2 * Copyright (c) 2004 Mark R V Murray
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer
10 * in this position and unchanged.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
35 #include <sys/param.h>
38 #include <sys/mutex.h>
39 #include <sys/selinfo.h>
40 #include <sys/systm.h>
42 #include <machine/pcb.h>
44 #include <dev/random/randomdev.h>
46 #define RANDOM_BLOCK_SIZE 256
47 #define CIPHER_BLOCK_SIZE 16
49 static void random_nehemiah_init(void);
50 static void random_nehemiah_deinit(void);
51 static int random_nehemiah_read(void *, int);
53 struct random_systat random_nehemiah = {
54 .ident = "Hardware, VIA Nehemiah",
55 .init = random_nehemiah_init,
56 .deinit = random_nehemiah_deinit,
57 .read = random_nehemiah_read,
58 .write = (random_write_func_t *)random_null_func,
59 .reseed = (random_reseed_func_t *)random_null_func,
66 u_int round_count : 4;
67 u_int algorithm_type : 3;
68 u_int key_generation_type : 1;
69 u_int intermediate : 1;
79 /* The extra 7 is to allow an 8-byte write on the last byte of the
80 * arrays. The ACE wants the AES data 16-byte/128-bit aligned, and
81 * it _always_ writes n*64 bits. The RNG does not care about alignment,
82 * and it always writes n*32 bits or n*64 bits.
84 static uint8_t key[CIPHER_BLOCK_SIZE+7] __aligned(16);
85 static uint8_t iv[CIPHER_BLOCK_SIZE+7] __aligned(16);
86 static uint8_t in[RANDOM_BLOCK_SIZE+7] __aligned(16);
87 static uint8_t out[RANDOM_BLOCK_SIZE+7] __aligned(16);
89 static union VIA_ACE_CW acw __aligned(16);
91 static struct fpu_kern_ctx *fpu_ctx_save;
93 static struct mtx random_nehemiah_mtx;
96 static __inline size_t
97 VIA_RNG_store(void *buf)
103 /* The .byte line is really VIA C3 "xstore" instruction */
106 ".byte 0x0f, 0xa7, 0xc0"
107 : "=a" (retval), "+d" (rate), "+D" (buf)
112 return (retval&0x1f);
119 VIA_ACE_cbc(void *in, void *out, size_t count, void *key, union VIA_ACE_CW *cw, void *iv)
121 #ifdef __GNUCLIKE_ASM
122 /* The .byte line is really VIA C3 "xcrypt-cbc" instruction */
127 ".byte 0x0f, 0xa7, 0xc8"
128 : "+a" (iv), "+c" (count), "+D" (out), "+S" (in)
129 : "b" (key), "d" (cw)
136 random_nehemiah_init(void)
139 acw.field.round_count = 12;
141 mtx_init(&random_nehemiah_mtx, "random nehemiah", NULL, MTX_DEF);
142 fpu_ctx_save = fpu_kern_alloc_ctx(FPU_KERN_NORMAL);
146 random_nehemiah_deinit(void)
149 fpu_kern_free_ctx(fpu_ctx_save);
150 mtx_destroy(&random_nehemiah_mtx);
154 random_nehemiah_read(void *buf, int c)
160 mtx_lock(&random_nehemiah_mtx);
161 error = fpu_kern_enter(curthread, fpu_ctx_save, FPU_KERN_NORMAL);
163 mtx_unlock(&random_nehemiah_mtx);
167 /* Get a random AES key */
171 ret = VIA_RNG_store(p);
174 } while (count < CIPHER_BLOCK_SIZE);
176 /* Get a random AES IV */
180 ret = VIA_RNG_store(p);
183 } while (count < CIPHER_BLOCK_SIZE);
185 /* Get a block of random bytes */
189 ret = VIA_RNG_store(p);
192 } while (count < RANDOM_BLOCK_SIZE);
194 /* This is a Davies-Meyer hash of the most paranoid variety; the
195 * key, IV and the data are all read directly from the hardware RNG.
196 * All of these are used precisely once.
198 VIA_ACE_cbc(in, out, RANDOM_BLOCK_SIZE/CIPHER_BLOCK_SIZE,
200 for (i = 0; i < RANDOM_BLOCK_SIZE; i++)
203 c = MIN(RANDOM_BLOCK_SIZE, c);
204 memcpy(buf, out, (size_t)c);
206 fpu_kern_leave(curthread, fpu_ctx_save);
207 mtx_unlock(&random_nehemiah_mtx);