Merge pull request #2094 from fwsGonzo/early_rng

Some RNG enhancements

Author: alfreb

CMakeLists.txt

@@ -56,10 +56,7 @@ option (undefined_san "Enable undefined-behavior sanitizer" OFF)
 option (thin_lto "Enable the Thin LTO plugin" OFF)
 option (full_lto "Enable full LTO (compatibility)" OFF)
 
-# create random hex string as stack protector canary
-string(RANDOM LENGTH 16 ALPHABET 0123456789ABCDEF STACK_PROTECTOR_VALUE)
-
-set(CAPABS "${CAPABS} -g -fstack-protector-strong -D_STACK_GUARD_VALUE_=0x${STACK_PROTECTOR_VALUE}")
+set(CAPABS "${CAPABS} -g -fstack-protector-strong")
 
 # Various global defines
 # * NO_DEBUG disables output from the debug macro

api/kernel/cpuid.hpp

@@ -59,6 +59,7 @@ namespace CPUID
     AVX,               // AVX Instructions
     F16C,              // 16-bit Floating Point Instructions
     RDRAND,            // RDRAND Instruction
+    RDSEED,            // RDSEED Instruction
 
     FPU,               // Floating-Point Unit On-Chip
     VME,               // Virtual 8086 Mode Extensions

api/kernel/rng.hpp

@@ -22,15 +22,16 @@
 
 #include <cstdlib>
 #include <cstdint>
+#include <delegate>
 
 // Incorporate seed data into the system RNG state
 extern void rng_absorb(const void* input, size_t bytes);
 
 // Extract output from the system RNG
 extern void rng_extract(void* output, size_t bytes);
 
-// Try to reseed the RNG state somehow
-extern void rng_reseed();
+// Try to reseed the RNG state
+extern void rng_reseed_init(delegate<void(uint64_t*)>, int rounds);
 
 // Extract 32 bit integer from system RNG
 inline uint32_t rng_extract_uint32()
@@ -40,6 +41,13 @@ inline uint32_t rng_extract_uint32()
   return x;
   }
 
+// Extract 64 bit integer from system RNG
+inline uint64_t rng_extract_uint64()
+  {
+  uint64_t x;
+  rng_extract(&x, sizeof(x));
+  return x;
+  }
 
 #include <fs/fd_compatible.hpp>
 class RNG : public FD_compatible {
@@ -50,7 +58,7 @@ class RNG : public FD_compatible {
     return rng;
   }
 
-  void init();
+  static void init();
 
 private:
   RNG() {}

cmake/post.service.cmake

@@ -294,7 +294,14 @@ if ("${PLATFORM}" STREQUAL "x86_solo5")
   set(PRE_BSS_SIZE  "--defsym PRE_BSS_AREA=0x200000")
 endif()
 
-set(LDFLAGS "-nostdlib -melf_${ELF} --eh-frame-hdr ${LD_STRIP} --script=${INSTALL_LOC}/${ARCH}/linker.ld ${PRE_BSS_SIZE}")
+option(for_production "Stop the OS when conditions not suitable for production" ON)
+if (for_production)
+  set(PROD_USE 0x2000)
+else()
+  set(PROD_USE 0x1000)
+endif()
+
+set(LDFLAGS "-nostdlib -melf_${ELF} --eh-frame-hdr ${LD_STRIP} --script=${INSTALL_LOC}/${ARCH}/linker.ld ${PRE_BSS_SIZE} --defsym __for_production_use=${PROD_USE}")
 
 set_target_properties(service PROPERTIES LINK_FLAGS "${LDFLAGS}")
 

linux/src/os.cpp

@@ -1,9 +1,11 @@
 #include <kernel/os.hpp>
 #include <kernel/events.hpp>
+#include <kernel/rng.hpp>
 #include <kernel/service.hpp>
 #include <kernel/timers.hpp>
 #include <system_log>
 #include <sys/time.h>
+#include <sys/random.h>
 #include <malloc.h> // mallinfo()
 #include <sched.h>
 extern bool __libc_initialized;
@@ -101,6 +103,11 @@ void OS::start(const char* cmdline)
   // setup timer system
   Timers::init(begin_timer, stop_timers);
   Timers::ready();
+  // seed RNG with entropy
+  char entropy[2048];
+  ssize_t rngres = getrandom(entropy, sizeof(entropy), 0);
+  assert(rngres == sizeof(entropy));
+  rng_absorb(entropy, sizeof(entropy));
   // fake CPU frequency
   using namespace std::chrono;
   OS::cpu_khz_ = decltype(OS::cpu_freq()) {3000000ul};

seed/service/CMakeLists.txt

@@ -23,7 +23,7 @@ set(SOURCES
 set(DRIVERS
   # virtionet   # Virtio networking driver
   # virtioblk   # Virtio block device driver
-  #boot_logger   # Enable lots of logging from boot stage
+  boot_logger   # Enable lots of logging from boot stage
 
