[PATCH v6 0/8] upstream hwrng framework

[PATCH v6 0/8] upstream hwrng framework

[Oleksij Rempel]

changes v1:
 - initial version

changes v2:
 - drop Freescale RNGC for now. It need more testing
 - add caamrng port
 - fix hwrng_init()
 - fix hwrng_get_first check in get_random_bytes

changes v3:
 - check if hwrng_get_data returns error
 - provide /dev/randomdd random device

changes v4:
 - provide get_crypto_bytes() interface.
 - add CONFIG_ALLOW_PRNG_FALLBACK
 - make cmd_password use get_crypto_bytes
 - add cmd_seed

changes v5:
 - make cmd_seed fail if no VALUE is set

changes v6:
 - reword second patch and remove useless if (bytes > lenght) check.

Oleksij Rempel (6):
  lib: random: add get_crypto_bytes interface and use HWRNG if posssible
  caamrng: port to hwrng framework
  fs: add prng device
  crypto: caam - fix RNG buffer cache alignment
  common: password: make use of get_crypto_bytes
  add seed command

Sascha Hauer (1):
  Release v2017.02.0

Steffen Trumtrar (1):
  drivers: add simple hw_random implementation

 Makefile                      |   2 +-
 commands/Kconfig              |   6 +++
 commands/Makefile             |   1 +
 commands/seed.c               |  44 +++++++++++++++++
 commands/stddev.c             |  29 ++++++++++++
 common/password.c             |   6 ++-
 drivers/Kconfig               |   1 +
 drivers/Makefile              |   1 +
 drivers/crypto/caam/Kconfig   |   1 +
 drivers/crypto/caam/caamrng.c |  44 ++++++-----------
 drivers/hw_random/Kconfig     |   6 +++
 drivers/hw_random/Makefile    |   1 +
 drivers/hw_random/core.c      | 108 ++++++++++++++++++++++++++++++++++++++++++
 include/linux/hw_random.h     |  43 +++++++++++++++++
 include/stdlib.h              |   1 +
 lib/Kconfig                   |   9 ++++
 lib/random.c                  |  56 ++++++++++++++++++++++
 17 files changed, 328 insertions(+), 31 deletions(-)
 create mode 100644 commands/seed.c
 create mode 100644 drivers/hw_random/Kconfig
 create mode 100644 drivers/hw_random/Makefile
 create mode 100644 drivers/hw_random/core.c
 create mode 100644 include/linux/hw_random.h

-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v6 1/8] Release v2017.02.0

[Oleksij Rempel]

From: Sascha Hauer <s.hauer@pengutronix.de>

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 042486a99..ff2ed8fc0 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 VERSION = 2017
-PATCHLEVEL = 01
+PATCHLEVEL = 02
 SUBLEVEL = 0
 EXTRAVERSION =
 NAME = None
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v6 2/8] drivers: add simple hw_random implementation

[Oleksij Rempel]

From: Steffen Trumtrar <s.trumtrar@pengutronix.de>

Add a simple hw_random implementation based on code from
Linux v4.5-rc5.

All the entropypool initialization stuff is left out and
the obsolete data_read/data_present calls are omitted.

Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 drivers/Kconfig            |   1 +
 drivers/Makefile           |   1 +
 drivers/hw_random/Kconfig  |   6 +++
 drivers/hw_random/Makefile |   1 +
 drivers/hw_random/core.c   | 108 +++++++++++++++++++++++++++++++++++++++++++++
 include/linux/hw_random.h  |  43 ++++++++++++++++++
 6 files changed, 160 insertions(+)
 create mode 100644 drivers/hw_random/Kconfig
 create mode 100644 drivers/hw_random/Makefile
 create mode 100644 drivers/hw_random/core.c
 create mode 100644 include/linux/hw_random.h

diff --git a/drivers/Kconfig b/drivers/Kconfig
index cc086ac2d..2f5784a4d 100644
--- a/drivers/Kconfig
+++ b/drivers/Kconfig
@@ -21,6 +21,7 @@ source "drivers/eeprom/Kconfig"
 source "drivers/input/Kconfig"
 source "drivers/watchdog/Kconfig"
 source "drivers/pwm/Kconfig"
+source "drivers/hw_random/Kconfig"
 source "drivers/dma/Kconfig"
 source "drivers/gpio/Kconfig"
 source "drivers/w1/Kconfig"
diff --git a/drivers/Makefile b/drivers/Makefile
index 6a70f6ee1..7e9b80e59 100644
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -20,6 +20,7 @@ obj-y	+= misc/
 obj-y	+= dma/
 obj-y  += watchdog/
 obj-y	+= gpio/
+obj-$(CONFIG_HWRNG) += hw_random/
 obj-$(CONFIG_OFTREE) += of/
 obj-$(CONFIG_W1) += w1/
 obj-y += pinctrl/
diff --git a/drivers/hw_random/Kconfig b/drivers/hw_random/Kconfig
new file mode 100644
index 000000000..807fcadd3
--- /dev/null
+++ b/drivers/hw_random/Kconfig
@@ -0,0 +1,6 @@
+menuconfig HWRNG
+	bool "HWRNG Support"
+	help
+	  Support for HWRNG(Hardware Random Number Generator) devices.
+
+	  If unsure, say no.
diff --git a/drivers/hw_random/Makefile b/drivers/hw_random/Makefile
new file mode 100644
index 000000000..15307b100
--- /dev/null
+++ b/drivers/hw_random/Makefile
@@ -0,0 +1 @@
+obj-$(CONFIG_HWRNG)		+= core.o
diff --git a/drivers/hw_random/core.c b/drivers/hw_random/core.c
new file mode 100644
index 000000000..2991f58c3
--- /dev/null
+++ b/drivers/hw_random/core.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2016 Pengutronix, Steffen Trumtrar <kernel@pengutronix.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * derived from Linux kernel drivers/char/hw_random/core.c
+ */
+
+#include <common.h>
+#include <linux/hw_random.h>
+#include <malloc.h>
+
+static LIST_HEAD(hwrngs);
+
+#define RNG_BUFFER_SIZE		32
+
+int hwrng_get_data(struct hwrng *rng, void *buffer, size_t size, int wait)
+{
+	return rng->read(rng, buffer, size, wait);
+}
+
+static int hwrng_init(struct hwrng *rng)
+{
+	int ret = 0;
+
+	if (rng->init)
+		ret = rng->init(rng);
+
+	if (!ret)
+		list_add_tail(&rng->list, &hwrngs);
+
+	return ret;
+}
+
+static ssize_t rng_dev_read(struct cdev *cdev, void *buf, size_t size,
+			    loff_t offset, unsigned long flags)
+{
+	struct hwrng *rng = container_of(cdev, struct hwrng, cdev);
+	size_t count = size;
+	ssize_t cur = 0;
+	int len;
+
+	memset(buf, 0, size);
+
+	while (count) {
+		int max = min(count, (size_t)RNG_BUFFER_SIZE);
+		len = hwrng_get_data(rng, rng->buf, max, true);
+		if (len < 0) {
+			cur = len;
+			break;
+		}
+
+		memcpy(buf + cur, rng->buf, len);
+
+		count -= len;
+		cur += len;
+	}
+
+	return cur;
+}
+
+static struct file_operations rng_chrdev_ops = {
+	.read  = rng_dev_read,
+	.lseek = dev_lseek_default,
+};
+
+static int hwrng_register_cdev(struct hwrng *rng)
+{
+	rng->cdev.name = "hwrng";
+	rng->cdev.flags = DEVFS_IS_CHARACTER_DEV;
+	rng->cdev.ops = &rng_chrdev_ops;
+	rng->cdev.dev = rng->dev;
+
+	return devfs_create(&rng->cdev);
+}
+
+struct hwrng *hwrng_get_first(void)
+{
+	if (list_empty(&hwrngs))
+		return ERR_PTR(-ENODEV);
+	else
+		return list_first_entry(&hwrngs, struct hwrng, list);
+}
+
+int hwrng_register(struct device_d *dev, struct hwrng *rng)
+{
+	int err;
+
+	if (rng->name == NULL || rng->read == NULL)
+		return -EINVAL;
+
+	rng->buf = xzalloc(RNG_BUFFER_SIZE);
+	rng->dev = dev;
+
+	err = hwrng_init(rng);
+	if (err) {
+		free(rng->buf);
+		return err;
+	}
+
+	err = hwrng_register_cdev(rng);
+	if (err)
+		free(rng->buf);
+
+	return err;
+}
diff --git a/include/linux/hw_random.h b/include/linux/hw_random.h
new file mode 100644
index 000000000..299a717dd
--- /dev/null
+++ b/include/linux/hw_random.h
@@ -0,0 +1,43 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef LINUX_HWRANDOM_H_
+#define LINUX_HWRANDOM_H_
+
+#include <linux/list.h>
+
+/**
+ * struct hwrng - Hardware Random Number Generator driver
+ * @name:		Unique RNG name.
+ * @init:		Initialization callback (can be NULL).
+ * @read:		New API. drivers can fill up to max bytes of data
+ *			into the buffer. The buffer is aligned for any type.
+ * @priv:		Private data, for use by the RNG driver.
+ */
+struct hwrng {
+	const char *name;
+	int (*init)(struct hwrng *rng);
+	int (*read)(struct hwrng *rng, void *data, size_t max, bool wait);
+
+	struct list_head list;
+
+	struct cdev cdev;
+	struct device_d *dev;
+	void *buf;
+};
+
+/* Register a new Hardware Random Number Generator driver. */
+int hwrng_register(struct device_d *dev, struct hwrng *rng);
+struct hwrng *hwrng_get_first(void);
+int hwrng_get_data(struct hwrng *rng, void *buffer, size_t size, int wait);
+
+#endif /* LINUX_HWRANDOM_H_ */
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v6 3/8] lib: random: add get_crypto_bytes interface and use HWRNG if posssible

