rdrand - An RNG driver for the RdRand insn
authorAlex Hornung <ahornung@gmail.com>
Sat, 25 Feb 2012 08:21:48 +0000 (08:21 +0000)
committerAlex Hornung <ahornung@gmail.com>
Sat, 25 Feb 2012 08:42:10 +0000 (08:42 +0000)
 * The driver is as of yet untested as the hardware is not yet
   available!

sys/dev/crypto/Makefile
sys/dev/crypto/rdrand/Makefile [new file with mode: 0644]
sys/dev/crypto/rdrand/rdrand.c [new file with mode: 0644]
sys/dev/crypto/rdrand/rdrand_harvest_i386.S [new file with mode: 0644]
sys/dev/crypto/rdrand/rdrand_harvest_x86_64.S [new file with mode: 0644]
sys/platform/pc32/conf/files
sys/platform/pc64/conf/files

index 7e684fa..9f743d5 100644 (file)
@@ -1,3 +1,3 @@
-SUBDIR=        aesni cryptodev glxsb hifn padlock safe ubsec
+SUBDIR=        aesni cryptodev glxsb hifn padlock rdrand safe ubsec
 
 .include <bsd.subdir.mk>
diff --git a/sys/dev/crypto/rdrand/Makefile b/sys/dev/crypto/rdrand/Makefile
new file mode 100644 (file)
index 0000000..b51c73d
--- /dev/null
@@ -0,0 +1,5 @@
+KMOD=  rdrand
+SRCS=  rdrand.c rdrand_harvest_$(MACHINE_ARCH).S
+SRCS   += device_if.h bus_if.h
+
+.include <bsd.kmod.mk>
diff --git a/sys/dev/crypto/rdrand/rdrand.c b/sys/dev/crypto/rdrand/rdrand.c
new file mode 100644 (file)
index 0000000..d0c1e75
--- /dev/null
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2012 Alex Hornung <alex@alexhornung.com>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/kernel.h>
+#include <sys/kobj.h>
+#include <sys/libkern.h>
+#include <sys/module.h>
+#include <sys/malloc.h>
+#include <sys/bus.h>
+#include <sys/random.h>
+
+#include <machine/specialreg.h>
+
+#define        RDRAND_ALIGN(p) (void *)(roundup2((uintptr_t)(p), 16))
+
+
+struct rdrand_softc {
+       struct callout  sc_rng_co;
+       int32_t         sc_rng_ticks;
+};
+
+
+static void rdrand_rng_harvest(void *);
+int rdrand_rng(uint8_t *out, int limit);
+
+
+MALLOC_DEFINE(M_RDRAND, "rdrand_data", "RdRand Data");
+
+
+static void
+rdrand_identify(driver_t *drv, device_t parent)
+{
+
+       /* NB: order 10 is so we get attached after h/w devices */
+       if (device_find_child(parent, "rdrand", -1) == NULL &&
+           BUS_ADD_CHILD(parent, parent, 10, "rdrand", -1) == 0)
+               panic("rdrand: could not attach");
+}
+
+
+static int
+rdrand_probe(device_t dev)
+{
+
+       if ((cpu_feature2 & CPUID2_RDRAND) == 0) {
+               device_printf(dev, "No RdRand support.\n");
+               return (EINVAL);
+       }
+
+       device_set_desc(dev, "RdRand RNG");
+       return 0;
+}
+
+
+static int
+rdrand_attach(device_t dev)
+{
+       struct rdrand_softc *sc;
+
+       sc = device_get_softc(dev);
+
+       if (hz > 100)
+               sc->sc_rng_ticks = hz/100;
+       else
+               sc->sc_rng_ticks = 1;
+
+       callout_init_mp(&sc->sc_rng_co);
+       callout_reset(&sc->sc_rng_co, sc->sc_rng_ticks,
+           rdrand_rng_harvest, sc);
+
+       return 0;
+}
+
+
+static int
+rdrand_detach(device_t dev)
+{
+       struct rdrand_softc *sc;
+
+       sc = device_get_softc(dev);
+
+       callout_stop_sync(&sc->sc_rng_co);
+
+       return (0);
+}
+
+
+static int random_count = 512; /* in bytes */
+
+static void
+rdrand_rng_harvest(void *arg)
+{
+       struct rdrand_softc *sc = arg;
+       uint8_t randomness[2048];
+       uint8_t *arandomness; /* randomness aligned */
+       int i, cnt;
+
+       arandomness = RDRAND_ALIGN(randomness);
+       cnt = rdrand_rng(arandomness, random_count);
+
+       for (i = 0; i < cnt; i++)
+               add_true_randomness((int)arandomness[i]);
+
+       callout_reset(&sc->sc_rng_co, sc->sc_rng_ticks,
+           rdrand_rng_harvest, sc);
+}
+
+
+static device_method_t rdrand_methods[] = {
+       DEVMETHOD(device_identify, rdrand_identify),
+       DEVMETHOD(device_probe, rdrand_probe),
+       DEVMETHOD(device_attach, rdrand_attach),
+       DEVMETHOD(device_detach, rdrand_detach),
+
+       {0, 0},
+};
+
+
+static driver_t rdrand_driver = {
+       "rdrand",
+       rdrand_methods,
+       sizeof(struct rdrand_softc),
+};
+
+static devclass_t rdrand_devclass;
+
+DRIVER_MODULE(rdrand, nexus, rdrand_driver, rdrand_devclass, NULL, NULL);
+MODULE_VERSION(rdrand, 1);
+MODULE_DEPEND(rdrand, crypto, 1, 1, 1);
diff --git a/sys/dev/crypto/rdrand/rdrand_harvest_i386.S b/sys/dev/crypto/rdrand/rdrand_harvest_i386.S
