-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #12 from hannesm/entropy
integrate mirage-entropy as mirage-crypto-entropy
- Loading branch information
Showing
23 changed files
with
509 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
(executables | ||
(names cfg) | ||
(libraries dune-configurator result cpuid)) | ||
(libraries dune-configurator cpuid)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
Copyright (c) 2014-2016, Hannes Mehnert, Anil Madhavapeddy, David Kaloper Meršinjak | ||
All rights reserved. | ||
|
||
Redistribution and use in source and binary forms, with or without | ||
modification, are permitted provided that the following conditions are met: | ||
|
||
* Redistributions of source code must retain the above copyright notice, this | ||
list of conditions and the following disclaimer. | ||
|
||
* Redistributions in binary form must reproduce the above copyright notice, | ||
this list of conditions and the following disclaimer in the documentation | ||
and/or other materials provided with the distribution. | ||
|
||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | ||
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | ||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | ||
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | ||
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
(library | ||
(name mirage_crypto_entropy) | ||
(public_name mirage-crypto-entropy) | ||
(libraries cstruct lwt mirage-runtime mirage-crypto mirage-crypto-rng)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
(* | ||
* Copyright (c) 2014 Hannes Mehnert | ||
* Copyright (c) 2014 Anil Madhavapeddy <anil@recoil.org> | ||
* Copyright (c) 2014-2016 David Kaloper Meršinjak | ||
* Copyright (c) 2015 Citrix Systems Inc | ||
* All rights reserved. | ||
* | ||
* Redistribution and use in source and binary forms, with or without | ||
* modification, are permitted provided that the following conditions are met: | ||
* | ||
* * Redistributions of source code must retain the above copyright notice, this | ||
* list of conditions and the following disclaimer. | ||
* | ||
* * Redistributions in binary form must reproduce the above copyright notice, | ||
* this list of conditions and the following disclaimer in the documentation | ||
* and/or other materials provided with the distribution. | ||
* | ||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | ||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | ||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | ||
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | ||
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
*) | ||
|
||
module Cpu_native = struct | ||
|
||
external cycles : unit -> int = "caml_cycle_counter" [@@noalloc] | ||
external random : unit -> int = "caml_cpu_random" [@@noalloc] | ||
external rng_type : unit -> int = "caml_cpu_rng_type" [@@noalloc] | ||
external detect : unit -> unit = "caml_entropy_detect" | ||
|
||
let () = detect () | ||
|
||
let cpu_rng = | ||
match rng_type () with | ||
| 0 -> None | ||
| 1 -> Some `Rdrand | ||
| 2 -> Some `Rdseed | ||
| _ -> assert false | ||
end | ||
|
||
open Lwt.Infix | ||
|
||
type t = unit | ||
|
||
type source = [ | ||
| `Timer | ||
| `Rdseed | ||
| `Rdrand | ||
] | ||
|
||
let pp_source ppf s = | ||
let str = match s with | ||
| `Timer -> "timer" | ||
| `Rdseed -> "rdseed" | ||
| `Rdrand -> "rdrand" | ||
in | ||
Format.pp_print_string ppf str | ||
|
||
let sources () = | ||
`Timer :: | ||
match Cpu_native.cpu_rng with | ||
| Some x -> [x] | ||
| None -> [] | ||
|
||
(* Note: | ||
* `bootstrap` is not a simple feedback loop. It attempts to exploit CPU-level | ||
* data races that lead to execution-time variability of identical instructions. | ||
* See Whirlwind RNG: | ||
* http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf | ||
*) | ||
let bootstrap f = | ||
let outer = 100 | ||
and inner_max = 1024 | ||
and a = ref 0 | ||
and cs = Cstruct.create 2 in | ||
for i = 0 to outer - 1 do | ||
let tsc = Cpu_native.cycles () in | ||
let () = Cstruct.LE.set_uint16 cs 0 tsc ; f cs in | ||
for j = 1 to tsc mod inner_max do | ||
a := tsc / j - !a * i + 1 | ||
done | ||
done ; | ||
Lwt.return_unit | ||
|
||
let interrupt_hook () = | ||
match Cpu_native.cpu_rng with | ||
| None -> | ||
let buf = Cstruct.create 4 in fun () -> | ||
let a = Cpu_native.cycles () in | ||
Cstruct.LE.set_uint32 buf 0 (Int32.of_int a) ; | ||
buf | ||
| Some _ -> | ||
let buf = Cstruct.create 12 in fun () -> | ||
let a = Cpu_native.cycles () | ||
and b = Cpu_native.random () in | ||
Cstruct.LE.set_uint32 buf 0 (Int32.of_int a) ; | ||
Cstruct.LE.set_uint64 buf 4 (Int64.of_int b) ; | ||
buf | ||
|
||
(* XXX TODO | ||
* | ||
* Xentropyd. Detect its presence here, make it feed into `t.handlers` as | ||
* `~source:1` and add a function providing initial entropy burst to | ||
* `t.inits`. | ||
* | ||
* Compile-time entropy. A function returning it could go into `t.inits`. | ||
*) | ||
let bootstrap_functions = [ bootstrap ] | ||
|
||
let running = ref false | ||
|
||
let initialize (type a) ?g (rng : a Mirage_crypto_rng.generator) = | ||
if !running then | ||
Lwt.fail_with "entropy harvesting already running" | ||
else begin | ||
running := true; | ||
let rng = Mirage_crypto_rng.(create ?g rng) in | ||
Mirage_crypto_rng.generator := rng; | ||
let `Acc handler = Mirage_crypto_rng.accumulate (Some rng) in | ||
Lwt_list.iteri_p | ||
(fun i boot -> boot (handler ~source:i)) | ||
bootstrap_functions >|= fun () -> | ||
let hook = interrupt_hook () in | ||
Mirage_runtime.at_enter_iter (fun () -> | ||
let e = hook () in | ||
handler ~source:0 e) | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
(* | ||
* Copyright (c) 2014 Hannes Mehnert | ||
* Copyright (c) 2014 Anil Madhavapeddy <anil@recoil.org> | ||
* Copyright (c) 2014-2016 David Kaloper Meršinjak | ||
* All rights reserved. | ||
* | ||
* Redistribution and use in source and binary forms, with or without | ||
* modification, are permitted provided that the following conditions are met: | ||
* | ||
* * Redistributions of source code must retain the above copyright notice, this | ||
* list of conditions and the following disclaimer. | ||
* | ||
* * Redistributions in binary form must reproduce the above copyright notice, | ||
* this list of conditions and the following disclaimer in the documentation | ||
* and/or other materials provided with the distribution. | ||
* | ||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | ||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | ||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | ||
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | ||
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
*) | ||
|
||
type t | ||
(** The type of the entropy device. *) | ||
|
||
type source = [ | ||
| `Timer | ||
| `Rdseed | ||
| `Rdrand | ||
] | ||
(** A polymorphic variant of entropy sources. *) | ||
|
||
val pp_source : Format.formatter -> source -> unit | ||
(** [pp_source ppf source] pretty-prints [source] on [ppf]. *) | ||
|
||
val sources : unit -> source list | ||
(** [sources ()] is a list of supported entropy sources on your platform. *) | ||
|
||
val initialize : | ||
?g:'a -> (module Mirage_crypto_rng.Generator with type g = 'a) -> t Lwt.t | ||
(** [initialize ~g rng_module] sets the default generator to the [rng_module] | ||
and sets up periodic entropy feeding for that rng. This function raises if | ||
called a second time. *) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
opam-version: "2.0" | ||
homepage: "https://github.com/mirage/mirage-crypto" | ||
dev-repo: "git+https://github.com/mirage/mirage-crypto.git" | ||
bug-reports: "https://github.com/mirage/mirage-crypto/issues" | ||
doc: "https://mirage.github.io/mirage-crypto/" | ||
author: ["Hannes Mehnert" "David Kaloper" "Anil Madhavapeddy" "Dave Scott"] | ||
maintainer: "Hannes Mehnert <hannes@mehnert.org>" | ||
license: "BSD2" | ||
|
||
build: [ | ||
["dune" "subst"] {pinned} | ||
["dune" "build" "-p" name "-j" jobs] | ||
["dune" "runtest" "-p" name "-j" jobs] {with-test} | ||
] | ||
depends: [ | ||
"dune" {>= "1.7.0"} | ||
"ocaml" {>= "4.07.0"} | ||
"cstruct" {>= "4.0.0"} | ||
"mirage-runtime" {>= "3.7.0"} | ||
"lwt" {>= "4.0.0"} | ||
"mirage-crypto" {=version} | ||
"mirage-crypto-rng" {=version} | ||
"mirage-unix" {with-test & >= "3.0.0"} | ||
] | ||
tags: [ "org:mirage"] | ||
available: [ | ||
arch = "arm" | arch = "x86_32" | arch = "x86_64" | arch = "arm64" | ||
] | ||
synopsis: "Entropy source for MirageOS unikernels" | ||
description: """ | ||
mirage-crypto-entropy implements various entropy sources for MirageOS unikernels: | ||
- timer based ones (see [whirlwind RNG paper](https://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf)) | ||
- rdseed and rdrand (x86/x86-64 only) | ||
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.