[Oleksij Rempel]

For crypto applications we need to use some thing else as PRNG.
So provide get_crypto_bytes() and use HWRNG as main source.
PRNG is allowed as fallback if user decided to configure it so.

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 include/stdlib.h |  1 +
 lib/Kconfig      |  9 +++++++++
 lib/random.c     | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+)

diff --git a/include/stdlib.h b/include/stdlib.h
index f3185069f..ee3f22996 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -13,6 +13,7 @@ void srand(unsigned int seed);
 
 /* fill a buffer with pseudo-random data */
 void get_random_bytes(void *buf, int len);
+int get_crypto_bytes(void *buf, int len);
 
 static inline u32 random32(void)
 {
diff --git a/lib/Kconfig b/lib/Kconfig
index f9f25bdef..c16511c05 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -66,6 +66,15 @@ config RATP
 	  transferring packets over serial links described in RFC916. This implementation
 	  is used for controlling barebox over serial ports.
 
+config ALLOW_PRNG_FALLBACK
+	bool "Allow fallback to PRNG if HWRNG not available."
+	help
+	  WARNING: it is not secure!!
+
+	  get_crypto_bytes() users like cmd_password relay on HWRNG. If HWRNG is not
+	  available and this option is disabled, cmd_password will fail.
+	  Enable it on your own risk.
+
 source lib/gui/Kconfig
 
 source lib/fonts/Kconfig
diff --git a/lib/random.c b/lib/random.c
index 210fea994..1cd8166bf 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -1,5 +1,6 @@
 #include <common.h>
 #include <stdlib.h>
+#include <linux/hw_random.h>
 
 static unsigned int random_seed;
 
@@ -18,6 +19,11 @@ void srand(unsigned int seed)
 	random_seed = seed;
 }
 
+/**
+ * get_random_bytes - get pseudo random numbers.
+ * This interface can be good enough to generate MAC address
+ * or use for NAND test.
+ */
 void get_random_bytes(void *_buf, int len)
 {
 	char *buf = _buf;
@@ -25,3 +31,53 @@ void get_random_bytes(void *_buf, int len)
 	while (len--)
 		*buf++ = rand() % 256;
 }
+
+/**
+ * get_crypto_bytes - get random numbers suitable for cryptographic needs.
+ */
+static int _get_crypto_bytes(void *_buf, int len)
+{
+	struct hwrng *rng;
+	u8 *buf = _buf;
+
+	if (!IS_ENABLED(CONFIG_HWRNG))
+		return -ENOENT;
+
+	rng = hwrng_get_first();
+	if (IS_ERR(rng))
+		return PTR_ERR(rng);
+
+	while (len) {
+		int bytes = hwrng_get_data(rng, buf, len, true);
+		if (!bytes)
+			return -ENOMEDIUM;
+
+		if (bytes < 0)
+			return bytes;
+
+		len -= bytes;
+		buf = buf + bytes;
+	}
+
+	return 0;
+}
+
+int get_crypto_bytes(void *buf, int len)
+{
+	int err;
+
+	err = _get_crypto_bytes(buf, len);
+	if (!err)
+		return 0;
+
+	if (!IS_ENABLED(CONFIG_ALLOW_PRNG_FALLBACK)) {
+		pr_err("error: no HWRNG available!\n");
+		return err;
+	}
+
+	pr_warn("warning: falling back to Pseudo RNG source!\n");
+
+	get_random_bytes(buf, len);
+
+	return 0;
+}
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v6 4/8] caamrng: port to hwrng framework

