[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Minios-devel] [UNIKRAFT PATCH v5 3/4] lib/ukswrand: Add ChaCha algorithm



Reviewed-by: Simon Kuenzer <simon.kuenzer@xxxxxxxxx>

On 27.11.19 13:41, Vlad-Andrei BĂDOIU (78692) wrote:
From: Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>

ChaCha20 is a cryptographically secure pseudorandom number generator. We replace
the existing implementation, which is not secure, with ChaCha20. The
implementation is based on the reference implementation of the author[1].

[1] 
http://cr.yp.to/streamciphers/timings/estreambench/submissions/salsa20/chacha8/ref/chacha.c

Signed-off-by: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
---
  lib/ukswrand/Config.uk   |   7 +-
  lib/ukswrand/Makefile.uk |   1 +
  lib/ukswrand/chacha.c    | 160 +++++++++++++++++++++++++++++++++++++++
  lib/ukswrand/swrand.c    |   7 +-
  4 files changed, 173 insertions(+), 2 deletions(-)
  create mode 100644 lib/ukswrand/chacha.c

diff --git a/lib/ukswrand/Config.uk b/lib/ukswrand/Config.uk
index e056b4c5..199fa62b 100644
--- a/lib/ukswrand/Config.uk
+++ b/lib/ukswrand/Config.uk
@@ -6,12 +6,17 @@ menuconfig LIBUKSWRAND
  if LIBUKSWRAND
  choice
        prompt "Algorithm"
-       default LIBUKSWRAND_MWC
+       default LIBUKSWRAND_CHACHA
config LIBUKSWRAND_MWC
        bool "Multiply-with-carry"
        help
                Use multiply-with-carry algorithm
+
+config LIBUKSWRAND_CHACHA
+       bool "ChaCha20"
+       help
+               Use ChaCha20 algorithm
  endchoice
choice
diff --git a/lib/ukswrand/Makefile.uk b/lib/ukswrand/Makefile.uk
index da85d381..fe6a63e1 100644
--- a/lib/ukswrand/Makefile.uk
+++ b/lib/ukswrand/Makefile.uk
@@ -4,6 +4,7 @@ CINCLUDES-$(CONFIG_LIBUKSWRAND) += -I$(LIBUKSWRAND_BASE)/include
  CXXINCLUDES-$(CONFIG_LIBUKSWRAND) += -I$(LIBUKSWRAND_BASE)/include
LIBUKSWRAND_SRCS-$(CONFIG_LIBUKSWRAND_MWC) += $(LIBUKSWRAND_BASE)/mwc.c
+LIBUKSWRAND_SRCS-$(CONFIG_LIBUKSWRAND_CHACHA) += $(LIBUKSWRAND_BASE)/chacha.c
  LIBUKSWRAND_SRCS-$(CONFIG_LIBUKSWRAND_DEVFS) += $(LIBUKSWRAND_BASE)/dev.c
  LIBUKSWRAND_SRCS-y += $(LIBUKSWRAND_BASE)/swrand.c
  LIBUKSWRAND_SRCS-y += $(LIBUKSWRAND_BASE)/getrandom.c
diff --git a/lib/ukswrand/chacha.c b/lib/ukswrand/chacha.c
new file mode 100644
index 00000000..0ce1b992
--- /dev/null
+++ b/lib/ukswrand/chacha.c
@@ -0,0 +1,160 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Authors: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
+ *
+ * Copyright (c) 2019, University Politehnica of Bucharest. All rights 
reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived from
+ *    this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY.
+ */
+
+#include <string.h>
+#include <uk/swrand.h>
+#include <uk/print.h>
+#include <uk/assert.h>
+#include <uk/ctors.h>
+
+struct uk_swrand {
+       int k;
+       __u32 input[16], output[16];
+};
+
+struct uk_swrand uk_swrand_def;
+
+/* This value isn't important, as long as it's sufficiently asymmetric */
+static const char sigma[16] = "expand 32-byte k";
+
+static inline __u32 _uk_rotl32(__u32 v, int c)
+{
+       return (v << c) | (v >> (32 - c));
+}
+
+static inline void _uk_quarterround(__u32 x[16], int a, int b, int c, int d)
+{
+       x[a] = x[a] + x[b];
+       x[d] = _uk_rotl32(x[d] ^ x[a], 16);
+
+       x[c] = x[c] + x[d];
