[PATCH v8 0/7] upstream hwrng framework

[PATCH v8 0/7] upstream hwrng framework

[Oleksij Rempel]

changes v1:
 - initial version

changes v2:
 - drop Freescale RNGC for now. It need more testing
 - add caamrng port
 - fix hwrng_init()
 - fix hwrng_get_first check in get_random_bytes

changes v3:
 - check if hwrng_get_data returns error
 - provide /dev/randomdd random device

changes v4:
 - provide get_crypto_bytes() interface.
 - add CONFIG_ALLOW_PRNG_FALLBACK
 - make cmd_password use get_crypto_bytes
 - add cmd_seed

changes v5:
 - make cmd_seed fail if no VALUE is set

changes v6:
 - reword second patch and remove useless if (bytes > lenght) check.

changes v7:
 - use numbered names: /dev/hwrngN
 - allow to use aliases for device name.

changes v8:
 - remove comment about nonexisting priv variable
 - make hwrng_get_first() static inline with return error if CONFIG_HWRNG
   is disabled.

Oleksij Rempel (6):
  lib: random: add get_crypto_bytes interface and use HWRNG if posssible
  caamrng: port to hwrng framework
  fs: add prng device
  crypto: caam - fix RNG buffer cache alignment
  common: password: make use of get_crypto_bytes
  add seed command

Steffen Trumtrar (1):
  drivers: add simple hw_random implementation

 commands/Kconfig              |   6 ++
 commands/Makefile             |   1 +
 commands/seed.c               |  44 +++++++++++++++
 commands/stddev.c             |  29 ++++++++++
 common/password.c             |   6 +-
 drivers/Kconfig               |   1 +
 drivers/Makefile              |   1 +
 drivers/crypto/caam/Kconfig   |   1 +
 drivers/crypto/caam/caamrng.c |  44 +++++----------
 drivers/hw_random/Kconfig     |   6 ++
 drivers/hw_random/Makefile    |   1 +
 drivers/hw_random/core.c      | 125 ++++++++++++++++++++++++++++++++++++++++++
 include/linux/hw_random.h     |  47 ++++++++++++++++
 include/stdlib.h              |   1 +
 lib/Kconfig                   |   9 +++
 lib/random.c                  |  52 ++++++++++++++++++
 16 files changed, 344 insertions(+), 30 deletions(-)
 create mode 100644 commands/seed.c
 create mode 100644 drivers/hw_random/Kconfig
 create mode 100644 drivers/hw_random/Makefile
 create mode 100644 drivers/hw_random/core.c
 create mode 100644 include/linux/hw_random.h

-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v8 1/7] drivers: add simple hw_random implementation

[Oleksij Rempel]

From: Steffen Trumtrar <s.trumtrar@pengutronix.de>

Add a simple hw_random implementation based on code from
Linux v4.5-rc5.

All the entropypool initialization stuff is left out and
the obsolete data_read/data_present calls are omitted.

Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 drivers/Kconfig            |   1 +
 drivers/Makefile           |   1 +
 drivers/hw_random/Kconfig  |   6 +++
 drivers/hw_random/Makefile |   1 +
 drivers/hw_random/core.c   | 125 +++++++++++++++++++++++++++++++++++++++++++++
 include/linux/hw_random.h  |  47 +++++++++++++++++
 6 files changed, 181 insertions(+)
 create mode 100644 drivers/hw_random/Kconfig
 create mode 100644 drivers/hw_random/Makefile
 create mode 100644 drivers/hw_random/core.c
 create mode 100644 include/linux/hw_random.h

