2 * Copyright IBM Corp. 2006, 2015
3 * Author(s): Jan Glauber <jan.glauber@de.ibm.com>
4 * Harald Freudenberger <freude@de.ibm.com>
5 * Driver for the s390 pseudo random number generator
8 #define KMSG_COMPONENT "prng"
9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
12 #include <linux/fips.h>
13 #include <linux/init.h>
14 #include <linux/kernel.h>
15 #include <linux/device.h>
16 #include <linux/miscdevice.h>
17 #include <linux/module.h>
18 #include <linux/moduleparam.h>
19 #include <linux/mutex.h>
20 #include <linux/cpufeature.h>
21 #include <linux/random.h>
22 #include <linux/slab.h>
23 #include <asm/debug.h>
24 #include <asm/uaccess.h>
25 #include <asm/timex.h>
26 #include <asm/cpacf.h>
28 MODULE_LICENSE("GPL");
29 MODULE_AUTHOR("IBM Corporation");
30 MODULE_DESCRIPTION("s390 PRNG interface");
33 #define PRNG_MODE_AUTO 0
34 #define PRNG_MODE_TDES 1
35 #define PRNG_MODE_SHA512 2
37 static unsigned int prng_mode = PRNG_MODE_AUTO;
38 module_param_named(mode, prng_mode, int, 0);
39 MODULE_PARM_DESC(prng_mode, "PRNG mode: 0 - auto, 1 - TDES, 2 - SHA512");
42 #define PRNG_CHUNKSIZE_TDES_MIN 8
43 #define PRNG_CHUNKSIZE_TDES_MAX (64*1024)
44 #define PRNG_CHUNKSIZE_SHA512_MIN 64
45 #define PRNG_CHUNKSIZE_SHA512_MAX (64*1024)
47 static unsigned int prng_chunk_size = 256;
48 module_param_named(chunksize, prng_chunk_size, int, 0);
49 MODULE_PARM_DESC(prng_chunk_size, "PRNG read chunk size in bytes");
52 #define PRNG_RESEED_LIMIT_TDES 4096
53 #define PRNG_RESEED_LIMIT_TDES_LOWER 4096
54 #define PRNG_RESEED_LIMIT_SHA512 100000
55 #define PRNG_RESEED_LIMIT_SHA512_LOWER 10000
57 static unsigned int prng_reseed_limit;
58 module_param_named(reseed_limit, prng_reseed_limit, int, 0);
59 MODULE_PARM_DESC(prng_reseed_limit, "PRNG reseed limit");
63 * Any one who considers arithmetical methods of producing random digits is,
64 * of course, in a state of sin. -- John von Neumann
67 static int prng_errorflag;
69 #define PRNG_GEN_ENTROPY_FAILED 1
70 #define PRNG_SELFTEST_FAILED 2
71 #define PRNG_INSTANTIATE_FAILED 3
72 #define PRNG_SEED_FAILED 4
73 #define PRNG_RESEED_FAILED 5
74 #define PRNG_GEN_FAILED 6
93 struct prng_ws_s prngws;
94 struct ppno_ws_s ppnows;
101 static struct prng_data_s *prng_data;
103 /* initial parameter block for tdes mode, copied from libica */
104 static const u8 initial_parm_block[32] __initconst = {
105 0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52,
106 0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4,
107 0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF,
108 0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0 };
111 /*** helper functions ***/
115 * This algorithm produces 64 bytes of entropy data based on 1024
116 * individual stckf() invocations assuming that each stckf() value
117 * contributes 0.25 bits of entropy. So the caller gets 256 bit
118 * entropy per 64 byte or 4 bits entropy per byte.
