Revert "ARM: tegra: tegratab: dummy change"
[linux-2.6.git] / crypto / ansi_cprng.c
index 72db0fd..6ddd99e 100644 (file)
@@ -83,9 +83,9 @@ static void xor_vectors(unsigned char *in1, unsigned char *in2,
 }
 /*
  * Returns DEFAULT_BLK_SZ bytes of random data per call
- * returns 0 if generation succeded, <0 if something went wrong
+ * returns 0 if generation succeeded, <0 if something went wrong
  */
-static int _get_more_prng_bytes(struct prng_context *ctx)
+static int _get_more_prng_bytes(struct prng_context *ctx, int cont_test)
 {
        int i;
        unsigned char tmp[DEFAULT_BLK_SZ];
@@ -132,9 +132,15 @@ static int _get_more_prng_bytes(struct prng_context *ctx)
                         */
                        if (!memcmp(ctx->rand_data, ctx->last_rand_data,
                                        DEFAULT_BLK_SZ)) {
+                               if (cont_test) {
+                                       panic("cprng %p Failed repetition check!\n",
+                                               ctx);
+                               }
+
                                printk(KERN_ERR
                                        "ctx %p Failed repetition check!\n",
                                        ctx);
+
                                ctx->flags |= PRNG_NEED_RESET;
                                return -EINVAL;
                        }
@@ -161,7 +167,7 @@ static int _get_more_prng_bytes(struct prng_context *ctx)
        /*
         * Now update our DT value
         */
-       for (i = 0; i < DEFAULT_BLK_SZ; i++) {
+       for (i = DEFAULT_BLK_SZ - 1; i >= 0; i--) {
                ctx->DT[i] += 1;
                if (ctx->DT[i] != 0)
                        break;
@@ -179,18 +185,15 @@ static int _get_more_prng_bytes(struct prng_context *ctx)
 }
 
 /* Our exported functions */
-static int get_prng_bytes(char *buf, size_t nbytes, struct prng_context *ctx)
+static int get_prng_bytes(char *buf, size_t nbytes, struct prng_context *ctx,
+                               int do_cont_test)
 {
-       unsigned long flags;
        unsigned char *ptr = buf;
        unsigned int byte_count = (unsigned int)nbytes;
        int err;
 
 
-       if (nbytes < 0)
-               return -EINVAL;
-
-       spin_lock_irqsave(&ctx->prng_lock, flags);
+       spin_lock_bh(&ctx->prng_lock);
 
        err = -EINVAL;
        if (ctx->flags & PRNG_NEED_RESET)
@@ -215,7 +218,7 @@ static int get_prng_bytes(char *buf, size_t nbytes, struct prng_context *ctx)
 
 remainder:
        if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
-               if (_get_more_prng_bytes(ctx) < 0) {
+               if (_get_more_prng_bytes(ctx, do_cont_test) < 0) {
                        memset(buf, 0, nbytes);
                        err = -EINVAL;
                        goto done;
@@ -223,9 +226,10 @@ remainder:
        }
 
        /*
-        * Copy up to the next whole block size
+        * Copy any data less than an entire block
         */
        if (byte_count < DEFAULT_BLK_SZ) {
+empty_rbuf:
                for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
                        ctx->rand_data_valid++) {
                        *ptr = ctx->rand_data[ctx->rand_data_valid];
@@ -240,24 +244,28 @@ remainder:
         * Now copy whole blocks
         */
        for (; byte_count >= DEFAULT_BLK_SZ; byte_count -= DEFAULT_BLK_SZ) {
-               if (_get_more_prng_bytes(ctx) < 0) {
-                       memset(buf, 0, nbytes);
-                       err = -EINVAL;
-                       goto done;
+               if (ctx->rand_data_valid == DEFAULT_BLK_SZ) {
+                       if (_get_more_prng_bytes(ctx, do_cont_test) < 0) {
+                               memset(buf, 0, nbytes);
+                               err = -EINVAL;
+                               goto done;
+                       }
                }
+               if (ctx->rand_data_valid > 0)
+                       goto empty_rbuf;
                memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ);
                ctx->rand_data_valid += DEFAULT_BLK_SZ;
                ptr += DEFAULT_BLK_SZ;
        }
 
