From fe60669d0308bfdd1423976ac24b54c2c386f736 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Thu, 15 Dec 2022 21:53:37 +0000
Subject: [PATCH] ANDROID: fips140: add dump_jitterentropy command to
 fips140_lab_util

For the entropy analysis, we must provide some output from the Jitter
RNG: a large amount of output from one instance, and a smaller amount of
output from each of a certain number of instances.

The original plan was to use a build of the userspace jitterentropy
library that matches the kernel's jitterentropy_rng as closely as
possible.  However, it's now being requested that the output be gotten
from the kernel instead.

Now that fips140_lab_util depends on AF_ALG anyway, it's straightforward
to dump output from jitterentropy_rng instances using AF_ALG.
Therefore, add a command dump_jitterentropy which supports this.

Bug: 188620248
Change-Id: I78eb26250e88f2fc28fc44aa201acbe5b84df8bb
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit dc015032666ece133065b7fea73f5709f735c9b0)
---
 samples/crypto/fips140_lab_util.c | 88 +++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)

diff --git a/samples/crypto/fips140_lab_util.c b/samples/crypto/fips140_lab_util.c
index 996839dbd2e3..5f8e9018013a 100644
--- a/samples/crypto/fips140_lab_util.c
+++ b/samples/crypto/fips140_lab_util.c
@@ -24,6 +24,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <getopt.h>
 #include <limits.h>
 #include <linux/if_alg.h>
 #include <stdarg.h>
@@ -45,6 +46,8 @@
  * ---------------------------------------------------------------------------*/
 
 #define ARRAY_SIZE(A)	(sizeof(A) / sizeof((A)[0]))
+#define MIN(a, b)	((a) < (b) ? (a) : (b))
+#define MAX(a, b)	((a) > (b) ? (a) : (b))
 
 static void __attribute__((noreturn))
 do_die(const char *format, va_list va, int err)
@@ -109,6 +112,23 @@ static const char *bytes_to_hex(const uint8_t *bytes, size_t count)
 	return hex;
 }
 
+static void full_write(int fd, const void *buf, size_t count)
+{
+	while (count) {
+		ssize_t ret = write(fd, buf, count);
+
+		if (ret < 0)
+			die_errno("write failed");
+		buf += ret;
+		count -= ret;
+	}
+}
+
+enum {
+	OPT_AMOUNT,
+	OPT_ITERATIONS,
+};
+
 static void usage(void);
 
 /* ---------------------------------------------------------------------------
@@ -226,6 +246,68 @@ static int get_req_fd(int alg_fd, const char *alg_name)
 	return req_fd;
 }
 
+/* ---------------------------------------------------------------------------
+ *			   dump_jitterentropy command
+ * ---------------------------------------------------------------------------*/
+
+static void dump_from_jent_fd(int fd, size_t count)
+{
+	uint8_t buf[AF_ALG_MAX_RNG_REQUEST_SIZE];
+
+	while (count) {
+		ssize_t ret;
+
+		memset(buf, 0, sizeof(buf));
+		ret = read(fd, buf, MIN(count, sizeof(buf)));
+		if (ret < 0)
+			die_errno("error reading from jitterentropy_rng");
+		full_write(STDOUT_FILENO, buf, ret);
+		count -= ret;
+	}
+}
+
+static int cmd_dump_jitterentropy(int argc, char *argv[])
+{
+	static const struct option longopts[] = {
+		{ "amount", required_argument, NULL, OPT_AMOUNT },
+		{ "iterations", required_argument, NULL, OPT_ITERATIONS },
+		{ NULL, 0, NULL, 0 },
+	};
+	size_t amount = 128;
+	size_t iterations = 1;
+	size_t i;
+	int c;
+
+	while ((c = getopt_long(argc, argv, "", longopts, NULL)) != -1) {
+		switch (c) {
+		case OPT_AMOUNT:
+			amount = strtoul(optarg, NULL, 0);
+			if (amount <= 0 || amount >= ULONG_MAX)
+				die("invalid argument to --amount");
+			break;
+		case OPT_ITERATIONS:
+			iterations = strtoul(optarg, NULL, 0);
+			if (iterations <= 0 || iterations >= ULONG_MAX)
+				die("invalid argument to --iterations");
+			break;
+		default:
+			usage();
+			return 1;
+		}
+	}
+
+	for (i = 0; i < iterations; i++) {
+		int alg_fd = get_alg_fd("rng", "jitterentropy_rng");
+		int req_fd = get_req_fd(alg_fd, "jitterentropy_rng");
+
+		dump_from_jent_fd(req_fd, amount);
+
+		close(req_fd);
+		close(alg_fd);
+	}
+	return 0;
+}
+
 /* ---------------------------------------------------------------------------
  *			  show_invalid_inputs command
  * ---------------------------------------------------------------------------*/
@@ -510,6 +592,7 @@ static const struct command {
 	const char *name;
 	int (*func)(int argc, char *argv[]);
 } commands[] = {
+	{ "dump_jitterentropy", cmd_dump_jitterentropy },
 	{ "show_invalid_inputs", cmd_show_invalid_inputs },
 	{ "show_module_version", cmd_show_module_version },
 	{ "show_service_indicators", cmd_show_service_indicators },
@@ -519,9 +602,14 @@ static void usage(void)
 {
 	fprintf(stderr,
 "Usage:\n"
+"       fips140_lab_util dump_jitterentropy [OPTION]...\n"
 "       fips140_lab_util show_invalid_inputs\n"
 "       fips140_lab_util show_module_version\n"
 "       fips140_lab_util show_service_indicators [SERVICE]...\n"
+"\n"
+"Options for dump_jitterentropy:\n"
+"  --amount=AMOUNT      Amount to dump in bytes per iteration (default 128)\n"
+"  --iterations=COUNT   Number of start-up iterations (default 1)\n"
 	);
 }