diff --git a/drivers/Kconfig b/drivers/Kconfig
index cc086ac2d..2f5784a4d 100644
--- a/drivers/Kconfig
+++ b/drivers/Kconfig
@@ -21,6 +21,7 @@ source "drivers/eeprom/Kconfig"
 source "drivers/input/Kconfig"
 source "drivers/watchdog/Kconfig"
 source "drivers/pwm/Kconfig"
+source "drivers/hw_random/Kconfig"
 source "drivers/dma/Kconfig"
 source "drivers/gpio/Kconfig"
 source "drivers/w1/Kconfig"
diff --git a/drivers/Makefile b/drivers/Makefile
index 6a70f6ee1..7e9b80e59 100644
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -20,6 +20,7 @@ obj-y	+= misc/
 obj-y	+= dma/
 obj-y  += watchdog/
 obj-y	+= gpio/
+obj-$(CONFIG_HWRNG) += hw_random/
 obj-$(CONFIG_OFTREE) += of/
 obj-$(CONFIG_W1) += w1/
 obj-y += pinctrl/
diff --git a/drivers/hw_random/Kconfig b/drivers/hw_random/Kconfig
new file mode 100644
index 000000000..807fcadd3
--- /dev/null
+++ b/drivers/hw_random/Kconfig
@@ -0,0 +1,6 @@
+menuconfig HWRNG
+	bool "HWRNG Support"
+	help
+	  Support for HWRNG(Hardware Random Number Generator) devices.
+
+	  If unsure, say no.
diff --git a/drivers/hw_random/Makefile b/drivers/hw_random/Makefile
new file mode 100644
index 000000000..15307b100
--- /dev/null
+++ b/drivers/hw_random/Makefile
@@ -0,0 +1 @@
+obj-$(CONFIG_HWRNG)		+= core.o
diff --git a/drivers/hw_random/core.c b/drivers/hw_random/core.c
new file mode 100644
index 000000000..ef2a988c7
--- /dev/null
+++ b/drivers/hw_random/core.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2016 Pengutronix, Steffen Trumtrar <kernel@pengutronix.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * derived from Linux kernel drivers/char/hw_random/core.c
+ */
+
+#include <common.h>
+#include <linux/hw_random.h>
+#include <malloc.h>
+
+static LIST_HEAD(hwrngs);
+
+#define RNG_BUFFER_SIZE		32
+
+int hwrng_get_data(struct hwrng *rng, void *buffer, size_t size, int wait)
+{
+	return rng->read(rng, buffer, size, wait);
+}
+
+static int hwrng_init(struct hwrng *rng)
+{
+	int ret = 0;
+
+	if (rng->init)
+		ret = rng->init(rng);
+
+	if (!ret)
+		list_add_tail(&rng->list, &hwrngs);
+
+	return ret;
+}
+
+static ssize_t rng_dev_read(struct cdev *cdev, void *buf, size_t size,
+			    loff_t offset, unsigned long flags)
+{
+	struct hwrng *rng = container_of(cdev, struct hwrng, cdev);
+	size_t count = size;
+	ssize_t cur = 0;
+	int len;
+
+	memset(buf, 0, size);
+
+	while (count) {
+		int max = min(count, (size_t)RNG_BUFFER_SIZE);
+		len = hwrng_get_data(rng, rng->buf, max, true);
+		if (len < 0) {
+			cur = len;
+			break;
+		}
+
+		memcpy(buf + cur, rng->buf, len);
+
+		count -= len;
+		cur += len;
+	}
+
+	return cur;
+}
+
+static struct file_operations rng_chrdev_ops = {
+	.read  = rng_dev_read,
+	.lseek = dev_lseek_default,
+};
+
+static int hwrng_register_cdev(struct hwrng *rng)
+{
+	struct device_d *dev = rng->dev;
+	const char *alias;
+	char *devname;
+	int err;
+
+	alias = of_alias_get(dev->device_node);
+	if (alias) {
+		devname = xstrdup(alias);
+	} else {
+		err = cdev_find_free_index("hwrng");
+		if (err < 0) {
+			dev_err(dev, "no index found to name device\n");
+			return err;
+		}
+		devname = xasprintf("hwrng%d", err);
+	}
+
+	rng->cdev.name = devname;
+	rng->cdev.flags = DEVFS_IS_CHARACTER_DEV;
+	rng->cdev.ops = &rng_chrdev_ops;
+	rng->cdev.dev = rng->dev;
+
+	return devfs_create(&rng->cdev);
+}
+
+struct hwrng *hwrng_get_first(void)
+{
+	if (list_empty(&hwrngs))
+		return ERR_PTR(-ENODEV);
+	else
+		return list_first_entry(&hwrngs, struct hwrng, list);
+}
+
+int hwrng_register(struct device_d *dev, struct hwrng *rng)
+{
+	int err;
+
+	if (rng->name == NULL || rng->read == NULL)
+		return -EINVAL;
+
+	rng->buf = xzalloc(RNG_BUFFER_SIZE);
+	rng->dev = dev;
+
+	err = hwrng_init(rng);
+	if (err) {
+		free(rng->buf);
+		return err;
+	}
+
+	err = hwrng_register_cdev(rng);
+	if (err)
+		free(rng->buf);
+
+	return err;
+}
diff --git a/include/linux/hw_random.h b/include/linux/hw_random.h
new file mode 100644
index 000000000..bae442166
--- /dev/null
+++ b/include/linux/hw_random.h
@@ -0,0 +1,47 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef LINUX_HWRANDOM_H_
+#define LINUX_HWRANDOM_H_
+
+#include <linux/list.h>
+
+/**
+ * struct hwrng - Hardware Random Number Generator driver
+ * @name:		Unique RNG name.
+ * @init:		Initialization callback (can be NULL).
+ * @read:		New API. drivers can fill up to max bytes of data
+ *			into the buffer. The buffer is aligned for any type.
+ */
+struct hwrng {
+	const char *name;
+	int (*init)(struct hwrng *rng);
+	int (*read)(struct hwrng *rng, void *data, size_t max, bool wait);
+
+	struct list_head list;
+
+	struct cdev cdev;
+	struct device_d *dev;
+	void *buf;
+};
+
+/* Register a new Hardware Random Number Generator driver. */
+int hwrng_register(struct device_d *dev, struct hwrng *rng);
+int hwrng_get_data(struct hwrng *rng, void *buffer, size_t size, int wait);
+
+#ifdef CONFIG_HWRNG
+struct hwrng *hwrng_get_first(void);
+#else
+static inline struct hwrng *hwrng_get_first(void) { return ERR_PTR(-ENODEV); };
+#endif
+
+#endif /* LINUX_HWRANDOM_H_ */
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v8 2/7] lib: random: add get_crypto_bytes interface and use HWRNG if posssible

[Oleksij Rempel]

For crypto applications we need to use some thing else as PRNG.
So provide get_crypto_bytes() and use HWRNG as main source.
PRNG is allowed as fallback if user decided to configure it so.

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 include/stdlib.h |  1 +
 lib/Kconfig      |  9 +++++++++
 lib/random.c     | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+)

diff --git a/include/stdlib.h b/include/stdlib.h
index f3185069f..ee3f22996 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -13,6 +13,7 @@ void srand(unsigned int seed);
 
 /* fill a buffer with pseudo-random data */
 void get_random_bytes(void *buf, int len);
+int get_crypto_bytes(void *buf, int len);
 
 static inline u32 random32(void)
 {
diff --git a/lib/Kconfig b/lib/Kconfig
index f9f25bdef..c16511c05 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -66,6 +66,15 @@ config RATP
 	  transferring packets over serial links described in RFC916. This implementation
 	  is used for controlling barebox over serial ports.
 
+config ALLOW_PRNG_FALLBACK
+	bool "Allow fallback to PRNG if HWRNG not available."
+	help
+	  WARNING: it is not secure!!
+
+	  get_crypto_bytes() users like cmd_password relay on HWRNG. If HWRNG is not
+	  available and this option is disabled, cmd_password will fail.
+	  Enable it on your own risk.
+
 source lib/gui/Kconfig
 
 source lib/fonts/Kconfig
diff --git a/lib/random.c b/lib/random.c
index 210fea994..759271f0c 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -1,5 +1,6 @@
 #include <common.h>
 #include <stdlib.h>
+#include <linux/hw_random.h>
 
 static unsigned int random_seed;
 
@@ -18,6 +19,11 @@ void srand(unsigned int seed)
 	random_seed = seed;
 }
 
+/**
+ * get_random_bytes - get pseudo random numbers.
+ * This interface can be good enough to generate MAC address
+ * or use for NAND test.
+ */
 void get_random_bytes(void *_buf, int len)
 {
 	char *buf = _buf;
@@ -25,3 +31,49 @@ void get_random_bytes(void *_buf, int len)
 	while (len--)
 		*buf++ = rand() % 256;
 }
+
+/**
+ * get_crypto_bytes - get random numbers suitable for cryptographic needs.
+ */
+static int _get_crypto_bytes(void *buf, int len)
+{
+	struct hwrng *rng;
+
+	rng = hwrng_get_first();
+	if (IS_ERR(rng))
+		return PTR_ERR(rng);
+
+	while (len) {
+		int bytes = hwrng_get_data(rng, buf, len, true);
+		if (!bytes)
+			return -ENOMEDIUM;
+
+		if (bytes < 0)
+			return bytes;
+
+		len -= bytes;
+		buf = buf + bytes;
+	}
+
+	return 0;
+}
+
+int get_crypto_bytes(void *buf, int len)
+{
+	int err;
+
+	err = _get_crypto_bytes(buf, len);
+	if (!err)
+		return 0;
+
+	if (!IS_ENABLED(CONFIG_ALLOW_PRNG_FALLBACK)) {
+		pr_err("error: no HWRNG available!\n");
+		return err;
+	}
+
+	pr_warn("warning: falling back to Pseudo RNG source!\n");
+
+	get_random_bytes(buf, len);
+
+	return 0;
+}
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v8 3/7] caamrng: port to hwrng framework

[Oleksij Rempel]

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 drivers/crypto/caam/Kconfig   |  1 +
 drivers/crypto/caam/caamrng.c | 40 ++++++++++++----------------------------
 2 files changed, 13 insertions(+), 28 deletions(-)

diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig
index cf05d1c07..2ab509d11 100644
--- a/drivers/crypto/caam/Kconfig
+++ b/drivers/crypto/caam/Kconfig
@@ -29,6 +29,7 @@ config CRYPTO_DEV_FSL_CAAM_RINGSIZE
 config CRYPTO_DEV_FSL_CAAM_RNG
 	bool "Register caam RNG device"
 	depends on CRYPTO_DEV_FSL_CAAM
+	depends on HWRNG
 	default y
 	help
 	  Selecting this will register the SEC4 hardware rng.
diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
index 0fef171a2..aabad0416 100644
--- a/drivers/crypto/caam/caamrng.c
+++ b/drivers/crypto/caam/caamrng.c
@@ -35,6 +35,7 @@
 #include <driver.h>
 #include <init.h>
 #include <linux/spinlock.h>
+#include <linux/hw_random.h>
 
 #include "regs.h"
 #include "intern.h"
@@ -71,7 +72,7 @@ struct caam_rng_ctx {
 	unsigned int cur_buf_idx;
 	int current_buf;
 	struct buf_data bufs[2];
-	struct cdev cdev;
+	struct hwrng rng;
 };
 
 static struct caam_rng_ctx *rng_ctx;
@@ -116,8 +117,9 @@ static inline int submit_job(struct caam_rng_ctx *ctx, int to_current)
 	return err;
 }
 
-static int caam_read(struct caam_rng_ctx *ctx, void *data, size_t max, bool wait)
+static int caam_read(struct hwrng *rng, void *data, size_t max, bool wait)
 {
+	struct caam_rng_ctx *ctx = container_of(rng, struct caam_rng_ctx, rng);
 	struct buf_data *bd = &ctx->bufs[ctx->current_buf];
 	int next_buf_idx, copied_idx;
 	int err;
@@ -162,7 +164,7 @@ static int caam_read(struct caam_rng_ctx *ctx, void *data, size_t max, bool wait
 	dev_dbg(ctx->jrdev, "switched to buffer %d\n", ctx->current_buf);
 
 	/* since there already is some data read, don't wait */
-	return copied_idx + caam_read(ctx, data + copied_idx,
+	return copied_idx + caam_read(rng, data + copied_idx,
 				      max - copied_idx, false);
 }
 
@@ -248,29 +250,6 @@ static int caam_init_rng(struct caam_rng_ctx *ctx, struct device_d *jrdev)
 	return 0;
 }
 
-static ssize_t random_read(struct cdev *cdev, void *buf, size_t count,
-			   loff_t offset, ulong flags)
-{
-	struct caam_rng_ctx *ctx = container_of(cdev, struct caam_rng_ctx, cdev);
-
-	return caam_read(ctx, buf, count, true);
-}
-
-static struct file_operations randomops = {
-	.read  = random_read,
-	.lseek = dev_lseek_default,
-};
-
-static int caam_init_devrandom(struct caam_rng_ctx *ctx, struct device_d *dev)
-{
-	ctx->cdev.name = "hwrng";
-	ctx->cdev.flags = DEVFS_IS_CHARACTER_DEV;
-	ctx->cdev.ops = &randomops;
-	ctx->cdev.dev = dev;
-
-	return devfs_create(&ctx->cdev);
-}
-
 int caam_rng_probe(struct device_d *dev, struct device_d *jrdev)
 {
 	int err;
@@ -281,9 +260,14 @@ int caam_rng_probe(struct device_d *dev, struct device_d *jrdev)
 	if (err)
 		return err;
 
-	err = caam_init_devrandom(rng_ctx, dev);
-	if (err)
+	rng_ctx->rng.name = dev->name;
+	rng_ctx->rng.read = caam_read;
+
+	err = hwrng_register(dev, &rng_ctx->rng);
+	if (err) {
+		dev_err(dev, "rng-caam registering failed (%d)\n", err);
 		return err;
+	}
 
 	dev_info(dev, "registering rng-caam\n");
 
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v8 4/7] fs: add prng device

[Oleksij Rempel]

this should provide easy access to get_random_bytes() interfaces.

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 commands/stddev.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/commands/stddev.c b/commands/stddev.c
index 318d05741..93da2c739 100644
--- a/commands/stddev.c
+++ b/commands/stddev.c
@@ -17,6 +17,7 @@
 
 #include <common.h>
 #include <init.h>
+#include <stdlib.h>
 
 static ssize_t zero_read(struct cdev *cdev, void *buf, size_t count, loff_t offset, ulong flags)
 {
@@ -100,3 +101,31 @@ static int null_init(void)
 }
 
 device_initcall(null_init);
+
+static ssize_t prng_read(struct cdev *cdev, void *buf, size_t count, loff_t offset, ulong flags)
+{
+	get_random_bytes(buf, count);
+	return count;
+}
+
+static struct file_operations prngops = {
+	.read  = prng_read,
+	.lseek = dev_lseek_default,
+};
+
+static int prng_init(void)
+{
+	struct cdev *cdev;
+
+	cdev = xzalloc(sizeof (*cdev));
+
+	cdev->name = "prng";
+	cdev->flags = DEVFS_IS_CHARACTER_DEV;
+	cdev->ops = &prngops;
+
+	devfs_create(cdev);
+
+	return 0;
+}
+
+device_initcall(prng_init);
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v8 5/7] crypto: caam - fix RNG buffer cache alignment

[Oleksij Rempel]

this is alternate version of linux fix:
---------------------------------------------------------------------
| commit 412c98c1bef65fe7589f1300e93735d96130307c
| Author: Steve Cornelius <steve.cornelius@freescale.com>
| Date:   Mon Jun 15 16:52:59 2015 -0700
|
| crypto: caam - fix RNG buffer cache alignment
|
| The hwrng output buffers (2) are cast inside of a a struct (caam_rng_ctx)
| allocated in one DMA-tagged region. While the kernel's heap allocator
| should place the overall struct on a cacheline aligned boundary, the 2
| buffers contained within may not necessarily align. Consenquently, the
| ends of unaligned buffers may not fully flush, and if so, stale data will be
| left behind, resulting in small repeating patterns.
|
| This fix aligns the buffers inside the struct.
|
| Note that not all of the data inside caam_rng_ctx necessarily needs to
| be DMA-tagged, only the buffers themselves require this. However, a fix
| would incur the expense of error-handling bloat in the case of allocation
| failure.
|
| Cc: stable@vger.kernel.org
| Signed-off-by: Steve Cornelius <steve.cornelius@freescale.com>
| Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---------------------------------------------------------------------

instead we will use just dma_alloc()

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 drivers/crypto/caam/caamrng.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
index aabad0416..31a92731d 100644
--- a/drivers/crypto/caam/caamrng.c
+++ b/drivers/crypto/caam/caamrng.c
@@ -55,7 +55,7 @@
 
 /* Buffer, its dma address and lock */
 struct buf_data {
-	u8 buf[RN_BUF_SIZE];
+	u8 *buf;
 	dma_addr_t addr;
 	u32 hw_desc[DESC_JOB_O_LEN];
 #define BUF_NOT_EMPTY 0
@@ -218,6 +218,8 @@ static int caam_init_buf(struct caam_rng_ctx *ctx, int buf_id)
 	struct buf_data *bd = &ctx->bufs[buf_id];
 	int err;
 
+	bd->buf = dma_alloc(RN_BUF_SIZE);
+
 	err = rng_create_job_desc(ctx, buf_id);
 	if (err)
 		return err;
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v8 6/7] common: password: make use of get_crypto_bytes

[Oleksij Rempel]

get_random_bytes is providing prng, if we have HWRNG we should be
able to use it over get_crypto_bytes

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 common/password.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/password.c b/common/password.c
index d52b746f0..74d328f4b 100644
--- a/common/password.c
+++ b/common/password.c
@@ -365,7 +365,11 @@ int set_env_passwd(unsigned char* passwd, size_t length)
 		char *salt = passwd_sum;
 		int keylen = PBKDF2_LENGTH - PBKDF2_SALT_LEN;
 
-		get_random_bytes(passwd_sum, PBKDF2_SALT_LEN);
+		ret = get_crypto_bytes(passwd_sum, PBKDF2_SALT_LEN);
+		if (ret) {
+			pr_err("Can't get random numbers\n");
+			return ret;
+		}
 
 		ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt,
 				PBKDF2_SALT_LEN, PBKDF2_COUNT, keylen, key);
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v8 7/7] add seed command

[Oleksij Rempel]

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 commands/Kconfig  |  6 ++++++
 commands/Makefile |  1 +
 commands/seed.c   | 44 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 commands/seed.c

diff --git a/commands/Kconfig b/commands/Kconfig
index 21d921268..c983b62d0 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -2115,6 +2115,12 @@ config CMD_SPD_DECODE
 	help
 	  decode spd eeprom
 
+config CMD_SEED
+	tristate
+	prompt "seed"
+	help
+	  Seed the pseudo random number generator (PRNG)
+
 # end Miscellaneous commands
 endmenu
 
diff --git a/commands/Makefile b/commands/Makefile
index 601f15fc3..ab5902156 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -120,3 +120,4 @@ obj-$(CONFIG_CMD_DHRYSTONE)	+= dhrystone.o
 obj-$(CONFIG_CMD_SPD_DECODE)	+= spd_decode.o
 obj-$(CONFIG_CMD_MMC_EXTCSD)	+= mmc_extcsd.o
 obj-$(CONFIG_CMD_NAND_BITFLIP)	+= nand-bitflip.o
+obj-$(CONFIG_CMD_SEED)		+= seed.o
diff --git a/commands/seed.c b/commands/seed.c
new file mode 100644
index 000000000..e378cd763
--- /dev/null
+++ b/commands/seed.c
@@ -0,0 +1,44 @@
+/*
+ * (c) 2017 Oleksij Rempel <kernel@pengutronix.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <common.h>
+#include <command.h>
+#include <stdlib.h>
+#include <linux/ctype.h>
+
+static int do_seed(int argc, char *argv[])
+{
+	if (argc < 2)
+		return COMMAND_ERROR_USAGE;
+
+	if (isdigit(*argv[1])) {
+		srand(simple_strtoul(argv[1], NULL, 0));
+		return 0;
+	}
+
+	printf("numerical parameter expected\n");
+	return 1;
+}
+
+BAREBOX_CMD_HELP_START(seed)
+BAREBOX_CMD_HELP_TEXT("Seed the pseudo random number generator")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(seed)
+	.cmd = do_seed,
+	BAREBOX_CMD_DESC("seed the PRNG")
+	BAREBOX_CMD_OPTS("VALUE")
+	BAREBOX_CMD_GROUP(CMD_GRP_MISC)
+	BAREBOX_CMD_HELP(cmd_seed_help)
+BAREBOX_CMD_END
-- 
2.11.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v8 0/7] upstream hwrng framework

[Sascha Hauer]

On Wed, Mar 22, 2017 at 10:14:32AM +0100, Oleksij Rempel wrote:
> changes v1:
>  - initial version
> 
> changes v2:
>  - drop Freescale RNGC for now. It need more testing
>  - add caamrng port
>  - fix hwrng_init()
>  - fix hwrng_get_first check in get_random_bytes
> 
> changes v3:
>  - check if hwrng_get_data returns error
>  - provide /dev/randomdd random device
> 
> changes v4:
>  - provide get_crypto_bytes() interface.
>  - add CONFIG_ALLOW_PRNG_FALLBACK
>  - make cmd_password use get_crypto_bytes
>  - add cmd_seed
> 
> changes v5:
>  - make cmd_seed fail if no VALUE is set
> 
> changes v6:
>  - reword second patch and remove useless if (bytes > lenght) check.
> 
> changes v7:
>  - use numbered names: /dev/hwrngN
>  - allow to use aliases for device name.
> 
> changes v8:
>  - remove comment about nonexisting priv variable
>  - make hwrng_get_first() static inline with return error if CONFIG_HWRNG
>    is disabled.
> 
> Oleksij Rempel (6):
>   lib: random: add get_crypto_bytes interface and use HWRNG if posssible
>   caamrng: port to hwrng framework
>   fs: add prng device
>   crypto: caam - fix RNG buffer cache alignment
>   common: password: make use of get_crypto_bytes
>   add seed command
> 
> Steffen Trumtrar (1):
>   drivers: add simple hw_random implementation

Applied, thanks

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox