Refs #164 -- expose the kernel's CSPRNG, safely

alex · alex · commit 96670261e29e · 2019-12-25T09:32:16.000-06:00
diff --git a/build.rs b/build.rs
@@ -25,12 +25,16 @@ const INCLUDED_FUNCTIONS: &[&str] = &[
     "_copy_from_user",
     "alloc_chrdev_region",
     "unregister_chrdev_region",
+    "wait_for_random_bytes",
+    "get_random_bytes",
+    "rng_is_initialized",
 ];
 const INCLUDED_VARS: &[&str] = &[
     "EINVAL",
     "ENOMEM",
     "ESPIPE",
     "EFAULT",
+    "EAGAIN",
     "__this_module",
     "FS_REQUIRES_DEV",
     "FS_BINARY_MOUNTDATA",
diff --git a/src/bindings_helper.h b/src/bindings_helper.h
@@ -1,6 +1,7 @@
 #include <linux/cdev.h>
 #include <linux/fs.h>
 #include <linux/module.h>
+#include <linux/random.h>
 #include <linux/slab.h>
 #include <linux/uaccess.h>
 #include <linux/version.h>
diff --git a/src/error.rs b/src/error.rs
@@ -10,6 +10,7 @@ impl Error {
     pub const ENOMEM: Self = Error(-(bindings::ENOMEM as i32));
     pub const EFAULT: Self = Error(-(bindings::EFAULT as i32));
     pub const ESPIPE: Self = Error(-(bindings::ESPIPE as i32));
+    pub const EAGAIN: Self = Error(-(bindings::EAGAIN as i32));
 
     pub fn from_kernel_errno(errno: c_types::c_int) -> Error {
         Error(errno)
diff --git a/src/lib.rs b/src/lib.rs
@@ -13,6 +13,7 @@ mod error;
 pub mod file_operations;
 pub mod filesystem;
 pub mod printk;
+pub mod random;
 pub mod sysctl;
 mod types;
 pub mod user_ptr;
diff --git a/src/random.rs b/src/random.rs
@@ -0,0 +1,32 @@
+use core::convert::TryInto;
+
+use crate::{bindings, c_types, error};
+
+/// Fills `dest` with random bytes generated from the kernel's CSPRNG. Ensures
+/// that the CSPRNG has been seeded before generating any random bytes, and
+/// will block until it's ready.
+pub fn getrandom(dest: &mut [u8]) -> error::KernelResult<()> {
+    let res = unsafe { bindings::wait_for_random_bytes() };
+    if res != 0 {
+        return Err(error::Error::from_kernel_errno(res));
+    }
+
+    unsafe {
+        bindings::get_random_bytes(
+            dest.as_mut_ptr() as *mut c_types::c_void,
+            dest.len().try_into()?,
+        );
+    }
+    Ok(())
+}
+
+/// Fills `dest` with random bytes generated from the kernel's CSPRNG. If the
+/// CSPRNG is not yet seeded, returns an `Err(EAGAIN)` immediately. Only
+/// available on 4.19 and later kernels.
+#[cfg(kernel_4_19_0_or_greater)]
+pub fn getrandom_nonblock(dest: &mut [u8]) -> error::KernelResult<()> {
+    if !unsafe { bindings::rng_is_initialized() } {
+        return Err(error::Error::EAGAIN);
+    }
+    getrandom(dest)
+}
diff --git a/tests/random/Cargo.toml b/tests/random/Cargo.toml
@@ -0,0 +1,18 @@
+[package]
+name = "random-tests"
+version = "0.1.0"
+authors = ["Alex Gaynor <alex.gaynor@gmail.com>", "Geoffrey Thomas <geofft@ldpreload.com>"]
+edition = "2018"
+
+[lib]
+crate-type = ["staticlib"]
+test = false
+
+[features]
+default = ["linux-kernel-module"]
+
+[dependencies]
+linux-kernel-module = { path = "../..", optional = true }
+
+[dev-dependencies]
+kernel-module-testlib = { path = "../../testlib" }
diff --git a/tests/random/src/lib.rs b/tests/random/src/lib.rs
@@ -0,0 +1,41 @@
+#![no_std]
+
+use linux_kernel_module::{self, random};
+
+struct EntropySource;
+
+impl SysctlStorage for EntropySource {
+    fn store_value(&self, data: &[u8]) -> (usize, error::KernelResult<()>) {
+        (0, Err(error::Error::EINVAL))
+    }
+
+    fn read_value(&self, data: &mut UserSlicePtrWriter) -> (usize, error::KernelResult<()>) {
+        let mut storage = vec![0; data.len()];
+        random::getrandom(&mut storage).map_err(|e| (0, Err(e)))?;
+        (storage.len(), data.write(storage))
+    }
+}
+
+struct RandomTestModule {
+    _sysctl_entropy: Sysctl<EntropySource>,
+}
+
+impl linux_kernel_module::KernelModule for RandomTestModule {
+    fn init() -> linux_kernel_module::KernelResult<Self> {
+        Ok(RandomTestModule {
+            _sysctl_entropy: Sysctl::register(
+                cstr!("rust/random-tests"),
+                cstr!("entropy"),
+                EntropySource,
+                Mode::from_int(0o444),
+            ),
+        })
+    }
+}
+
+linux_kernel_module::kernel_module!(
+    RandomTestModule,
+    author: "Fish in a Barrel Contributors",
+    description: "A module for testing the CSPRNG",
+    license: "GPL"
+);
diff --git a/tests/random/tests/tests.rs b/tests/random/tests/tests.rs
@@ -0,0 +1,19 @@
+use std::collections::HashSet;
+use std::fs;
+use std::io::Read;
+
+use kernel_module_testlib::{assert_dmesg_contains, with_kernel_module};
+
+#[test]
+fn test_random_entropy() {
+    with_kernel_module(|| {
+        let mut keys = HashSet::new();
+        for _ in 0..1024 {
+            let mut key = [0; 16];
+            let mut f = fs::File::open("/proc/sys/rust/random-tests/entropy").unwrap();
+            f.read_exact(&mut key).unwrap();
+            keys.insert(key);
+        }
+        assert_eq!(keys.len(), 1024);
+    });
+}