120 static int generate_entropy(u8 *ebuf, size_t nbytes)
123 u8 *pg, *h, hash[64];
125 /* allocate 2 pages */
126 pg = (u8 *) __get_free_pages(GFP_KERNEL, 1);
128 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
133 /* fill pages with urandom bytes */
134 get_random_bytes(pg, 2*PAGE_SIZE);
135 /* exor pages with 1024 stckf values */
136 for (n = 0; n < 2 * PAGE_SIZE / sizeof(u64); n++) {
137 u64 *p = ((u64 *)pg) + n;
138 *p ^= get_tod_clock_fast();
140 n = (nbytes < sizeof(hash)) ? nbytes : sizeof(hash);
141 if (n < sizeof(hash))
145 /* hash over the filled pages */
146 cpacf_kimd(CPACF_KIMD_SHA_512, h, pg, 2*PAGE_SIZE);
147 if (n < sizeof(hash))
148 memcpy(ebuf, hash, n);
154 free_pages((unsigned long)pg, 1);
159 /*** tdes functions ***/
161 static void prng_tdes_add_entropy(void)
166 for (i = 0; i < 16; i++) {
167 cpacf_kmc(CPACF_KMC_PRNG, prng_data->prngws.parm_block,
168 (char *) entropy, (char *) entropy,
170 memcpy(prng_data->prngws.parm_block, entropy, sizeof(entropy));
175 static void prng_tdes_seed(int nbytes)
180 BUG_ON(nbytes > sizeof(buf));
182 get_random_bytes(buf, nbytes);
184 /* Add the entropy */
185 while (nbytes >= 8) {
186 *((__u64 *)prng_data->prngws.parm_block) ^= *((__u64 *)(buf+i));
187 prng_tdes_add_entropy();
191 prng_tdes_add_entropy();
192 prng_data->prngws.reseed_counter = 0;
196 static int __init prng_tdes_instantiate(void)
200 pr_debug("prng runs in TDES mode with "
201 "chunksize=%d and reseed_limit=%u\n",
202 prng_chunk_size, prng_reseed_limit);
204 /* memory allocation, prng_data struct init, mutex init */
205 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
206 prng_data = kzalloc(datalen, GFP_KERNEL);
208 prng_errorflag = PRNG_INSTANTIATE_FAILED;
211 mutex_init(&prng_data->mutex);
212 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
213 memcpy(prng_data->prngws.parm_block, initial_parm_block, 32);
215 /* initialize the PRNG, add 128 bits of entropy */
222 static void prng_tdes_deinstantiate(void)
224 pr_debug("The prng module stopped "
225 "after running in triple DES mode\n");
230 /*** sha512 functions ***/
232 static int __init prng_sha512_selftest(void)
234 /* NIST DRBG testvector for Hash Drbg, Sha-512, Count #0 */
235 static const u8 seed[] __initconst = {
236 0x6b, 0x50, 0xa7, 0xd8, 0xf8, 0xa5, 0x5d, 0x7a,
237 0x3d, 0xf8, 0xbb, 0x40, 0xbc, 0xc3, 0xb7, 0x22,
238 0xd8, 0x70, 0x8d, 0xe6, 0x7f, 0xda, 0x01, 0x0b,
239 0x03, 0xc4, 0xc8, 0x4d, 0x72, 0x09, 0x6f, 0x8c,
240 0x3e, 0xc6, 0x49, 0xcc, 0x62, 0x56, 0xd9, 0xfa,
241 0x31, 0xdb, 0x7a, 0x29, 0x04, 0xaa, 0xf0, 0x25 };
242 static const u8 V0[] __initconst = {
243 0x00, 0xad, 0xe3, 0x6f, 0x9a, 0x01, 0xc7, 0x76,
244 0x61, 0x34, 0x35, 0xf5, 0x4e, 0x24, 0x74, 0x22,
245 0x21, 0x9a, 0x29, 0x89, 0xc7, 0x93, 0x2e, 0x60,
246 0x1e, 0xe8, 0x14, 0x24, 0x8d, 0xd5, 0x03, 0xf1,
247 0x65, 0x5d, 0x08, 0x22, 0x72, 0xd5, 0xad, 0x95,
