
> +	 */
> +	for (i = 0; i < DEFAULT_BLK_SZ; i++) {
> +		ctx->DT[i] += 1;
> +		if (ctx->DT[i] != 0)
> +			break;
> +	}
> +
> +	dbgprint("Returning new block for context %p\n", ctx);
> +	ctx->rand_data_valid = 0;
> +
> +	hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ);
> +	hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ);
> +	hexdump("Output V: ", ctx->V, DEFAULT_BLK_SZ);
> +	hexdump("New Random Data: ", ctx->rand_data, DEFAULT_BLK_SZ);
> +
> +	return 0;
> +}
> +
> +/* Our exported functions */
> +static int get_prng_bytes(char *buf, size_t nbytes, struct prng_context *ctx)
> +{
> +	unsigned long flags;
> +	unsigned char *ptr = buf;
> +	unsigned int byte_count = (unsigned int)nbytes;
> +	int err;
> +
> +
> +	if (nbytes < 0)
> +		return -EINVAL;
> +
> +	spin_lock_irqsave(&ctx->prng_lock, flags);
> +
> +	err = -EINVAL;
> +	if (ctx->flags & PRNG_NEED_RESET)
> +		goto done;
> +
> +	/*
> +	 * If the FIXED_SIZE flag is on, only return whole blocks of
> +	 * pseudo random data
> +	 */
> +	err = -EINVAL;
> +	if (ctx->flags & PRNG_FIXED_SIZE) {
> +		if (nbytes < DEFAULT_BLK_SZ)
> +			goto done;
> +		byte_count = DEFAULT_BLK_SZ;
> +	}
> +
> +	err = byte_count;
> +
> +	dbgprint(KERN_CRIT "getting %d random bytes for context %p\n",
> +		byte_count, ctx);
> +
> +
> +remainder:
> +	if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
> +		if (_get_more_prng_bytes(ctx) < 0) {
> +			memset(buf, 0, nbytes);
> +			err = -EINVAL;
> +			goto done;
> +		}
> +	}
> +
> +	/*
> +	 * Copy up to the next whole block size
> +	 */
> +	if (byte_count < DEFAULT_BLK_SZ) {
> +		for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
> +			ctx->rand_data_valid++) {
> +			*ptr = ctx->rand_data[ctx->rand_data_valid];
> +			ptr++;
> +			byte_count--;
> +			if (byte_count == 0)
> +				goto done;
> +		}
> +	}
> +
> +	/*
> +	 * Now copy whole blocks
> +	 */
> +	for (; byte_count >= DEFAULT_BLK_SZ; byte_count -= DEFAULT_BLK_SZ) {
> +		if (_get_more_prng_bytes(ctx) < 0) {
> +			memset(buf, 0, nbytes);
> +			err = -EINVAL;
> +			goto done;
> +		}
> +		memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ);
> +		ctx->rand_data_valid += DEFAULT_BLK_SZ;
> +		ptr += DEFAULT_BLK_SZ;
> +	}
> +
> +	/*
> +	 * Now copy any extra partial data
> +	 */
> +	if (byte_count)
> +		goto remainder;
> +
> +done:
> +	spin_unlock_irqrestore(&ctx->prng_lock, flags);
> +	dbgprint(KERN_CRIT "returning %d from get_prng_bytes in context %p\n",
> +		err, ctx);
> +	return err;
> +}
> +
> +static void free_prng_context(struct prng_context *ctx)
> +{
> +	crypto_free_cipher(ctx->tfm);
> +}
> +
> +static int reset_prng_context(struct prng_context *ctx,
> +			      unsigned char *key, size_t klen,
> +			      unsigned char *V, unsigned char *DT)
> +{
> +	int ret;
> +	int rc = -EINVAL;
> +	unsigned char *prng_key;
> +
> +	spin_lock(&ctx->prng_lock);
> +	ctx->flags |= PRNG_NEED_RESET;
> +
> +	prng_key = (key != NULL) ? key : (unsigned char *)DEFAULT_PRNG_KEY;
> +
> +	if (!key)
> +		klen = DEFAULT_PRNG_KSZ;
> +
> +	if (V)
> +		memcpy(ctx->V, V, DEFAULT_BLK_SZ);
> +	else
> +		memcpy(ctx->V, DEFAULT_V_SEED, DEFAULT_BLK_SZ);
> +
> +	if (DT)
> +		memcpy(ctx->DT, DT, DEFAULT_BLK_SZ);
> +	else
> +		memset(ctx->DT, 0, DEFAULT_BLK_SZ);
> +
