1/*
  2 * chaoskey - driver for ChaosKey device from Altus Metrum.
  3 *
  4 * This device provides true random numbers using a noise source based
  5 * on a reverse-biased p-n junction in avalanche breakdown. More
  6 * details can be found at http://chaoskey.org
  7 *
  8 * The driver connects to the kernel hardware RNG interface to provide
  9 * entropy for /dev/random and other kernel activities. It also offers
 10 * a separate /dev/ entry to allow for direct access to the random
 11 * bit stream.
 12 *
 13 * Copyright © 2015 Keith Packard <keithp@keithp.com>
 14 *
 15 * This program is free software; you can redistribute it and/or modify
 16 * it under the terms of the GNU General Public License as published by
 17 * the Free Software Foundation; version 2 of the License.
 18 *
 19 * This program is distributed in the hope that it will be useful, but
 20 * WITHOUT ANY WARRANTY; without even the implied warranty of
 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
 22 * General Public License for more details.
 23 */
 24
 25#include <linux/module.h>
 26#include <linux/slab.h>
 27#include <linux/usb.h>
 28#include <linux/wait.h>
 29#include <linux/hw_random.h>
 30#include <linux/mutex.h>
 31#include <linux/uaccess.h>
 32
 33static struct usb_driver chaoskey_driver;
 34static struct usb_class_driver chaoskey_class;
 35static int chaoskey_rng_read(struct hwrng *rng, void *data,
 36			     size_t max, bool wait);
 37
 38#define usb_dbg(usb_if, format, arg...) \
 39	dev_dbg(&(usb_if)->dev, format, ## arg)
 40
 41#define usb_err(usb_if, format, arg...) \
 42	dev_err(&(usb_if)->dev, format, ## arg)
 43
 44/* Version Information */
 45#define DRIVER_VERSION	"v0.1"
 46#define DRIVER_AUTHOR	"Keith Packard, keithp@keithp.com"
 47#define DRIVER_DESC	"Altus Metrum ChaosKey driver"
 48#define DRIVER_SHORT	"chaoskey"
 49
 50MODULE_VERSION(DRIVER_VERSION);
 51MODULE_AUTHOR(DRIVER_AUTHOR);
 52MODULE_DESCRIPTION(DRIVER_DESC);
 53MODULE_LICENSE("GPL");
 54
 55#define CHAOSKEY_VENDOR_ID	0x1d50	/* OpenMoko */
 56#define CHAOSKEY_PRODUCT_ID	0x60c6	/* ChaosKey */
 57
 58#define CHAOSKEY_BUF_LEN	64	/* max size of USB full speed packet */
 59
 60#define NAK_TIMEOUT (HZ)		/* stall/wait timeout for device */
 61
 62#ifdef CONFIG_USB_DYNAMIC_MINORS
 63#define USB_CHAOSKEY_MINOR_BASE 0
 64#else
 65
 66/* IOWARRIOR_MINOR_BASE + 16, not official yet */
 67#define USB_CHAOSKEY_MINOR_BASE 224
 68#endif
 69
 70static const struct usb_device_id chaoskey_table[] = {
 71	{ USB_DEVICE(CHAOSKEY_VENDOR_ID, CHAOSKEY_PRODUCT_ID) },
 72	{ },
 73};
 74MODULE_DEVICE_TABLE(usb, chaoskey_table);
 75
 76static void chaos_read_callback(struct urb *urb);
 77
 78/* Driver-local specific stuff */
 79struct chaoskey {
 80	struct usb_interface *interface;
 81	char in_ep;
 82	struct mutex lock;
 83	struct mutex rng_lock;
 84	int open;			/* open count */
 85	bool present;			/* device not disconnected */
 86	bool reading;			/* ongoing IO */
 87	int size;			/* size of buf */
 88	int valid;			/* bytes of buf read */
 89	int used;			/* bytes of buf consumed */
 90	char *name;			/* product + serial */
 91	struct hwrng hwrng;		/* Embedded struct for hwrng */
 92	int hwrng_registered;		/* registered with hwrng API */
 93	wait_queue_head_t wait_q;	/* for timeouts */
 94	struct urb *urb;		/* for performing IO */
 95	char *buf;
 96};
 97