248 0xe1, 0x23, 0x1e, 0x8a, 0xa7, 0x13, 0xd9, 0x2b,
249 0x5e, 0xbc, 0xbb, 0x80, 0xab, 0x8d, 0xe5, 0x79,
250 0xab, 0x5b, 0x47, 0x4e, 0xdd, 0xee, 0x6b, 0x03,
251 0x8f, 0x0f, 0x5c, 0x5e, 0xa9, 0x1a, 0x83, 0xdd,
252 0xd3, 0x88, 0xb2, 0x75, 0x4b, 0xce, 0x83, 0x36,
253 0x57, 0x4b, 0xf1, 0x5c, 0xca, 0x7e, 0x09, 0xc0,
254 0xd3, 0x89, 0xc6, 0xe0, 0xda, 0xc4, 0x81, 0x7e,
255 0x5b, 0xf9, 0xe1, 0x01, 0xc1, 0x92, 0x05, 0xea,
256 0xf5, 0x2f, 0xc6, 0xc6, 0xc7, 0x8f, 0xbc, 0xf4 };
257 static const u8 C0[] __initconst = {
258 0x00, 0xf4, 0xa3, 0xe5, 0xa0, 0x72, 0x63, 0x95,
259 0xc6, 0x4f, 0x48, 0xd0, 0x8b, 0x5b, 0x5f, 0x8e,
260 0x6b, 0x96, 0x1f, 0x16, 0xed, 0xbc, 0x66, 0x94,
261 0x45, 0x31, 0xd7, 0x47, 0x73, 0x22, 0xa5, 0x86,
262 0xce, 0xc0, 0x4c, 0xac, 0x63, 0xb8, 0x39, 0x50,
263 0xbf, 0xe6, 0x59, 0x6c, 0x38, 0x58, 0x99, 0x1f,
264 0x27, 0xa7, 0x9d, 0x71, 0x2a, 0xb3, 0x7b, 0xf9,
265 0xfb, 0x17, 0x86, 0xaa, 0x99, 0x81, 0xaa, 0x43,
266 0xe4, 0x37, 0xd3, 0x1e, 0x6e, 0xe5, 0xe6, 0xee,
267 0xc2, 0xed, 0x95, 0x4f, 0x53, 0x0e, 0x46, 0x8a,
268 0xcc, 0x45, 0xa5, 0xdb, 0x69, 0x0d, 0x81, 0xc9,
269 0x32, 0x92, 0xbc, 0x8f, 0x33, 0xe6, 0xf6, 0x09,
270 0x7c, 0x8e, 0x05, 0x19, 0x0d, 0xf1, 0xb6, 0xcc,
271 0xf3, 0x02, 0x21, 0x90, 0x25, 0xec, 0xed, 0x0e };
272 static const u8 random[] __initconst = {
273 0x95, 0xb7, 0xf1, 0x7e, 0x98, 0x02, 0xd3, 0x57,
274 0x73, 0x92, 0xc6, 0xa9, 0xc0, 0x80, 0x83, 0xb6,
275 0x7d, 0xd1, 0x29, 0x22, 0x65, 0xb5, 0xf4, 0x2d,
276 0x23, 0x7f, 0x1c, 0x55, 0xbb, 0x9b, 0x10, 0xbf,
277 0xcf, 0xd8, 0x2c, 0x77, 0xa3, 0x78, 0xb8, 0x26,
278 0x6a, 0x00, 0x99, 0x14, 0x3b, 0x3c, 0x2d, 0x64,
279 0x61, 0x1e, 0xee, 0xb6, 0x9a, 0xcd, 0xc0, 0x55,
280 0x95, 0x7c, 0x13, 0x9e, 0x8b, 0x19, 0x0c, 0x7a,
281 0x06, 0x95, 0x5f, 0x2c, 0x79, 0x7c, 0x27, 0x78,
282 0xde, 0x94, 0x03, 0x96, 0xa5, 0x01, 0xf4, 0x0e,
283 0x91, 0x39, 0x6a, 0xcf, 0x8d, 0x7e, 0x45, 0xeb,
284 0xdb, 0xb5, 0x3b, 0xbf, 0x8c, 0x97, 0x52, 0x30,
285 0xd2, 0xf0, 0xff, 0x91, 0x06, 0xc7, 0x61, 0x19,
286 0xae, 0x49, 0x8e, 0x7f, 0xbc, 0x03, 0xd9, 0x0f,
287 0x8e, 0x4c, 0x51, 0x62, 0x7a, 0xed, 0x5c, 0x8d,
288 0x42, 0x63, 0xd5, 0xd2, 0xb9, 0x78, 0x87, 0x3a,
289 0x0d, 0xe5, 0x96, 0xee, 0x6d, 0xc7, 0xf7, 0xc2,
290 0x9e, 0x37, 0xee, 0xe8, 0xb3, 0x4c, 0x90, 0xdd,
291 0x1c, 0xf6, 0xa9, 0xdd, 0xb2, 0x2b, 0x4c, 0xbd,
292 0x08, 0x6b, 0x14, 0xb3, 0x5d, 0xe9, 0x3d, 0xa2,
293 0xd5, 0xcb, 0x18, 0x06, 0x69, 0x8c, 0xbd, 0x7b,
294 0xbb, 0x67, 0xbf, 0xe3, 0xd3, 0x1f, 0xd2, 0xd1,
295 0xdb, 0xd2, 0xa1, 0xe0, 0x58, 0xa3, 0xeb, 0x99,
296 0xd7, 0xe5, 0x1f, 0x1a, 0x93, 0x8e, 0xed, 0x5e,
297 0x1c, 0x1d, 0xe2, 0x3a, 0x6b, 0x43, 0x45, 0xd3,
298 0x19, 0x14, 0x09, 0xf9, 0x2f, 0x39, 0xb3, 0x67,
299 0x0d, 0x8d, 0xbf, 0xb6, 0x35, 0xd8, 0xe6, 0xa3,
300 0x69, 0x32, 0xd8, 0x10, 0x33, 0xd1, 0x44, 0x8d,
301 0x63, 0xb4, 0x03, 0xdd, 0xf8, 0x8e, 0x12, 0x1b,
