2 * Copyright IBM Corp. 2006, 2015
3 * Author(s): Jan Glauber <jan.glauber@de.ibm.com>
4 * Harald Freudenberger <freude@de.ibm.com>
5 * Driver for the s390 pseudo random number generator
8 #define KMSG_COMPONENT "prng"
9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
12 #include <linux/fips.h>
13 #include <linux/init.h>
14 #include <linux/kernel.h>
15 #include <linux/device.h>
16 #include <linux/miscdevice.h>
17 #include <linux/module.h>
18 #include <linux/moduleparam.h>
19 #include <linux/mutex.h>
20 #include <linux/cpufeature.h>
21 #include <linux/random.h>
22 #include <linux/slab.h>
23 #include <asm/debug.h>
24 #include <asm/uaccess.h>
25 #include <asm/timex.h>
26 #include <asm/cpacf.h>
28 MODULE_LICENSE("GPL");
29 MODULE_AUTHOR("IBM Corporation");
30 MODULE_DESCRIPTION("s390 PRNG interface");
33 #define PRNG_MODE_AUTO 0
34 #define PRNG_MODE_TDES 1
35 #define PRNG_MODE_SHA512 2
37 static unsigned int prng_mode = PRNG_MODE_AUTO;
38 module_param_named(mode, prng_mode, int, 0);
39 MODULE_PARM_DESC(prng_mode, "PRNG mode: 0 - auto, 1 - TDES, 2 - SHA512");
42 #define PRNG_CHUNKSIZE_TDES_MIN 8
43 #define PRNG_CHUNKSIZE_TDES_MAX (64*1024)
44 #define PRNG_CHUNKSIZE_SHA512_MIN 64
45 #define PRNG_CHUNKSIZE_SHA512_MAX (64*1024)
47 static unsigned int prng_chunk_size = 256;
48 module_param_named(chunksize, prng_chunk_size, int, 0);
49 MODULE_PARM_DESC(prng_chunk_size, "PRNG read chunk size in bytes");
52 #define PRNG_RESEED_LIMIT_TDES 4096
53 #define PRNG_RESEED_LIMIT_TDES_LOWER 4096
54 #define PRNG_RESEED_LIMIT_SHA512 100000
55 #define PRNG_RESEED_LIMIT_SHA512_LOWER 10000
57 static unsigned int prng_reseed_limit;
58 module_param_named(reseed_limit, prng_reseed_limit, int, 0);
59 MODULE_PARM_DESC(prng_reseed_limit, "PRNG reseed limit");
63 * Any one who considers arithmetical methods of producing random digits is,
64 * of course, in a state of sin. -- John von Neumann
67 static int prng_errorflag;
69 #define PRNG_GEN_ENTROPY_FAILED 1
70 #define PRNG_SELFTEST_FAILED 2
71 #define PRNG_INSTANTIATE_FAILED 3
72 #define PRNG_SEED_FAILED 4
73 #define PRNG_RESEED_FAILED 5
74 #define PRNG_GEN_FAILED 6
93 struct prng_ws_s prngws;
94 struct ppno_ws_s ppnows;
101 static struct prng_data_s *prng_data;
103 /* initial parameter block for tdes mode, copied from libica */
104 static const u8 initial_parm_block[32] __initconst = {
105 0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52,
106 0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4,
107 0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF,
108 0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0 };
111 /*** helper functions ***/
113 static int generate_entropy(u8 *ebuf, size_t nbytes)
116 u8 *pg, *h, hash[32];
118 pg = (u8 *) __get_free_page(GFP_KERNEL);
