From: Michalis Pappas <michalis@unikraft.io>
Date: Tue, 1 Oct 2024 14:51:54 +0000 (+0200)
Subject: lib/ukrandom: Seed the CSPRNG from the device-tree
X-Git-Tag: RELEASE-0.18.0~52
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=a4b0b1603b004e1538d39407bccc0dc961221e7e;p=unikraft%2Funikraft.git

lib/ukrandom: Seed the CSPRNG from the device-tree

Provide the ability to seed ChaCha20 from the `/chosen/rng-seed` node
of the dtb. This is controlled by a newly introduced Kconfig option
CONFIG_LIBUKRANDOM_DTB_SEED, enabled by default in platforms that
select LIBFDT.

Seeding via the device-tree takes precedence over the drivers, so if
a seed is set in the dtb, any driver selected is not used.

Signed-off-by: Michalis Pappas <michalis@unikraft.io>
Reviewed-by: Maria Pana <maria.pana4@gmail.com>
Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com>
Reviewed-by: Simon Kuenzer <simon@unikraft.io>
Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
---

diff --git a/lib/ukrandom/Config.uk b/lib/ukrandom/Config.uk
index b63d85fd0..8144e504e 100644
--- a/lib/ukrandom/Config.uk
+++ b/lib/ukrandom/Config.uk
@@ -21,6 +21,18 @@ config LIBUKRANDOM_SEED_INSECURE
 
 		DO NOT USE IN PRODUCTION SYSTEMS
 
+config LIBUKRANDOM_DTB_SEED
+	bool "Obtain seed from the device-tree"
+	depends on LIBUKOFW
+	select LIBUKBOOT
+	default y
+	help
+		Selecting this option will cause libukrandom to obtain its
+		seed from the fdt, if the `/chosen/rng-seed` node is present
+		and populated with a 256-bit key formatted as an array of
+		32-bit words. In that case any hardware RNG driver enabled
+		will be ignored.
+
 config LIBUKRANDOM_GETRANDOM
 	bool "getrandom() system call"
 	depends on LIBSYSCALL_SHIM
diff --git a/lib/ukrandom/Makefile.uk b/lib/ukrandom/Makefile.uk
index ec3e71316..2fec45c70 100644
--- a/lib/ukrandom/Makefile.uk
+++ b/lib/ukrandom/Makefile.uk
@@ -10,4 +10,7 @@ LIBUKRANDOM_SRCS-y += $(LIBUKRANDOM_BASE)/random.c
 
 LIBUKRANDOM_CINCLUDES-y += -I$(LIBUKRANDOM_BASE)
 
+# TODO Remove as soon as plat dependencies go away
+LIBUKRANDOM_CINCLUDES-y += -I$(UK_PLAT_COMMON_BASE)/include
+
 UK_PROVIDED_SYSCALLS-$(CONFIG_LIBUKRANDOM_GETRANDOM) += getrandom-3
diff --git a/lib/ukrandom/chacha.c b/lib/ukrandom/chacha.c
index d8ae498ca..6abb61cdd 100644
--- a/lib/ukrandom/chacha.c
+++ b/lib/ukrandom/chacha.c
@@ -38,6 +38,10 @@
 #include <uk/random/driver.h>
 #include <uk/plat/lcpu.h>
 
+#if CONFIG_LIBUKRANDOM_DTB_SEED
+#include <uk/ofw/fdt.h>
+#endif /* CONFIG_LIBUKRANDOM_DTB_SEED */
+
 /* This implements the original version of ChaCha20 as presented
  * in http://cr.yp.to/chacha/chacha-20080128.pdf. For the differences
  * with the IRTF version see RFC-8439 Sect. 2.3.
@@ -148,6 +152,33 @@ static void chacha_init(struct uk_swrand *r, const __u32 seedv[])
 	r->k = 16;
 }
 
+#if CONFIG_LIBUKRANDOM_DTB_SEED
+int uk_swrand_fdt_init(void *fdt, struct uk_random_driver **drv)
+{
+	__u32 *seedv;
+	__sz seedc;
+	int rc;
+
+	rc = fdt_chosen_rng_seed(fdt, &seedv, &seedc);
+	if (unlikely(rc))
+		return -ENOTSUP;
+
+	if (unlikely(seedc < CHACHA_SEED_LENGTH)) {
+		uk_pr_err("/chosen/rng-seed does not provide enough randomness\n");
+		return -ENOTSUP;
+	}
+
+	uk_pr_warn("The CSPRNG is initialized from the dtb\n");
+
+	 /* prevent drivers from registering */
+	*drv = (void *)UK_SWRAND_DRIVER_NONE;
+
+	chacha_init(&uk_swrand_def, seedv);
+
+	return rc;
+}
+#endif /* CONFIG_LIBUKRANDOM_DTB_SEED */
+
 int uk_swrand_init(struct uk_random_driver **drv)
 {
 	unsigned int seedc = CHACHA_SEED_LENGTH;
diff --git a/lib/ukrandom/random.c b/lib/ukrandom/random.c
index 08af52637..e5199f0fb 100644
--- a/lib/ukrandom/random.c
+++ b/lib/ukrandom/random.c
@@ -37,6 +37,12 @@
 #include <uk/random.h>
 #include <uk/random/driver.h>
 
+#if CONFIG_LIBUKRANDOM_DTB_SEED
+#include <uk/boot/earlytab.h>
+#include <uk/plat/common/bootinfo.h>
+#include <uk/prio.h>
+#endif /* CONFIG_LIBUKRANDOM_DTB_SEED */
+
 #include "swrand.h"
 
 struct uk_random_driver *driver;
@@ -75,3 +81,12 @@ int uk_random_init(struct uk_random_driver *drv)
 
 	return uk_swrand_init(&driver);
 }
+
+#if CONFIG_LIBUKRANDOM_DTB_SEED
+int uk_random_early_init(struct ukplat_bootinfo __maybe_unused *bi)
+{
+	return uk_swrand_fdt_init((void *)bi->dtb, &driver);
+}
+
+UK_BOOT_EARLYTAB_ENTRY(uk_random_early_init, UK_PRIO_AFTER(2));
+#endif /* CONFIG_LIBUKRANDOM_DTB_SEED */
diff --git a/lib/ukrandom/swrand.h b/lib/ukrandom/swrand.h
index 7725736d2..953066a37 100644
--- a/lib/ukrandom/swrand.h
+++ b/lib/ukrandom/swrand.h
@@ -9,7 +9,19 @@
 
 #include <uk/random/driver.h>
 
-/* Initialize the software CSPRNG */
+/* Invalid pointer to differentiate between not initialized
+ * libukrandom and initialized without an underlying driver.
+ */
+#define UK_SWRAND_DRIVER_NONE	0xb0b0cafe
+
+/* Initialize the CSPRNG. The CSPRNG is seeded with randomness
+ * provided by the dtb's `/chosen/rng-seed` node.
+ */
+int uk_swrand_fdt_init(void *fdt, struct uk_random_driver **drv);
+
+/* Initialize the CSPRNG. The CSPRNG is seeded with randomness
+ * provided by an RNG device.
+ */
 int uk_swrand_init(struct uk_random_driver **drv);
 
 /* Get a 32-bit random number */