lib/ukrandom: Seed the CSPRNG from the device-tree

Provide the ability to seed ChaCha20 from the `/chosen/rng-seed` node
of the dtb. This is controlled by a newly introduced Kconfig option
CONFIG_LIBUKRANDOM_DTB_SEED, enabled by default in platforms that
select LIBFDT.

Seeding via the device-tree takes precedence over the drivers, so if
a seed is set in the dtb, any driver selected is not used.

Signed-off-by: Michalis Pappas <michalis@unikraft.io>
Reviewed-by: Maria Pana <maria.pana4@gmail.com>
Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com>
Reviewed-by: Simon Kuenzer <simon@unikraft.io>
Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496

diff --git a/lib/ukrandom/Config.uk b/lib/ukrandom/Config.uk
index b63d85fd0d602f4d9524e177edc0e55f835631d2..8144e504ed655c29c7bc0272d361f5678b32c16a 100644 (file)
--- a/lib/ukrandom/Config.uk
+++ b/lib/ukrandom/Config.uk
@@ -21,6 +21,18 @@ config LIBUKRANDOM_SEED_INSECURE
 
                DO NOT USE IN PRODUCTION SYSTEMS
 
+config LIBUKRANDOM_DTB_SEED
+       bool "Obtain seed from the device-tree"
+       depends on LIBUKOFW
+       select LIBUKBOOT
+       default y
+       help
+               Selecting this option will cause libukrandom to obtain its
+               seed from the fdt, if the `/chosen/rng-seed` node is present
+               and populated with a 256-bit key formatted as an array of
+               32-bit words. In that case any hardware RNG driver enabled
+               will be ignored.
+
 config LIBUKRANDOM_GETRANDOM
        bool "getrandom() system call"
        depends on LIBSYSCALL_SHIM

diff --git a/lib/ukrandom/Makefile.uk b/lib/ukrandom/Makefile.uk
index ec3e7131671246d928c072c3f7315ba77cd9932b..2fec45c701c2bedb83ccf482722d379c88652bdc 100644 (file)
--- a/lib/ukrandom/Makefile.uk
+++ b/lib/ukrandom/Makefile.uk
@@ -10,4 +10,7 @@ LIBUKRANDOM_SRCS-y += $(LIBUKRANDOM_BASE)/random.c
 
 LIBUKRANDOM_CINCLUDES-y += -I$(LIBUKRANDOM_BASE)
 
+# TODO Remove as soon as plat dependencies go away
+LIBUKRANDOM_CINCLUDES-y += -I$(UK_PLAT_COMMON_BASE)/include
+
 UK_PROVIDED_SYSCALLS-$(CONFIG_LIBUKRANDOM_GETRANDOM) += getrandom-3

diff --git a/lib/ukrandom/chacha.c b/lib/ukrandom/chacha.c
index d8ae498caf428f3d7fedd62036be46f6f27a07f9..6abb61cddee81f2027d9f8ede1cb38d87ee0fa92 100644 (file)
--- a/lib/ukrandom/chacha.c
+++ b/lib/ukrandom/chacha.c
@@ -38,6 +38,10 @@
 #include <uk/random/driver.h>
 #include <uk/plat/lcpu.h>
 
+#if CONFIG_LIBUKRANDOM_DTB_SEED
+#include <uk/ofw/fdt.h>
+#endif /* CONFIG_LIBUKRANDOM_DTB_SEED */
+
 /* This implements the original version of ChaCha20 as presented
  * in http://cr.yp.to/chacha/chacha-20080128.pdf. For the differences
  * with the IRTF version see RFC-8439 Sect. 2.3.
@@ -148,6 +152,33 @@ static void chacha_init(struct uk_swrand *r, const __u32 seedv[])
        r->k = 16;
 }
 
+#if CONFIG_LIBUKRANDOM_DTB_SEED
+int uk_swrand_fdt_init(void *fdt, struct uk_random_driver **drv)
+{
+       __u32 *seedv;
+       __sz seedc;
+       int rc;
+
+       rc = fdt_chosen_rng_seed(fdt, &seedv, &seedc);
+       if (unlikely(rc))
+               return -ENOTSUP;
+
+       if (unlikely(seedc < CHACHA_SEED_LENGTH)) {
+               uk_pr_err("/chosen/rng-seed does not provide enough randomness\n");
+               return -ENOTSUP;
+       }
+
+       uk_pr_warn("The CSPRNG is initialized from the dtb\n");
+
+        /* prevent drivers from registering */
+       *drv = (void *)UK_SWRAND_DRIVER_NONE;
+
+       chacha_init(&uk_swrand_def, seedv);
+
+       return rc;
+}
+#endif /* CONFIG_LIBUKRANDOM_DTB_SEED */
+
 int uk_swrand_init(struct uk_random_driver **drv)
 {
        unsigned int seedc = CHACHA_SEED_LENGTH;

diff --git a/lib/ukrandom/random.c b/lib/ukrandom/random.c
index 08af52637ea0d1bf92dc65081ab322aec0ba448a..e5199f0fb705b0c109a34559c8b89e69b93947a1 100644 (file)
--- a/lib/ukrandom/random.c
+++ b/lib/ukrandom/random.c
@@ -37,6 +37,12 @@
 #include <uk/random.h>
 #include <uk/random/driver.h>
 
+#if CONFIG_LIBUKRANDOM_DTB_SEED
+#include <uk/boot/earlytab.h>
+#include <uk/plat/common/bootinfo.h>
+#include <uk/prio.h>
+#endif /* CONFIG_LIBUKRANDOM_DTB_SEED */
+
 #include "swrand.h"
 
 struct uk_random_driver *driver;
@@ -75,3 +81,12 @@ int uk_random_init(struct uk_random_driver *drv)
 
        return uk_swrand_init(&driver);
 }
+
+#if CONFIG_LIBUKRANDOM_DTB_SEED
+int uk_random_early_init(struct ukplat_bootinfo __maybe_unused *bi)
+{
+       return uk_swrand_fdt_init((void *)bi->dtb, &driver);
+}
+
+UK_BOOT_EARLYTAB_ENTRY(uk_random_early_init, UK_PRIO_AFTER(2));
+#endif /* CONFIG_LIBUKRANDOM_DTB_SEED */

diff --git a/lib/ukrandom/swrand.h b/lib/ukrandom/swrand.h
index 7725736d2e62feac6ac8fa089fe8e0af7859af8e..953066a37dbe5fdcdd6abab62ee558146145f0f3 100644 (file)
--- a/lib/ukrandom/swrand.h
+++ b/lib/ukrandom/swrand.h
@@ -9,7 +9,19 @@
 
 #include <uk/random/driver.h>
 
-/* Initialize the software CSPRNG */
+/* Invalid pointer to differentiate between not initialized
+ * libukrandom and initialized without an underlying driver.
+ */
+#define UK_SWRAND_DRIVER_NONE  0xb0b0cafe
+
+/* Initialize the CSPRNG. The CSPRNG is seeded with randomness
+ * provided by the dtb's `/chosen/rng-seed` node.
+ */
+int uk_swrand_fdt_init(void *fdt, struct uk_random_driver **drv);
+
+/* Initialize the CSPRNG. The CSPRNG is seeded with randomness
+ * provided by an RNG device.
+ */
 int uk_swrand_init(struct uk_random_driver **drv);
 
 /* Get a 32-bit random number */