new file mode 100644 (file)
index 0000000..c1dfb77
--- /dev/null
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2012 Alex Hornung <alex@alexhornung.com>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <machine/asmacros.h>
+
+       .text
+
+/* int rdrand_rng(uint8_t *out, int limit) */
+ENTRY(rdrand_rng)
+       movl    4(%esp),%edi
+       movl    8(%esp),%ecx
+
+       shrl    $2,     %ecx    /* Divide by 4 to get 32-bit word count */
+
+       xorl    %ebx,   %ebx
+loop:
+       /*
+        * edx: (output)        entropy
+        */
+       rdrand  %edx            /* rdrand32 */
+
+       /*
+        * The carry flag (CF) determines if the instruction was
+        * successful or not.
+        *
+        * CF = 0: Random value not available at time of execution.
+        */
+       jae     out
+
+       /*
+        * The operation was successful, so store the random data
+        * from the register into our buffer.
+        */
+       movl    %edx,   (%edi)
+
+       /*
+        * Increment the count of stored random words as well as the
+        * buffer pointer in edi.
+        */
+       addl    $1,     %ebx
+       addl    $4,     %edi
+
+       /*
+        * If we haven't already read enough random words,
+        * loop again.
+        */
+       cmpl    %ecx,   %ebx
+       jl      loop
+out:
+       /* return the number of stored random bytes (random words * 4) */
+       shll    $2,     %ebx
+       movl    %ebx,   %eax
+       ret
+END(rdrand_rng)
diff --git a/sys/dev/crypto/rdrand/rdrand_harvest_x86_64.S b/sys/dev/crypto/rdrand/rdrand_harvest_x86_64.S
new file mode 100644 (file)
index 0000000..1c83731
--- /dev/null
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2012 Alex Hornung <alex@alexhornung.com>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <machine/asmacros.h>
+
+       .text
+
+/* int rdrand_rng(uint8_t *out, int limit) */
+ENTRY(rdrand_rng)
+       movl    %esi,   %ecx
+       shrl    $3,     %ecx    /* Divide by 8 to get 64-bit word count */
+
+       xorq    %rbx,   %rbx
+loop:
+       /*
+        * rdx: (output)        entropy
+        */
+       rdrand  %rdx            /* rdrand64 */
+
+       /*
+        * The carry flag (CF) determines if the instruction was
+        * successful or not.
+        *
+        * CF = 0: Random value not available at time of execution.
+        */
+       jae     out
+
+       /*
+        * The operation was successful, so store the random data
+        * from the register into our buffer.
+        */
+       movq    %rdx,   (%rdi)
+
+       /*
+        * Increment the count of stored random words as well as the
+        * buffer pointer in rdi.
+        */
+       addl    $1,     %ebx
+       addq    $8,     %rdi
+
+       /*
+        * If we haven't already read enough random words,
+        * loop again.
+        */
+       cmpl    %ecx,   %ebx
+       jl      loop
+out:
+       /* return the number of stored random bytes (random words * 8) */
+       shll    $3,     %ebx
+       movl    %ebx,   %eax
+       ret
+END(rdrand_rng)
index fe7eb86..b7280bb 100644 (file)
@@ -118,6 +118,8 @@ dev/crypto/padlock/padlock_cipher.c optional        padlock
 dev/crypto/padlock/padlock_hash.c      optional        padlock
 dev/crypto/padlock/padlock_rng.c       optional        padlock
 dev/crypto/padlock/rng_harvest_i386.S  optional        padlock
+dev/crypto/rdrand/rdrand.c             optional        rdrand
+dev/crypto/rdrand/rdrand_harvest_i386.S        optional        rdrand
 dev/netif/ed/if_ed_isa.c               optional        ed isa
 dev/video/fb/fb.c                      optional        fb
 dev/video/fb/fb.c                      optional        vga
index f52a0ed..6be24ff 100644 (file)
@@ -101,6 +101,8 @@ dev/crypto/padlock/padlock_cipher.c optional        padlock
 dev/crypto/padlock/padlock_hash.c      optional        padlock
 dev/crypto/padlock/padlock_rng.c       optional        padlock
 dev/crypto/padlock/rng_harvest_x86_64.S        optional        padlock
+dev/crypto/rdrand/rdrand.c             optional        rdrand
+dev/crypto/rdrand/rdrand_harvest_x86_64.S      optional        rdrand
 dev/video/fb/fb.c                      optional        vga
 dev/video/fb/splash.c                  optional        splash
 dev/video/fb/vga.c                     optional        vga