302 0x6e, 0x81, 0x9a, 0xc3, 0x81, 0x22, 0x6c, 0x13,
303 0x21, 0xe4, 0xb0, 0x86, 0x44, 0xf6, 0x72, 0x7c,
304 0x36, 0x8c, 0x5a, 0x9f, 0x7a, 0x4b, 0x3e, 0xe2 };
306 u8 buf[sizeof(random)];
309 memset(&ws, 0, sizeof(ws));
312 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
313 &ws, NULL, 0, seed, sizeof(seed));
315 /* check working states V and C */
316 if (memcmp(ws.V, V0, sizeof(V0)) != 0
317 || memcmp(ws.C, C0, sizeof(C0)) != 0) {
318 pr_err("The prng self test state test "
319 "for the SHA-512 mode failed\n");
320 prng_errorflag = PRNG_SELFTEST_FAILED;
324 /* generate random bytes */
325 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
326 &ws, buf, sizeof(buf), NULL, 0);
327 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
328 &ws, buf, sizeof(buf), NULL, 0);
330 /* check against expected data */
331 if (memcmp(buf, random, sizeof(random)) != 0) {
332 pr_err("The prng self test data test "
333 "for the SHA-512 mode failed\n");
334 prng_errorflag = PRNG_SELFTEST_FAILED;
342 static int __init prng_sha512_instantiate(void)
345 u8 seed[64 + 32 + 16];
347 pr_debug("prng runs in SHA-512 mode "
348 "with chunksize=%d and reseed_limit=%u\n",
349 prng_chunk_size, prng_reseed_limit);
351 /* memory allocation, prng_data struct init, mutex init */
352 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
354 datalen += prng_chunk_size;
355 prng_data = kzalloc(datalen, GFP_KERNEL);
357 prng_errorflag = PRNG_INSTANTIATE_FAILED;
360 mutex_init(&prng_data->mutex);
361 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
364 ret = prng_sha512_selftest();
368 /* generate initial seed bytestring, with 256 + 128 bits entropy */
369 ret = generate_entropy(seed, 64 + 32);
372 /* followed by 16 bytes of unique nonce */
373 get_tod_clock_ext(seed + 64 + 32);
375 /* initial seed of the ppno drng */
376 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
377 &prng_data->ppnows, NULL, 0, seed, sizeof(seed));
379 /* if fips mode is enabled, generate a first block of random
380 bytes for the FIPS 140-2 Conditional Self Test */
382 prng_data->prev = prng_data->buf + prng_chunk_size;
383 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
385 prng_data->prev, prng_chunk_size, NULL, 0);
396 static void prng_sha512_deinstantiate(void)
398 pr_debug("The prng module stopped after running in SHA-512 mode\n");
403 static int prng_sha512_reseed(void)
408 /* fetch 256 bits of fresh entropy */
409 ret = generate_entropy(seed, sizeof(seed));
410 if (ret != sizeof(seed))
413 /* do a reseed of the ppno drng with this bytestring */
414 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
415 &prng_data->ppnows, NULL, 0, seed, sizeof(seed));
421 static int prng_sha512_generate(u8 *buf, size_t nbytes)
425 /* reseed needed ? */
426 if (prng_data->ppnows.reseed_counter > prng_reseed_limit) {
427 ret = prng_sha512_reseed();