[Oleksij Rempel]

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 drivers/crypto/caam/Kconfig   |  1 +
 drivers/crypto/caam/caamrng.c | 40 ++++++++++++----------------------------
 2 files changed, 13 insertions(+), 28 deletions(-)

diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig
index cf05d1c07..2ab509d11 100644
--- a/drivers/crypto/caam/Kconfig
+++ b/drivers/crypto/caam/Kconfig
@@ -29,6 +29,7 @@ config CRYPTO_DEV_FSL_CAAM_RINGSIZE
 config CRYPTO_DEV_FSL_CAAM_RNG
 	bool "Register caam RNG device"
 	depends on CRYPTO_DEV_FSL_CAAM
+	depends on HWRNG
 	default y
 	help
 	  Selecting this will register the SEC4 hardware rng.
diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
index 0fef171a2..aabad0416 100644
--- a/drivers/crypto/caam/caamrng.c
+++ b/drivers/crypto/caam/caamrng.c
@@ -35,6 +35,7 @@
 #include <driver.h>
 #include <init.h>
 #include <linux/spinlock.h>
+#include <linux/hw_random.h>
 
 #include "regs.h"
 #include "intern.h"
@@ -71,7 +72,7 @@ struct caam_rng_ctx {
 	unsigned int cur_buf_idx;
 	int current_buf;
 	struct buf_data bufs[2];
-	struct cdev cdev;
+	struct hwrng rng;
 };
 
 static struct caam_rng_ctx *rng_ctx;
@@ -116,8 +117,9 @@ static inline int submit_job(struct caam_rng_ctx *ctx, int to_current)
 	return err;
 }
 
-static int caam_read(struct caam_rng_ctx *ctx, void *data, size_t max, bool wait)
+static int caam_read(struct hwrng *rng, void *data, size_t max, bool wait)
 {
+	struct caam_rng_ctx *ctx = container_of(rng, struct caam_rng_ctx, rng);
 	struct buf_data *bd = &ctx->bufs[ctx->current_buf];
 	int next_buf_idx, copied_idx;
 	int err;
@@ -162,7 +164,7 @@ static int caam_read(struct caam_rng_ctx *ctx, void *data, size_t max, bool wait
 	dev_dbg(ctx->jrdev, "switched to buffer %d\n", ctx->current_buf);
 
 	/* since there already is some data read, don't wait */
-	return copied_idx + caam_read(ctx, data + copied_idx,
+	return copied_idx + caam_read(rng, data + copied_idx,
 				      max - copied_idx, false);
 }
 
@@ -248,29 +250,6 @@ static int caam_init_rng(struct caam_rng_ctx *ctx, struct device_d *jrdev)
 	return 0;
 }
 
-static ssize_t random_read(struct cdev *cdev, void *buf, size_t count,
-			   loff_t offset, ulong flags)
-{
-	struct caam_rng_ctx *ctx = container_of(cdev, struct caam_rng_ctx, cdev);
-
-	return caam_read(ctx, buf, count, true);
-}
-
-static struct file_operations randomops = {
-	.read  = random_read,
-	.lseek = dev_lseek_default,
-};
-
-static int caam_init_devrandom(struct caam_rng_ctx *ctx, struct device_d *dev)
-{
-	ctx->cdev.name = "hwrng";
-	ctx->cdev.flags = DEVFS_IS_CHARACTER_DEV;
-	ctx->cdev.ops = &randomops;
-	ctx->cdev.dev = dev;
-
-	return devfs_create(&ctx->cdev);
-}
-
 int caam_rng_probe(struct device_d *dev, struct device_d *jrdev)
 {
 	int err;
@@ -281,9 +260,14 @@ int caam_rng_probe(struct device_d *dev, struct device_d *jrdev)
 	if (err)
 		return err;
 
