* [PATCH v8 0/7] upstream hwrng framework
@ 2017-03-22 9:14 Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 1/7] drivers: add simple hw_random implementation Oleksij Rempel
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: Oleksij Rempel @ 2017-03-22 9:14 UTC (permalink / raw)
To: barebox; +Cc: Oleksij Rempel
changes v1:
- initial version
changes v2:
- drop Freescale RNGC for now. It need more testing
- add caamrng port
- fix hwrng_init()
- fix hwrng_get_first check in get_random_bytes
changes v3:
- check if hwrng_get_data returns error
- provide /dev/randomdd random device
changes v4:
- provide get_crypto_bytes() interface.
- add CONFIG_ALLOW_PRNG_FALLBACK
- make cmd_password use get_crypto_bytes
- add cmd_seed
changes v5:
- make cmd_seed fail if no VALUE is set
changes v6:
- reword second patch and remove useless if (bytes > lenght) check.
changes v7:
- use numbered names: /dev/hwrngN
- allow to use aliases for device name.
changes v8:
- remove comment about nonexisting priv variable
- make hwrng_get_first() static inline with return error if CONFIG_HWRNG
is disabled.
Oleksij Rempel (6):
lib: random: add get_crypto_bytes interface and use HWRNG if posssible
caamrng: port to hwrng framework
fs: add prng device
crypto: caam - fix RNG buffer cache alignment
common: password: make use of get_crypto_bytes
add seed command
Steffen Trumtrar (1):
drivers: add simple hw_random implementation
commands/Kconfig | 6 ++
commands/Makefile | 1 +
commands/seed.c | 44 +++++++++++++++
commands/stddev.c | 29 ++++++++++
common/password.c | 6 +-
drivers/Kconfig | 1 +
drivers/Makefile | 1 +
drivers/crypto/caam/Kconfig | 1 +
drivers/crypto/caam/caamrng.c | 44 +++++----------
drivers/hw_random/Kconfig | 6 ++
drivers/hw_random/Makefile | 1 +
drivers/hw_random/core.c | 125 ++++++++++++++++++++++++++++++++++++++++++
include/linux/hw_random.h | 47 ++++++++++++++++
include/stdlib.h | 1 +
lib/Kconfig | 9 +++
lib/random.c | 52 ++++++++++++++++++
16 files changed, 344 insertions(+), 30 deletions(-)
create mode 100644 commands/seed.c
create mode 100644 drivers/hw_random/Kconfig
create mode 100644 drivers/hw_random/Makefile
create mode 100644 drivers/hw_random/core.c
create mode 100644 include/linux/hw_random.h
--
2.11.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v8 1/7] drivers: add simple hw_random implementation
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
@ 2017-03-22 9:14 ` Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 2/7] lib: random: add get_crypto_bytes interface and use HWRNG if posssible Oleksij Rempel
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Oleksij Rempel @ 2017-03-22 9:14 UTC (permalink / raw)
To: barebox; +Cc: Oleksij Rempel, Steffen Trumtrar
From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Add a simple hw_random implementation based on code from
Linux v4.5-rc5.
All the entropypool initialization stuff is left out and
the obsolete data_read/data_present calls are omitted.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
drivers/Kconfig | 1 +
drivers/Makefile | 1 +
drivers/hw_random/Kconfig | 6 +++
drivers/hw_random/Makefile | 1 +
drivers/hw_random/core.c | 125 +++++++++++++++++++++++++++++++++++++++++++++
include/linux/hw_random.h | 47 +++++++++++++++++
6 files changed, 181 insertions(+)
create mode 100644 drivers/hw_random/Kconfig
create mode 100644 drivers/hw_random/Makefile
create mode 100644 drivers/hw_random/core.c
create mode 100644 include/linux/hw_random.h
diff --git a/drivers/Kconfig b/drivers/Kconfig
index cc086ac2d..2f5784a4d 100644
--- a/drivers/Kconfig
+++ b/drivers/Kconfig
@@ -21,6 +21,7 @@ source "drivers/eeprom/Kconfig"
source "drivers/input/Kconfig"
source "drivers/watchdog/Kconfig"
source "drivers/pwm/Kconfig"
+source "drivers/hw_random/Kconfig"
source "drivers/dma/Kconfig"
source "drivers/gpio/Kconfig"
source "drivers/w1/Kconfig"
diff --git a/drivers/Makefile b/drivers/Makefile
index 6a70f6ee1..7e9b80e59 100644
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -20,6 +20,7 @@ obj-y += misc/
obj-y += dma/
obj-y += watchdog/
obj-y += gpio/
+obj-$(CONFIG_HWRNG) += hw_random/
obj-$(CONFIG_OFTREE) += of/
obj-$(CONFIG_W1) += w1/
obj-y += pinctrl/
diff --git a/drivers/hw_random/Kconfig b/drivers/hw_random/Kconfig
new file mode 100644
index 000000000..807fcadd3
--- /dev/null
+++ b/drivers/hw_random/Kconfig
@@ -0,0 +1,6 @@
+menuconfig HWRNG
+ bool "HWRNG Support"
+ help
+ Support for HWRNG(Hardware Random Number Generator) devices.
