2  * Non-physical true random number generator based on timing jitter --
5  * Copyright Stephan Mueller <[email protected]>, 2015 - 2023
13  * 2. Redistributions in binary form must reproduce the above copyright
24  * the restrictions contained in a BSD-style copyright.)
42 #include <linux/fips.h>
51 #define JENT_CONDITIONING_HASH	"sha3-256-generic"
78  * Obtain a high-resolution time stamp value. The time stamp is used to measure
83  * implement a high-resolution time stamp, the RNG code's runtime test
109 	SHASH_DESC_ON_STACK(desc, hash_state_desc->tfm);  in jent_hash_time()
114 	desc->tfm = hash_state_desc->tfm;  in jent_hash_time()
116 	if (sizeof(intermediary) != crypto_shash_digestsize(desc->tfm)) {  in jent_hash_time()
118 		return -EINVAL;  in jent_hash_time()
128 	 * considering the terminology from SP800-90A without any entropy.  in jent_hash_time()
156 	 * when the time stamp has no entropy, SP800-90B requires that any  in jent_hash_time()
176 	/* Obtain data from entropy pool and re-initialize it */  in jent_read_random_block()
204 	spin_lock(&rng->jent_lock);  in jent_kcapi_cleanup()
206 	if (rng->sdesc) {  in jent_kcapi_cleanup()
207 		shash_desc_zero(rng->sdesc);  in jent_kcapi_cleanup()
208 		kfree(rng->sdesc);  in jent_kcapi_cleanup()
210 	rng->sdesc = NULL;  in jent_kcapi_cleanup()
212 	if (rng->tfm)  in jent_kcapi_cleanup()
213 		crypto_free_shash(rng->tfm);  in jent_kcapi_cleanup()
214 	rng->tfm = NULL;  in jent_kcapi_cleanup()
216 	if (rng->entropy_collector)  in jent_kcapi_cleanup()
217 		jent_entropy_collector_free(rng->entropy_collector);  in jent_kcapi_cleanup()
218 	rng->entropy_collector = NULL;  in jent_kcapi_cleanup()
219 	spin_unlock(&rng->jent_lock);  in jent_kcapi_cleanup()
229 	spin_lock_init(&rng->jent_lock);  in jent_kcapi_init()
232 	 * Use SHA3-256 as conditioner. We allocate only the generic  in jent_kcapi_init()
233 	 * implementation as we are not interested in high-performance. The  in jent_kcapi_init()
245 	rng->tfm = hash;  in jent_kcapi_init()
250 		ret = -ENOMEM;  in jent_kcapi_init()
254 	sdesc->tfm = hash;  in jent_kcapi_init()
256 	rng->sdesc = sdesc;  in jent_kcapi_init()
258 	rng->entropy_collector =  in jent_kcapi_init()
261 	if (!rng->entropy_collector) {  in jent_kcapi_init()
262 		ret = -ENOMEM;  in jent_kcapi_init()
266 	spin_lock_init(&rng->jent_lock);  in jent_kcapi_init()
281 	spin_lock(&rng->jent_lock);  in jent_kcapi_random()
283 	ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);  in jent_kcapi_random()
285 	if (ret == -3) {  in jent_kcapi_random()
288 		 * If the kernel was booted with fips=1, it implies that  in jent_kcapi_random()
289 		 * the entire kernel acts as a FIPS 140 module. In this case  in jent_kcapi_random()
290 		 * an SP800-90B permanent health test error is treated as  in jent_kcapi_random()
291 		 * a FIPS module error.  in jent_kcapi_random()
297 		ret = -EFAULT;  in jent_kcapi_random()
298 	} else if (ret == -2) {  in jent_kcapi_random()
301 		ret = -EAGAIN;  in jent_kcapi_random()
302 	} else if (ret == -1) {  in jent_kcapi_random()
304 		ret = -EINVAL;  in jent_kcapi_random()
307 	spin_unlock(&rng->jent_lock);  in jent_kcapi_random()
347 	desc->tfm = tfm;  in jent_mod_init()
359 		return -EFAULT;  in jent_mod_init()
375 MODULE_DESCRIPTION("Non-physical True Random Number Generator based on CPU Jitter");