 98static void chaoskey_free(struct chaoskey *dev)
 99{
100	if (dev) {
101		usb_dbg(dev->interface, "free");
102		usb_free_urb(dev->urb);
103		kfree(dev->name);
104		kfree(dev->buf);
105		kfree(dev);
106	}
107}
108
109static int chaoskey_probe(struct usb_interface *interface,
110			  const struct usb_device_id *id)
111{
112	struct usb_device *udev = interface_to_usbdev(interface);
113	struct usb_host_interface *altsetting = interface->cur_altsetting;
114	int i;
115	int in_ep = -1;
116	struct chaoskey *dev;
117	int result = -ENOMEM;
118	int size;
119
120	usb_dbg(interface, "probe %s-%s", udev->product, udev->serial);
121
122	/* Find the first bulk IN endpoint and its packet size */
123	for (i = 0; i < altsetting->desc.bNumEndpoints; i++) {
124		if (usb_endpoint_is_bulk_in(&altsetting->endpoint[i].desc)) {
125			in_ep = usb_endpoint_num(&altsetting->endpoint[i].desc);
126			size = usb_endpoint_maxp(&altsetting->endpoint[i].desc);
127			break;
128		}
129	}
130
131	/* Validate endpoint and size */
132	if (in_ep == -1) {
133		usb_dbg(interface, "no IN endpoint found");
134		return -ENODEV;
135	}
136	if (size <= 0) {
137		usb_dbg(interface, "invalid size (%d)", size);
138		return -ENODEV;
139	}
140
141	if (size > CHAOSKEY_BUF_LEN) {
142		usb_dbg(interface, "size reduced from %d to %d\n",
143			size, CHAOSKEY_BUF_LEN);
144		size = CHAOSKEY_BUF_LEN;
145	}
146
147	/* Looks good, allocate and initialize */
148
149	dev = kzalloc(sizeof(struct chaoskey), GFP_KERNEL);
150
151	if (dev == NULL)
152		goto out;
153
154	dev->buf = kmalloc(size, GFP_KERNEL);
155
156	if (dev->buf == NULL)
157		goto out;
158
159	dev->urb = usb_alloc_urb(0, GFP_KERNEL);
160
161	if (!dev->urb)
162		goto out;
163
164	usb_fill_bulk_urb(dev->urb,
165		udev,
166		usb_rcvbulkpipe(udev, in_ep),
167		dev->buf,
168		size,
169		chaos_read_callback,
170		dev);
171
172	/* Construct a name using the product and serial values. Each
173	 * device needs a unique name for the hwrng code
174	 */
175
176	if (udev->product && udev->serial) {
177		dev->name = kmalloc(strlen(udev->product) + 1 +
178				    strlen(udev->serial) + 1, GFP_KERNEL);
179		if (dev->name == NULL)
180			goto out;
181
182		strcpy(dev->name, udev->product);
183		strcat(dev->name, "-");
184		strcat(dev->name, udev->serial);
185	}
186
187	dev->interface = interface;
188
189	dev->in_ep = in_ep;
190
191	dev->size = size;
192	dev->present = 1;
193
194	init_waitqueue_head(&dev->wait_q);
195
196	mutex_init(&dev->lock);
197	mutex_init(&dev->rng_lock);
198
199	usb_set_intfdata(interface, dev);
200
201	result = usb_register_dev(interface, &chaoskey_class);
202	if (result) {
203		usb_err(interface, "Unable to allocate minor number.");
204		goto out;
205	}
206
207	dev->hwrng.name = dev->name ? dev->name : chaoskey_driver.name;
208	dev->hwrng.read = chaoskey_rng_read;
209
210	/* Set the 'quality' metric.  Quality is measured in units of
211	 * 1/1024's of a bit ("mills"). This should be set to 1024,
212	 * but there is a bug in the hwrng core which masks it with
213	 * 1023.
214	 *
215	 * The patch that has been merged to the crypto development
216	 * tree for that bug limits the value to 1024 at most, so by
217	 * setting this to 1024 + 1023, we get 1023 before the fix is
218	 * merged and 1024 afterwards. We'll patch this driver once
219	 * both bits of code are in the same tree.
