-
Notifications
You must be signed in to change notification settings - Fork 63
/
rngd_rndr.c
193 lines (165 loc) · 4.55 KB
/
rngd_rndr.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
/*
* Copyright (c) 2021, Benjamin Herrenschmidt and
* Balbir Singh, Amazon.com, Inc. or its affiliates
*
* Loosely based on rngd_darn.c: Copyright (c) 2017, Neil Horman
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
*
*/
#define _GNU_SOURCE
#ifndef HAVE_CONFIG_H
#error Invalid or missing autoconf build environment
#endif
#include "rng-tools-config.h"
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/auxv.h>
#include "rngd.h"
#include "rngd_entsource.h"
#include "ossl_helpers.h"
/* Kernel headers may be too old */
#ifndef HWCAP2_RNG
#define HWCAP2_RNG (1 << 16)
#endif
static struct ossl_aes_ctx *ossl_ctx;
static unsigned char key[AES_BLOCK];
static unsigned char iv_buf[AES_BLOCK];
#define CHUNK_SIZE (AES_BLOCK*8)
static unsigned char aes_buf[CHUNK_SIZE];
static size_t aes_buf_pos;
#define REKEY_BITS 8
static int rekey_count;
/*
* Runs the get_rndr instruction, returns false on failure
*/
static bool get_rndr(uint64_t *rndr_val)
{
bool ok;
int i;
/* Let's try 10 times, that should be enough, before we give up */
for (i=0; i < 10; i++){
asm volatile("mrs %0, s3_3_c2_c4_0\n"
"\tcset %w1, ne\n"
: "=r" (*rndr_val), "=r" (ok)
:
: "cc");
if (ok)
break;
/*
* The spec implies we should wait some milliseconds for HW
* to recover... Let's try up to 10 times with 1ms delay
*/
usleep(1000);
}
return ok;
}
static int get_random_key(unsigned char *out_key)
{
uint64_t val1, val2;
if (!get_rndr(&val1) || !get_rndr(&val2))
return 1;
memcpy(&out_key[0], &val1, sizeof(uint64_t));
memcpy(&out_key[8], &val2, sizeof(uint64_t));
return 0;
}
static int rekey(struct rng *ent_src)
{
uint64_t thr;
message_entsrc(ent_src, LOG_DAEMON|LOG_DEBUG, "Rekeying...\n");
/* Grab new key & iv_buf from HW */
if (get_random_key(key) || get_random_key(iv_buf))
return 1;
/* Grab a new 8 bits random rekey threshold, we thus
* rekey every 1 to 255 refills
*/
memcpy(&rekey_count, key, sizeof(rekey_count));
rekey_count &= ((1 << REKEY_BITS)-1);
return 0;
}
static int refill(struct rng *ent_src)
{
message_entsrc(ent_src, LOG_DAEMON|LOG_DEBUG, "Refilling...\n");
if (--rekey_count < 0 && rekey(ent_src)) {
message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG,
"failed to get AES seed randomness\n");
return 1;
}
/* Re-mangle the buffer */
aes_buf_pos = 0;
return ossl_aes_mangle(ossl_ctx, aes_buf, CHUNK_SIZE) < 0;
}
static int fill_from_aes(struct rng *ent_src, void *buf, size_t size)
{
size_t chunk, avail, i;
for (i = 0; i < size; i += chunk) {
avail = CHUNK_SIZE - aes_buf_pos;
chunk = size <= avail ? size : avail;
memcpy(buf + i, &aes_buf[aes_buf_pos], chunk);
aes_buf_pos += chunk;
if (aes_buf_pos == CHUNK_SIZE && refill(ent_src))
return 1;
}
return 0;
}
static int init_openssl(struct rng *ent_src)
{
ossl_ctx = ossl_aes_init(key, iv_buf);
if (ossl_ctx == NULL) {
message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG,
"openssl initialization failed\n");
return 1;
}
return refill(ent_src);
}
static int fill_from_rndr(void *buf, size_t size)
{
uint64_t r;
size_t chunk;
while (size) {
/* Grab 64-bits */
if (!get_rndr(&r))
return 1;
/* This is endian-broken but who cares for random
* numbers ?
*/
chunk = size > 8 ? 8 : size;
memcpy(buf, &r, chunk);
size -= chunk;
buf += chunk;
}
return 0;
}
int xread_rndr(void *buf, size_t size, struct rng *ent_src)
{
if (ent_src->rng_options[DRNG_OPT_AES].int_val)
return fill_from_aes(ent_src, buf, size);
else
return fill_from_rndr(buf, size);
}
/*
* Confirm RNDR capabilities for drng entropy source
*/
int init_rndr_entropy_source(struct rng *ent_src)
{
if (!(getauxval(AT_HWCAP2) & HWCAP2_RNG)) {
message_entsrc(ent_src, LOG_DAEMON|LOG_INFO, "No HW SUPPORT\n");
return 1;
}
message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling aarch64 RNDR rng support\n");
if (ent_src->rng_options[DRNG_OPT_AES].int_val && init_openssl(ent_src))
return 1;
return 0;
}