+
+ If unsure, say no.
diff --git a/drivers/hw_random/Makefile b/drivers/hw_random/Makefile
new file mode 100644
index 000000000..15307b100
--- /dev/null
+++ b/drivers/hw_random/Makefile
@@ -0,0 +1 @@
+obj-$(CONFIG_HWRNG) += core.o
diff --git a/drivers/hw_random/core.c b/drivers/hw_random/core.c
new file mode 100644
index 000000000..ef2a988c7
--- /dev/null
+++ b/drivers/hw_random/core.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2016 Pengutronix, Steffen Trumtrar <kernel@pengutronix.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * derived from Linux kernel drivers/char/hw_random/core.c
+ */
+
+#include <common.h>
+#include <linux/hw_random.h>
+#include <malloc.h>
+
+static LIST_HEAD(hwrngs);
+
+#define RNG_BUFFER_SIZE 32
+
+int hwrng_get_data(struct hwrng *rng, void *buffer, size_t size, int wait)
+{
+ return rng->read(rng, buffer, size, wait);
+}
+
+static int hwrng_init(struct hwrng *rng)
+{
+ int ret = 0;
+
+ if (rng->init)
+ ret = rng->init(rng);
+
+ if (!ret)
+ list_add_tail(&rng->list, &hwrngs);
+
+ return ret;
+}
+
+static ssize_t rng_dev_read(struct cdev *cdev, void *buf, size_t size,
+ loff_t offset, unsigned long flags)
+{
+ struct hwrng *rng = container_of(cdev, struct hwrng, cdev);
+ size_t count = size;
+ ssize_t cur = 0;
+ int len;
+
+ memset(buf, 0, size);
+
+ while (count) {
+ int max = min(count, (size_t)RNG_BUFFER_SIZE);
+ len = hwrng_get_data(rng, rng->buf, max, true);
+ if (len < 0) {
+ cur = len;
+ break;
+ }
+
+ memcpy(buf + cur, rng->buf, len);
+
+ count -= len;
+ cur += len;
+ }
+
+ return cur;
+}
+
+static struct file_operations rng_chrdev_ops = {
+ .read = rng_dev_read,
+ .lseek = dev_lseek_default,
+};
+
+static int hwrng_register_cdev(struct hwrng *rng)
+{
+ struct device_d *dev = rng->dev;
+ const char *alias;
+ char *devname;
+ int err;
+
+ alias = of_alias_get(dev->device_node);
+ if (alias) {
+ devname = xstrdup(alias);
+ } else {
+ err = cdev_find_free_index("hwrng");
+ if (err < 0) {
+ dev_err(dev, "no index found to name device\n");
+ return err;
+ }
+ devname = xasprintf("hwrng%d", err);
+ }
+
+ rng->cdev.name = devname;
+ rng->cdev.flags = DEVFS_IS_CHARACTER_DEV;
+ rng->cdev.ops = &rng_chrdev_ops;
+ rng->cdev.dev = rng->dev;
+
+ return devfs_create(&rng->cdev);
+}
+
+struct hwrng *hwrng_get_first(void)
+{
+ if (list_empty(&hwrngs))
+ return ERR_PTR(-ENODEV);
+ else
+ return list_first_entry(&hwrngs, struct hwrng, list);
+}
+
+int hwrng_register(struct device_d *dev, struct hwrng *rng)
+{
+ int err;
+
+ if (rng->name == NULL || rng->read == NULL)
+ return -EINVAL;
+
+ rng->buf = xzalloc(RNG_BUFFER_SIZE);
+ rng->dev = dev;
+
+ err = hwrng_init(rng);
+ if (err) {
+ free(rng->buf);
+ return err;
+ }
+
+ err = hwrng_register_cdev(rng);
+ if (err)
+ free(rng->buf);
+
+ return err;
+}
diff --git a/include/linux/hw_random.h b/include/linux/hw_random.h
new file mode 100644
index 000000000..bae442166
--- /dev/null
+++ b/include/linux/hw_random.h
@@ -0,0 +1,47 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef LINUX_HWRANDOM_H_
+#define LINUX_HWRANDOM_H_
+
+#include <linux/list.h>
+
+/**
+ * struct hwrng - Hardware Random Number Generator driver
+ * @name: Unique RNG name.