> +	memset(ctx->rand_data, 0, DEFAULT_BLK_SZ);
> +	memset(ctx->last_rand_data, 0, DEFAULT_BLK_SZ);
> +
> +	if (ctx->tfm)
> +		crypto_free_cipher(ctx->tfm);
> +
> +	ctx->tfm = crypto_alloc_cipher("aes", 0, 0);
> +	if (IS_ERR(ctx->tfm)) {
> +		dbgprint(KERN_CRIT "Failed to alloc tfm for context %p\n",
> +			ctx);
> +		ctx->tfm = NULL;
> +		goto out;
> +	}
> +
> +	ctx->rand_data_valid = DEFAULT_BLK_SZ;
> +
> +	ret = crypto_cipher_setkey(ctx->tfm, prng_key, klen);
> +	if (ret) {
> +		dbgprint(KERN_CRIT "PRNG: setkey() failed flags=%x\n",
> +			crypto_cipher_get_flags(ctx->tfm));
> +		crypto_free_cipher(ctx->tfm);
> +		goto out;
> +	}
> +
> +	rc = 0;
> +	ctx->flags &= ~PRNG_NEED_RESET;
> +out:
> +	spin_unlock(&ctx->prng_lock);
> +
> +	return rc;
> +
> +}
> +
> +static int cprng_init(struct crypto_tfm *tfm)
> +{
> +	struct prng_context *ctx = crypto_tfm_ctx(tfm);
> +
> +	spin_lock_init(&ctx->prng_lock);
> +
> +	return reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL);
> +}
> +
> +static void cprng_exit(struct crypto_tfm *tfm)
> +{
> +	free_prng_context(crypto_tfm_ctx(tfm));
> +}
> +
> +static int cprng_get_random(struct crypto_rng *tfm, u8 *rdata,
> +			    unsigned int dlen)
> +{
> +	struct prng_context *prng = crypto_rng_ctx(tfm);
> +
> +	return get_prng_bytes(rdata, dlen, prng);
> +}
> +
> +static int cprng_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen)
> +{
> +	struct prng_context *prng = crypto_rng_ctx(tfm);
> +	u8 *key = seed + DEFAULT_PRNG_KSZ;
> +
> +	if (slen < DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ)
> +		return -EINVAL;
> +
> +	reset_prng_context(prng, key, DEFAULT_PRNG_KSZ, seed, NULL);
> +
> +	if (prng->flags & PRNG_NEED_RESET)
> +		return -EINVAL;
> +	return 0;
> +}
> +
> +static struct crypto_alg rng_alg = {
> +	.cra_name		= "stdrng",
> +	.cra_driver_name	= "ansi_cprng",
> +	.cra_priority		= 100,
> +	.cra_flags		= CRYPTO_ALG_TYPE_RNG,
> +	.cra_ctxsize		= sizeof(struct prng_context),
> +	.cra_type		= &crypto_rng_type,
> +	.cra_module		= THIS_MODULE,
> +	.cra_list		= LIST_HEAD_INIT(rng_alg.cra_list),
> +	.cra_init		= cprng_init,
> +	.cra_exit		= cprng_exit,
> +	.cra_u			= {
> +		.rng = {
> +			.rng_make_random	= cprng_get_random,
> +			.rng_reset		= cprng_reset,
> +			.seedsize = DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ,
> +		}
> +	}
> +};
> +
> +
> +/* Module initalization */
> +static int __init prng_mod_init(void)
> +{
> +	int ret = 0;
> +
> +	if (fips_enabled)
> +		rng_alg.cra_priority += 200;
> +
> +	ret = crypto_register_alg(&rng_alg);
> +
> +	if (ret)
> +		goto out;
> +out:
> +	return 0;
> +}
> +
> +static void __exit prng_mod_fini(void)
> +{
> +	crypto_unregister_alg(&rng_alg);
> +	return;
> +}
> +
> +MODULE_LICENSE("GPL");
> +MODULE_DESCRIPTION("Software Pseudo Random Number Generator");
> +MODULE_AUTHOR("Neil Horman <nhorman@...driver.com>");
> +module_param(dbg, int, 0);
> +MODULE_PARM_DESC(dbg, "Boolean to enable debugging (0/1 == off/on)");
> +module_init(prng_mod_init);
> +module_exit(prng_mod_fini);
> +MODULE_ALIAS("stdrng");
> diff --git a/crypto/krng.c b/crypto/krng.c
> new file mode 100644
> index 0000000..8ef62a9
> --- /dev/null
> +++ b/crypto/krng.c
> @@ -0,0 +1,66 @@
> +/*
> + * RNG implementation using standard kernel RNG.