   # Use "boot --drivers ." to see other drivers
   )

seed/service/service.cpp

@@ -18,6 +18,7 @@
 #include <service>
 #include <cstdio>
 #include <isotime>
+#include <kernel/cpuid.hpp>
 
 void Service::start(const std::string& args)
 {
@@ -27,4 +28,6 @@ void Service::start(const std::string& args)
   printf("Hello world! Time is now %s\n", isotime::now().c_str());
   printf("Args = %s\n", args.c_str());
   printf("Try giving the service less memory, eg. 5MB in vm.json\n");
+  printf("CPU has RDRAND: %d\n", CPUID::has_feature(CPUID::Feature::RDRAND));
+  printf("CPU has RDSEED: %d\n", CPUID::has_feature(CPUID::Feature::RDSEED));
 }

src/arch/x86_64/apic_asm.asm

@@ -61,3 +61,27 @@ reset_idtr:
 __amd64_load_tr:
     ltr di
     ret
+
+GLOBAL intel_rdrand:function
+intel_rdrand:
+  mov eax, 0x1
+retry_rdrand:
+  rdrand rcx
+  mov QWORD [rdi], rcx
+  cmovb ecx, eax
+  jae retry_rdrand
+  cmp ecx, 0x1
+  sete al
+  ret
+
+GLOBAL intel_rdseed:function
+intel_rdseed:
+  mov eax, 0x1
+retry_rdseed:
+  rdseed rcx
+  mov QWORD [rdi], rcx
+  cmovb ecx, eax
+  jae retry_rdseed
+  cmp ecx, 0x1
+  sete al
+  ret

src/kernel/cpuid.cpp

@@ -37,6 +37,7 @@ namespace CPUID {
       {Feature::SSE3,"SSE3"},
       {Feature::SSSE3,"SSSE3"},
       {Feature::RDRAND,"RDRAND"},
+      {Feature::RDSEED,"RDSEED"},
       {Feature::XSAVE,"XSAVE"},
       {Feature::FXSR,"FXSR"},
       {Feature::AES,"AES"},
@@ -207,10 +208,12 @@ namespace
 
       case Feature::SVM:          return FeatureInfo { 0x80000001, 0, Register::ECX, 1u <<  2 }; // Secure Virtual Machine (AMD-V)
       case Feature::SSE4A:        return FeatureInfo { 0x80000001, 0, Register::ECX, 1u <<  6 }; // SSE4a
+      // Standard function 7
       case Feature::AVX2:         return FeatureInfo { 7, 0, Register::ECX, 1u <<  5 }; // AVX2
       case Feature::BMI1:         return FeatureInfo { 7, 0, Register::ECX, 1u <<  3 }; // BMI1
       case Feature::BMI2:         return FeatureInfo { 7, 0, Register::ECX, 1u <<  8 }; // BMI2
       case Feature::LZCNT:        return FeatureInfo { 7, 0, Register::ECX, 1u <<  5 }; // LZCNT
+      case Feature::RDSEED:       return FeatureInfo { 7, 0, Register::EBX, 1u << 18 }; // RDSEED
       default: throw std::out_of_range("Unimplemented CPU feature encountered");
     }
   }

src/kernel/os.cpp

@@ -23,6 +23,7 @@
 #endif
 
 #include <kernel/os.hpp>
+#include <kernel/cpuid.hpp>
 #include <kernel/rng.hpp>
 #include <service>
 #include <cstdio>
@@ -49,6 +50,10 @@ extern char _LOAD_START_;
 extern char _ELF_END_;
 
 bool __libc_initialized = false;
+extern char __for_production_use;
+inline static bool is_for_production_use() {
+  return &__for_production_use == (char*) 0x2000;
+}
 
 bool  OS::power_   = true;
 bool  OS::boot_sequence_passed_ = false;
@@ -134,10 +139,6 @@ void OS::post_start()
   // Dependent on the liveupdate location being set
   SystemLog::initialize();
 
-  MYINFO("Initializing RNG");
-  PROFILE("RNG init");
-  RNG::get().init();
-
   // Seed rand with 32 bits from RNG
   srand(rng_extract_uint32());
 
@@ -169,6 +170,24 @@ void OS::post_start()
   printf(" +--> Running [ %s ]\n", Service::name());
   FILLINE('~');
 
+  // if we have disabled important checks, its unsafe for production
+#if defined(LIBFUZZER_ENABLED) || defined(ARP_PASSTHROUGH) || defined(DISABLE_INET_CHECKSUMS)
+  const bool unsafe = true;
+#else
+  // if we dont have a good random source, its unsafe for production
+  const bool unsafe = !CPUID::has_feature(CPUID::Feature::RDSEED)
+                   && !CPUID::has_feature(CPUID::Feature::RDRAND);
+#endif
+  if (unsafe) {
+    printf(" +--> WARNiNG: Environment unsafe for production\n");
+    if (is_for_production_use()) {
+      printf(" +--> Stop option enabled. Shutting down now...\n");
+      OS::shutdown();
+      return;
+    }
+    FILLINE('~');
+  }
+
   Service::start();
 }