2 * Copyright IBM Corp. 2006, 2015
3 * Author(s): Jan Glauber <jan.glauber@de.ibm.com>
4 * Harald Freudenberger <freude@de.ibm.com>
5 * Driver for the s390 pseudo random number generator
8 #define KMSG_COMPONENT "prng"
9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
12 #include <linux/fips.h>
13 #include <linux/init.h>
14 #include <linux/kernel.h>
15 #include <linux/device.h>
16 #include <linux/miscdevice.h>
17 #include <linux/module.h>
18 #include <linux/moduleparam.h>
19 #include <linux/mutex.h>
20 #include <linux/cpufeature.h>
21 #include <linux/random.h>
22 #include <linux/slab.h>
23 #include <asm/debug.h>
24 #include <asm/uaccess.h>
25 #include <asm/timex.h>
27 #include "crypt_s390.h"
29 MODULE_LICENSE("GPL");
30 MODULE_AUTHOR("IBM Corporation");
31 MODULE_DESCRIPTION("s390 PRNG interface");
34 #define PRNG_MODE_AUTO 0
35 #define PRNG_MODE_TDES 1
36 #define PRNG_MODE_SHA512 2
38 static unsigned int prng_mode = PRNG_MODE_AUTO;
39 module_param_named(mode, prng_mode, int, 0);
40 MODULE_PARM_DESC(prng_mode, "PRNG mode: 0 - auto, 1 - TDES, 2 - SHA512");
43 #define PRNG_CHUNKSIZE_TDES_MIN 8
44 #define PRNG_CHUNKSIZE_TDES_MAX (64*1024)
45 #define PRNG_CHUNKSIZE_SHA512_MIN 64
46 #define PRNG_CHUNKSIZE_SHA512_MAX (64*1024)
48 static unsigned int prng_chunk_size = 256;
49 module_param_named(chunksize, prng_chunk_size, int, 0);
50 MODULE_PARM_DESC(prng_chunk_size, "PRNG read chunk size in bytes");
53 #define PRNG_RESEED_LIMIT_TDES 4096
54 #define PRNG_RESEED_LIMIT_TDES_LOWER 4096
55 #define PRNG_RESEED_LIMIT_SHA512 100000
56 #define PRNG_RESEED_LIMIT_SHA512_LOWER 10000
58 static unsigned int prng_reseed_limit;
59 module_param_named(reseed_limit, prng_reseed_limit, int, 0);
60 MODULE_PARM_DESC(prng_reseed_limit, "PRNG reseed limit");
64 * Any one who considers arithmetical methods of producing random digits is,
65 * of course, in a state of sin. -- John von Neumann
68 static int prng_errorflag;
70 #define PRNG_GEN_ENTROPY_FAILED 1
71 #define PRNG_SELFTEST_FAILED 2
72 #define PRNG_INSTANTIATE_FAILED 3
73 #define PRNG_SEED_FAILED 4
74 #define PRNG_RESEED_FAILED 5
75 #define PRNG_GEN_FAILED 6
94 struct prng_ws_s prngws;
95 struct ppno_ws_s ppnows;
102 static struct prng_data_s *prng_data;
104 /* initial parameter block for tdes mode, copied from libica */
105 static const u8 initial_parm_block[32] __initconst = {
106 0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52,
107 0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4,
108 0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF,
109 0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0 };
112 /*** helper functions ***/
114 static int generate_entropy(u8 *ebuf, size_t nbytes)
117 u8 *pg, *h, hash[32];
119 pg = (u8 *) __get_free_page(GFP_KERNEL);
121 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
126 /* fill page with urandom bytes */
127 get_random_bytes(pg, PAGE_SIZE);
128 /* exor page with stckf values */