> + *
> + * Copyright (c) 2008 Herbert Xu <herbert@...dor.apana.org.au>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2 of the License, or (at your
> + * any later version.
> + *
> + */
> +
> +#include <crypto/internal/rng.h>
> +#include <linux/err.h>
> +#include <linux/init.h>
> +#include <linux/module.h>
> +#include <linux/random.h>
> +
> +static int krng_get_random(struct crypto_rng *tfm, u8 *rdata, unsigned int dlen)
> +{
> +	get_random_bytes(rdata, dlen);
> +	return 0;
> +}
> +
> +static int krng_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen)
> +{
> +	return 0;
> +}
> +
> +static struct crypto_alg krng_alg = {
> +	.cra_name		= "stdrng",
> +	.cra_driver_name	= "krng",
> +	.cra_priority		= 200,
> +	.cra_flags		= CRYPTO_ALG_TYPE_RNG,
> +	.cra_ctxsize		= 0,
> +	.cra_type		= &crypto_rng_type,
> +	.cra_module		= THIS_MODULE,
> +	.cra_list		= LIST_HEAD_INIT(krng_alg.cra_list),
> +	.cra_u			= {
> +		.rng = {
> +			.rng_make_random	= krng_get_random,
> +			.rng_reset		= krng_reset,
> +			.seedsize		= 0,
> +		}
> +	}
> +};
> +
> +
> +/* Module initalization */
> +static int __init krng_mod_init(void)
> +{
> +	return crypto_register_alg(&krng_alg);
> +}
> +
> +static void __exit krng_mod_fini(void)
> +{
> +	crypto_unregister_alg(&krng_alg);
> +	return;
> +}
> +
> +module_init(krng_mod_init);
> +module_exit(krng_mod_fini);
> +
> +MODULE_LICENSE("GPL");
> +MODULE_DESCRIPTION("Random Number Generator API");
> +MODULE_ALIAS("stdrng");
> diff --git a/crypto/rngapi.c b/crypto/rngapi.c
> new file mode 100644
> index 0000000..ea57697
> --- /dev/null
> +++ b/crypto/rngapi.c
> @@ -0,0 +1,74 @@
> +/*
> + * Cryptographic API.
> + *
> + * RNG operations.
> + *
> + * Copyright (c) 2008 Neil Horman <nhorman@...driver.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the Free
> + * Software Foundation; either version 2 of the License, or (at your option)
> + * any later version.