120 prng_errorflag = PRNG_GEN_ENTROPY_FAILED;
125 /* fill page with urandom bytes */
126 get_random_bytes(pg, PAGE_SIZE);
127 /* exor page with stckf values */
128 for (n = 0; n < PAGE_SIZE / sizeof(u64); n++) {
129 u64 *p = ((u64 *)pg) + n;
130 *p ^= get_tod_clock_fast();
132 n = (nbytes < sizeof(hash)) ? nbytes : sizeof(hash);
133 if (n < sizeof(hash))
137 /* generate sha256 from this page */
138 cpacf_kimd(CPACF_KIMD_SHA_256, h, pg, PAGE_SIZE);
139 if (n < sizeof(hash))
140 memcpy(ebuf, hash, n);
146 free_page((unsigned long)pg);
151 /*** tdes functions ***/
153 static void prng_tdes_add_entropy(void)
158 for (i = 0; i < 16; i++) {
159 cpacf_kmc(CPACF_KMC_PRNG, prng_data->prngws.parm_block,
160 (char *) entropy, (char *) entropy,
162 memcpy(prng_data->prngws.parm_block, entropy, sizeof(entropy));
167 static void prng_tdes_seed(int nbytes)
172 BUG_ON(nbytes > sizeof(buf));
174 get_random_bytes(buf, nbytes);
176 /* Add the entropy */
177 while (nbytes >= 8) {
178 *((__u64 *)prng_data->prngws.parm_block) ^= *((__u64 *)(buf+i));
179 prng_tdes_add_entropy();
183 prng_tdes_add_entropy();
184 prng_data->prngws.reseed_counter = 0;
188 static int __init prng_tdes_instantiate(void)
192 pr_debug("prng runs in TDES mode with "
193 "chunksize=%d and reseed_limit=%u\n",
194 prng_chunk_size, prng_reseed_limit);
196 /* memory allocation, prng_data struct init, mutex init */
197 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
198 prng_data = kzalloc(datalen, GFP_KERNEL);
200 prng_errorflag = PRNG_INSTANTIATE_FAILED;
203 mutex_init(&prng_data->mutex);
204 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
205 memcpy(prng_data->prngws.parm_block, initial_parm_block, 32);
207 /* initialize the PRNG, add 128 bits of entropy */
214 static void prng_tdes_deinstantiate(void)
216 pr_debug("The prng module stopped "
217 "after running in triple DES mode\n");
222 /*** sha512 functions ***/
224 static int __init prng_sha512_selftest(void)
226 /* NIST DRBG testvector for Hash Drbg, Sha-512, Count #0 */
227 static const u8 seed[] __initconst = {
228 0x6b, 0x50, 0xa7, 0xd8, 0xf8, 0xa5, 0x5d, 0x7a,
229 0x3d, 0xf8, 0xbb, 0x40, 0xbc, 0xc3, 0xb7, 0x22,
230 0xd8, 0x70, 0x8d, 0xe6, 0x7f, 0xda, 0x01, 0x0b,
231 0x03, 0xc4, 0xc8, 0x4d, 0x72, 0x09, 0x6f, 0x8c,
232 0x3e, 0xc6, 0x49, 0xcc, 0x62, 0x56, 0xd9, 0xfa,
233 0x31, 0xdb, 0x7a, 0x29, 0x04, 0xaa, 0xf0, 0x25 };
234 static const u8 V0[] __initconst = {
235 0x00, 0xad, 0xe3, 0x6f, 0x9a, 0x01, 0xc7, 0x76,
236 0x61, 0x34, 0x35, 0xf5, 0x4e, 0x24, 0x74, 0x22,
237 0x21, 0x9a, 0x29, 0x89, 0xc7, 0x93, 0x2e, 0x60,
238 0x1e, 0xe8, 0x14, 0x24, 0x8d, 0xd5, 0x03, 0xf1,
239 0x65, 0x5d, 0x08, 0x22, 0x72, 0xd5, 0xad, 0x95,
240 0xe1, 0x23, 0x1e, 0x8a, 0xa7, 0x13, 0xd9, 0x2b,
241 0x5e, 0xbc, 0xbb, 0x80, 0xab, 0x8d, 0xe5, 0x79,