129 for (n = 0; n < PAGE_SIZE / sizeof(u64); n++) {
130 u64 *p = ((u64 *)pg) + n;
131 *p ^= get_tod_clock_fast();
133 n = (nbytes < sizeof(hash)) ? nbytes : sizeof(hash);
134 if (n < sizeof(hash))
138 /* generate sha256 from this page */
139 if (crypt_s390_kimd(KIMD_SHA_256, h,
140 pg, PAGE_SIZE) != PAGE_SIZE) {
141 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
145 if (n < sizeof(hash))
146 memcpy(ebuf, hash, n);
153 free_page((unsigned long)pg);
158 /*** tdes functions ***/
160 static void prng_tdes_add_entropy(void)
166 for (i = 0; i < 16; i++) {
167 ret = crypt_s390_kmc(KMC_PRNG, prng_data->prngws.parm_block,
168 (char *)entropy, (char *)entropy,
170 BUG_ON(ret < 0 || ret != sizeof(entropy));
171 memcpy(prng_data->prngws.parm_block, entropy, sizeof(entropy));
176 static void prng_tdes_seed(int nbytes)
181 BUG_ON(nbytes > sizeof(buf));
183 get_random_bytes(buf, nbytes);
185 /* Add the entropy */
186 while (nbytes >= 8) {
187 *((__u64 *)prng_data->prngws.parm_block) ^= *((__u64 *)(buf+i));
188 prng_tdes_add_entropy();
192 prng_tdes_add_entropy();
193 prng_data->prngws.reseed_counter = 0;
197 static int __init prng_tdes_instantiate(void)
201 pr_debug("prng runs in TDES mode with "
202 "chunksize=%d and reseed_limit=%u\n",
203 prng_chunk_size, prng_reseed_limit);
205 /* memory allocation, prng_data struct init, mutex init */
206 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
207 prng_data = kzalloc(datalen, GFP_KERNEL);
209 prng_errorflag = PRNG_INSTANTIATE_FAILED;
212 mutex_init(&prng_data->mutex);
213 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
214 memcpy(prng_data->prngws.parm_block, initial_parm_block, 32);
216 /* initialize the PRNG, add 128 bits of entropy */
223 static void prng_tdes_deinstantiate(void)
225 pr_debug("The prng module stopped "
226 "after running in triple DES mode\n");
231 /*** sha512 functions ***/
233 static int __init prng_sha512_selftest(void)
235 /* NIST DRBG testvector for Hash Drbg, Sha-512, Count #0 */
236 static const u8 seed[] __initconst = {
237 0x6b, 0x50, 0xa7, 0xd8, 0xf8, 0xa5, 0x5d, 0x7a,
238 0x3d, 0xf8, 0xbb, 0x40, 0xbc, 0xc3, 0xb7, 0x22,
239 0xd8, 0x70, 0x8d, 0xe6, 0x7f, 0xda, 0x01, 0x0b,
240 0x03, 0xc4, 0xc8, 0x4d, 0x72, 0x09, 0x6f, 0x8c,
241 0x3e, 0xc6, 0x49, 0xcc, 0x62, 0x56, 0xd9, 0xfa,
242 0x31, 0xdb, 0x7a, 0x29, 0x04, 0xaa, 0xf0, 0x25 };
243 static const u8 V0[] __initconst = {
244 0x00, 0xad, 0xe3, 0x6f, 0x9a, 0x01, 0xc7, 0x76,
245 0x61, 0x34, 0x35, 0xf5, 0x4e, 0x24, 0x74, 0x22,
246 0x21, 0x9a, 0x29, 0x89, 0xc7, 0x93, 0x2e, 0x60,
247 0x1e, 0xe8, 0x14, 0x24, 0x8d, 0xd5, 0x03, 0xf1,
248 0x65, 0x5d, 0x08, 0x22, 0x72, 0xd5, 0xad, 0x95,
249 0xe1, 0x23, 0x1e, 0x8a, 0xa7, 0x13, 0xd9, 0x2b,
250 0x5e, 0xbc, 0xbb, 0x80, 0xab, 0x8d, 0xe5, 0x79,
251 0xab, 0x5b, 0x47, 0x4e, 0xdd, 0xee, 0x6b, 0x03,
252 0x8f, 0x0f, 0x5c, 0x5e, 0xa9, 0x1a, 0x83, 0xdd,
253 0xd3, 0x88, 0xb2, 0x75, 0x4b, 0xce, 0x83, 0x36,