220	 */
221	dev->hwrng.quality = 1024 + 1023;
222
223	dev->hwrng_registered = (hwrng_register(&dev->hwrng) == 0);
224	if (!dev->hwrng_registered)
225		usb_err(interface, "Unable to register with hwrng");
226
227	usb_enable_autosuspend(udev);
228
229	usb_dbg(interface, "chaoskey probe success, size %d", dev->size);
230	return 0;
231
232out:
233	usb_set_intfdata(interface, NULL);
234	chaoskey_free(dev);
235	return result;
236}
237
238static void chaoskey_disconnect(struct usb_interface *interface)
239{
240	struct chaoskey	*dev;
241
242	usb_dbg(interface, "disconnect");
243	dev = usb_get_intfdata(interface);
244	if (!dev) {
245		usb_dbg(interface, "disconnect failed - no dev");
246		return;
247	}
248
249	if (dev->hwrng_registered)
250		hwrng_unregister(&dev->hwrng);
251
252	usb_deregister_dev(interface, &chaoskey_class);
253
254	usb_set_intfdata(interface, NULL);
255	mutex_lock(&dev->lock);
256
257	dev->present = 0;
258	usb_poison_urb(dev->urb);
259
260	if (!dev->open) {
261		mutex_unlock(&dev->lock);
262		chaoskey_free(dev);
263	} else
264		mutex_unlock(&dev->lock);
265
266	usb_dbg(interface, "disconnect done");
267}
268
269static int chaoskey_open(struct inode *inode, struct file *file)
270{
271	struct chaoskey *dev;
272	struct usb_interface *interface;
273
274	/* get the interface from minor number and driver information */
275	interface = usb_find_interface(&chaoskey_driver, iminor(inode));
276	if (!interface)
277		return -ENODEV;
278
279	usb_dbg(interface, "open");
280
281	dev = usb_get_intfdata(interface);
282	if (!dev) {
283		usb_dbg(interface, "open (dev)");
284		return -ENODEV;
285	}
286
287	file->private_data = dev;
288	mutex_lock(&dev->lock);
289	++dev->open;
290	mutex_unlock(&dev->lock);
291
292	usb_dbg(interface, "open success");
293	return 0;
294}
295
296static int chaoskey_release(struct inode *inode, struct file *file)
297{
298	struct chaoskey *dev = file->private_data;
299	struct usb_interface *interface;
300
301	if (dev == NULL)
302		return -ENODEV;
303
304	interface = dev->interface;
305
306	usb_dbg(interface, "release");
307
308	mutex_lock(&dev->lock);
309
310	usb_dbg(interface, "open count at release is %d", dev->open);
311
312	if (dev->open <= 0) {
313		usb_dbg(interface, "invalid open count (%d)", dev->open);
314		mutex_unlock(&dev->lock);
315		return -ENODEV;
316	}
317
318	--dev->open;
319
320	if (!dev->present) {
321		if (dev->open == 0) {
322			mutex_unlock(&dev->lock);
323			chaoskey_free(dev);
324		} else
325			mutex_unlock(&dev->lock);
326	} else
327		mutex_unlock(&dev->lock);
328
329	usb_dbg(interface, "release success");
330	return 0;
331}
332
333static void chaos_read_callback(struct urb *urb)
334{
335	struct chaoskey *dev = urb->context;
336	int status = urb->status;
337
338	usb_dbg(dev->interface, "callback status (%d)", status);
339
340	if (status == 0)
341		dev->valid = urb->actual_length;
342	else
343		dev->valid = 0;
344
345	dev->used = 0;
346
347	/* must be seen first before validity is announced */
348	smp_wmb();
349
350	dev->reading = false;
351	wake_up(&dev->wait_q);
352}
353
354/* Fill the buffer. Called with dev->lock held
355 */
356static int _chaoskey_fill(struct chaoskey *dev)
357{
358	DEFINE_WAIT(wait);
359	int result;
360
361	usb_dbg(dev->interface, "fill");
362
363	/* Return immediately if someone called before the buffer was
364	 * empty */
365	if (dev->valid != dev->used) {
366		usb_dbg(dev->interface, "not empty yet (valid %d used %d)",
367			dev->valid, dev->used);
368		return 0;
369	}
370
371	/* Bail if the device has been removed */
372	if (!dev->present) {
373		usb_dbg(dev->interface, "device not present");
374		return -ENODEV;
375	}
376
377	/* Make sure the device is awake */
378	result = usb_autopm_get_interface(dev->interface);
379	if (result) {
380		usb_dbg(dev->interface, "wakeup failed (result %d)", result);
381		return result;
382	}
383
384	dev->reading = true;
385	result = usb_submit_urb(dev->urb, GFP_KERNEL);
386	if (result < 0) {
387		result = usb_translate_errors(result);
388		dev->reading = false;
389		goto out;
390	}
391
392	result = wait_event_interruptible_timeout(
393		dev->wait_q,
394		!dev->reading,
395		NAK_TIMEOUT);
396
397	if (result < 0)
398		goto out;
399
400	if (result == 0)
401		result = -ETIMEDOUT;
402	else
403		result = dev->valid;
404out:
405	/* Let the device go back to sleep eventually */