242 0xab, 0x5b, 0x47, 0x4e, 0xdd, 0xee, 0x6b, 0x03,
243 0x8f, 0x0f, 0x5c, 0x5e, 0xa9, 0x1a, 0x83, 0xdd,
244 0xd3, 0x88, 0xb2, 0x75, 0x4b, 0xce, 0x83, 0x36,
245 0x57, 0x4b, 0xf1, 0x5c, 0xca, 0x7e, 0x09, 0xc0,
246 0xd3, 0x89, 0xc6, 0xe0, 0xda, 0xc4, 0x81, 0x7e,
247 0x5b, 0xf9, 0xe1, 0x01, 0xc1, 0x92, 0x05, 0xea,
248 0xf5, 0x2f, 0xc6, 0xc6, 0xc7, 0x8f, 0xbc, 0xf4 };
249 static const u8 C0[] __initconst = {
250 0x00, 0xf4, 0xa3, 0xe5, 0xa0, 0x72, 0x63, 0x95,
251 0xc6, 0x4f, 0x48, 0xd0, 0x8b, 0x5b, 0x5f, 0x8e,
252 0x6b, 0x96, 0x1f, 0x16, 0xed, 0xbc, 0x66, 0x94,
253 0x45, 0x31, 0xd7, 0x47, 0x73, 0x22, 0xa5, 0x86,
254 0xce, 0xc0, 0x4c, 0xac, 0x63, 0xb8, 0x39, 0x50,
255 0xbf, 0xe6, 0x59, 0x6c, 0x38, 0x58, 0x99, 0x1f,
256 0x27, 0xa7, 0x9d, 0x71, 0x2a, 0xb3, 0x7b, 0xf9,
257 0xfb, 0x17, 0x86, 0xaa, 0x99, 0x81, 0xaa, 0x43,
258 0xe4, 0x37, 0xd3, 0x1e, 0x6e, 0xe5, 0xe6, 0xee,
259 0xc2, 0xed, 0x95, 0x4f, 0x53, 0x0e, 0x46, 0x8a,
260 0xcc, 0x45, 0xa5, 0xdb, 0x69, 0x0d, 0x81, 0xc9,
261 0x32, 0x92, 0xbc, 0x8f, 0x33, 0xe6, 0xf6, 0x09,
262 0x7c, 0x8e, 0x05, 0x19, 0x0d, 0xf1, 0xb6, 0xcc,
263 0xf3, 0x02, 0x21, 0x90, 0x25, 0xec, 0xed, 0x0e };
264 static const u8 random[] __initconst = {
265 0x95, 0xb7, 0xf1, 0x7e, 0x98, 0x02, 0xd3, 0x57,
266 0x73, 0x92, 0xc6, 0xa9, 0xc0, 0x80, 0x83, 0xb6,
267 0x7d, 0xd1, 0x29, 0x22, 0x65, 0xb5, 0xf4, 0x2d,
268 0x23, 0x7f, 0x1c, 0x55, 0xbb, 0x9b, 0x10, 0xbf,
269 0xcf, 0xd8, 0x2c, 0x77, 0xa3, 0x78, 0xb8, 0x26,
270 0x6a, 0x00, 0x99, 0x14, 0x3b, 0x3c, 0x2d, 0x64,
271 0x61, 0x1e, 0xee, 0xb6, 0x9a, 0xcd, 0xc0, 0x55,
272 0x95, 0x7c, 0x13, 0x9e, 0x8b, 0x19, 0x0c, 0x7a,
273 0x06, 0x95, 0x5f, 0x2c, 0x79, 0x7c, 0x27, 0x78,
274 0xde, 0x94, 0x03, 0x96, 0xa5, 0x01, 0xf4, 0x0e,
275 0x91, 0x39, 0x6a, 0xcf, 0x8d, 0x7e, 0x45, 0xeb,
276 0xdb, 0xb5, 0x3b, 0xbf, 0x8c, 0x97, 0x52, 0x30,
277 0xd2, 0xf0, 0xff, 0x91, 0x06, 0xc7, 0x61, 0x19,
278 0xae, 0x49, 0x8e, 0x7f, 0xbc, 0x03, 0xd9, 0x0f,
279 0x8e, 0x4c, 0x51, 0x62, 0x7a, 0xed, 0x5c, 0x8d,
280 0x42, 0x63, 0xd5, 0xd2, 0xb9, 0x78, 0x87, 0x3a,
281 0x0d, 0xe5, 0x96, 0xee, 0x6d, 0xc7, 0xf7, 0xc2,
282 0x9e, 0x37, 0xee, 0xe8, 0xb3, 0x4c, 0x90, 0xdd,
283 0x1c, 0xf6, 0xa9, 0xdd, 0xb2, 0x2b, 0x4c, 0xbd,
284 0x08, 0x6b, 0x14, 0xb3, 0x5d, 0xe9, 0x3d, 0xa2,
285 0xd5, 0xcb, 0x18, 0x06, 0x69, 0x8c, 0xbd, 0x7b,
286 0xbb, 0x67, 0xbf, 0xe3, 0xd3, 0x1f, 0xd2, 0xd1,
287 0xdb, 0xd2, 0xa1, 0xe0, 0x58, 0xa3, 0xeb, 0x99,
288 0xd7, 0xe5, 0x1f, 0x1a, 0x93, 0x8e, 0xed, 0x5e,
289 0x1c, 0x1d, 0xe2, 0x3a, 0x6b, 0x43, 0x45, 0xd3,
290 0x19, 0x14, 0x09, 0xf9, 0x2f, 0x39, 0xb3, 0x67,
291 0x0d, 0x8d, 0xbf, 0xb6, 0x35, 0xd8, 0xe6, 0xa3,
292 0x69, 0x32, 0xd8, 0x10, 0x33, 0xd1, 0x44, 0x8d,
293 0x63, 0xb4, 0x03, 0xdd, 0xf8, 0x8e, 0x12, 0x1b,
294 0x6e, 0x81, 0x9a, 0xc3, 0x81, 0x22, 0x6c, 0x13,
295 0x21, 0xe4, 0xb0, 0x86, 0x44, 0xf6, 0x72, 0x7c,