433 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
434 &prng_data->ppnows, buf, nbytes, NULL, 0);
436 /* FIPS 140-2 Conditional Self Test */
438 if (!memcmp(prng_data->prev, buf, nbytes)) {
439 prng_errorflag = PRNG_GEN_FAILED;
442 memcpy(prng_data->prev, buf, nbytes);
449 /*** file io functions ***/
451 static int prng_open(struct inode *inode, struct file *file)
453 return nonseekable_open(inode, file);
457 static ssize_t prng_tdes_read(struct file *file, char __user *ubuf,
458 size_t nbytes, loff_t *ppos)
460 int chunk, n, ret = 0;
462 /* lock prng_data struct */
463 if (mutex_lock_interruptible(&prng_data->mutex))
467 if (need_resched()) {
468 if (signal_pending(current)) {
473 /* give mutex free before calling schedule() */
474 mutex_unlock(&prng_data->mutex);
476 /* occopy mutex again */
477 if (mutex_lock_interruptible(&prng_data->mutex)) {
485 * we lose some random bytes if an attacker issues
486 * reads < 8 bytes, but we don't care
488 chunk = min_t(int, nbytes, prng_chunk_size);
490 /* PRNG only likes multiples of 8 bytes */
491 n = (chunk + 7) & -8;
493 if (prng_data->prngws.reseed_counter > prng_reseed_limit)
496 /* if the CPU supports PRNG stckf is present too */
497 *((unsigned long long *)prng_data->buf) = get_tod_clock_fast();
500 * Beside the STCKF the input for the TDES-EDE is the output
501 * of the last operation. We differ here from X9.17 since we
502 * only store one timestamp into the buffer. Padding the whole
503 * buffer with timestamps does not improve security, since
504 * successive stckf have nearly constant offsets.
505 * If an attacker knows the first timestamp it would be
506 * trivial to guess the additional values. One timestamp
507 * is therefore enough and still guarantees unique input values.
509 * Note: you can still get strict X9.17 conformity by setting
510 * prng_chunk_size to 8 bytes.
512 cpacf_kmc(CPACF_KMC_PRNG, prng_data->prngws.parm_block,
513 prng_data->buf, prng_data->buf, n);
515 prng_data->prngws.byte_counter += n;
516 prng_data->prngws.reseed_counter += n;
518 if (copy_to_user(ubuf, prng_data->buf, chunk)) {
528 /* unlock prng_data struct */
529 mutex_unlock(&prng_data->mutex);
535 static ssize_t prng_sha512_read(struct file *file, char __user *ubuf,
536 size_t nbytes, loff_t *ppos)
541 /* if errorflag is set do nothing and return 'broken pipe' */
545 /* lock prng_data struct */
546 if (mutex_lock_interruptible(&prng_data->mutex))
550 if (need_resched()) {
551 if (signal_pending(current)) {
556 /* give mutex free before calling schedule() */
557 mutex_unlock(&prng_data->mutex);
559 /* occopy mutex again */
560 if (mutex_lock_interruptible(&prng_data->mutex)) {
566 if (prng_data->rest) {
567 /* push left over random bytes from the previous read */
568 p = prng_data->buf + prng_chunk_size - prng_data->rest;
569 n = (nbytes < prng_data->rest) ?
