@@ -1879,15 +1879,6 @@ config CRYPTO_USER_API_RNG
This option enables the user-spaces interface for random
number generator algorithms.
-config CRYPTO_USER_API_RNG_CAVP
- bool "Enable CAVP testing of DRBG"
- depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
- help
- This option enables extra API for CAVP testing via the user-space
- interface: resetting of DRBG entropy, and providing Additional Data.
- This should only be enabled for CAVP testing. You should say
- no unless you know what this is.
-
config CRYPTO_USER_API_AEAD
tristate "User-space interface for AEAD cipher algorithms"
depends on NET
@@ -259,13 +259,6 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
goto unlock;
err = type->setauthsize(ask->private, optlen);
break;
- case ALG_SET_DRBG_ENTROPY:
- if (sock->state == SS_CONNECTED)
- goto unlock;
- if (!type->setentropy)
- goto unlock;
-
- err = type->setentropy(ask->private, optval, optlen);
}
unlock:
@@ -110,16 +110,6 @@ static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
struct rng_ctx *ctx = ask->private;
-
- return _rng_recvmsg(ctx->drng, msg, len, NULL, 0);
-}
-
-static int rng_test_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
- int flags)
-{
- struct sock *sk = sock->sk;
- struct alg_sock *ask = alg_sk(sk);
- struct rng_ctx *ctx = ask->private;
int ret;
lock_sock(sock->sk);
@@ -130,7 +120,7 @@ static int rng_test_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
return ret;
}
-static int rng_test_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
+static int rng_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
{
int err;
struct alg_sock *ask = alg_sk(sock->sk);
@@ -173,30 +163,11 @@ static struct proto_ops algif_rng_ops = {
.mmap = sock_no_mmap,
.bind = sock_no_bind,
.accept = sock_no_accept,
- .sendmsg = sock_no_sendmsg,
.sendpage = sock_no_sendpage,
.release = af_alg_release,
.recvmsg = rng_recvmsg,
-};
-
-static struct proto_ops __maybe_unused algif_rng_test_ops = {
- .family = PF_ALG,
-
- .connect = sock_no_connect,
- .socketpair = sock_no_socketpair,
- .getname = sock_no_getname,
- .ioctl = sock_no_ioctl,
- .listen = sock_no_listen,
- .shutdown = sock_no_shutdown,
- .mmap = sock_no_mmap,
- .bind = sock_no_bind,
- .accept = sock_no_accept,
- .sendpage = sock_no_sendpage,
-
- .release = af_alg_release,
- .recvmsg = rng_test_recvmsg,
- .sendmsg = rng_test_sendmsg,
+ .sendmsg = rng_sendmsg,
};
static void *rng_bind(const char *name, u32 type, u32 mask)
@@ -225,7 +196,6 @@ static void rng_release(void *private)
if (unlikely(!pctx))
return;
crypto_free_rng(pctx->drng);
- kfree_sensitive(pctx->entropy);
kfree_sensitive(pctx);
}
@@ -264,13 +234,6 @@ static int rng_accept_parent(void *private, struct sock *sk)
ask->private = ctx;
sk->sk_destruct = rng_sock_destruct;
- /*
- * Non NULL pctx->entropy means that CAVP test has been initiated on
- * this socket, replace proto_ops algif_rng_ops with algif_rng_test_ops.
- */
- if (IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP) && pctx->entropy)
- sk->sk_socket->ops = &algif_rng_test_ops;
-
return 0;
}
@@ -284,45 +247,11 @@ static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
return crypto_rng_reset(pctx->drng, seed, seedlen);
}
-static int __maybe_unused rng_setentropy(void *private, sockptr_t entropy,
- unsigned int len)
-{
- struct rng_parent_ctx *pctx = private;
- u8 *kentropy = NULL;
-
- if (!capable(CAP_SYS_ADMIN))
- return -EACCES;
-
- if (pctx->entropy)
- return -EINVAL;
-
- if (len > MAXSIZE)
- return -EMSGSIZE;
-
- if (len) {
- kentropy = memdup_sockptr(entropy, len);
- if (IS_ERR(kentropy))
- return PTR_ERR(kentropy);
- }
-
- if (crypto_rng_alg(pctx->drng)->set_ent)
- crypto_rng_alg(pctx->drng)->set_ent(pctx->drng, kentropy, len);
- /*
- * Since rng doesn't perform any memory management for the entropy
- * buffer, save kentropy pointer to pctx now to free it after use.
- */
- pctx->entropy = kentropy;
- return 0;
-}
-
static const struct af_alg_type algif_type_rng = {
.bind = rng_bind,
.release = rng_release,
.accept = rng_accept_parent,
.setkey = rng_setkey,
-#ifdef CONFIG_CRYPTO_USER_API_RNG_CAVP
- .setentropy = rng_setentropy,
-#endif
.ops = &algif_rng_ops,
.name = "rng",
.owner = THIS_MODULE
@@ -46,7 +46,6 @@ struct af_alg_type {
void *(*bind)(const char *name, u32 type, u32 mask);
void (*release)(void *private);
int (*setkey)(void *private, const u8 *key, unsigned int keylen);
- int (*setentropy)(void *private, sockptr_t entropy, unsigned int len);
int (*accept)(void *private, struct sock *sk);
int (*accept_nokey)(void *private, struct sock *sk);
int (*setauthsize)(void *private, unsigned int authsize);
@@ -31,10 +31,4 @@ static inline void *crypto_rng_ctx(struct crypto_rng *tfm)
return crypto_tfm_ctx(&tfm->base);
}
-static inline void crypto_rng_set_entropy(struct crypto_rng *tfm,
- const u8 *data, unsigned int len)
-{
- crypto_rng_alg(tfm)->set_ent(tfm, data, len);
-}
-
#endif
@@ -28,8 +28,6 @@ struct crypto_rng;
* up a new state, the seed must be provided by the
* consumer while invoking this function. The required
* size of the seed is defined with @seedsize .
- * @set_ent: Set entropy that would otherwise be obtained from
- * entropy source. Internal use only.
* @seedsize: The seed size required for a random number generator
* initialization defined with this variable. Some
* random number generators does not require a seed
@@ -43,8 +41,6 @@ struct rng_alg {
const u8 *src, unsigned int slen,
u8 *dst, unsigned int dlen);
int (*seed)(struct crypto_rng *tfm, const u8 *seed, unsigned int slen);
- void (*set_ent)(struct crypto_rng *tfm, const u8 *data,
- unsigned int len);
unsigned int seedsize;
@@ -51,7 +51,7 @@ struct af_alg_iv {
#define ALG_SET_OP 3
#define ALG_SET_AEAD_ASSOCLEN 4
#define ALG_SET_AEAD_AUTHSIZE 5
-#define ALG_SET_DRBG_ENTROPY 6
+#define ALG_SET_DRBG_ENTROPY 6 /* Not implemented any more */
/* Operations */
#define ALG_OP_DECRYPT 0
The ALG_SET_DRBG_ENTROPY was added to test the DRBG implementation provided with the kernel crypto API. This interface was used to set a "test entropy" string to bypass the DRBG-internal seeding mechanism. Since the DRBG-internal seeding mechanism is completely removed, the special bypass is not needed any more. The entropy string for the DRBG can be set with the crypto_rng_reset() function that is invoked with the ALG_SET_KEY interface. The change enables the sendmsg implementation in AF_ALG RNG for a general use. The sendmsg allows user space to set the input data to the crypto_rng_generate function call. The change still allows the full testing of the DRBG which was verified with libkcapi version 1.5.0 covering the following aspects: - Hash DRBG with SHA-1, SHA-256, SHA-384, SHA-512 - HMAC DRBG with SHA-1, SHA-256, SHA-384, SHA-512 - CTR DRBG with AES-128, AES-192, AES-256 - reseeding, but without additional information - no reseeding, but with additional information The limitation of the test is defined with algif_rng.c:MAXSIZE which restricts the allowed output size for testing to 128 bytes. CC: Elena Petrova <lenaptr@google.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> --- crypto/Kconfig | 9 ----- crypto/af_alg.c | 7 ---- crypto/algif_rng.c | 75 +---------------------------------- include/crypto/if_alg.h | 1 - include/crypto/internal/rng.h | 6 --- include/crypto/rng.h | 4 -- include/uapi/linux/if_alg.h | 2 +- 7 files changed, 3 insertions(+), 101 deletions(-)