> + *
> + */
> +
> +#include <crypto/internal/rng.h>
> +#include <linux/errno.h>
> +#include <linux/module.h>
> +#include <linux/random.h>
> +#include <linux/seq_file.h>
> +#include <linux/string.h>
> +
> +static int rngapi_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen)
> +{
> +	u8 *buf = NULL;
> +	int err;
> +
> +	if (!seed && slen) {
> +		buf = kmalloc(slen, GFP_KERNEL);
> +		if (!buf)
> +			return -ENOMEM;
> +
> +		get_random_bytes(buf, slen);
> +		seed = buf;
> +	}
> +
> +	err = crypto_rng_crt(tfm)->rng_reset(tfm, seed, slen);
> +
> +	kfree(buf);
> +	return err;
> +}
> +
> +static int crypto_init_rng_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
> +{
> +	struct rng_alg *alg = &tfm->__crt_alg->cra_rng;
> +	struct rng_tfm *ops = &tfm->crt_rng;
> +
> +	ops->rng_gen_random = alg->rng_make_random;
> +	ops->rng_reset = rngapi_reset;
> +
> +	return 0;
> +}
> +
> +static void crypto_rng_show(struct seq_file *m, struct crypto_alg *alg)
> +	__attribute__ ((unused));
> +static void crypto_rng_show(struct seq_file *m, struct crypto_alg *alg)
> +{
> +	seq_printf(m, "type         : rng\n");
> +	seq_printf(m, "seedsize     : %u\n", alg->cra_rng.seedsize);
> +}
> +
> +static unsigned int crypto_rng_ctxsize(struct crypto_alg *alg, u32 type,
> +				       u32 mask)
> +{
> +	return alg->cra_ctxsize;
> +}
> +
> +const struct crypto_type crypto_rng_type = {
> +	.ctxsize = crypto_rng_ctxsize,
> +	.init = crypto_init_rng_ops,
> +#ifdef CONFIG_PROC_FS
> +	.show = crypto_rng_show,
> +#endif
> +};
> +EXPORT_SYMBOL_GPL(crypto_rng_type);
> diff --git a/include/crypto/internal/rng.h b/include/crypto/internal/rng.h
> new file mode 100644
> index 0000000..8969733
> --- /dev/null
> +++ b/include/crypto/internal/rng.h
> @@ -0,0 +1,26 @@
> +/*
> + * RNG: Random Number Generator  algorithms under the crypto API
> + *
> + * Copyright (c) 2008 Neil Horman <nhorman@...driver.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the Free
> + * Software Foundation; either version 2 of the License, or (at your option)
> + * any later version.
> + *
> + */
> +
> +#ifndef _CRYPTO_INTERNAL_RNG_H
> +#define _CRYPTO_INTERNAL_RNG_H
> +
> +#include <crypto/algapi.h>
> +#include <crypto/rng.h>
> +
> +extern const struct crypto_type crypto_rng_type;
> +
> +static inline void *crypto_rng_ctx(struct crypto_rng *tfm)
> +{
> +	return crypto_tfm_ctx(&tfm->base);
> +}
> +
> +#endif
> diff --git a/include/crypto/rng.h b/include/crypto/rng.h
> new file mode 100644
> index 0000000..7a33c63
> --- /dev/null
> +++ b/include/crypto/rng.h
> @@ -0,0 +1,70 @@
> +/*
> + * RNG: Random Number Generator  algorithms under the crypto API
> + *
> + * Copyright (c) 2008 Neil Horman <nhorman@...driver.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the Free
> + * Software Foundation; either version 2 of the License, or (at your option)
> + * any later version.
> + *
> + */
> +
> +#ifndef _CRYPTO_RNG_H
> +#define _CRYPTO_RNG_H
> +
> +#include <linux/crypto.h>
> +
> +static inline struct crypto_rng *__crypto_rng_cast(struct crypto_tfm *tfm)
> +{
> +	return (struct crypto_rng *)tfm;
> +}
> +
> +static inline struct crypto_rng *crypto_alloc_rng(const char *alg_name)
> +{
> +	u32 type, mask;
> +
> +	mask = CRYPTO_ALG_TYPE_MASK;
> +	type = CRYPTO_ALG_TYPE_RNG;
> +
> +	return __crypto_rng_cast(crypto_alloc_base(alg_name, type, mask));
> +}
> +
> +static inline struct crypto_tfm *crypto_rng_tfm(struct crypto_rng *tfm)
> +{
> +	return &tfm->base;
> +}
> +
> +static inline struct rng_alg *crypto_rng_alg(struct crypto_rng *tfm)
> +{
> +	return &crypto_rng_tfm(tfm)->__crt_alg->cra_rng;
> +}
> +
> +static inline struct rng_tfm *crypto_rng_crt(struct crypto_rng *tfm)
> +{
> +	return &crypto_rng_tfm(tfm)->crt_rng;
> +}
> +
> +static inline void crypto_free_rng(struct crypto_rng *tfm)
> +{
> +	crypto_free_tfm(crypto_rng_tfm(tfm));
> +}
> +
> +static inline int crypto_rng_get_bytes(struct crypto_rng *tfm,
> +				       u8 *rdata, unsigned int dlen)
> +{
> +	return crypto_rng_crt(tfm)->rng_gen_random(tfm, rdata, dlen);
> +}
> +
> +static inline int crypto_rng_reset(struct crypto_rng *tfm,
> +				   u8 *seed, unsigned int slen)
> +{
> +	return crypto_rng_crt(tfm)->rng_reset(tfm, seed, slen);
> +}
> +
> +static inline int crypto_rng_seedsize(struct crypto_rng *tfm)
> +{
> +	return crypto_rng_alg(tfm)->seedsize;
> +}
> +
> +#endif
> diff --git a/include/linux/crypto.h b/include/linux/crypto.h
> index 81d994a..3d2317e 100644
> --- a/include/linux/crypto.h
> +++ b/include/linux/crypto.h
> @@ -38,6 +38,7 @@
>  #define CRYPTO_ALG_TYPE_DIGEST		0x00000008
>  #define CRYPTO_ALG_TYPE_HASH		0x00000009
>  #define CRYPTO_ALG_TYPE_AHASH		0x0000000a
> +#define CRYPTO_ALG_TYPE_RNG		0x0000000c
>  
>  #define CRYPTO_ALG_TYPE_HASH_MASK	0x0000000e
>  #define CRYPTO_ALG_TYPE_AHASH_MASK	0x0000000c
> @@ -113,6 +114,7 @@ struct crypto_aead;
>  struct crypto_blkcipher;
>  struct crypto_hash;
>  struct crypto_ahash;
> +struct crypto_rng;
>  struct crypto_tfm;
>  struct crypto_type;
>  struct aead_givcrypt_request;
> @@ -298,6 +300,15 @@ struct compress_alg {
>  			      unsigned int slen, u8 *dst, unsigned int *dlen);
>  };
>  
> +struct rng_alg {
> +	int (*rng_make_random)(struct crypto_rng *tfm, u8 *rdata,
> +			       unsigned int dlen);
> +	int (*rng_reset)(struct crypto_rng *tfm, u8 *seed, unsigned int slen);
> +
> +	unsigned int seedsize;
> +};
> +
> +
>  #define cra_ablkcipher	cra_u.ablkcipher
>  #define cra_aead	cra_u.aead
>  #define cra_blkcipher	cra_u.blkcipher
> @@ -306,6 +317,7 @@ struct compress_alg {
>  #define cra_hash	cra_u.hash
>  #define cra_ahash	cra_u.ahash
>  #define cra_compress	cra_u.compress
> +#define cra_rng		cra_u.rng
>  
>  struct crypto_alg {
>  	struct list_head cra_list;
> @@ -333,6 +345,7 @@ struct crypto_alg {
>  		struct hash_alg hash;
>  		struct ahash_alg ahash;
>  		struct compress_alg compress;
> +		struct rng_alg rng;
>  	} cra_u;
>  
>  	int (*cra_init)(struct crypto_tfm *tfm);
> @@ -438,6 +451,12 @@ struct compress_tfm {
>  	                      u8 *dst, unsigned int *dlen);
>  };
>  
> +struct rng_tfm {
> +	int (*rng_gen_random)(struct crypto_rng *tfm, u8 *rdata,
> +			      unsigned int dlen);
> +	int (*rng_reset)(struct crypto_rng *tfm, u8 *seed, unsigned int slen);
> +};
> +
>  #define crt_ablkcipher	crt_u.ablkcipher
>  #define crt_aead	crt_u.aead
>  #define crt_blkcipher	crt_u.blkcipher
> @@ -445,6 +464,7 @@ struct compress_tfm {
>  #define crt_hash	crt_u.hash
>  #define crt_ahash	crt_u.ahash
>  #define crt_compress	crt_u.compress
> +#define crt_rng		crt_u.rng
>  
>  struct crypto_tfm {
>  
> @@ -458,6 +478,7 @@ struct crypto_tfm {
>  		struct hash_tfm hash;
>  		struct ahash_tfm ahash;
>  		struct compress_tfm compress;
> +		struct rng_tfm rng;
>  	} crt_u;
>  	
>  	struct crypto_alg *__crt_alg;
> @@ -489,6 +510,10 @@ struct crypto_hash {
>  	struct crypto_tfm base;
>  };
>  
> +struct crypto_rng {
> +	struct crypto_tfm base;
> +};
> +
>  enum {
>  	CRYPTOA_UNSPEC,
>  	CRYPTOA_ALG,

-- 
/***************************************************
 *Neil Horman
 *nhorman@...driver.com
 *gpg keyid: 1024D / 0x92A74FA1
 *http://pgp.mit.edu
 ***************************************************/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