570 nbytes : prng_data->rest;
571 prng_data->rest -= n;
573 /* generate one chunk of random bytes into read buf */
575 n = prng_sha512_generate(p, prng_chunk_size);
580 if (nbytes < prng_chunk_size) {
582 prng_data->rest = prng_chunk_size - n;
588 if (copy_to_user(ubuf, p, n)) {
597 /* unlock prng_data struct */
598 mutex_unlock(&prng_data->mutex);
604 /*** sysfs stuff ***/
606 static const struct file_operations prng_sha512_fops = {
607 .owner = THIS_MODULE,
610 .read = &prng_sha512_read,
611 .llseek = noop_llseek,
613 static const struct file_operations prng_tdes_fops = {
614 .owner = THIS_MODULE,
617 .read = &prng_tdes_read,
618 .llseek = noop_llseek,
621 static struct miscdevice prng_sha512_dev = {
623 .minor = MISC_DYNAMIC_MINOR,
625 .fops = &prng_sha512_fops,
627 static struct miscdevice prng_tdes_dev = {
629 .minor = MISC_DYNAMIC_MINOR,
631 .fops = &prng_tdes_fops,
635 /* chunksize attribute (ro) */
636 static ssize_t prng_chunksize_show(struct device *dev,
637 struct device_attribute *attr,
640 return snprintf(buf, PAGE_SIZE, "%u\n", prng_chunk_size);
642 static DEVICE_ATTR(chunksize, 0444, prng_chunksize_show, NULL);
644 /* counter attribute (ro) */
645 static ssize_t prng_counter_show(struct device *dev,
646 struct device_attribute *attr,
651 if (mutex_lock_interruptible(&prng_data->mutex))
653 if (prng_mode == PRNG_MODE_SHA512)
654 counter = prng_data->ppnows.stream_bytes;
656 counter = prng_data->prngws.byte_counter;
657 mutex_unlock(&prng_data->mutex);
659 return snprintf(buf, PAGE_SIZE, "%llu\n", counter);
661 static DEVICE_ATTR(byte_counter, 0444, prng_counter_show, NULL);
663 /* errorflag attribute (ro) */
664 static ssize_t prng_errorflag_show(struct device *dev,
665 struct device_attribute *attr,
668 return snprintf(buf, PAGE_SIZE, "%d\n", prng_errorflag);
670 static DEVICE_ATTR(errorflag, 0444, prng_errorflag_show, NULL);
672 /* mode attribute (ro) */
673 static ssize_t prng_mode_show(struct device *dev,
674 struct device_attribute *attr,
677 if (prng_mode == PRNG_MODE_TDES)
678 return snprintf(buf, PAGE_SIZE, "TDES\n");
680 return snprintf(buf, PAGE_SIZE, "SHA512\n");
682 static DEVICE_ATTR(mode, 0444, prng_mode_show, NULL);
684 /* reseed attribute (w) */
685 static ssize_t prng_reseed_store(struct device *dev,
686 struct device_attribute *attr,
687 const char *buf, size_t count)
689 if (mutex_lock_interruptible(&prng_data->mutex))
691 prng_sha512_reseed();
692 mutex_unlock(&prng_data->mutex);
696 static DEVICE_ATTR(reseed, 0200, NULL, prng_reseed_store);
698 /* reseed limit attribute (rw) */
699 static ssize_t prng_reseed_limit_show(struct device *dev,
700 struct device_attribute *attr,
703 return snprintf(buf, PAGE_SIZE, "%u\n", prng_reseed_limit);
705 static ssize_t prng_reseed_limit_store(struct device *dev,
706 struct device_attribute *attr,
707 const char *buf, size_t count)
711 if (sscanf(buf, "%u\n", &limit) != 1)
714 if (prng_mode == PRNG_MODE_SHA512) {
715 if (limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
718 if (limit < PRNG_RESEED_LIMIT_TDES_LOWER)
722 prng_reseed_limit = limit;
726 static DEVICE_ATTR(reseed_limit, 0644,
727 prng_reseed_limit_show, prng_reseed_limit_store);
729 /* strength attribute (ro) */
730 static ssize_t prng_strength_show(struct device *dev,
731 struct device_attribute *attr,
734 return snprintf(buf, PAGE_SIZE, "256\n");
736 static DEVICE_ATTR(strength, 0444, prng_strength_show, NULL);
738 static struct attribute *prng_sha512_dev_attrs[] = {
739 &dev_attr_errorflag.attr,
740 &dev_attr_chunksize.attr,
741 &dev_attr_byte_counter.attr,
743 &dev_attr_reseed.attr,
744 &dev_attr_reseed_limit.attr,
745 &dev_attr_strength.attr,
748 static struct attribute *prng_tdes_dev_attrs[] = {
749 &dev_attr_chunksize.attr,
750 &dev_attr_byte_counter.attr,
755 static struct attribute_group prng_sha512_dev_attr_group = {
756 .attrs = prng_sha512_dev_attrs
758 static struct attribute_group prng_tdes_dev_attr_group = {
759 .attrs = prng_tdes_dev_attrs
763 /*** module init and exit ***/
765 static int __init prng_init(void)
769 /* check if the CPU has a PRNG */
770 if (!cpacf_query_func(CPACF_KMC, CPACF_KMC_PRNG))
773 /* choose prng mode */
774 if (prng_mode != PRNG_MODE_TDES) {
775 /* check for MSA5 support for PPNO operations */
776 if (!cpacf_query_func(CPACF_PPNO, CPACF_PPNO_SHA512_DRNG_GEN)) {
777 if (prng_mode == PRNG_MODE_SHA512) {
778 pr_err("The prng module cannot "
779 "start in SHA-512 mode\n");
782 prng_mode = PRNG_MODE_TDES;
784 prng_mode = PRNG_MODE_SHA512;
787 if (prng_mode == PRNG_MODE_SHA512) {
791 if (prng_chunk_size < PRNG_CHUNKSIZE_SHA512_MIN
792 || prng_chunk_size > PRNG_CHUNKSIZE_SHA512_MAX)
794 prng_chunk_size = (prng_chunk_size + 0x3f) & ~0x3f;
796 if (prng_reseed_limit == 0)
797 prng_reseed_limit = PRNG_RESEED_LIMIT_SHA512;
798 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
801 ret = prng_sha512_instantiate();
805 ret = misc_register(&prng_sha512_dev);
807 prng_sha512_deinstantiate();
810 ret = sysfs_create_group(&prng_sha512_dev.this_device->kobj,
811 &prng_sha512_dev_attr_group);
813 misc_deregister(&prng_sha512_dev);
814 prng_sha512_deinstantiate();
822 if (prng_chunk_size < PRNG_CHUNKSIZE_TDES_MIN
823 || prng_chunk_size > PRNG_CHUNKSIZE_TDES_MAX)
825 prng_chunk_size = (prng_chunk_size + 0x07) & ~0x07;
827 if (prng_reseed_limit == 0)
828 prng_reseed_limit = PRNG_RESEED_LIMIT_TDES;
829 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_TDES_LOWER)
832 ret = prng_tdes_instantiate();
836 ret = misc_register(&prng_tdes_dev);
838 prng_tdes_deinstantiate();
841 ret = sysfs_create_group(&prng_tdes_dev.this_device->kobj,
842 &prng_tdes_dev_attr_group);
844 misc_deregister(&prng_tdes_dev);
845 prng_tdes_deinstantiate();
856 static void __exit prng_exit(void)
858 if (prng_mode == PRNG_MODE_SHA512) {
859 sysfs_remove_group(&prng_sha512_dev.this_device->kobj,
860 &prng_sha512_dev_attr_group);
861 misc_deregister(&prng_sha512_dev);
862 prng_sha512_deinstantiate();
864 sysfs_remove_group(&prng_tdes_dev.this_device->kobj,
865 &prng_tdes_dev_attr_group);
866 misc_deregister(&prng_tdes_dev);
867 prng_tdes_deinstantiate();
871 module_cpu_feature_match(MSA, prng_init);
872 module_exit(prng_exit);
projects / releases.git / blob