254 0x57, 0x4b, 0xf1, 0x5c, 0xca, 0x7e, 0x09, 0xc0,
255 0xd3, 0x89, 0xc6, 0xe0, 0xda, 0xc4, 0x81, 0x7e,
256 0x5b, 0xf9, 0xe1, 0x01, 0xc1, 0x92, 0x05, 0xea,
257 0xf5, 0x2f, 0xc6, 0xc6, 0xc7, 0x8f, 0xbc, 0xf4 };
258 static const u8 C0[] __initconst = {
259 0x00, 0xf4, 0xa3, 0xe5, 0xa0, 0x72, 0x63, 0x95,
260 0xc6, 0x4f, 0x48, 0xd0, 0x8b, 0x5b, 0x5f, 0x8e,
261 0x6b, 0x96, 0x1f, 0x16, 0xed, 0xbc, 0x66, 0x94,
262 0x45, 0x31, 0xd7, 0x47, 0x73, 0x22, 0xa5, 0x86,
263 0xce, 0xc0, 0x4c, 0xac, 0x63, 0xb8, 0x39, 0x50,
264 0xbf, 0xe6, 0x59, 0x6c, 0x38, 0x58, 0x99, 0x1f,
265 0x27, 0xa7, 0x9d, 0x71, 0x2a, 0xb3, 0x7b, 0xf9,
266 0xfb, 0x17, 0x86, 0xaa, 0x99, 0x81, 0xaa, 0x43,
267 0xe4, 0x37, 0xd3, 0x1e, 0x6e, 0xe5, 0xe6, 0xee,
268 0xc2, 0xed, 0x95, 0x4f, 0x53, 0x0e, 0x46, 0x8a,
269 0xcc, 0x45, 0xa5, 0xdb, 0x69, 0x0d, 0x81, 0xc9,
270 0x32, 0x92, 0xbc, 0x8f, 0x33, 0xe6, 0xf6, 0x09,
271 0x7c, 0x8e, 0x05, 0x19, 0x0d, 0xf1, 0xb6, 0xcc,
272 0xf3, 0x02, 0x21, 0x90, 0x25, 0xec, 0xed, 0x0e };
273 static const u8 random[] __initconst = {
274 0x95, 0xb7, 0xf1, 0x7e, 0x98, 0x02, 0xd3, 0x57,
275 0x73, 0x92, 0xc6, 0xa9, 0xc0, 0x80, 0x83, 0xb6,
276 0x7d, 0xd1, 0x29, 0x22, 0x65, 0xb5, 0xf4, 0x2d,
277 0x23, 0x7f, 0x1c, 0x55, 0xbb, 0x9b, 0x10, 0xbf,
278 0xcf, 0xd8, 0x2c, 0x77, 0xa3, 0x78, 0xb8, 0x26,
279 0x6a, 0x00, 0x99, 0x14, 0x3b, 0x3c, 0x2d, 0x64,
280 0x61, 0x1e, 0xee, 0xb6, 0x9a, 0xcd, 0xc0, 0x55,
281 0x95, 0x7c, 0x13, 0x9e, 0x8b, 0x19, 0x0c, 0x7a,
282 0x06, 0x95, 0x5f, 0x2c, 0x79, 0x7c, 0x27, 0x78,
283 0xde, 0x94, 0x03, 0x96, 0xa5, 0x01, 0xf4, 0x0e,
284 0x91, 0x39, 0x6a, 0xcf, 0x8d, 0x7e, 0x45, 0xeb,
285 0xdb, 0xb5, 0x3b, 0xbf, 0x8c, 0x97, 0x52, 0x30,
286 0xd2, 0xf0, 0xff, 0x91, 0x06, 0xc7, 0x61, 0x19,
287 0xae, 0x49, 0x8e, 0x7f, 0xbc, 0x03, 0xd9, 0x0f,
288 0x8e, 0x4c, 0x51, 0x62, 0x7a, 0xed, 0x5c, 0x8d,
289 0x42, 0x63, 0xd5, 0xd2, 0xb9, 0x78, 0x87, 0x3a,
290 0x0d, 0xe5, 0x96, 0xee, 0x6d, 0xc7, 0xf7, 0xc2,
291 0x9e, 0x37, 0xee, 0xe8, 0xb3, 0x4c, 0x90, 0xdd,
292 0x1c, 0xf6, 0xa9, 0xdd, 0xb2, 0x2b, 0x4c, 0xbd,
293 0x08, 0x6b, 0x14, 0xb3, 0x5d, 0xe9, 0x3d, 0xa2,
294 0xd5, 0xcb, 0x18, 0x06, 0x69, 0x8c, 0xbd, 0x7b,
295 0xbb, 0x67, 0xbf, 0xe3, 0xd3, 0x1f, 0xd2, 0xd1,
296 0xdb, 0xd2, 0xa1, 0xe0, 0x58, 0xa3, 0xeb, 0x99,
297 0xd7, 0xe5, 0x1f, 0x1a, 0x93, 0x8e, 0xed, 0x5e,
298 0x1c, 0x1d, 0xe2, 0x3a, 0x6b, 0x43, 0x45, 0xd3,
299 0x19, 0x14, 0x09, 0xf9, 0x2f, 0x39, 0xb3, 0x67,
300 0x0d, 0x8d, 0xbf, 0xb6, 0x35, 0xd8, 0xe6, 0xa3,
301 0x69, 0x32, 0xd8, 0x10, 0x33, 0xd1, 0x44, 0x8d,
302 0x63, 0xb4, 0x03, 0xdd, 0xf8, 0x8e, 0x12, 0x1b,
303 0x6e, 0x81, 0x9a, 0xc3, 0x81, 0x22, 0x6c, 0x13,
304 0x21, 0xe4, 0xb0, 0x86, 0x44, 0xf6, 0x72, 0x7c,
305 0x36, 0x8c, 0x5a, 0x9f, 0x7a, 0x4b, 0x3e, 0xe2 };
308 u8 buf[sizeof(random)];
311 memset(&ws, 0, sizeof(ws));
314 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
318 pr_err("The prng self test seed operation for the "
319 "SHA-512 mode failed with rc=%d\n", ret);