        /*
-        * Now copy any extra partial data
+        * Now go back and get any remaining partial block
         */
        if (byte_count)
                goto remainder;
 
 done:
-       spin_unlock_irqrestore(&ctx->prng_lock, flags);
+       spin_unlock_bh(&ctx->prng_lock);
        dbgprint(KERN_CRIT "returning %d from get_prng_bytes in context %p\n",
                err, ctx);
        return err;
@@ -273,10 +281,9 @@ static int reset_prng_context(struct prng_context *ctx,
                              unsigned char *V, unsigned char *DT)
 {
        int ret;
-       int rc = -EINVAL;
        unsigned char *prng_key;
 
-       spin_lock(&ctx->prng_lock);
+       spin_lock_bh(&ctx->prng_lock);
        ctx->flags |= PRNG_NEED_RESET;
 
        prng_key = (key != NULL) ? key : (unsigned char *)DEFAULT_PRNG_KEY;
@@ -297,34 +304,20 @@ static int reset_prng_context(struct prng_context *ctx,
        memset(ctx->rand_data, 0, DEFAULT_BLK_SZ);
        memset(ctx->last_rand_data, 0, DEFAULT_BLK_SZ);
 
-       if (ctx->tfm)
-               crypto_free_cipher(ctx->tfm);
-
-       ctx->tfm = crypto_alloc_cipher("aes", 0, 0);
-       if (IS_ERR(ctx->tfm)) {
-               dbgprint(KERN_CRIT "Failed to alloc tfm for context %p\n",
-                       ctx);
-               ctx->tfm = NULL;
-               goto out;
-       }
-
        ctx->rand_data_valid = DEFAULT_BLK_SZ;
 
        ret = crypto_cipher_setkey(ctx->tfm, prng_key, klen);
        if (ret) {
                dbgprint(KERN_CRIT "PRNG: setkey() failed flags=%x\n",
                        crypto_cipher_get_flags(ctx->tfm));
-               crypto_free_cipher(ctx->tfm);
                goto out;
        }
 
-       rc = 0;
+       ret = 0;
        ctx->flags &= ~PRNG_NEED_RESET;
 out:
-       spin_unlock(&ctx->prng_lock);
-
-       return rc;
-
+       spin_unlock_bh(&ctx->prng_lock);
+       return ret;
 }
 
 static int cprng_init(struct crypto_tfm *tfm)
@@ -332,8 +325,23 @@ static int cprng_init(struct crypto_tfm *tfm)
        struct prng_context *ctx = crypto_tfm_ctx(tfm);
 
        spin_lock_init(&ctx->prng_lock);
+       ctx->tfm = crypto_alloc_cipher("aes", 0, 0);
+       if (IS_ERR(ctx->tfm)) {
+               dbgprint(KERN_CRIT "Failed to alloc tfm for context %p\n",
+                               ctx);
+               return PTR_ERR(ctx->tfm);
+       }
 
-       return reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL);
+       if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0)
+               return -EINVAL;
+
+       /*
+        * after allocation, we should always force the user to reset
+        * so they don't inadvertently use the insecure default values
+        * without specifying them intentially
+        */
+       ctx->flags |= PRNG_NEED_RESET;
+       return 0;
 }
 
 static void cprng_exit(struct crypto_tfm *tfm)
@@ -346,18 +354,28 @@ static int cprng_get_random(struct crypto_rng *tfm, u8 *rdata,
 {
        struct prng_context *prng = crypto_rng_ctx(tfm);
 
-       return get_prng_bytes(rdata, dlen, prng);
+       return get_prng_bytes(rdata, dlen, prng, 0);
 }
 
+/*
+ *  This is the cprng_registered reset method the seed value is
+ *  interpreted as the tuple { V KEY DT}
+ *  V and KEY are required during reset, and DT is optional, detected
+ *  as being present by testing the length of the seed
+ */
 static int cprng_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen)
 {
        struct prng_context *prng = crypto_rng_ctx(tfm);
-       u8 *key = seed + DEFAULT_PRNG_KSZ;
+       u8 *key = seed + DEFAULT_BLK_SZ;
+       u8 *dt = NULL;
 
        if (slen < DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ)
                return -EINVAL;
 
