> This patch adds basic abstractions for random number generator API, > wrapping crypto_rng structure. > > Signed-off-by: FUJITA Tomonori <fujita.tomonori@xxxxxxxxx> > --- > rust/bindings/bindings_helper.h | 1 + > rust/helpers.c | 12 ++++ > rust/kernel/crypto.rs | 1 + > rust/kernel/crypto/rng.rs | 101 ++++++++++++++++++++++++++++++++ > 4 files changed, 115 insertions(+) > create mode 100644 rust/kernel/crypto/rng.rs > > diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h > index 2f198c6d5de5..089ac38c6461 100644 > --- a/rust/bindings/bindings_helper.h > +++ b/rust/bindings/bindings_helper.h > @@ -7,6 +7,7 @@ > */ > > #include <crypto/hash.h> > +#include <crypto/rng.h> > #include <linux/errname.h> > #include <linux/slab.h> > #include <linux/refcount.h> > diff --git a/rust/helpers.c b/rust/helpers.c > index 7966902ed8eb..e4dcd611738f 100644 > --- a/rust/helpers.c > +++ b/rust/helpers.c > @@ -19,6 +19,7 @@ > */ > > #include <crypto/hash.h> > +#include <crypto/rng.h> > #include <linux/bug.h> > #include <linux/build_bug.h> > #include <linux/err.h> > @@ -52,6 +53,17 @@ int rust_helper_crypto_shash_init(struct shash_desc *desc) { > return crypto_shash_init(desc); > } > EXPORT_SYMBOL_GPL(rust_helper_crypto_shash_init); > + > +void rust_helper_crypto_free_rng(struct crypto_rng *tfm) { > + crypto_free_rng(tfm); > +} > +EXPORT_SYMBOL_GPL(rust_helper_crypto_free_rng); > + > +int rust_helper_crypto_rng_generate(struct crypto_rng *tfm, const u8 *src, > + unsigned int slen, u8 *dst, unsigned int dlen) { > + return crypto_rng_generate(tfm, src, slen, dst, dlen); > +} > +EXPORT_SYMBOL_GPL(rust_helper_crypto_rng_generate); > #endif > > __noreturn void rust_helper_BUG(void) > diff --git a/rust/kernel/crypto.rs b/rust/kernel/crypto.rs > index f80dd7bd3381..a1995e6c85d4 100644 > --- a/rust/kernel/crypto.rs > +++ b/rust/kernel/crypto.rs > @@ -3,3 +3,4 @@ > //! Cryptography. > > pub mod hash; > +pub mod rng; > diff --git a/rust/kernel/crypto/rng.rs b/rust/kernel/crypto/rng.rs > new file mode 100644 > index 000000000000..683f5ee464ce > --- /dev/null > +++ b/rust/kernel/crypto/rng.rs > @@ -0,0 +1,101 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +//! Random number generator. > +//! > +//! C headers: [`include/crypto/rng.h`](../../../../include/crypto/rng.h) > + > +use crate::{ > + error::{code::EINVAL, from_err_ptr, to_result, Result}, > + str::CStr, > +}; > + > +/// Type of Random number generator. > +/// > +/// # Invariants > +/// > +/// The pointer is valid. > +enum RngType { > + /// Uses `crypto_default_rng` > + // We don't need to keep an pointer for the default but simpler. > + Default(*mut bindings::crypto_rng), > + > + /// Allocated via `crypto_alloc_rng. > + Allocated(*mut bindings::crypto_rng), > +} You could also do this: ``` enum RngType { Default, Allocated(NonNull<bindings::crypto_rng>), } ``` Assuming that `crypto_alloc_rng` never returns null. Then this definition will the same size as a plain pointer. > + > +/// Corresponds to the kernel's `struct crypto_rng`. > +pub struct Rng(RngType); > + > +impl Drop for Rng { > + fn drop(&mut self) { > + match self.0 { > + RngType::Default(_) => { > + // SAFETY: it's safe because `crypto_get_default_rng()` was called during > + // the initialization. > + unsafe { > + bindings::crypto_put_default_rng(); > + } > + } > + RngType::Allocated(ptr) => { > + // SAFETY: The type invariants of `RngType` guarantees that the pointer is valid. > + unsafe { bindings::crypto_free_rng(ptr) }; > + } > + } > + } > +} > + > +impl Rng { > + /// Creates a [`Rng`] instance. > + pub fn new(name: &CStr, t: u32, mask: u32) -> Result<Self> { > + // SAFETY: There are no safety requirements for this FFI call. > + let ptr = unsafe { from_err_ptr(bindings::crypto_alloc_rng(name.as_char_ptr(), t, mask)) }?; > + // INVARIANT: `ptr` is valid and non-null since `crypto_alloc_rng` > + // returned a valid pointer which was null-checked. > + Ok(Self(RngType::Allocated(ptr))) > + } > + > + /// Creates a [`Rng`] instance with a default algorithm. > + pub fn new_with_default() -> Result<Self> { > + // SAFETY: There are no safety requirements for this FFI call. > + to_result(unsafe { bindings::crypto_get_default_rng() })?; > + // INVARIANT: The C API guarantees that `crypto_default_rng` is valid until > + // `crypto_put_default_rng` is called. > + Ok(Self(RngType::Default(unsafe { > + bindings::crypto_default_rng You are accessing a `mut static`, this is `unsafe` (hence the need for an `unsafe` block) and needs a safety comment, why is it safe to access this mutable static? What synchronizes the access (is it not needed)? > + }))) > + } > + > + /// Get a random number. > + pub fn generate(&mut self, src: &[u8], dst: &mut [u8]) -> Result { > + if src.len() > u32::MAX as usize || dst.len() > u32::MAX as usize { > + return Err(EINVAL); > + } > + let ptr = match self.0 { > + RngType::Default(ptr) => ptr, > + RngType::Allocated(ptr) => ptr, > + }; > + // SAFETY: The type invariants of `RngType' guarantees that the pointer is valid. > + to_result(unsafe { > + bindings::crypto_rng_generate( > + ptr, > + src.as_ptr(), > + src.len() as u32, > + dst.as_mut_ptr(), > + dst.len() as u32, > + ) > + }) > + } > + > + /// Re-initializes the [`Rng`] instance. > + pub fn reset(&mut self, seed: &[u8]) -> Result { > + if seed.len() > u32::MAX as usize { > + return Err(EINVAL); > + } > + let ptr = match self.0 { > + RngType::Default(ptr) => ptr, > + RngType::Allocated(ptr) => ptr, > + }; > + // SAFETY: The type invariants of `RngType' guarantees that the pointer is valid. > + to_result(unsafe { bindings::crypto_rng_reset(ptr, seed.as_ptr(), seed.len() as u32) }) If I read this correctly, then if I have to threads each with a `Default` crypto rng, then one could be reset as the other is concurrently generating some random numbers, right? This *should* be fine, but does it make sense to do it? Or should there only be one thread accessing the default crypto rng? -- Cheers, Benno > + } > +} > -- > 2.34.1 >