From 761f57a1b167abeda40c5cc0fce801a4230f2400 Mon Sep 17 00:00:00 2001 From: Anton Kling Date: Mon, 13 Nov 2023 16:05:31 +0100 Subject: Crypto: Implement fast insecure RNG for overwritting memory areas. This is mainly done to test for uninitlalized memory and find bugs faster. Therefore it does not need to be cryptographically secure or perfectly uniform. Xoshiro256++ seems like a good fit. --- kernel/Makefile | 2 +- kernel/arch/i386/mmu.c | 4 ++-- kernel/kmalloc.c | 2 +- kernel/random.c | 19 ++++++++++++++++++- kernel/random.h | 1 + 5 files changed, 23 insertions(+), 5 deletions(-) (limited to 'kernel') diff --git a/kernel/Makefile b/kernel/Makefile index 86ec3c8..e7d67dd 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -1,6 +1,6 @@ CC="i686-sb-gcc" AS="i686-sb-as" -OBJ = arch/i386/boot.o init/kernel.o cpu/gdt.o cpu/reload_gdt.o cpu/idt.o cpu/io.o libc/stdio/print.o drivers/keyboard.o log.o drivers/pit.o libc/string/memcpy.o libc/string/strlen.o libc/string/memcmp.o drivers/ata.o libc/string/memset.o cpu/syscall.o read_eip.o libc/exit/assert.o process.o cpu/int_syscall.o libc/string/strcpy.o arch/i386/mmu.o kmalloc.o fs/ext2.o fs/vfs.o fs/devfs.o cpu/spinlock.o random.o libc/string/strcmp.o crypto/ChaCha20/chacha20.o crypto/SHA1/sha1.o fs/tmpfs.o libc/string/isequal.o drivers/pst.o halts.o scalls/ppoll.o scalls/ftruncate.o kubsan.o scalls/mmap.o drivers/serial.o scalls/accept.o scalls/bind.o scalls/socket.o socket.o poll.o fs/fifo.o hashmap/hashmap.o fs/shm.o scalls/shm.o elf.o ksbrk.o sched/scheduler.o scalls/stat.o libc/string/copy.o libc/string/strncpy.o drivers/mouse.o libc/string/strlcpy.o libc/string/strcat.o drivers/vbe.o scalls/msleep.o scalls/uptime.o scalls/mkdir.o drivers/pci.o drivers/rtl8139.o network/ethernet.o network/arp.o network/bytes.o network/ipv4.o network/udp.o scalls/recvfrom.o math.o scalls/sendto.o signal.o scalls/kill.o scalls/sigaction.o network/tcp.o drivers/ahci.o +OBJ = arch/i386/boot.o init/kernel.o cpu/gdt.o cpu/reload_gdt.o cpu/idt.o cpu/io.o libc/stdio/print.o drivers/keyboard.o log.o drivers/pit.o libc/string/memcpy.o libc/string/strlen.o libc/string/memcmp.o drivers/ata.o libc/string/memset.o cpu/syscall.o read_eip.o libc/exit/assert.o process.o cpu/int_syscall.o libc/string/strcpy.o arch/i386/mmu.o kmalloc.o fs/ext2.o fs/vfs.o fs/devfs.o cpu/spinlock.o random.o libc/string/strcmp.o crypto/ChaCha20/chacha20.o crypto/SHA1/sha1.o fs/tmpfs.o libc/string/isequal.o drivers/pst.o halts.o scalls/ppoll.o scalls/ftruncate.o kubsan.o scalls/mmap.o drivers/serial.o scalls/accept.o scalls/bind.o scalls/socket.o socket.o poll.o fs/fifo.o hashmap/hashmap.o fs/shm.o scalls/shm.o elf.o ksbrk.o sched/scheduler.o scalls/stat.o libc/string/copy.o libc/string/strncpy.o drivers/mouse.o libc/string/strlcpy.o libc/string/strcat.o drivers/vbe.o scalls/msleep.o scalls/uptime.o scalls/mkdir.o drivers/pci.o drivers/rtl8139.o network/ethernet.o network/arp.o network/bytes.o network/ipv4.o network/udp.o scalls/recvfrom.o math.o scalls/sendto.o signal.o scalls/kill.o scalls/sigaction.o network/tcp.o drivers/ahci.o crypto/xoshiro256plusplus/xoshiro256plusplus.o CFLAGS = -O3 -fsanitize=vla-bound,shift-exponent,pointer-overflow,shift,signed-integer-overflow,bounds -ggdb -ffreestanding -Wall -Werror -mgeneral-regs-only -Wimplicit-fallthrough -I./libc/include/ -I. -Wno-pointer-sign INCLUDE=-I./includes/ -I./libc/include/ diff --git a/kernel/arch/i386/mmu.c b/kernel/arch/i386/mmu.c index 2b6c0b5..4ac17da 100644 --- a/kernel/arch/i386/mmu.c +++ b/kernel/arch/i386/mmu.c @@ -36,7 +36,7 @@ void *ksbrk(size_t s) { // If there is no active pagedirectory we // just assume that the memory is // already mapped. - get_random((void *)rc, data_end - rc); + get_fast_insecure_random((void *)rc, data_end - rc); return (void *)rc; } // Determine whether we are approaching a unallocated table @@ -59,7 +59,7 @@ void *ksbrk(size_t s) { assert(((uintptr_t)rc % PAGE_SIZE) == 0); memset((void *)rc, 0x00, s); - get_random((void *)rc, data_end - rc); + get_fast_insecure_random((void *)rc, data_end - rc); return (void *)rc; } diff --git a/kernel/kmalloc.c b/kernel/kmalloc.c index 2fb4f03..8a674f5 100644 --- a/kernel/kmalloc.c +++ b/kernel/kmalloc.c @@ -143,7 +143,7 @@ void *kmalloc(size_t s) { free_entry->flags = 0; free_entry->n = new_entry; free_entry->magic = 0xdde51ab9410268b1; - get_random((void *)rc, s); + get_fast_insecure_random((void *)rc, s); return rc; } diff --git a/kernel/random.c b/kernel/random.c index c043cdf..329b7d6 100644 --- a/kernel/random.c +++ b/kernel/random.c @@ -1,6 +1,7 @@ // FIXME: This is mostlikely incredibly inefficent and insecure. #include #include +#include #include #include #include @@ -40,7 +41,23 @@ void mix_chacha(void) { internal_chacha_block[COUNT] = 0; } -void get_random(BYTEPTR buffer, u64 len) { +void get_fast_insecure_random(u8 *buffer, u64 len) { + static u8 is_fast_random_seeded = 0; + if (!is_fast_random_seeded) { + uint64_t seed[4]; + get_random((u8 *)&seed, sizeof(seed)); + seed_xoshiro_256_pp(seed); + is_fast_random_seeded = 1; + } + for (; len >= 8; len -= 8, buffer += 8) { + *((uint64_t *)buffer) = xoshiro_256_pp(); + } + for (; len > 0; len--, buffer++) { + *((uint8_t *)buffer) = xoshiro_256_pp() & 0xFF; + } +} + +void get_random(u8* buffer, u64 len) { u8 rand_data[BLOCK_SIZE]; for (; len > 0;) { if (COUNT_MAX - 1 == internal_chacha_block[COUNT]) { diff --git a/kernel/random.h b/kernel/random.h index c81bfc6..5fe91d0 100644 --- a/kernel/random.h +++ b/kernel/random.h @@ -5,3 +5,4 @@ void setup_random(void); void add_random_devices(void); void get_random(u8* buffer, u64 len); +void get_fast_insecure_random(u8 *buffer, u64 len); -- cgit v1.2.3