320 prng_errorflag = PRNG_SELFTEST_FAILED;
324 /* check working states V and C */
325 if (memcmp(ws.V, V0, sizeof(V0)) != 0
326 || memcmp(ws.C, C0, sizeof(C0)) != 0) {
327 pr_err("The prng self test state test "
328 "for the SHA-512 mode failed\n");
329 prng_errorflag = PRNG_SELFTEST_FAILED;
333 /* generate random bytes */
334 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
335 &ws, buf, sizeof(buf),
338 pr_err("The prng self test generate operation for "
339 "the SHA-512 mode failed with rc=%d\n", ret);
340 prng_errorflag = PRNG_SELFTEST_FAILED;
343 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
344 &ws, buf, sizeof(buf),
347 pr_err("The prng self test generate operation for "
348 "the SHA-512 mode failed with rc=%d\n", ret);
349 prng_errorflag = PRNG_SELFTEST_FAILED;
353 /* check against expected data */
354 if (memcmp(buf, random, sizeof(random)) != 0) {
355 pr_err("The prng self test data test "
356 "for the SHA-512 mode failed\n");
357 prng_errorflag = PRNG_SELFTEST_FAILED;
365 static int __init prng_sha512_instantiate(void)
370 pr_debug("prng runs in SHA-512 mode "
371 "with chunksize=%d and reseed_limit=%u\n",
372 prng_chunk_size, prng_reseed_limit);
374 /* memory allocation, prng_data struct init, mutex init */
375 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
377 datalen += prng_chunk_size;
378 prng_data = kzalloc(datalen, GFP_KERNEL);
380 prng_errorflag = PRNG_INSTANTIATE_FAILED;
383 mutex_init(&prng_data->mutex);
384 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
387 ret = prng_sha512_selftest();
391 /* generate initial seed bytestring, first 48 bytes of entropy */
392 ret = generate_entropy(seed, 48);
395 /* followed by 16 bytes of unique nonce */
396 get_tod_clock_ext(seed + 48);
398 /* initial seed of the ppno drng */
399 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
400 &prng_data->ppnows, NULL, 0,
403 prng_errorflag = PRNG_SEED_FAILED;
408 /* if fips mode is enabled, generate a first block of random
409 bytes for the FIPS 140-2 Conditional Self Test */
411 prng_data->prev = prng_data->buf + prng_chunk_size;
412 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
417 if (ret < 0 || ret != prng_chunk_size) {
418 prng_errorflag = PRNG_GEN_FAILED;
432 static void prng_sha512_deinstantiate(void)
434 pr_debug("The prng module stopped after running in SHA-512 mode\n");
439 static int prng_sha512_reseed(void)
444 /* generate 32 bytes of fresh entropy */
445 ret = generate_entropy(seed, sizeof(seed));
446 if (ret != sizeof(seed))
449 /* do a reseed of the ppno drng with this bytestring */
450 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_SEED,
451 &prng_data->ppnows, NULL, 0,
454 prng_errorflag = PRNG_RESEED_FAILED;
462 static int prng_sha512_generate(u8 *buf, size_t nbytes)
466 /* reseed needed ? */
467 if (prng_data->ppnows.reseed_counter > prng_reseed_limit) {
468 ret = prng_sha512_reseed();
474 ret = crypt_s390_ppno(PPNO_SHA512_DRNG_GEN,
475 &prng_data->ppnows, buf, nbytes,
477 if (ret < 0 || ret != nbytes) {
478 prng_errorflag = PRNG_GEN_FAILED;
482 /* FIPS 140-2 Conditional Self Test */
484 if (!memcmp(prng_data->prev, buf, nbytes)) {
485 prng_errorflag = PRNG_GEN_FAILED;
488 memcpy(prng_data->prev, buf, nbytes);
495 /*** file io functions ***/
497 static int prng_open(struct inode *inode, struct file *file)
499 return nonseekable_open(inode, file);
503 static ssize_t prng_tdes_read(struct file *file, char __user *ubuf,
504 size_t nbytes, loff_t *ppos)
506 int chunk, n, tmp, ret = 0;
508 /* lock prng_data struct */
509 if (mutex_lock_interruptible(&prng_data->mutex))
513 if (need_resched()) {
514 if (signal_pending(current)) {
519 /* give mutex free before calling schedule() */
520 mutex_unlock(&prng_data->mutex);
522 /* occopy mutex again */
523 if (mutex_lock_interruptible(&prng_data->mutex)) {
531 * we lose some random bytes if an attacker issues
532 * reads < 8 bytes, but we don't care
534 chunk = min_t(int, nbytes, prng_chunk_size);
536 /* PRNG only likes multiples of 8 bytes */
537 n = (chunk + 7) & -8;
539 if (prng_data->prngws.reseed_counter > prng_reseed_limit)
542 /* if the CPU supports PRNG stckf is present too */
543 *((unsigned long long *)prng_data->buf) = get_tod_clock_fast();
546 * Beside the STCKF the input for the TDES-EDE is the output
547 * of the last operation. We differ here from X9.17 since we
548 * only store one timestamp into the buffer. Padding the whole
549 * buffer with timestamps does not improve security, since
550 * successive stckf have nearly constant offsets.
551 * If an attacker knows the first timestamp it would be
552 * trivial to guess the additional values. One timestamp
553 * is therefore enough and still guarantees unique input values.
555 * Note: you can still get strict X9.17 conformity by setting
556 * prng_chunk_size to 8 bytes.
558 tmp = crypt_s390_kmc(KMC_PRNG, prng_data->prngws.parm_block,
559 prng_data->buf, prng_data->buf, n);
560 if (tmp < 0 || tmp != n) {
565 prng_data->prngws.byte_counter += n;
566 prng_data->prngws.reseed_counter += n;
568 if (copy_to_user(ubuf, prng_data->buf, chunk)) {
578 /* unlock prng_data struct */
579 mutex_unlock(&prng_data->mutex);
585 static ssize_t prng_sha512_read(struct file *file, char __user *ubuf,
586 size_t nbytes, loff_t *ppos)
591 /* if errorflag is set do nothing and return 'broken pipe' */
595 /* lock prng_data struct */
596 if (mutex_lock_interruptible(&prng_data->mutex))
600 if (need_resched()) {
601 if (signal_pending(current)) {
606 /* give mutex free before calling schedule() */
607 mutex_unlock(&prng_data->mutex);
609 /* occopy mutex again */
610 if (mutex_lock_interruptible(&prng_data->mutex)) {
616 if (prng_data->rest) {
617 /* push left over random bytes from the previous read */
618 p = prng_data->buf + prng_chunk_size - prng_data->rest;
619 n = (nbytes < prng_data->rest) ?