-	err = caam_init_devrandom(rng_ctx, dev);
-	if (err)
+	rng_ctx->rng.name = dev->name;
+	rng_ctx->rng.read = caam_read;
+
+	err = hwrng_register(dev, &rng_ctx->rng);
+	if (err) {
+		dev_err(dev, "rng-caam registering failed (%d)\n", err);
 		return err;
+	}
 
 	dev_info(dev, "registering rng-caam\n");
 
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v6 5/8] fs: add prng device

[Oleksij Rempel]

this should provide easy access to get_random_bytes() interfaces.

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 commands/stddev.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/commands/stddev.c b/commands/stddev.c
index 318d05741..93da2c739 100644
--- a/commands/stddev.c
+++ b/commands/stddev.c
@@ -17,6 +17,7 @@
 
 #include <common.h>
 #include <init.h>
+#include <stdlib.h>
 
 static ssize_t zero_read(struct cdev *cdev, void *buf, size_t count, loff_t offset, ulong flags)
 {
@@ -100,3 +101,31 @@ static int null_init(void)
 }
 
 device_initcall(null_init);
+
+static ssize_t prng_read(struct cdev *cdev, void *buf, size_t count, loff_t offset, ulong flags)
+{
+	get_random_bytes(buf, count);
+	return count;
+}
+
+static struct file_operations prngops = {
+	.read  = prng_read,
+	.lseek = dev_lseek_default,
+};
+
+static int prng_init(void)
+{
+	struct cdev *cdev;
+
+	cdev = xzalloc(sizeof (*cdev));
+
+	cdev->name = "prng";
+	cdev->flags = DEVFS_IS_CHARACTER_DEV;
+	cdev->ops = &prngops;
+
+	devfs_create(cdev);
+
+	return 0;
+}
+
+device_initcall(prng_init);
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v6 6/8] crypto: caam - fix RNG buffer cache alignment

[Oleksij Rempel]

this is alternate version of linux fix:
---------------------------------------------------------------------
| commit 412c98c1bef65fe7589f1300e93735d96130307c
| Author: Steve Cornelius <steve.cornelius@freescale.com>
| Date:   Mon Jun 15 16:52:59 2015 -0700
|
| crypto: caam - fix RNG buffer cache alignment
|
| The hwrng output buffers (2) are cast inside of a a struct (caam_rng_ctx)
| allocated in one DMA-tagged region. While the kernel's heap allocator
| should place the overall struct on a cacheline aligned boundary, the 2
| buffers contained within may not necessarily align. Consenquently, the
| ends of unaligned buffers may not fully flush, and if so, stale data will be
| left behind, resulting in small repeating patterns.
|
| This fix aligns the buffers inside the struct.
|
| Note that not all of the data inside caam_rng_ctx necessarily needs to
| be DMA-tagged, only the buffers themselves require this. However, a fix
| would incur the expense of error-handling bloat in the case of allocation
| failure.
|
| Cc: stable@vger.kernel.org
| Signed-off-by: Steve Cornelius <steve.cornelius@freescale.com>
| Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---------------------------------------------------------------------

instead we will use just dma_alloc()

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 drivers/crypto/caam/caamrng.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
index aabad0416..31a92731d 100644
--- a/drivers/crypto/caam/caamrng.c
+++ b/drivers/crypto/caam/caamrng.c
@@ -55,7 +55,7 @@
 
 /* Buffer, its dma address and lock */
 struct buf_data {
-	u8 buf[RN_BUF_SIZE];
+	u8 *buf;
 	dma_addr_t addr;
 	u32 hw_desc[DESC_JOB_O_LEN];
 #define BUF_NOT_EMPTY 0
@@ -218,6 +218,8 @@ static int caam_init_buf(struct caam_rng_ctx *ctx, int buf_id)
 	struct buf_data *bd = &ctx->bufs[buf_id];
 	int err;
 
+	bd->buf = dma_alloc(RN_BUF_SIZE);
+
 	err = rng_create_job_desc(ctx, buf_id);
 	if (err)
 		return err;
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v6 7/8] common: password: make use of get_crypto_bytes