+ * @init: Initialization callback (can be NULL).
+ * @read: New API. drivers can fill up to max bytes of data
+ * into the buffer. The buffer is aligned for any type.
+ */
+struct hwrng {
+ const char *name;
+ int (*init)(struct hwrng *rng);
+ int (*read)(struct hwrng *rng, void *data, size_t max, bool wait);
+
+ struct list_head list;
+
+ struct cdev cdev;
+ struct device_d *dev;
+ void *buf;
+};
+
+/* Register a new Hardware Random Number Generator driver. */
+int hwrng_register(struct device_d *dev, struct hwrng *rng);
+int hwrng_get_data(struct hwrng *rng, void *buffer, size_t size, int wait);
+
+#ifdef CONFIG_HWRNG
+struct hwrng *hwrng_get_first(void);
+#else
+static inline struct hwrng *hwrng_get_first(void) { return ERR_PTR(-ENODEV); };
+#endif
+
+#endif /* LINUX_HWRANDOM_H_ */
--
2.11.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v8 2/7] lib: random: add get_crypto_bytes interface and use HWRNG if posssible
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 1/7] drivers: add simple hw_random implementation Oleksij Rempel
@ 2017-03-22 9:14 ` Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 3/7] caamrng: port to hwrng framework Oleksij Rempel
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Oleksij Rempel @ 2017-03-22 9:14 UTC (permalink / raw)
To: barebox; +Cc: Oleksij Rempel
For crypto applications we need to use some thing else as PRNG.
So provide get_crypto_bytes() and use HWRNG as main source.
PRNG is allowed as fallback if user decided to configure it so.
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
include/stdlib.h | 1 +
lib/Kconfig | 9 +++++++++
lib/random.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 62 insertions(+)
diff --git a/include/stdlib.h b/include/stdlib.h
index f3185069f..ee3f22996 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -13,6 +13,7 @@ void srand(unsigned int seed);
/* fill a buffer with pseudo-random data */
void get_random_bytes(void *buf, int len);
+int get_crypto_bytes(void *buf, int len);
static inline u32 random32(void)
{
diff --git a/lib/Kconfig b/lib/Kconfig
index f9f25bdef..c16511c05 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -66,6 +66,15 @@ config RATP
transferring packets over serial links described in RFC916. This implementation
is used for controlling barebox over serial ports.
+config ALLOW_PRNG_FALLBACK
+ bool "Allow fallback to PRNG if HWRNG not available."
+ help
+ WARNING: it is not secure!!
+
+ get_crypto_bytes() users like cmd_password relay on HWRNG. If HWRNG is not
+ available and this option is disabled, cmd_password will fail.
+ Enable it on your own risk.
+
source lib/gui/Kconfig
source lib/fonts/Kconfig
diff --git a/lib/random.c b/lib/random.c
index 210fea994..759271f0c 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -1,5 +1,6 @@
#include <common.h>
#include <stdlib.h>
+#include <linux/hw_random.h>
static unsigned int random_seed;
@@ -18,6 +19,11 @@ void srand(unsigned int seed)
random_seed = seed;
}
+/**
+ * get_random_bytes - get pseudo random numbers.
+ * This interface can be good enough to generate MAC address
+ * or use for NAND test.