620 nbytes : prng_data->rest;
621 prng_data->rest -= n;
623 /* generate one chunk of random bytes into read buf */
625 n = prng_sha512_generate(p, prng_chunk_size);
630 if (nbytes < prng_chunk_size) {
632 prng_data->rest = prng_chunk_size - n;
638 if (copy_to_user(ubuf, p, n)) {
647 /* unlock prng_data struct */
648 mutex_unlock(&prng_data->mutex);
654 /*** sysfs stuff ***/
656 static const struct file_operations prng_sha512_fops = {
657 .owner = THIS_MODULE,
660 .read = &prng_sha512_read,
661 .llseek = noop_llseek,
663 static const struct file_operations prng_tdes_fops = {
664 .owner = THIS_MODULE,
667 .read = &prng_tdes_read,
668 .llseek = noop_llseek,
671 static struct miscdevice prng_sha512_dev = {
673 .minor = MISC_DYNAMIC_MINOR,
675 .fops = &prng_sha512_fops,
677 static struct miscdevice prng_tdes_dev = {
679 .minor = MISC_DYNAMIC_MINOR,
681 .fops = &prng_tdes_fops,
685 /* chunksize attribute (ro) */
686 static ssize_t prng_chunksize_show(struct device *dev,
687 struct device_attribute *attr,
690 return snprintf(buf, PAGE_SIZE, "%u\n", prng_chunk_size);
692 static DEVICE_ATTR(chunksize, 0444, prng_chunksize_show, NULL);
694 /* counter attribute (ro) */
695 static ssize_t prng_counter_show(struct device *dev,
696 struct device_attribute *attr,
701 if (mutex_lock_interruptible(&prng_data->mutex))
703 if (prng_mode == PRNG_MODE_SHA512)
704 counter = prng_data->ppnows.stream_bytes;
706 counter = prng_data->prngws.byte_counter;
707 mutex_unlock(&prng_data->mutex);
709 return snprintf(buf, PAGE_SIZE, "%llu\n", counter);
711 static DEVICE_ATTR(byte_counter, 0444, prng_counter_show, NULL);
713 /* errorflag attribute (ro) */
714 static ssize_t prng_errorflag_show(struct device *dev,
715 struct device_attribute *attr,
718 return snprintf(buf, PAGE_SIZE, "%d\n", prng_errorflag);
720 static DEVICE_ATTR(errorflag, 0444, prng_errorflag_show, NULL);
722 /* mode attribute (ro) */
723 static ssize_t prng_mode_show(struct device *dev,
724 struct device_attribute *attr,
727 if (prng_mode == PRNG_MODE_TDES)
728 return snprintf(buf, PAGE_SIZE, "TDES\n");
730 return snprintf(buf, PAGE_SIZE, "SHA512\n");
732 static DEVICE_ATTR(mode, 0444, prng_mode_show, NULL);
734 /* reseed attribute (w) */
735 static ssize_t prng_reseed_store(struct device *dev,
736 struct device_attribute *attr,
737 const char *buf, size_t count)
739 if (mutex_lock_interruptible(&prng_data->mutex))
741 prng_sha512_reseed();
742 mutex_unlock(&prng_data->mutex);
746 static DEVICE_ATTR(reseed, 0200, NULL, prng_reseed_store);
748 /* reseed limit attribute (rw) */
749 static ssize_t prng_reseed_limit_show(struct device *dev,
750 struct device_attribute *attr,
753 return snprintf(buf, PAGE_SIZE, "%u\n", prng_reseed_limit);
755 static ssize_t prng_reseed_limit_store(struct device *dev,
756 struct device_attribute *attr,
757 const char *buf, size_t count)
761 if (sscanf(buf, "%u\n", &limit) != 1)
764 if (prng_mode == PRNG_MODE_SHA512) {
765 if (limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
768 if (limit < PRNG_RESEED_LIMIT_TDES_LOWER)
772 prng_reseed_limit = limit;
776 static DEVICE_ATTR(reseed_limit, 0644,
777 prng_reseed_limit_show, prng_reseed_limit_store);
779 /* strength attribute (ro) */
780 static ssize_t prng_strength_show(struct device *dev,
781 struct device_attribute *attr,
784 return snprintf(buf, PAGE_SIZE, "256\n");
786 static DEVICE_ATTR(strength, 0444, prng_strength_show, NULL);
788 static struct attribute *prng_sha512_dev_attrs[] = {
789 &dev_attr_errorflag.attr,
790 &dev_attr_chunksize.attr,
791 &dev_attr_byte_counter.attr,
793 &dev_attr_reseed.attr,
794 &dev_attr_reseed_limit.attr,
795 &dev_attr_strength.attr,
798 static struct attribute *prng_tdes_dev_attrs[] = {
799 &dev_attr_chunksize.attr,
800 &dev_attr_byte_counter.attr,
805 static struct attribute_group prng_sha512_dev_attr_group = {
806 .attrs = prng_sha512_dev_attrs
808 static struct attribute_group prng_tdes_dev_attr_group = {
809 .attrs = prng_tdes_dev_attrs
813 /*** module init and exit ***/
815 static int __init prng_init(void)
819 /* check if the CPU has a PRNG */
820 if (!crypt_s390_func_available(KMC_PRNG, CRYPT_S390_MSA))
823 /* choose prng mode */
824 if (prng_mode != PRNG_MODE_TDES) {
825 /* check for MSA5 support for PPNO operations */
826 if (!crypt_s390_func_available(PPNO_SHA512_DRNG_GEN,
828 if (prng_mode == PRNG_MODE_SHA512) {
829 pr_err("The prng module cannot "
830 "start in SHA-512 mode\n");
833 prng_mode = PRNG_MODE_TDES;
835 prng_mode = PRNG_MODE_SHA512;
838 if (prng_mode == PRNG_MODE_SHA512) {
842 if (prng_chunk_size < PRNG_CHUNKSIZE_SHA512_MIN
843 || prng_chunk_size > PRNG_CHUNKSIZE_SHA512_MAX)
845 prng_chunk_size = (prng_chunk_size + 0x3f) & ~0x3f;
847 if (prng_reseed_limit == 0)
848 prng_reseed_limit = PRNG_RESEED_LIMIT_SHA512;
849 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
852 ret = prng_sha512_instantiate();
856 ret = misc_register(&prng_sha512_dev);
858 prng_sha512_deinstantiate();
861 ret = sysfs_create_group(&prng_sha512_dev.this_device->kobj,
862 &prng_sha512_dev_attr_group);
864 misc_deregister(&prng_sha512_dev);
865 prng_sha512_deinstantiate();
873 if (prng_chunk_size < PRNG_CHUNKSIZE_TDES_MIN
874 || prng_chunk_size > PRNG_CHUNKSIZE_TDES_MAX)
876 prng_chunk_size = (prng_chunk_size + 0x07) & ~0x07;
878 if (prng_reseed_limit == 0)
879 prng_reseed_limit = PRNG_RESEED_LIMIT_TDES;
880 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_TDES_LOWER)
883 ret = prng_tdes_instantiate();
887 ret = misc_register(&prng_tdes_dev);
889 prng_tdes_deinstantiate();
892 ret = sysfs_create_group(&prng_tdes_dev.this_device->kobj,
893 &prng_tdes_dev_attr_group);
895 misc_deregister(&prng_tdes_dev);
896 prng_tdes_deinstantiate();
907 static void __exit prng_exit(void)
909 if (prng_mode == PRNG_MODE_SHA512) {
910 sysfs_remove_group(&prng_sha512_dev.this_device->kobj,
911 &prng_sha512_dev_attr_group);
912 misc_deregister(&prng_sha512_dev);
913 prng_sha512_deinstantiate();
915 sysfs_remove_group(&prng_tdes_dev.this_device->kobj,
916 &prng_tdes_dev_attr_group);
917 misc_deregister(&prng_tdes_dev);
918 prng_tdes_deinstantiate();
922 module_cpu_feature_match(MSA, prng_init);
923 module_exit(prng_exit);
Code Review / kvmfornfv.git / blob