summaryrefslogtreecommitdiffstats
path: root/sys/dev/random/nehemiah.c
blob: f3afa89fcf898a97ae4e6ad8b070fa03dc4f44e7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
/*-
 * Copyright (c) 2004 Mark R V Murray
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer
 *    in this position and unchanged.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");

#include "opt_cpu.h"

#ifdef PADLOCK_RNG

#include <sys/param.h>
#include <sys/time.h>
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/selinfo.h>
#include <sys/systm.h>

#include <machine/pcb.h>

#include <dev/random/randomdev.h>

#define RANDOM_BLOCK_SIZE	256
#define CIPHER_BLOCK_SIZE	16

static void random_nehemiah_init(void);
static void random_nehemiah_deinit(void);
static int random_nehemiah_read(void *, int);

struct random_systat random_nehemiah = {
	.ident = "Hardware, VIA Nehemiah",
	.init = random_nehemiah_init,
	.deinit = random_nehemiah_deinit,
	.read = random_nehemiah_read,
	.write = (random_write_func_t *)random_null_func,
	.reseed = (random_reseed_func_t *)random_null_func,
	.seeded = 1,
};

union VIA_ACE_CW {
	uint64_t raw;
	struct {
		u_int round_count : 4;
		u_int algorithm_type : 3;
		u_int key_generation_type : 1;
		u_int intermediate : 1;
		u_int decrypt : 1;
		u_int key_size : 2;
		u_int filler0 : 20;
		u_int filler1 : 32;
		u_int filler2 : 32;
		u_int filler3 : 32;
	} field;
};

/* The extra 7 is to allow an 8-byte write on the last byte of the
 * arrays.  The ACE wants the AES data 16-byte/128-bit aligned, and
 * it _always_ writes n*64 bits. The RNG does not care about alignment,
 * and it always writes n*32 bits or n*64 bits.
 */
static uint8_t key[CIPHER_BLOCK_SIZE+7]	__aligned(16);
static uint8_t iv[CIPHER_BLOCK_SIZE+7]	__aligned(16);
static uint8_t in[RANDOM_BLOCK_SIZE+7]	__aligned(16);
static uint8_t out[RANDOM_BLOCK_SIZE+7]	__aligned(16);

static union VIA_ACE_CW acw		__aligned(16);

static struct fpu_kern_ctx *fpu_ctx_save;

static struct mtx random_nehemiah_mtx;

/* ARGSUSED */
static __inline size_t
VIA_RNG_store(void *buf)
{
#ifdef __GNUCLIKE_ASM
	uint32_t retval = 0;
	uint32_t rate = 0;

	/* The .byte line is really VIA C3 "xstore" instruction */
	__asm __volatile(
		"movl	$0,%%edx		\n\t"
		".byte	0x0f, 0xa7, 0xc0"
			: "=a" (retval), "+d" (rate), "+D" (buf)
			:
			: "memory"
	);
	if (rate == 0)
		return (retval&0x1f);
#endif
	return (0);
}

/* ARGSUSED */
static __inline void
VIA_ACE_cbc(void *in, void *out, size_t count, void *key, union VIA_ACE_CW *cw, void *iv)
{
#ifdef __GNUCLIKE_ASM
	/* The .byte line is really VIA C3 "xcrypt-cbc" instruction */
	__asm __volatile(
		"pushf				\n\t"
		"popf				\n\t"
		"rep				\n\t"
		".byte	0x0f, 0xa7, 0xc8"
			: "+a" (iv), "+c" (count), "+D" (out), "+S" (in)
			: "b" (key), "d" (cw)
			: "cc", "memory"
		);
#endif
}

static void
random_nehemiah_init(void)
{
	acw.raw = 0ULL;
	acw.field.round_count = 12;

	mtx_init(&random_nehemiah_mtx, "random nehemiah", NULL, MTX_DEF);
	fpu_ctx_save = fpu_kern_alloc_ctx(FPU_KERN_NORMAL);
}

void
random_nehemiah_deinit(void)
{

	fpu_kern_free_ctx(fpu_ctx_save);
	mtx_destroy(&random_nehemiah_mtx);
}

static int
random_nehemiah_read(void *buf, int c)
{
	int i, error;
	size_t count, ret;
	uint8_t *p;

	mtx_lock(&random_nehemiah_mtx);
	error = fpu_kern_enter(curthread, fpu_ctx_save, FPU_KERN_NORMAL);
	if (error != 0) {
		mtx_unlock(&random_nehemiah_mtx);
		return (0);
	}

	/* Get a random AES key */
	count = 0;
	p = key;
	do {
		ret = VIA_RNG_store(p);
		p += ret;
		count += ret;
	} while (count < CIPHER_BLOCK_SIZE);

	/* Get a random AES IV */
	count = 0;
	p = iv;
	do {
		ret = VIA_RNG_store(p);
		p += ret;
		count += ret;
	} while (count < CIPHER_BLOCK_SIZE);

	/* Get a block of random bytes */
	count = 0;
	p = in;
	do {
		ret = VIA_RNG_store(p);
		p += ret;
		count += ret;
	} while (count < RANDOM_BLOCK_SIZE);

	/* This is a Davies-Meyer hash of the most paranoid variety; the
	 * key, IV and the data are all read directly from the hardware RNG.
	 * All of these are used precisely once.
	 */
	VIA_ACE_cbc(in, out, RANDOM_BLOCK_SIZE/CIPHER_BLOCK_SIZE,
	    key, &acw, iv);
	for (i = 0; i < RANDOM_BLOCK_SIZE; i++)
		out[i] ^= in[i];

	c = MIN(RANDOM_BLOCK_SIZE, c);
	memcpy(buf, out, (size_t)c);

	fpu_kern_leave(curthread, fpu_ctx_save);
	mtx_unlock(&random_nehemiah_mtx);
	return (c);
}

#endif
OpenPOWER on IntegriCloud