296 0x36, 0x8c, 0x5a, 0x9f, 0x7a, 0x4b, 0x3e, 0xe2 };
298 u8 buf[sizeof(random)];
301 memset(&ws, 0, sizeof(ws));
304 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
305 &ws, NULL, 0, seed, sizeof(seed));
307 /* check working states V and C */
308 if (memcmp(ws.V, V0, sizeof(V0)) != 0
309 || memcmp(ws.C, C0, sizeof(C0)) != 0) {
310 pr_err("The prng self test state test "
311 "for the SHA-512 mode failed\n");
312 prng_errorflag = PRNG_SELFTEST_FAILED;
316 /* generate random bytes */
317 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
318 &ws, buf, sizeof(buf), NULL, 0);
319 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
320 &ws, buf, sizeof(buf), NULL, 0);
322 /* check against expected data */
323 if (memcmp(buf, random, sizeof(random)) != 0) {
324 pr_err("The prng self test data test "
325 "for the SHA-512 mode failed\n");
326 prng_errorflag = PRNG_SELFTEST_FAILED;
334 static int __init prng_sha512_instantiate(void)
339 pr_debug("prng runs in SHA-512 mode "
340 "with chunksize=%d and reseed_limit=%u\n",
341 prng_chunk_size, prng_reseed_limit);
343 /* memory allocation, prng_data struct init, mutex init */
344 datalen = sizeof(struct prng_data_s) + prng_chunk_size;
346 datalen += prng_chunk_size;
347 prng_data = kzalloc(datalen, GFP_KERNEL);
349 prng_errorflag = PRNG_INSTANTIATE_FAILED;
352 mutex_init(&prng_data->mutex);
353 prng_data->buf = ((u8 *)prng_data) + sizeof(struct prng_data_s);
356 ret = prng_sha512_selftest();
360 /* generate initial seed bytestring, first 48 bytes of entropy */
361 ret = generate_entropy(seed, 48);
364 /* followed by 16 bytes of unique nonce */
365 get_tod_clock_ext(seed + 48);
367 /* initial seed of the ppno drng */
368 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
369 &prng_data->ppnows, NULL, 0, seed, sizeof(seed));
371 /* if fips mode is enabled, generate a first block of random
372 bytes for the FIPS 140-2 Conditional Self Test */
374 prng_data->prev = prng_data->buf + prng_chunk_size;
375 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
377 prng_data->prev, prng_chunk_size, NULL, 0);
388 static void prng_sha512_deinstantiate(void)
390 pr_debug("The prng module stopped after running in SHA-512 mode\n");
395 static int prng_sha512_reseed(void)
400 /* generate 32 bytes of fresh entropy */
401 ret = generate_entropy(seed, sizeof(seed));
402 if (ret != sizeof(seed))
405 /* do a reseed of the ppno drng with this bytestring */
406 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_SEED,
407 &prng_data->ppnows, NULL, 0, seed, sizeof(seed));
413 static int prng_sha512_generate(u8 *buf, size_t nbytes)
417 /* reseed needed ? */
418 if (prng_data->ppnows.reseed_counter > prng_reseed_limit) {
419 ret = prng_sha512_reseed();
425 cpacf_ppno(CPACF_PPNO_SHA512_DRNG_GEN,