[Oleksij Rempel]

get_random_bytes is providing prng, if we have HWRNG we should be
able to use it over get_crypto_bytes

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 common/password.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/password.c b/common/password.c
index d52b746f0..74d328f4b 100644
--- a/common/password.c
+++ b/common/password.c
@@ -365,7 +365,11 @@ int set_env_passwd(unsigned char* passwd, size_t length)
 		char *salt = passwd_sum;
 		int keylen = PBKDF2_LENGTH - PBKDF2_SALT_LEN;
 
-		get_random_bytes(passwd_sum, PBKDF2_SALT_LEN);
+		ret = get_crypto_bytes(passwd_sum, PBKDF2_SALT_LEN);
+		if (ret) {
+			pr_err("Can't get random numbers\n");
+			return ret;
+		}
 
 		ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt,
 				PBKDF2_SALT_LEN, PBKDF2_COUNT, keylen, key);
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v6 8/8] add seed command

[Oleksij Rempel]

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 commands/Kconfig  |  6 ++++++
 commands/Makefile |  1 +
 commands/seed.c   | 44 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 commands/seed.c

diff --git a/commands/Kconfig b/commands/Kconfig
index 21d921268..c983b62d0 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -2115,6 +2115,12 @@ config CMD_SPD_DECODE
 	help
 	  decode spd eeprom
 
+config CMD_SEED
+	tristate
+	prompt "seed"
+	help
+	  Seed the pseudo random number generator (PRNG)
+
 # end Miscellaneous commands
 endmenu
 
diff --git a/commands/Makefile b/commands/Makefile
index 601f15fc3..ab5902156 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -120,3 +120,4 @@ obj-$(CONFIG_CMD_DHRYSTONE)	+= dhrystone.o
 obj-$(CONFIG_CMD_SPD_DECODE)	+= spd_decode.o
 obj-$(CONFIG_CMD_MMC_EXTCSD)	+= mmc_extcsd.o
 obj-$(CONFIG_CMD_NAND_BITFLIP)	+= nand-bitflip.o
+obj-$(CONFIG_CMD_SEED)		+= seed.o
diff --git a/commands/seed.c b/commands/seed.c
new file mode 100644
index 000000000..e378cd763
--- /dev/null
+++ b/commands/seed.c
@@ -0,0 +1,44 @@
+/*
+ * (c) 2017 Oleksij Rempel <kernel@pengutronix.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <common.h>
+#include <command.h>
+#include <stdlib.h>
+#include <linux/ctype.h>
+
+static int do_seed(int argc, char *argv[])
+{
+	if (argc < 2)
+		return COMMAND_ERROR_USAGE;
+
+	if (isdigit(*argv[1])) {
+		srand(simple_strtoul(argv[1], NULL, 0));
+		return 0;
+	}
+
+	printf("numerical parameter expected\n");
+	return 1;
+}
+
+BAREBOX_CMD_HELP_START(seed)
+BAREBOX_CMD_HELP_TEXT("Seed the pseudo random number generator")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(seed)
+	.cmd = do_seed,
+	BAREBOX_CMD_DESC("seed the PRNG")
+	BAREBOX_CMD_OPTS("VALUE")
+	BAREBOX_CMD_GROUP(CMD_GRP_MISC)
+	BAREBOX_CMD_HELP(cmd_seed_help)
+BAREBOX_CMD_END
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v6 1/8] Release v2017.02.0

[Oleksij Rempel]

Oops.. please ignore this patch.

On 03/21/2017 03:00 PM, Oleksij Rempel wrote:
> From: Sascha Hauer <s.hauer@pengutronix.de>
>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
> ---
>  Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/Makefile b/Makefile
> index 042486a99..ff2ed8fc0 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1,5 +1,5 @@
>  VERSION = 2017
> -PATCHLEVEL = 01
> +PATCHLEVEL = 02
>  SUBLEVEL = 0
>  EXTRAVERSION =
>  NAME = None
>

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v6 3/8] lib: random: add get_crypto_bytes interface and use HWRNG if posssible

[Sascha Hauer]

On Tue, Mar 21, 2017 at 03:00:20PM +0100, Oleksij Rempel wrote:
> For crypto applications we need to use some thing else as PRNG.
> So provide get_crypto_bytes() and use HWRNG as main source.
> PRNG is allowed as fallback if user decided to configure it so.
> 
>  static unsigned int random_seed;
>  
> @@ -18,6 +19,11 @@ void srand(unsigned int seed)
>  	random_seed = seed;
>  }
>  
> +/**
> + * get_random_bytes - get pseudo random numbers.
> + * This interface can be good enough to generate MAC address
> + * or use for NAND test.
> + */
>  void get_random_bytes(void *_buf, int len)
>  {
>  	char *buf = _buf;
> @@ -25,3 +31,53 @@ void get_random_bytes(void *_buf, int len)
>  	while (len--)
>  		*buf++ = rand() % 256;
>  }
> +
> +/**
> + * get_crypto_bytes - get random numbers suitable for cryptographic needs.
> + */
> +static int _get_crypto_bytes(void *_buf, int len)
> +{
> +	struct hwrng *rng;
> +	u8 *buf = _buf;

This extra u8 buffer pointer seems unnecessary. Why not use the input
void * throughout the function?

> +
> +	if (!IS_ENABLED(CONFIG_HWRNG))
> +		return -ENOENT;
> +
> +	rng = hwrng_get_first();

Instead of having to test for CONFIG_HWRNG in the users
hwrng_get_first() could be a static inline function when CONFIG_HWRNG is
disabled.

Sascha


-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v6 2/8] drivers: add simple hw_random implementation

[Sascha Hauer]

On Tue, Mar 21, 2017 at 03:00:19PM +0100, Oleksij Rempel wrote:
> From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
> 
> Add a simple hw_random implementation based on code from
> Linux v4.5-rc5.
> 
> All the entropypool initialization stuff is left out and
> the obsolete data_read/data_present calls are omitted.
> 
> Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
> Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
> ---
>  drivers/Kconfig            |   1 +
>  drivers/Makefile           |   1 +
>  drivers/hw_random/Kconfig  |   6 +++
>  drivers/hw_random/Makefile |   1 +
>  drivers/hw_random/core.c   | 108 +++++++++++++++++++++++++++++++++++++++++++++
>  include/linux/hw_random.h  |  43 ++++++++++++++++++
>  6 files changed, 160 insertions(+)
>  create mode 100644 drivers/hw_random/Kconfig
>  create mode 100644 drivers/hw_random/Makefile
>  create mode 100644 drivers/hw_random/core.c
>  create mode 100644 include/linux/hw_random.h
> 
> diff --git a/drivers/Kconfig b/drivers/Kconfig
> index cc086ac2d..2f5784a4d 100644
> --- a/drivers/Kconfig
> +++ b/drivers/Kconfig
> @@ -21,6 +21,7 @@ source "drivers/eeprom/Kconfig"
>  source "drivers/input/Kconfig"
>  source "drivers/watchdog/Kconfig"
>  source "drivers/pwm/Kconfig"
> +source "drivers/hw_random/Kconfig"
>  source "drivers/dma/Kconfig"
>  source "drivers/gpio/Kconfig"
>  source "drivers/w1/Kconfig"
> diff --git a/drivers/Makefile b/drivers/Makefile
> index 6a70f6ee1..7e9b80e59 100644
> --- a/drivers/Makefile
> +++ b/drivers/Makefile
> @@ -20,6 +20,7 @@ obj-y	+= misc/
>  obj-y	+= dma/
>  obj-y  += watchdog/
>  obj-y	+= gpio/
> +obj-$(CONFIG_HWRNG) += hw_random/
>  obj-$(CONFIG_OFTREE) += of/
>  obj-$(CONFIG_W1) += w1/
>  obj-y += pinctrl/
> diff --git a/drivers/hw_random/Kconfig b/drivers/hw_random/Kconfig
> new file mode 100644
> index 000000000..807fcadd3
> --- /dev/null
> +++ b/drivers/hw_random/Kconfig
> @@ -0,0 +1,6 @@
> +menuconfig HWRNG
> +	bool "HWRNG Support"
> +	help
> +	  Support for HWRNG(Hardware Random Number Generator) devices.
> +
> +	  If unsure, say no.
> diff --git a/drivers/hw_random/Makefile b/drivers/hw_random/Makefile
> new file mode 100644
> index 000000000..15307b100
> --- /dev/null
> +++ b/drivers/hw_random/Makefile
> @@ -0,0 +1 @@
> +obj-$(CONFIG_HWRNG)		+= core.o
> diff --git a/drivers/hw_random/core.c b/drivers/hw_random/core.c
> new file mode 100644
> index 000000000..2991f58c3
> --- /dev/null
> +++ b/drivers/hw_random/core.c
> @@ -0,0 +1,108 @@
> +/*
> + * Copyright (c) 2016 Pengutronix, Steffen Trumtrar <kernel@pengutronix.de>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2
> + * as published by the Free Software Foundation.
> + *
> + * derived from Linux kernel drivers/char/hw_random/core.c
> + */
> +
> +#include <common.h>
> +#include <linux/hw_random.h>
> +#include <malloc.h>
> +
> +static LIST_HEAD(hwrngs);
> +
> +#define RNG_BUFFER_SIZE		32
> +
> +int hwrng_get_data(struct hwrng *rng, void *buffer, size_t size, int wait)
> +{
> +	return rng->read(rng, buffer, size, wait);
> +}
> +
> +static int hwrng_init(struct hwrng *rng)
> +{
> +	int ret = 0;
> +
> +	if (rng->init)
> +		ret = rng->init(rng);
> +
> +	if (!ret)
> +		list_add_tail(&rng->list, &hwrngs);
> +
> +	return ret;
> +}
> +
> +static ssize_t rng_dev_read(struct cdev *cdev, void *buf, size_t size,
> +			    loff_t offset, unsigned long flags)
> +{
> +	struct hwrng *rng = container_of(cdev, struct hwrng, cdev);
> +	size_t count = size;
> +	ssize_t cur = 0;
> +	int len;
> +
> +	memset(buf, 0, size);
> +
> +	while (count) {
> +		int max = min(count, (size_t)RNG_BUFFER_SIZE);
> +		len = hwrng_get_data(rng, rng->buf, max, true);
> +		if (len < 0) {
> +			cur = len;
> +			break;
> +		}
> +
> +		memcpy(buf + cur, rng->buf, len);
> +
> +		count -= len;
> +		cur += len;
> +	}
> +
> +	return cur;
> +}
> +
> +static struct file_operations rng_chrdev_ops = {
> +	.read  = rng_dev_read,
> +	.lseek = dev_lseek_default,
> +};
> +
> +static int hwrng_register_cdev(struct hwrng *rng)
> +{
> +	rng->cdev.name = "hwrng";
> +	rng->cdev.flags = DEVFS_IS_CHARACTER_DEV;
> +	rng->cdev.ops = &rng_chrdev_ops;
> +	rng->cdev.dev = rng->dev;
> +
> +	return devfs_create(&rng->cdev);
> +}
> +
> +struct hwrng *hwrng_get_first(void)
> +{
> +	if (list_empty(&hwrngs))
> +		return ERR_PTR(-ENODEV);
> +	else
> +		return list_first_entry(&hwrngs, struct hwrng, list);
> +}
> +
> +int hwrng_register(struct device_d *dev, struct hwrng *rng)
> +{
> +	int err;
> +
> +	if (rng->name == NULL || rng->read == NULL)
> +		return -EINVAL;
> +
> +	rng->buf = xzalloc(RNG_BUFFER_SIZE);
> +	rng->dev = dev;
> +
> +	err = hwrng_init(rng);
> +	if (err) {
> +		free(rng->buf);
> +		return err;
> +	}
> +
> +	err = hwrng_register_cdev(rng);
> +	if (err)
> +		free(rng->buf);
> +
> +	return err;
> +}
> diff --git a/include/linux/hw_random.h b/include/linux/hw_random.h
> new file mode 100644
> index 000000000..299a717dd
> --- /dev/null
> +++ b/include/linux/hw_random.h
> @@ -0,0 +1,43 @@
> +/*
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> +
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + */
> +
> +#ifndef LINUX_HWRANDOM_H_
> +#define LINUX_HWRANDOM_H_
> +
> +#include <linux/list.h>
> +
> +/**
> + * struct hwrng - Hardware Random Number Generator driver
> + * @name:		Unique RNG name.
> + * @init:		Initialization callback (can be NULL).
> + * @read:		New API. drivers can fill up to max bytes of data
> + *			into the buffer. The buffer is aligned for any type.
> + * @priv:		Private data, for use by the RNG driver.

This field no longer exists, please drop the comment.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox