Refs #164 -- expose the kernel's CSPRNG, safely

alex · alex · commit 3ec862acbf93 · 2019-12-24T18:25:09.000-05:00
diff --git a/build.rs b/build.rs
@@ -25,12 +25,16 @@ const INCLUDED_FUNCTIONS: &[&str] = &[
     "_copy_from_user",
     "alloc_chrdev_region",
     "unregister_chrdev_region",
+    "wait_for_random_bytes",
+    "get_random_bytes",
+    "rng_is_initialized",
 ];
 const INCLUDED_VARS: &[&str] = &[
     "EINVAL",
     "ENOMEM",
     "ESPIPE",
     "EFAULT",
+    "EAGAIN",
     "__this_module",
     "FS_REQUIRES_DEV",
     "FS_BINARY_MOUNTDATA",
diff --git a/src/bindings_helper.h b/src/bindings_helper.h
@@ -1,6 +1,7 @@
 #include <linux/cdev.h>
 #include <linux/fs.h>
 #include <linux/module.h>
+#include <linux/random.h>
 #include <linux/slab.h>
 #include <linux/uaccess.h>
 #include <linux/version.h>
diff --git a/src/error.rs b/src/error.rs
@@ -10,6 +10,7 @@ impl Error {
     pub const ENOMEM: Self = Error(-(bindings::ENOMEM as i32));
     pub const EFAULT: Self = Error(-(bindings::EFAULT as i32));
     pub const ESPIPE: Self = Error(-(bindings::ESPIPE as i32));
+    pub const EAGAIN: Self = Error(-(bindings::EAGAIN as i32));
 
     pub fn from_kernel_errno(errno: c_types::c_int) -> Error {
         Error(errno)
diff --git a/src/lib.rs b/src/lib.rs
@@ -13,6 +13,7 @@ mod error;
 pub mod file_operations;
 pub mod filesystem;
 pub mod printk;
+pub mod random;
 pub mod sysctl;
 mod types;
 pub mod user_ptr;
diff --git a/src/random.rs b/src/random.rs
@@ -0,0 +1,33 @@
+use core::convert::TryInto;
+
+use crate::{bindings, c_types, error};
+
+/// Fills `dest` with random bytes generated from the kernel's CSPRNG. Ensures
+/// that the CSPRNG has been seeded before generating any random bytes, and
+/// will block until it's ready.
+pub fn getrandom(dest: &mut [u8]) -> error::KernelResult<()> {
+    let res = unsafe { bindings::wait_for_random_bytes() };
+    if res != 0 {
+        return Err(error::Error::from_kernel_errno(res));
+    }
+
+    unsafe {
+        // TODO: convert `unwrap` to proper error handling
+        bindings::get_random_bytes(
+            dest.as_mut_ptr() as *mut c_types::c_void,
+            dest.len().try_into().unwrap(),
+        );
+    }
+    Ok(())
+}
+
+/// Fills `dest` with random bytes generated from the kernel's CSPRNG. If the
+/// CSPRNG is not yet seeded, returns an `Err(EAGAIN)` immediately. Only
+/// available on 4.19 and later kernels.
+#[cfg(kernel_4_19_0_or_greater)]
+pub fn getrandom_nonblock(dest: &mut [u8]) -> error::KernelResult<()> {
+    if !unsafe { bindings::rng_is_initialized() } {
+        return Err(error::Error::EAGAIN);
+    }
+    getrandom(dest)
+}