426 &prng_data->ppnows, buf, nbytes, NULL, 0);
428 /* FIPS 140-2 Conditional Self Test */
430 if (!memcmp(prng_data->prev, buf, nbytes)) {
431 prng_errorflag = PRNG_GEN_FAILED;
434 memcpy(prng_data->prev, buf, nbytes);
441 /*** file io functions ***/
443 static int prng_open(struct inode *inode, struct file *file)
445 return nonseekable_open(inode, file);
449 static ssize_t prng_tdes_read(struct file *file, char __user *ubuf,
450 size_t nbytes, loff_t *ppos)
452 int chunk, n, ret = 0;
454 /* lock prng_data struct */
455 if (mutex_lock_interruptible(&prng_data->mutex))
459 if (need_resched()) {
460 if (signal_pending(current)) {
465 /* give mutex free before calling schedule() */
466 mutex_unlock(&prng_data->mutex);
468 /* occopy mutex again */
469 if (mutex_lock_interruptible(&prng_data->mutex)) {
477 * we lose some random bytes if an attacker issues
478 * reads < 8 bytes, but we don't care
480 chunk = min_t(int, nbytes, prng_chunk_size);
482 /* PRNG only likes multiples of 8 bytes */
483 n = (chunk + 7) & -8;
485 if (prng_data->prngws.reseed_counter > prng_reseed_limit)
488 /* if the CPU supports PRNG stckf is present too */
489 *((unsigned long long *)prng_data->buf) = get_tod_clock_fast();
492 * Beside the STCKF the input for the TDES-EDE is the output
493 * of the last operation. We differ here from X9.17 since we
494 * only store one timestamp into the buffer. Padding the whole
495 * buffer with timestamps does not improve security, since
496 * successive stckf have nearly constant offsets.
497 * If an attacker knows the first timestamp it would be
498 * trivial to guess the additional values. One timestamp
499 * is therefore enough and still guarantees unique input values.
501 * Note: you can still get strict X9.17 conformity by setting
502 * prng_chunk_size to 8 bytes.
504 cpacf_kmc(CPACF_KMC_PRNG, prng_data->prngws.parm_block,
505 prng_data->buf, prng_data->buf, n);
507 prng_data->prngws.byte_counter += n;
508 prng_data->prngws.reseed_counter += n;
510 if (copy_to_user(ubuf, prng_data->buf, chunk))
518 /* unlock prng_data struct */
519 mutex_unlock(&prng_data->mutex);
525 static ssize_t prng_sha512_read(struct file *file, char __user *ubuf,
526 size_t nbytes, loff_t *ppos)
531 /* if errorflag is set do nothing and return 'broken pipe' */
535 /* lock prng_data struct */
536 if (mutex_lock_interruptible(&prng_data->mutex))
540 if (need_resched()) {
541 if (signal_pending(current)) {
546 /* give mutex free before calling schedule() */
547 mutex_unlock(&prng_data->mutex);
549 /* occopy mutex again */
550 if (mutex_lock_interruptible(&prng_data->mutex)) {
556 if (prng_data->rest) {
557 /* push left over random bytes from the previous read */
558 p = prng_data->buf + prng_chunk_size - prng_data->rest;
559 n = (nbytes < prng_data->rest) ?
560 nbytes : prng_data->rest;
561 prng_data->rest -= n;
563 /* generate one chunk of random bytes into read buf */
565 n = prng_sha512_generate(p, prng_chunk_size);
570 if (nbytes < prng_chunk_size) {
572 prng_data->rest = prng_chunk_size - n;
578 if (copy_to_user(ubuf, p, n)) {
587 /* unlock prng_data struct */
588 mutex_unlock(&prng_data->mutex);
594 /*** sysfs stuff ***/
596 static const struct file_operations prng_sha512_fops = {
597 .owner = THIS_MODULE,
600 .read = &prng_sha512_read,
601 .llseek = noop_llseek,
603 static const struct file_operations prng_tdes_fops = {
604 .owner = THIS_MODULE,
607 .read = &prng_tdes_read,
608 .llseek = noop_llseek,
611 static struct miscdevice prng_sha512_dev = {
613 .minor = MISC_DYNAMIC_MINOR,
615 .fops = &prng_sha512_fops,
617 static struct miscdevice prng_tdes_dev = {
619 .minor = MISC_DYNAMIC_MINOR,
621 .fops = &prng_tdes_fops,
625 /* chunksize attribute (ro) */
626 static ssize_t prng_chunksize_show(struct device *dev,
627 struct device_attribute *attr,
630 return snprintf(buf, PAGE_SIZE, "%u\n", prng_chunk_size);
632 static DEVICE_ATTR(chunksize, 0444, prng_chunksize_show, NULL);
634 /* counter attribute (ro) */
635 static ssize_t prng_counter_show(struct device *dev,
636 struct device_attribute *attr,
641 if (mutex_lock_interruptible(&prng_data->mutex))
643 if (prng_mode == PRNG_MODE_SHA512)
644 counter = prng_data->ppnows.stream_bytes;
646 counter = prng_data->prngws.byte_counter;
647 mutex_unlock(&prng_data->mutex);
649 return snprintf(buf, PAGE_SIZE, "%llu\n", counter);
651 static DEVICE_ATTR(byte_counter, 0444, prng_counter_show, NULL);
653 /* errorflag attribute (ro) */
654 static ssize_t prng_errorflag_show(struct device *dev,
655 struct device_attribute *attr,
658 return snprintf(buf, PAGE_SIZE, "%d\n", prng_errorflag);
660 static DEVICE_ATTR(errorflag, 0444, prng_errorflag_show, NULL);
662 /* mode attribute (ro) */
663 static ssize_t prng_mode_show(struct device *dev,
664 struct device_attribute *attr,
667 if (prng_mode == PRNG_MODE_TDES)
668 return snprintf(buf, PAGE_SIZE, "TDES\n");
670 return snprintf(buf, PAGE_SIZE, "SHA512\n");
672 static DEVICE_ATTR(mode, 0444, prng_mode_show, NULL);
674 /* reseed attribute (w) */
675 static ssize_t prng_reseed_store(struct device *dev,
676 struct device_attribute *attr,
677 const char *buf, size_t count)
679 if (mutex_lock_interruptible(&prng_data->mutex))
681 prng_sha512_reseed();
682 mutex_unlock(&prng_data->mutex);
686 static DEVICE_ATTR(reseed, 0200, NULL, prng_reseed_store);
688 /* reseed limit attribute (rw) */
689 static ssize_t prng_reseed_limit_show(struct device *dev,
690 struct device_attribute *attr,
693 return snprintf(buf, PAGE_SIZE, "%u\n", prng_reseed_limit);
695 static ssize_t prng_reseed_limit_store(struct device *dev,
696 struct device_attribute *attr,
697 const char *buf, size_t count)
701 if (sscanf(buf, "%u\n", &limit) != 1)
704 if (prng_mode == PRNG_MODE_SHA512) {
705 if (limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
708 if (limit < PRNG_RESEED_LIMIT_TDES_LOWER)
712 prng_reseed_limit = limit;
716 static DEVICE_ATTR(reseed_limit, 0644,
717 prng_reseed_limit_show, prng_reseed_limit_store);
719 /* strength attribute (ro) */
720 static ssize_t prng_strength_show(struct device *dev,
721 struct device_attribute *attr,
724 return snprintf(buf, PAGE_SIZE, "256\n");
726 static DEVICE_ATTR(strength, 0444, prng_strength_show, NULL);
728 static struct attribute *prng_sha512_dev_attrs[] = {
729 &dev_attr_errorflag.attr,
730 &dev_attr_chunksize.attr,
731 &dev_attr_byte_counter.attr,
733 &dev_attr_reseed.attr,
734 &dev_attr_reseed_limit.attr,
735 &dev_attr_strength.attr,
738 static struct attribute *prng_tdes_dev_attrs[] = {
739 &dev_attr_chunksize.attr,
740 &dev_attr_byte_counter.attr,
745 static struct attribute_group prng_sha512_dev_attr_group = {
746 .attrs = prng_sha512_dev_attrs
748 static struct attribute_group prng_tdes_dev_attr_group = {
749 .attrs = prng_tdes_dev_attrs
753 /*** module init and exit ***/
755 static int __init prng_init(void)
759 /* check if the CPU has a PRNG */
760 if (!cpacf_query_func(CPACF_KMC, CPACF_KMC_PRNG))
763 /* choose prng mode */
764 if (prng_mode != PRNG_MODE_TDES) {
765 /* check for MSA5 support for PPNO operations */
766 if (!cpacf_query_func(CPACF_PPNO, CPACF_PPNO_SHA512_DRNG_GEN)) {
767 if (prng_mode == PRNG_MODE_SHA512) {
768 pr_err("The prng module cannot "
769 "start in SHA-512 mode\n");
772 prng_mode = PRNG_MODE_TDES;
774 prng_mode = PRNG_MODE_SHA512;
777 if (prng_mode == PRNG_MODE_SHA512) {
781 if (prng_chunk_size < PRNG_CHUNKSIZE_SHA512_MIN
782 || prng_chunk_size > PRNG_CHUNKSIZE_SHA512_MAX)
784 prng_chunk_size = (prng_chunk_size + 0x3f) & ~0x3f;
786 if (prng_reseed_limit == 0)
787 prng_reseed_limit = PRNG_RESEED_LIMIT_SHA512;
788 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_SHA512_LOWER)
791 ret = prng_sha512_instantiate();
795 ret = misc_register(&prng_sha512_dev);
797 prng_sha512_deinstantiate();
800 ret = sysfs_create_group(&prng_sha512_dev.this_device->kobj,
801 &prng_sha512_dev_attr_group);
803 misc_deregister(&prng_sha512_dev);
804 prng_sha512_deinstantiate();
812 if (prng_chunk_size < PRNG_CHUNKSIZE_TDES_MIN
813 || prng_chunk_size > PRNG_CHUNKSIZE_TDES_MAX)
815 prng_chunk_size = (prng_chunk_size + 0x07) & ~0x07;
817 if (prng_reseed_limit == 0)
818 prng_reseed_limit = PRNG_RESEED_LIMIT_TDES;
819 else if (prng_reseed_limit < PRNG_RESEED_LIMIT_TDES_LOWER)
822 ret = prng_tdes_instantiate();
826 ret = misc_register(&prng_tdes_dev);
828 prng_tdes_deinstantiate();
831 ret = sysfs_create_group(&prng_tdes_dev.this_device->kobj,
832 &prng_tdes_dev_attr_group);
834 misc_deregister(&prng_tdes_dev);
835 prng_tdes_deinstantiate();
846 static void __exit prng_exit(void)
848 if (prng_mode == PRNG_MODE_SHA512) {
849 sysfs_remove_group(&prng_sha512_dev.this_device->kobj,
850 &prng_sha512_dev_attr_group);
851 misc_deregister(&prng_sha512_dev);
852 prng_sha512_deinstantiate();
854 sysfs_remove_group(&prng_tdes_dev.this_device->kobj,
855 &prng_tdes_dev_attr_group);
856 misc_deregister(&prng_tdes_dev);
857 prng_tdes_deinstantiate();
861 module_cpu_feature_match(MSA, prng_init);
862 module_exit(prng_exit);
projects / cascardo / linux.git / blob