/*
   * algif_rng: User-space interface for random number generators
   *
   * This file provides the user-space API for random number generators.
   *
   * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   * 1. Redistributions of source code must retain the above copyright
   *    notice, and the entire permission notice in its entirety,
   *    including the disclaimer of warranties.
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in the
   *    documentation and/or other materials provided with the distribution.
   * 3. The name of the author may not be used to endorse or promote
   *    products derived from this software without specific prior
   *    written permission.
   *
   * ALTERNATIVELY, this product may be distributed under the terms of
   * the GNU General Public License, in which case the provisions of the GPL2
   * are required INSTEAD OF the above restrictions.  (This clause is
   * necessary due to a potential bad interaction between the GPL and
   * the restrictions contained in a BSD-style copyright.)
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
   * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
   * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
   * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
   * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
   * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
   * DAMAGE.
   */

  #include <linux/capability.h>

  #include <linux/module.h>
  #include <crypto/rng.h>
  #include <linux/random.h>
  #include <crypto/if_alg.h>
  #include <linux/net.h>
  #include <net/sock.h>
  
  MODULE_LICENSE("GPL");
  MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
  MODULE_DESCRIPTION("User-space interface for random number generators");
  
  struct rng_ctx {
  #define MAXSIZE 128
  	unsigned int len;
  	struct crypto_rng *drng;

  	u8 *addtl;
  	size_t addtl_len;

  };

  struct rng_parent_ctx {
  	struct crypto_rng *drng;
  	u8 *entropy;
  };
  
  static void rng_reset_addtl(struct rng_ctx *ctx)

  {

  	kfree_sensitive(ctx->addtl);
  	ctx->addtl = NULL;
  	ctx->addtl_len = 0;
  }
  
  static int _rng_recvmsg(struct crypto_rng *drng, struct msghdr *msg, size_t len,
  			u8 *addtl, size_t addtl_len)
  {
  	int err = 0;

  	int genlen = 0;
  	u8 result[MAXSIZE];
  
  	if (len == 0)
  		return 0;
  	if (len > MAXSIZE)
  		len = MAXSIZE;
  
  	/*
  	 * although not strictly needed, this is a precaution against coding
  	 * errors
  	 */
  	memset(result, 0, len);
  
  	/*
  	 * The enforcement of a proper seeding of an RNG is done within an
  	 * RNG implementation. Some RNGs (DRBG, krng) do not need specific
  	 * seeding as they automatically seed. The X9.31 DRNG will return
  	 * an error if it was not seeded properly.
  	 */

  	genlen = crypto_rng_generate(drng, addtl, addtl_len, result, len);

  	if (genlen < 0)
  		return genlen;
  
  	err = memcpy_to_msg(msg, result, len);

  	memzero_explicit(result, len);

  
  	return err ? err : len;
  }

  static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
  		       int flags)
  {
  	struct sock *sk = sock->sk;
  	struct alg_sock *ask = alg_sk(sk);
  	struct rng_ctx *ctx = ask->private;
  
  	return _rng_recvmsg(ctx->drng, msg, len, NULL, 0);
  }
  
  static int rng_test_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
  			    int flags)
  {
  	struct sock *sk = sock->sk;
  	struct alg_sock *ask = alg_sk(sk);
  	struct rng_ctx *ctx = ask->private;
  	int ret;
  
  	lock_sock(sock->sk);
  	ret = _rng_recvmsg(ctx->drng, msg, len, ctx->addtl, ctx->addtl_len);
  	rng_reset_addtl(ctx);
  	release_sock(sock->sk);
  
  	return ret;
  }
  
  static int rng_test_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
  {
  	int err;
  	struct alg_sock *ask = alg_sk(sock->sk);
  	struct rng_ctx *ctx = ask->private;
  
  	lock_sock(sock->sk);
  	if (len > MAXSIZE) {
  		err = -EMSGSIZE;
  		goto unlock;
  	}
  
  	rng_reset_addtl(ctx);
  	ctx->addtl = kmalloc(len, GFP_KERNEL);
  	if (!ctx->addtl) {
  		err = -ENOMEM;
  		goto unlock;
  	}
  
  	err = memcpy_from_msg(ctx->addtl, msg, len);
  	if (err) {
  		rng_reset_addtl(ctx);
  		goto unlock;
  	}
  	ctx->addtl_len = len;
  
  unlock:
  	release_sock(sock->sk);
  	return err ? err : len;
  }

  static struct proto_ops algif_rng_ops = {
  	.family		=	PF_ALG,
  
  	.connect	=	sock_no_connect,
  	.socketpair	=	sock_no_socketpair,
  	.getname	=	sock_no_getname,
  	.ioctl		=	sock_no_ioctl,
  	.listen		=	sock_no_listen,
  	.shutdown	=	sock_no_shutdown,

  	.mmap		=	sock_no_mmap,
  	.bind		=	sock_no_bind,
  	.accept		=	sock_no_accept,

  	.sendmsg	=	sock_no_sendmsg,
  	.sendpage	=	sock_no_sendpage,
  
  	.release	=	af_alg_release,
  	.recvmsg	=	rng_recvmsg,
  };

  static struct proto_ops __maybe_unused algif_rng_test_ops = {
  	.family		=	PF_ALG,
  
  	.connect	=	sock_no_connect,
  	.socketpair	=	sock_no_socketpair,
  	.getname	=	sock_no_getname,
  	.ioctl		=	sock_no_ioctl,
  	.listen		=	sock_no_listen,
  	.shutdown	=	sock_no_shutdown,
  	.mmap		=	sock_no_mmap,
  	.bind		=	sock_no_bind,
  	.accept		=	sock_no_accept,
  	.sendpage	=	sock_no_sendpage,
  
  	.release	=	af_alg_release,
  	.recvmsg	=	rng_test_recvmsg,
  	.sendmsg	=	rng_test_sendmsg,
  };

  static void *rng_bind(const char *name, u32 type, u32 mask)
  {

  	struct rng_parent_ctx *pctx;
  	struct crypto_rng *rng;
  
  	pctx = kzalloc(sizeof(*pctx), GFP_KERNEL);
  	if (!pctx)
  		return ERR_PTR(-ENOMEM);
  
  	rng = crypto_alloc_rng(name, type, mask);
  	if (IS_ERR(rng)) {
  		kfree(pctx);
  		return ERR_CAST(rng);
  	}
  
  	pctx->drng = rng;
  	return pctx;

  }
  
  static void rng_release(void *private)
  {

  	struct rng_parent_ctx *pctx = private;
  
  	if (unlikely(!pctx))
  		return;
  	crypto_free_rng(pctx->drng);
  	kfree_sensitive(pctx->entropy);
  	kfree_sensitive(pctx);

  }
  
  static void rng_sock_destruct(struct sock *sk)
  {
  	struct alg_sock *ask = alg_sk(sk);
  	struct rng_ctx *ctx = ask->private;

  	rng_reset_addtl(ctx);

  	sock_kfree_s(sk, ctx, ctx->len);
  	af_alg_release_parent(sk);
  }
  
  static int rng_accept_parent(void *private, struct sock *sk)
  {
  	struct rng_ctx *ctx;

  	struct rng_parent_ctx *pctx = private;

  	struct alg_sock *ask = alg_sk(sk);
  	unsigned int len = sizeof(*ctx);
  
  	ctx = sock_kmalloc(sk, len, GFP_KERNEL);
  	if (!ctx)
  		return -ENOMEM;
  
  	ctx->len = len;

  	ctx->addtl = NULL;
  	ctx->addtl_len = 0;

  
  	/*
  	 * No seeding done at that point -- if multiple accepts are
  	 * done on one RNG instance, each resulting FD points to the same
  	 * state of the RNG.
  	 */

  	ctx->drng = pctx->drng;

  	ask->private = ctx;
  	sk->sk_destruct = rng_sock_destruct;

  	/*
  	 * Non NULL pctx->entropy means that CAVP test has been initiated on
  	 * this socket, replace proto_ops algif_rng_ops with algif_rng_test_ops.
  	 */
  	if (IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP) && pctx->entropy)
  		sk->sk_socket->ops = &algif_rng_test_ops;

  	return 0;
  }
  
  static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
  {

  	struct rng_parent_ctx *pctx = private;

  	/*
  	 * Check whether seedlen is of sufficient size is done in RNG
  	 * implementations.
  	 */

  	return crypto_rng_reset(pctx->drng, seed, seedlen);
  }
  
  static int __maybe_unused rng_setentropy(void *private, sockptr_t entropy,
  					 unsigned int len)
  {
  	struct rng_parent_ctx *pctx = private;
  	u8 *kentropy = NULL;
  
  	if (!capable(CAP_SYS_ADMIN))
  		return -EACCES;
  
  	if (pctx->entropy)
  		return -EINVAL;
  
  	if (len > MAXSIZE)
  		return -EMSGSIZE;
  
  	if (len) {
  		kentropy = memdup_sockptr(entropy, len);
  		if (IS_ERR(kentropy))
  			return PTR_ERR(kentropy);
  	}
  
  	crypto_rng_alg(pctx->drng)->set_ent(pctx->drng, kentropy, len);
  	/*
  	 * Since rng doesn't perform any memory management for the entropy
  	 * buffer, save kentropy pointer to pctx now to free it after use.
  	 */
  	pctx->entropy = kentropy;
  	return 0;

  }
  
  static const struct af_alg_type algif_type_rng = {
  	.bind		=	rng_bind,
  	.release	=	rng_release,
  	.accept		=	rng_accept_parent,
  	.setkey		=	rng_setkey,

  #ifdef CONFIG_CRYPTO_USER_API_RNG_CAVP
  	.setentropy	=	rng_setentropy,
  #endif

  	.ops		=	&algif_rng_ops,
  	.name		=	"rng",
  	.owner		=	THIS_MODULE
  };
  
  static int __init rng_init(void)
  {
  	return af_alg_register_type(&algif_type_rng);
  }

  static void __exit rng_exit(void)

  {
  	int err = af_alg_unregister_type(&algif_type_rng);
  	BUG_ON(err);
  }
  
  module_init(rng_init);
  module_exit(rng_exit);