406	usb_autopm_put_interface(dev->interface);
407
408	usb_dbg(dev->interface, "read %d bytes", dev->valid);
409
410	return result;
411}
412
413static ssize_t chaoskey_read(struct file *file,
414			     char __user *buffer,
415			     size_t count,
416			     loff_t *ppos)
417{
418	struct chaoskey *dev;
419	ssize_t read_count = 0;
420	int this_time;
421	int result = 0;
422	unsigned long remain;
423
424	dev = file->private_data;
425
426	if (dev == NULL || !dev->present)
427		return -ENODEV;
428
429	usb_dbg(dev->interface, "read %zu", count);
430
431	while (count > 0) {
432
433		/* Grab the rng_lock briefly to ensure that the hwrng interface
434		 * gets priority over other user access
435		 */
436		result = mutex_lock_interruptible(&dev->rng_lock);
437		if (result)
438			goto bail;
439		mutex_unlock(&dev->rng_lock);
440
441		result = mutex_lock_interruptible(&dev->lock);
442		if (result)
443			goto bail;
444		if (dev->valid == dev->used) {
445			result = _chaoskey_fill(dev);
446			if (result < 0) {
447				mutex_unlock(&dev->lock);
448				goto bail;
449			}
450		}
451
452		this_time = dev->valid - dev->used;
453		if (this_time > count)
454			this_time = count;
455
456		remain = copy_to_user(buffer, dev->buf + dev->used, this_time);
457		if (remain) {
458			result = -EFAULT;
459
460			/* Consume the bytes that were copied so we don't leak
461			 * data to user space
462			 */
463			dev->used += this_time - remain;
464			mutex_unlock(&dev->lock);
465			goto bail;
466		}
467
468		count -= this_time;
469		read_count += this_time;
470		buffer += this_time;
471		dev->used += this_time;
472		mutex_unlock(&dev->lock);
473	}
474bail:
475	if (read_count) {
476		usb_dbg(dev->interface, "read %zu bytes", read_count);
477		return read_count;
478	}
479	usb_dbg(dev->interface, "empty read, result %d", result);
480	if (result == -ETIMEDOUT)
481		result = -EAGAIN;
482	return result;
483}
484
485static int chaoskey_rng_read(struct hwrng *rng, void *data,
486			     size_t max, bool wait)
487{
488	struct chaoskey *dev = container_of(rng, struct chaoskey, hwrng);
489	int this_time;
490
491	usb_dbg(dev->interface, "rng_read max %zu wait %d", max, wait);
492
493	if (!dev->present) {
494		usb_dbg(dev->interface, "device not present");
495		return 0;
496	}
497
498	/* Hold the rng_lock until we acquire the device lock so that
499	 * this operation gets priority over other user access to the
500	 * device
501	 */
502	mutex_lock(&dev->rng_lock);
503
504	mutex_lock(&dev->lock);
505
506	mutex_unlock(&dev->rng_lock);
507
508	/* Try to fill the buffer if empty. It doesn't actually matter
509	 * if _chaoskey_fill works; we'll just return zero bytes as
510	 * the buffer will still be empty
511	 */
512	if (dev->valid == dev->used)
513		(void) _chaoskey_fill(dev);
514
515	this_time = dev->valid - dev->used;
516	if (this_time > max)
517		this_time = max;
518
519	memcpy(data, dev->buf + dev->used, this_time);
520
521	dev->used += this_time;
522
523	mutex_unlock(&dev->lock);
524
525	usb_dbg(dev->interface, "rng_read this_time %d\n", this_time);
526	return this_time;
527}
528
529#ifdef CONFIG_PM
530static int chaoskey_suspend(struct usb_interface *interface,
531			    pm_message_t message)
532{
533	usb_dbg(interface, "suspend");
534	return 0;
535}
536
537static int chaoskey_resume(struct usb_interface *interface)
538{
539	usb_dbg(interface, "resume");
540	return 0;
541}
542#else
543#define chaoskey_suspend NULL
544#define chaoskey_resume NULL
545#endif
546
547/* file operation pointers */
548static const struct file_operations chaoskey_fops = {
549	.owner = THIS_MODULE,
550	.read = chaoskey_read,
551	.open = chaoskey_open,
552	.release = chaoskey_release,
553	.llseek = default_llseek,
554};
555
556/* class driver information */
557static struct usb_class_driver chaoskey_class = {
558	.name = "chaoskey%d",
559	.fops = &chaoskey_fops,
560	.minor_base = USB_CHAOSKEY_MINOR_BASE,
561};
562
563/* usb specific object needed to register this driver with the usb subsystem */
564static struct usb_driver chaoskey_driver = {
565	.name = DRIVER_SHORT,
566	.probe = chaoskey_probe,
567	.disconnect = chaoskey_disconnect,
568	.suspend = chaoskey_suspend,
569	.resume = chaoskey_resume,
570	.reset_resume = chaoskey_resume,
571	.id_table = chaoskey_table,
572	.supports_autosuspend = 1,
573};
574
575module_usb_driver(chaoskey_driver);
576