+       x[b] = _uk_rotl32(x[b] ^ x[c], 12);
+
+       x[a] = x[a] + x[b];
+       x[d] = _uk_rotl32(x[d] ^ x[a], 8);
+
+       x[c] = x[c] + x[d];
+       x[b] = _uk_rotl32(x[b] ^ x[c], 7);
+}
+
+static inline void
+_uk_salsa20_wordtobyte(__u32 output[16], const __u32 input[16])
+{
+       __u32 i;
+
+       for (i = 0; i < 16; i++)
+               output[i] = input[i];
+
+       for (i = 8; i > 0; i -= 2) {
+               _uk_quarterround(output, 0, 4, 8, 12);
+               _uk_quarterround(output, 1, 5, 9, 13);
+               _uk_quarterround(output, 2, 6, 10, 14);
+               _uk_quarterround(output, 3, 7, 11, 15);
+               _uk_quarterround(output, 0, 5, 10, 15);
+               _uk_quarterround(output, 1, 6, 11, 12);
+               _uk_quarterround(output, 2, 7, 8, 13);
+               _uk_quarterround(output, 3, 4, 9, 14);
+       }
+
+       for (i = 0; i < 16; i++)
+               output[i] += input[i];
+}
+
+static inline void _uk_key_setup(struct uk_swrand *r, __u32 k[8])
+{
+       int i;
+
+       for (i = 0; i < 8; i++)
+               r->input[i + 4] = k[i];
+
+       for (i = 0; i < 4; i++)
+               r->input[i] = ((__u32 *)sigma)[i];
+}
+
+static inline void _uk_iv_setup(struct uk_swrand *r, __u32 iv[2])
+{
+       r->input[12] = 0;
+       r->input[13] = 0;
+       r->input[14] = iv[0];
+       r->input[15] = iv[1];
+}
+
+static inline __u32 _infvec_val(unsigned int c, const __u32 v[],
+               unsigned int pos)
+{
+       if (c == 0)
+               return 0x0;
+       return v[pos % c];
+}
+
+void uk_swrand_init_r(struct uk_swrand *r, unsigned int seedc,
+               const __u32 seedv[])
+{
+       __u32 i;
+
+       UK_ASSERT(r);
+       /* Initialize chacha */
+       __u32 k[8], iv[2];
+
+       for (i = 0; i < 8; i++)
+               k[i] = _infvec_val(10, seedv, i);
+
+       iv[0] = _infvec_val(seedc, seedv, i);
+       iv[1] = _infvec_val(seedc, seedv, i + 1);
+
+       _uk_key_setup(r, k);
+       _uk_iv_setup(r, iv);
+
+       r->k = 16;
+}
+
+__u32 uk_swrand_randr_r(struct uk_swrand *r)
+{
+       __u32 res;
+
+       for (;;) {
+               _uk_salsa20_wordtobyte(r->output, r->input);
+               r->input[12] = r->input[12] + 1;
+               if (r->input[12] == 0)
+                       r->input[13]++;
+
+               if (r->k < 16) {
+                       res = r->output[r->k];
+                       r->k += 1;
+                       return res;
+               }
+
+               r->k = 0;
+       }
+}
diff --git a/lib/ukswrand/swrand.c b/lib/ukswrand/swrand.c
index b3f410fb..ca267bf0 100644
--- a/lib/ukswrand/swrand.c
+++ b/lib/ukswrand/swrand.c
@@ -80,13 +80,18 @@ ssize_t uk_swrand_fill_buffer(void *buf, size_t buflen)
  static void _uk_swrand_ctor(void)
  {
        unsigned int i;
+#ifdef CONFIG_LIBUKSWRAND_CHACHA
+       unsigned int seedc = 10;
+       __u32 seedv[10];
+#else
        unsigned int seedc = 2;
        __u32 seedv[2];
+#endif
+       uk_pr_info("Initialize random number generator...\n");
for (i = 0; i < seedc; i++)
                seedv[i] = uk_swrandr_gen_seed32();
- uk_pr_info("Initialize random number generator...\n");
        uk_swrand_init_r(&uk_swrand_def, seedc, seedv);
  }

_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.