+ */
void get_random_bytes(void *_buf, int len)
{
char *buf = _buf;
@@ -25,3 +31,49 @@ void get_random_bytes(void *_buf, int len)
while (len--)
*buf++ = rand() % 256;
}
+
+/**
+ * get_crypto_bytes - get random numbers suitable for cryptographic needs.
+ */
+static int _get_crypto_bytes(void *buf, int len)
+{
+ struct hwrng *rng;
+
+ rng = hwrng_get_first();
+ if (IS_ERR(rng))
+ return PTR_ERR(rng);
+
+ while (len) {
+ int bytes = hwrng_get_data(rng, buf, len, true);
+ if (!bytes)
+ return -ENOMEDIUM;
+
+ if (bytes < 0)
+ return bytes;
+
+ len -= bytes;
+ buf = buf + bytes;
+ }
+
+ return 0;
+}
+
+int get_crypto_bytes(void *buf, int len)
+{
+ int err;
+
+ err = _get_crypto_bytes(buf, len);
+ if (!err)
+ return 0;
+
+ if (!IS_ENABLED(CONFIG_ALLOW_PRNG_FALLBACK)) {
+ pr_err("error: no HWRNG available!\n");
+ return err;
+ }
+
+ pr_warn("warning: falling back to Pseudo RNG source!\n");
+
+ get_random_bytes(buf, len);
+
+ return 0;
+}
--
2.11.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v8 3/7] caamrng: port to hwrng framework
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 1/7] drivers: add simple hw_random implementation Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 2/7] lib: random: add get_crypto_bytes interface and use HWRNG if posssible Oleksij Rempel
@ 2017-03-22 9:14 ` Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 4/7] fs: add prng device Oleksij Rempel
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Oleksij Rempel @ 2017-03-22 9:14 UTC (permalink / raw)
To: barebox; +Cc: Oleksij Rempel
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
drivers/crypto/caam/Kconfig | 1 +
drivers/crypto/caam/caamrng.c | 40 ++++++++++++----------------------------
2 files changed, 13 insertions(+), 28 deletions(-)
diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig
index cf05d1c07..2ab509d11 100644
--- a/drivers/crypto/caam/Kconfig
+++ b/drivers/crypto/caam/Kconfig
@@ -29,6 +29,7 @@ config CRYPTO_DEV_FSL_CAAM_RINGSIZE
config CRYPTO_DEV_FSL_CAAM_RNG
bool "Register caam RNG device"
depends on CRYPTO_DEV_FSL_CAAM
+ depends on HWRNG
default y
help
Selecting this will register the SEC4 hardware rng.
diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
index 0fef171a2..aabad0416 100644
--- a/drivers/crypto/caam/caamrng.c
+++ b/drivers/crypto/caam/caamrng.c
@@ -35,6 +35,7 @@
#include <driver.h>
#include <init.h>
#include <linux/spinlock.h>
+#include <linux/hw_random.h>
#include "regs.h"
#include "intern.h"
@@ -71,7 +72,7 @@ struct caam_rng_ctx {
unsigned int cur_buf_idx;
int current_buf;
struct buf_data bufs[2];
- struct cdev cdev;
+ struct hwrng rng;
};
static struct caam_rng_ctx *rng_ctx;
@@ -116,8 +117,9 @@ static inline int submit_job(struct caam_rng_ctx *ctx, int to_current)
return err;
}
-static int caam_read(struct caam_rng_ctx *ctx, void *data, size_t max, bool wait)
+static int caam_read(struct hwrng *rng, void *data, size_t max, bool wait)
{
+ struct caam_rng_ctx *ctx = container_of(rng, struct caam_rng_ctx, rng);
struct buf_data *bd = &ctx->bufs[ctx->current_buf];
int next_buf_idx, copied_idx;
int err;
@@ -162,7 +164,7 @@ static int caam_read(struct caam_rng_ctx *ctx, void *data, size_t max, bool wait
dev_dbg(ctx->jrdev, "switched to buffer %d\n", ctx->current_buf);
/* since there already is some data read, don't wait */
- return copied_idx + caam_read(ctx, data + copied_idx,
+ return copied_idx + caam_read(rng, data + copied_idx,
max - copied_idx, false);
}
@@ -248,29 +250,6 @@ static int caam_init_rng(struct caam_rng_ctx *ctx, struct device_d *jrdev)
return 0;
}
-static ssize_t random_read(struct cdev *cdev, void *buf, size_t count,
- loff_t offset, ulong flags)
-{
- struct caam_rng_ctx *ctx = container_of(cdev, struct caam_rng_ctx, cdev);
-
- return caam_read(ctx, buf, count, true);
-}
-
-static struct file_operations randomops = {
- .read = random_read,
- .lseek = dev_lseek_default,
-};
-
-static int caam_init_devrandom(struct caam_rng_ctx *ctx, struct device_d *dev)
-{
- ctx->cdev.name = "hwrng";
- ctx->cdev.flags = DEVFS_IS_CHARACTER_DEV;
- ctx->cdev.ops = &randomops;
- ctx->cdev.dev = dev;
-
- return devfs_create(&ctx->cdev);
-}
-
int caam_rng_probe(struct device_d *dev, struct device_d *jrdev)
{
int err;
@@ -281,9 +260,14 @@ int caam_rng_probe(struct device_d *dev, struct device_d *jrdev)
if (err)
return err;
- err = caam_init_devrandom(rng_ctx, dev);
- if (err)
+ rng_ctx->rng.name = dev->name;
+ rng_ctx->rng.read = caam_read;
+
+ err = hwrng_register(dev, &rng_ctx->rng);
+ if (err) {
+ dev_err(dev, "rng-caam registering failed (%d)\n", err);
return err;
+ }
dev_info(dev, "registering rng-caam\n");
--
2.11.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v8 4/7] fs: add prng device
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
` (2 preceding siblings ...)
2017-03-22 9:14 ` [PATCH v8 3/7] caamrng: port to hwrng framework Oleksij Rempel
@ 2017-03-22 9:14 ` Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 5/7] crypto: caam - fix RNG buffer cache alignment Oleksij Rempel
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Oleksij Rempel @ 2017-03-22 9:14 UTC (permalink / raw)
To: barebox; +Cc: Oleksij Rempel
this should provide easy access to get_random_bytes() interfaces.
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
commands/stddev.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/commands/stddev.c b/commands/stddev.c
index 318d05741..93da2c739 100644
--- a/commands/stddev.c
+++ b/commands/stddev.c
@@ -17,6 +17,7 @@
#include <common.h>
#include <init.h>
+#include <stdlib.h>
static ssize_t zero_read(struct cdev *cdev, void *buf, size_t count, loff_t offset, ulong flags)
{
@@ -100,3 +101,31 @@ static int null_init(void)
}
device_initcall(null_init);
+
+static ssize_t prng_read(struct cdev *cdev, void *buf, size_t count, loff_t offset, ulong flags)
+{
+ get_random_bytes(buf, count);
+ return count;
+}
+
+static struct file_operations prngops = {
+ .read = prng_read,
+ .lseek = dev_lseek_default,
+};
+
+static int prng_init(void)
+{
+ struct cdev *cdev;
+
+ cdev = xzalloc(sizeof (*cdev));
+
+ cdev->name = "prng";
+ cdev->flags = DEVFS_IS_CHARACTER_DEV;
+ cdev->ops = &prngops;
+
+ devfs_create(cdev);
+
+ return 0;
+}
+
+device_initcall(prng_init);
--
2.11.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v8 5/7] crypto: caam - fix RNG buffer cache alignment
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
` (3 preceding siblings ...)
2017-03-22 9:14 ` [PATCH v8 4/7] fs: add prng device Oleksij Rempel
@ 2017-03-22 9:14 ` Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 6/7] common: password: make use of get_crypto_bytes Oleksij Rempel
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Oleksij Rempel @ 2017-03-22 9:14 UTC (permalink / raw)
To: barebox; +Cc: Oleksij Rempel
this is alternate version of linux fix:
---------------------------------------------------------------------
| commit 412c98c1bef65fe7589f1300e93735d96130307c
| Author: Steve Cornelius <steve.cornelius@freescale.com>
| Date: Mon Jun 15 16:52:59 2015 -0700
|
| crypto: caam - fix RNG buffer cache alignment
|
| The hwrng output buffers (2) are cast inside of a a struct (caam_rng_ctx)
| allocated in one DMA-tagged region. While the kernel's heap allocator
| should place the overall struct on a cacheline aligned boundary, the 2
| buffers contained within may not necessarily align. Consenquently, the
| ends of unaligned buffers may not fully flush, and if so, stale data will be
| left behind, resulting in small repeating patterns.
|
| This fix aligns the buffers inside the struct.
|
| Note that not all of the data inside caam_rng_ctx necessarily needs to
| be DMA-tagged, only the buffers themselves require this. However, a fix
| would incur the expense of error-handling bloat in the case of allocation
| failure.
|
| Cc: stable@vger.kernel.org
| Signed-off-by: Steve Cornelius <steve.cornelius@freescale.com>
| Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---------------------------------------------------------------------
instead we will use just dma_alloc()
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
drivers/crypto/caam/caamrng.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
index aabad0416..31a92731d 100644
--- a/drivers/crypto/caam/caamrng.c
+++ b/drivers/crypto/caam/caamrng.c
@@ -55,7 +55,7 @@
/* Buffer, its dma address and lock */
struct buf_data {
- u8 buf[RN_BUF_SIZE];
+ u8 *buf;
dma_addr_t addr;
u32 hw_desc[DESC_JOB_O_LEN];
#define BUF_NOT_EMPTY 0
@@ -218,6 +218,8 @@ static int caam_init_buf(struct caam_rng_ctx *ctx, int buf_id)
struct buf_data *bd = &ctx->bufs[buf_id];
int err;
+ bd->buf = dma_alloc(RN_BUF_SIZE);
+
err = rng_create_job_desc(ctx, buf_id);
if (err)
return err;
--
2.11.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v8 6/7] common: password: make use of get_crypto_bytes
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
` (4 preceding siblings ...)
2017-03-22 9:14 ` [PATCH v8 5/7] crypto: caam - fix RNG buffer cache alignment Oleksij Rempel
@ 2017-03-22 9:14 ` Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 7/7] add seed command Oleksij Rempel
2017-03-24 6:13 ` [PATCH v8 0/7] upstream hwrng framework Sascha Hauer
7 siblings, 0 replies; 9+ messages in thread
From: Oleksij Rempel @ 2017-03-22 9:14 UTC (permalink / raw)
To: barebox; +Cc: Oleksij Rempel
get_random_bytes is providing prng, if we have HWRNG we should be
able to use it over get_crypto_bytes
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
common/password.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/common/password.c b/common/password.c
index d52b746f0..74d328f4b 100644
--- a/common/password.c
+++ b/common/password.c
@@ -365,7 +365,11 @@ int set_env_passwd(unsigned char* passwd, size_t length)
char *salt = passwd_sum;
int keylen = PBKDF2_LENGTH - PBKDF2_SALT_LEN;
- get_random_bytes(passwd_sum, PBKDF2_SALT_LEN);
+ ret = get_crypto_bytes(passwd_sum, PBKDF2_SALT_LEN);
+ if (ret) {
+ pr_err("Can't get random numbers\n");
+ return ret;
+ }
ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt,
PBKDF2_SALT_LEN, PBKDF2_COUNT, keylen, key);
--
2.11.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v8 7/7] add seed command
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
` (5 preceding siblings ...)
2017-03-22 9:14 ` [PATCH v8 6/7] common: password: make use of get_crypto_bytes Oleksij Rempel
@ 2017-03-22 9:14 ` Oleksij Rempel
2017-03-24 6:13 ` [PATCH v8 0/7] upstream hwrng framework Sascha Hauer
7 siblings, 0 replies; 9+ messages in thread
From: Oleksij Rempel @ 2017-03-22 9:14 UTC (permalink / raw)
To: barebox; +Cc: Oleksij Rempel
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
commands/Kconfig | 6 ++++++
commands/Makefile | 1 +
commands/seed.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 51 insertions(+)
create mode 100644 commands/seed.c
diff --git a/commands/Kconfig b/commands/Kconfig
index 21d921268..c983b62d0 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -2115,6 +2115,12 @@ config CMD_SPD_DECODE
help
decode spd eeprom
+config CMD_SEED
+ tristate
+ prompt "seed"
+ help
+ Seed the pseudo random number generator (PRNG)
+
# end Miscellaneous commands
endmenu
diff --git a/commands/Makefile b/commands/Makefile
index 601f15fc3..ab5902156 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -120,3 +120,4 @@ obj-$(CONFIG_CMD_DHRYSTONE) += dhrystone.o
obj-$(CONFIG_CMD_SPD_DECODE) += spd_decode.o
obj-$(CONFIG_CMD_MMC_EXTCSD) += mmc_extcsd.o
obj-$(CONFIG_CMD_NAND_BITFLIP) += nand-bitflip.o
+obj-$(CONFIG_CMD_SEED) += seed.o
diff --git a/commands/seed.c b/commands/seed.c
new file mode 100644
index 000000000..e378cd763
--- /dev/null
+++ b/commands/seed.c
@@ -0,0 +1,44 @@
+/*
+ * (c) 2017 Oleksij Rempel <kernel@pengutronix.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include <common.h>
+#include <command.h>
+#include <stdlib.h>
+#include <linux/ctype.h>
+
+static int do_seed(int argc, char *argv[])
+{
+ if (argc < 2)
+ return COMMAND_ERROR_USAGE;
+
+ if (isdigit(*argv[1])) {
+ srand(simple_strtoul(argv[1], NULL, 0));
+ return 0;
+ }
+
+ printf("numerical parameter expected\n");
+ return 1;
+}
+
+BAREBOX_CMD_HELP_START(seed)
+BAREBOX_CMD_HELP_TEXT("Seed the pseudo random number generator")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(seed)
+ .cmd = do_seed,
+ BAREBOX_CMD_DESC("seed the PRNG")
+ BAREBOX_CMD_OPTS("VALUE")
+ BAREBOX_CMD_GROUP(CMD_GRP_MISC)
+ BAREBOX_CMD_HELP(cmd_seed_help)
+BAREBOX_CMD_END
--
2.11.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v8 0/7] upstream hwrng framework
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
` (6 preceding siblings ...)
2017-03-22 9:14 ` [PATCH v8 7/7] add seed command Oleksij Rempel
@ 2017-03-24 6:13 ` Sascha Hauer
7 siblings, 0 replies; 9+ messages in thread
From: Sascha Hauer @ 2017-03-24 6:13 UTC (permalink / raw)
To: Oleksij Rempel; +Cc: barebox
On Wed, Mar 22, 2017 at 10:14:32AM +0100, Oleksij Rempel wrote:
> changes v1:
> - initial version
>
> changes v2:
> - drop Freescale RNGC for now. It need more testing
> - add caamrng port
> - fix hwrng_init()
> - fix hwrng_get_first check in get_random_bytes
>
> changes v3:
> - check if hwrng_get_data returns error
> - provide /dev/randomdd random device
>
> changes v4:
> - provide get_crypto_bytes() interface.
> - add CONFIG_ALLOW_PRNG_FALLBACK
> - make cmd_password use get_crypto_bytes
> - add cmd_seed
>
> changes v5:
> - make cmd_seed fail if no VALUE is set
>
> changes v6:
> - reword second patch and remove useless if (bytes > lenght) check.
>
> changes v7:
> - use numbered names: /dev/hwrngN
> - allow to use aliases for device name.
>
> changes v8:
> - remove comment about nonexisting priv variable
> - make hwrng_get_first() static inline with return error if CONFIG_HWRNG
> is disabled.
>
> Oleksij Rempel (6):
> lib: random: add get_crypto_bytes interface and use HWRNG if posssible
> caamrng: port to hwrng framework
> fs: add prng device
> crypto: caam - fix RNG buffer cache alignment
> common: password: make use of get_crypto_bytes
> add seed command
>
> Steffen Trumtrar (1):
> drivers: add simple hw_random implementation
Applied, thanks
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2017-03-24 6:14 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-22 9:14 [PATCH v8 0/7] upstream hwrng framework Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 1/7] drivers: add simple hw_random implementation Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 2/7] lib: random: add get_crypto_bytes interface and use HWRNG if posssible Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 3/7] caamrng: port to hwrng framework Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 4/7] fs: add prng device Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 5/7] crypto: caam - fix RNG buffer cache alignment Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 6/7] common: password: make use of get_crypto_bytes Oleksij Rempel
2017-03-22 9:14 ` [PATCH v8 7/7] add seed command Oleksij Rempel
2017-03-24 6:13 ` [PATCH v8 0/7] upstream hwrng framework Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox