tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Patch: CPU RNG framework with stub x86 implementation
As requested - here's just "cpu_rng" itself for review. I believe this
version addresses all comments received so far except that I _like_ the
construct "size_t cnt = <constant>; type_t foo[x]" so I've retained
that.
On the other hand, I _dislike_ needless forward declarations so I've
moved a small amount of code in kern_rndq.c to avoid another one of
those.
If this looks OK, I'll commit it and the next thing for review will be
the RDRAND backend; then RDSEED, then VIA. I have no hardware with RDSEED
nor a VIA RNG to test, so I'd appreciate help with that.
The RDRAND backend (unsurprisingly) passes the in-kernel statistical
test on both i386 and amd64.
Thor
Index: arch/amd64/include/Makefile
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/amd64/include/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- arch/amd64/include/Makefile 23 Jul 2014 18:19:43 -0000 1.18
+++ arch/amd64/include/Makefile 8 Jan 2016 13:50:42 -0000
@@ -4,7 +4,7 @@ INCSDIR= /usr/include/amd64
INCS= ansi.h aout_machdep.h asm.h \
bootinfo.h bswap.h byte_swap.h \
- cdefs.h cpu.h \
+ cdefs.h cpu.h cpu_rng.h\
disklabel.h \
elf_machdep.h endian.h endian_machdep.h \
float.h fpu.h frame.h frame_regs.h \
Index: arch/amd64/include/types.h
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/amd64/include/types.h,v
retrieving revision 1.48
diff -u -p -r1.48 types.h
--- arch/amd64/include/types.h 27 Aug 2015 12:30:50 -0000 1.48
+++ arch/amd64/include/types.h 8 Jan 2016 13:50:42 -0000
@@ -93,6 +93,7 @@ typedef unsigned char __cpu_simple_lock
#define __HAVE_TLS_VARIANT_II
#define __HAVE_COMMON___TLS_GET_ADDR
#define __HAVE_INTR_CONTROL
+#define __HAVE_CPU_RNG
#ifdef _KERNEL_OPT
#define __HAVE_RAS
Index: arch/i386/include/Makefile
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/i386/include/Makefile,v
retrieving revision 1.43
diff -u -p -r1.43 Makefile
--- arch/i386/include/Makefile 23 Jul 2014 18:19:44 -0000 1.43
+++ arch/i386/include/Makefile 8 Jan 2016 13:50:42 -0000
@@ -4,7 +4,7 @@ INCSDIR= /usr/include/i386
INCS= ansi.h aout_machdep.h apmvar.h asm.h \
bioscall.h bootinfo.h bswap.h byte_swap.h \
- cdefs.h cpu.h cputypes.h \
+ cdefs.h cpu.h cpu_rng.h cputypes.h \
disklabel.h \
elf_machdep.h endian.h endian_machdep.h \
fenv.h float.h frame.h freebsd_machdep.h \
Index: arch/i386/include/types.h
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/i386/include/types.h,v
retrieving revision 1.83
diff -u -p -r1.83 types.h
--- arch/i386/include/types.h 27 Aug 2015 12:30:51 -0000 1.83
+++ arch/i386/include/types.h 8 Jan 2016 13:50:42 -0000
@@ -109,6 +109,8 @@ typedef unsigned char __cpu_simple_lock
#define __HAVE_SYSCALL_INTERN
#define __HAVE_MINIMAL_EMUL
#define __HAVE_OLD_DISKLABEL
+#define __HAVE_CPU_RNG
+
#if defined(_KERNEL)
/*
* Processors < i586 do not have cmpxchg8b, and we compile for i486
Index: arch/x86/conf/files.x86
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/x86/conf/files.x86,v
retrieving revision 1.85
diff -u -p -r1.85 files.x86
--- arch/x86/conf/files.x86 11 Nov 2015 08:20:22 -0000 1.85
+++ arch/x86/conf/files.x86 8 Jan 2016 13:50:42 -0000
@@ -27,6 +27,7 @@ define ipmibus {}
device cpu: cpufeaturebus
attach cpu at cpubus
file arch/x86/x86/cpu.c cpu
+file arch/x86/x86/cpu_rng.c cpu
device acpicpu: acpi
attach acpicpu at cpufeaturebus
Index: arch/x86/include/Makefile
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/x86/include/Makefile,v
retrieving revision 1.19
diff -u -p -r1.19 Makefile
--- arch/x86/include/Makefile 11 Feb 2014 20:17:16 -0000 1.19
+++ arch/x86/include/Makefile 8 Jan 2016 13:50:42 -0000
@@ -7,6 +7,7 @@ INCS= aout_machdep.h \
cacheinfo.h \
cpu.h \
cpu_extended_state.h \
+ cpu_rng.h \
cpu_ucode.h \
cputypes.h \
cpuvar.h \
Index: kern/kern_rndq.c
===================================================================
RCS file: /Volumes/NB/repo/src/sys/kern/kern_rndq.c,v
retrieving revision 1.74
diff -u -p -r1.74 kern_rndq.c
--- kern/kern_rndq.c 1 Jan 2016 16:09:00 -0000 1.74
+++ kern/kern_rndq.c 8 Jan 2016 13:50:42 -0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_rndq.c,v 1.72 2015/08/05 16:51:09 riastradh Exp $ */
+/* $NetBSD: kern_rndq.c,v 1.74 2016/01/01 16:09:00 tls Exp $ */
/*-
* Copyright (c) 1997-2013 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.72 2015/08/05 16:51:09 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.74 2016/01/01 16:09:00 tls Exp $");
#include <sys/param.h>
#include <sys/atomic.h>
@@ -59,6 +59,10 @@ __KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,
#include <compat/sys/rnd.h>
#endif
+#if defined(__HAVE_CPU_RNG)
+#include <machine/cpu_rng.h>
+#endif
+
#if defined(__HAVE_CPU_COUNTER)
#include <machine/cpu_counter.h>
#endif
@@ -189,17 +193,6 @@ rnd_printf(const char *fmt, ...)
rnd_printing = 0;
}
-void
-rnd_init_softint(void)
-{
-
- rnd_process = softint_establish(SOFTINT_SERIAL|SOFTINT_MPSAFE,
- rnd_intr, NULL);
- rnd_wakeup = softint_establish(SOFTINT_CLOCK|SOFTINT_MPSAFE,
- rnd_wake, NULL);
- rnd_schedule_process();
-}
-
/*
* Generate a 32-bit counter.
*/
@@ -404,6 +397,49 @@ rnd_dv_estimate(krndsource_t *rs, uint32
return ret;
}
+#if defined(__HAVE_CPU_RNG)
+static struct {
+ kmutex_t lock; /* unfortunately, must protect krndsource */
+ void * intr;
+ krndsource_t source;
+} rnd_cpu __cacheline_aligned;
+
+static void
+rnd_cpu_get(size_t bytes, void *priv)
+{
+ krndsource_t *cpusrcp = priv;
+ KASSERT(cpusrcp == &rnd_cpu.source);
+
+ if (__predict_true(rnd_cpu.intr != NULL)) {
+ rnd_schedule_softint(rnd_cpu.intr);
+ }
+}
+
+static void
+rnd_cpu_intr(void *priv)
+{
+ size_t entropy = 0;
+ size_t cnt = 2 * RND_ENTROPY_THRESHOLD / sizeof(cpu_rng_t);
+ cpu_rng_t buf[cnt];
+ krndsource_t *cpusrcp = &rnd_cpu.source;
+
+ if (RND_ENABLED(cpusrcp)) {
+ cpu_rng_t *bufp;
+
+ mutex_spin_enter(&rnd_cpu.lock);
+ for (bufp = buf; bufp < buf + cnt; bufp++) {
+ entropy += cpu_rng(bufp);
+ }
+ if (__predict_true(entropy)) {
+ rnd_add_data(cpusrcp, buf, sizeof(buf), entropy);
+ explicit_memset(buf, 0, sizeof(buf));
+ }
+ mutex_spin_exit(&rnd_cpu.lock);
+ }
+}
+
+#endif
+
#if defined(__HAVE_CPU_COUNTER)
static struct {
kmutex_t lock;
@@ -463,6 +499,21 @@ rnd_skew_intr(void *arg)
}
#endif
+void
+rnd_init_softint(void)
+{
+
+ rnd_process = softint_establish(SOFTINT_SERIAL|SOFTINT_MPSAFE,
+ rnd_intr, NULL);
+ rnd_wakeup = softint_establish(SOFTINT_CLOCK|SOFTINT_MPSAFE,
+ rnd_wake, NULL);
+#ifdef __HAVE_CPU_RNG
+ rnd_cpu.intr = softint_establish(SOFTINT_SERIAL|SOFTINT_MPSAFE,
+ rnd_cpu_intr, NULL);
+#endif
+ rnd_schedule_process();
+}
+
/*
* Entropy was just added to the pool. If we crossed the threshold for
* the first time, set rnd_initial_entropy = 1.
@@ -542,6 +593,21 @@ rnd_init(void)
}
/*
+ * Attach CPU RNG if available.
+ */
+#if defined(__HAVE_CPU_RNG)
+ if (cpu_rng_init()) {
+ /* IPL_VM because taken while rnd_global.lock is held. */
+ mutex_init(&rnd_cpu.lock, MUTEX_DEFAULT, IPL_VM);
+ rndsource_setcb(&rnd_cpu.source, rnd_cpu_get, &rnd_cpu.source);
+ rnd_attach_source(&rnd_cpu.source, "cpurng",
+ RND_TYPE_RNG, RND_FLAG_COLLECT_VALUE|
+ RND_FLAG_HASCB|RND_FLAG_HASENABLE);
+ rnd_cpu_intr(NULL);
+ }
+#endif
+
+ /*
* If we have a cycle counter, take its error with respect
* to the callout mechanism as a source of entropy, ala
* TrueRand.
@@ -572,7 +638,7 @@ rnd_init(void)
mutex_spin_exit(&rnd_global.lock);
rnd_printf("rnd: seeded with %d bits\n",
MIN(boot_rsp->entropy, RND_POOLBITS / 2));
- memset(boot_rsp, 0, sizeof(*boot_rsp));
+ explicit_memset(boot_rsp, 0, sizeof(*boot_rsp));
}
rnd_attach_source(&rnd_printf_source, "printf", RND_TYPE_UNKNOWN,
RND_FLAG_NO_ESTIMATE);
@@ -621,7 +687,7 @@ static void
rnd_sample_free(rnd_sample_t *c)
{
- memset(c, 0, sizeof(*c));
+ explicit_memset(c, 0, sizeof(*c));
pool_cache_put(rnd_mempc, c);
}
@@ -996,7 +1062,7 @@ rnd_hwrng_test(rnd_sample_t *sample)
return 1;
}
source->test_cnt = -1;
- memset(source->test, 0, sizeof(*source->test));
+ explicit_memset(source->test, 0, sizeof(*source->test));
}
return 0;
}
@@ -1201,10 +1267,10 @@ rnd_extract_data(void *p, uint32_t len,
"STATISTICAL TEST!\n");
continue;
}
- memset(&rnd_rt, 0, sizeof(rnd_rt));
+ explicit_memset(&rnd_rt, 0, sizeof(rnd_rt));
rndpool_add_data(&rnd_global.pool, rnd_testbits,
sizeof(rnd_testbits), entropy_count);
- memset(rnd_testbits, 0, sizeof(rnd_testbits));
+ explicit_memset(rnd_testbits, 0, sizeof(rnd_testbits));
rnd_printf_verbose("rnd: statistical RNG test done,"
" entropy = %d.\n",
rndpool_get_entropy_count(&rnd_global.pool));
@@ -1319,7 +1385,7 @@ rnd_seed(void *base, size_t len)
rndpool_add_data(&rnd_global.pool, boot_rsp->data,
sizeof(boot_rsp->data),
MIN(boot_rsp->entropy, RND_POOLBITS / 2));
- memset(boot_rsp, 0, sizeof(*boot_rsp));
+ explicit_memset(boot_rsp, 0, sizeof(*boot_rsp));
mutex_spin_exit(&rnd_global.lock);
} else {
rnd_printf_verbose("rnd: not ready, deferring seed feed.\n");
Home |
Main Index |
Thread Index |
Old Index