-       reset_prng_context(prng, key, DEFAULT_PRNG_KSZ, seed, NULL);
+       if (slen >= (2 * DEFAULT_BLK_SZ + DEFAULT_PRNG_KSZ))
+               dt = key + DEFAULT_PRNG_KSZ;
+
+       reset_prng_context(prng, key, DEFAULT_PRNG_KSZ, seed, dt);
 
        if (prng->flags & PRNG_NEED_RESET)
                return -EINVAL;
@@ -379,31 +397,92 @@ static struct crypto_alg rng_alg = {
                .rng = {
                        .rng_make_random        = cprng_get_random,
                        .rng_reset              = cprng_reset,
-                       .seedsize = DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ,
+                       .seedsize = DEFAULT_PRNG_KSZ + 2*DEFAULT_BLK_SZ,
                }
        }
 };
 
+#ifdef CONFIG_CRYPTO_FIPS
+static int fips_cprng_get_random(struct crypto_rng *tfm, u8 *rdata,
+                           unsigned int dlen)
+{
+       struct prng_context *prng = crypto_rng_ctx(tfm);
+
+       return get_prng_bytes(rdata, dlen, prng, 1);
+}
+
+static int fips_cprng_reset(struct crypto_rng *tfm, u8 *seed, unsigned int slen)
+{
+       u8 rdata[DEFAULT_BLK_SZ];
+       u8 *key = seed + DEFAULT_BLK_SZ;
+       int rc;
+
+       struct prng_context *prng = crypto_rng_ctx(tfm);
+
+       if (slen < DEFAULT_PRNG_KSZ + DEFAULT_BLK_SZ)
+               return -EINVAL;
+
+       /* fips strictly requires seed != key */
+       if (!memcmp(seed, key, DEFAULT_PRNG_KSZ))
+               return -EINVAL;
+
+       rc = cprng_reset(tfm, seed, slen);
+
+       if (!rc)
+               goto out;
+
+       /* this primes our continuity test */
+       rc = get_prng_bytes(rdata, DEFAULT_BLK_SZ, prng, 0);
+       prng->rand_data_valid = DEFAULT_BLK_SZ;
+
+out:
+       return rc;
+}
+
+static struct crypto_alg fips_rng_alg = {
+       .cra_name               = "fips(ansi_cprng)",
+       .cra_driver_name        = "fips_ansi_cprng",
+       .cra_priority           = 300,
+       .cra_flags              = CRYPTO_ALG_TYPE_RNG,
+       .cra_ctxsize            = sizeof(struct prng_context),
+       .cra_type               = &crypto_rng_type,
+       .cra_module             = THIS_MODULE,
+       .cra_list               = LIST_HEAD_INIT(rng_alg.cra_list),
+       .cra_init               = cprng_init,
+       .cra_exit               = cprng_exit,
+       .cra_u                  = {
+               .rng = {
+                       .rng_make_random        = fips_cprng_get_random,
+                       .rng_reset              = fips_cprng_reset,
+                       .seedsize = DEFAULT_PRNG_KSZ + 2*DEFAULT_BLK_SZ,
+               }
+       }
+};
+#endif
 
 /* Module initalization */
 static int __init prng_mod_init(void)
 {
-       int ret = 0;
+       int rc = 0;
 
-       if (fips_enabled)
-               rng_alg.cra_priority += 200;
+       rc = crypto_register_alg(&rng_alg);
+#ifdef CONFIG_CRYPTO_FIPS
+       if (rc)
+               goto out;
 
-       ret = crypto_register_alg(&rng_alg);
+       rc = crypto_register_alg(&fips_rng_alg);
 
-       if (ret)
-               goto out;
 out:
-       return 0;
+#endif
+       return rc;
 }
 
 static void __exit prng_mod_fini(void)
 {
        crypto_unregister_alg(&rng_alg);
+#ifdef CONFIG_CRYPTO_FIPS
+       crypto_unregister_alg(&fips_rng_alg);
+#endif
        return;
 }