minhtrannhat/os161
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of gitlab.ops-class.org:staff/os161

Browse Source
This commit is contained in:
Yihong Chen 2016-02-01 10:40:46 -05:00
commit 1b38886b8d
18 changed files with 3554 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
common/libc/printf/tprintf.c
View File

@ -16,7 +16,7 @@ tprintf(const char *fmt, ...)
int chars;
va_list ap;
if (strcmp(KERNEL_SECRET, "") != 0) {
if (SECRET != 0) {
return 0;
}
@ -34,7 +34,7 @@ nprintf(const char *fmt, ...)
int chars;
va_list ap;
if (strcmp(KERNEL_SECRET, "") == 0) {
if (SECRET == 0) {
return 0;
}
@ -52,8 +52,8 @@ printsf(const char *fmt, ...)
int chars;
va_list ap;
if (strcmp(KERNEL_SECRET, "") != 0) {
printf("%s: ", KERNEL_SECRET);
if (SECRET != 0) {
printf("%llu: ", (unsigned long long)SECRET);
}
va_start(ap, fmt);
chars = vprintf(fmt, ap);

2511
common/libc/secure/config.h Normal file
View File

File diff suppressed because it is too large Load Diff

176
common/libc/secure/secure.c Normal file
View File

@ -0,0 +1,176 @@
// Beware, this code is shared between the kernel and userspace.
#ifdef _KERNEL
#include <types.h>
#include <lib.h>
#include <kern/errno.h>
#else
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#endif
#include <kern/secure.h>
#include "sha256.h"
// The full length (with null) of the hex string of a byte array
#define HEXLEN(a) 2*a+1
#define SHA256_BLOCK_SIZE 64
#define SHA256_OUTPUT_SIZE 32
// Keep this divisible by 4, or else change make_salt()
#define SALT_BYTES 8
// inner and outer padding for HMAC.
static const unsigned char ipad[SHA256_BLOCK_SIZE] = { [0 ... SHA256_BLOCK_SIZE-1] = 0x36 };
static const unsigned char opad[SHA256_BLOCK_SIZE] = { [0 ... SHA256_BLOCK_SIZE-1] = 0x5c };
static void * _alloc(size_t size)
{
#ifdef _KERNEL
return kmalloc(size);
#else
return malloc(size);
#endif
}
static void _free(void *ptr)
{
#ifdef _KERNEL
kfree(ptr);
#else
free(ptr);
#endif
}
/*
* hamc_sha256 follows FIPS 198-1 HMAC using sha256.
* See http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf for details.
*/
static int hmac_sha256(const char *msg, size_t msg_len, const char *key, size_t key_len,
unsigned char output[SHA256_OUTPUT_SIZE])
{
// We use a total of 320 bytes of array data on the stack
unsigned char k0[SHA256_BLOCK_SIZE];
// Steps 1-3. Anything less than 64 bytes gets 0s appended.
memset(k0, 0, SHA256_BLOCK_SIZE);
if (key_len <= SHA256_BLOCK_SIZE) {
memcpy(k0, key, key_len);
} else {
mbedtls_sha256((unsigned char *)key, key_len, k0, 0);
}
// Steps 4 and 7.
unsigned char k_ipad[SHA256_BLOCK_SIZE];
unsigned char k_opad[SHA256_BLOCK_SIZE];
int i;
for (i = 0; i < SHA256_BLOCK_SIZE; i++) {
k_ipad[i] = k0[i] ^ ipad[i];
k_opad[i] = k0[i] ^ opad[i];
}
// Step 5 (K0 xor ipad) || msg
// We have no idea how big the message is so we allocate this on the heap.
unsigned char *data = (unsigned char *)_alloc(msg_len + SHA256_BLOCK_SIZE);
if (!data)
return ENOMEM;
memcpy(data, k_ipad, SHA256_BLOCK_SIZE);
memcpy(data+SHA256_BLOCK_SIZE, msg, msg_len);
// Step6: H((k0 xor ipad) || msg)
unsigned char h1[SHA256_OUTPUT_SIZE];
mbedtls_sha256(data, msg_len + SHA256_BLOCK_SIZE, h1, 0);
_free(data);
// Step 8: (k0 xor opad) || H((k0 xor ipad) || msg)
unsigned char inner[SHA256_OUTPUT_SIZE + SHA256_BLOCK_SIZE];
memcpy(inner, k_opad, SHA256_BLOCK_SIZE);
memcpy(inner + SHA256_BLOCK_SIZE, h1, SHA256_OUTPUT_SIZE);
// Step 9: Finally, H((k0 xor opad) || H((k0 xor ipad) || msg))
mbedtls_sha256(inner, SHA256_OUTPUT_SIZE + SHA256_BLOCK_SIZE, output, 0);
return 0;
}
static inline char to_hex(int n)
{
return n < 10 ? '0'+n : 'a' + (n-10);
}
static void array_to_hex(unsigned char *a, size_t len, char *res)
{
size_t i, j;
j = 0;
for (i = 0; i < len; i++) {
res[j++] = to_hex(a[i] >> 4);
res[j++] = to_hex(a[i] & 0xF);
}
res[j] = '\0';
}
static void make_salt(char *salt_str)
{
// Compute salt value
uint32_t salt[SALT_BYTES/sizeof(uint32_t)];
size_t i;
for (i = 0; i < SALT_BYTES/sizeof(uint32_t); i++)
{
salt[i] = random();
}
// Convert to hex string
array_to_hex((unsigned char *)salt, SALT_BYTES, salt_str);
}
int hmac(const char *msg, size_t msg_len, const char *key, size_t key_len,
char **hash_str)
{
*hash_str = _alloc(HEXLEN(SHA256_OUTPUT_SIZE));
if (!(*hash_str))
return ENOMEM;
// Hash it
unsigned char hash[SHA256_OUTPUT_SIZE];
int res = hmac_sha256(msg, msg_len, key, key_len, hash);
if (res)
return res;
// Convert to hex string
array_to_hex(hash, SHA256_OUTPUT_SIZE, *hash_str);
return 0;
}
int hmac_salted(const char *msg, size_t msg_len, const char *key, size_t key_len,
char **hash_str, char **salt_str)
{
*salt_str = _alloc(HEXLEN(SALT_BYTES));
if (!(*salt_str))
return ENOMEM;
// Create the salt value
make_salt(*salt_str);
// Concatenate the key and salt, with the resulting string being null-terminated
size_t key2_len = key_len + HEXLEN(SALT_BYTES)-1;
char *key2 = (char *)_alloc(key2_len+1);
if (!key2)
return ENOMEM;
strcpy(key2, key);
strcpy(key2+key_len, *salt_str);
key2[key2_len] = '\0';
// Hash it
return hmac(msg, msg_len, key2, key2_len, hash_str);
}

16
common/libc/secure/secure.h Normal file
View File

@ -0,0 +1,16 @@
#ifndef _SECURE_H
#define _SECURE_H
#define SHA256_BLOCK_SIZE 64
#define SHA256_OUTPUT_SIZE 32
#define TOHEX(n) n < 10 ? '0'+n : 'a' + (n-10)
// Compute the hex string from SHA256 hash output
void hex_from_hash(unsigned char hash[SHA256_OUTPUT_SIZE], char res[SHA256_OUTPUT_SIZE*2 + 1]);
// Compute the FIPS 198-1 complient HMAC of msg using SHA256
void hmac_sha256(const char *msg, size_t msg_len, char *key, size_t key_len,
unsigned char output[SHA256_OUTPUT_SIZE]);
#endif //_SECURE_H

451
common/libc/secure/sha256.c Normal file
View File

@ -0,0 +1,451 @@
/*
* FIPS-180-2 compliant SHA-256 implementation
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The SHA-256 Secure Hash Standard was published by NIST in 2002.
*
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SHA256_C)
#include "sha256.h"
#ifdef _KERNEL
#include <types.h>
#include <lib.h>
#else
#include <types/size_t.h>
#include <string.h>
#endif // _KERNEL
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_SHA256_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
do { \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
} while( 0 )
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
do { \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
} while( 0 )
#endif
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
}
void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
{
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
}
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src )
{
*dst = *src;
}
/*
* SHA-256 context setup
*/
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
if( is224 == 0 )
{
/* SHA-256 */
ctx->state[0] = 0x6A09E667;
ctx->state[1] = 0xBB67AE85;
ctx->state[2] = 0x3C6EF372;
ctx->state[3] = 0xA54FF53A;
ctx->state[4] = 0x510E527F;
ctx->state[5] = 0x9B05688C;
ctx->state[6] = 0x1F83D9AB;
ctx->state[7] = 0x5BE0CD19;
}
else
{
/* SHA-224 */
ctx->state[0] = 0xC1059ED8;
ctx->state[1] = 0x367CD507;
ctx->state[2] = 0x3070DD17;
ctx->state[3] = 0xF70E5939;
ctx->state[4] = 0xFFC00B31;
ctx->state[5] = 0x68581511;
ctx->state[6] = 0x64F98FA7;
ctx->state[7] = 0xBEFA4FA4;
}
ctx->is224 = is224;
}
#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
static const uint32_t K[] =
{
0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
};
#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
#define F0(x,y,z) ((x & y) | (z & (x | y)))
#define F1(x,y,z) (z ^ (x & (y ^ z)))
#define R(t) \
( \
W[t] = S1(W[t - 2]) + W[t - 7] + \
S0(W[t - 15]) + W[t - 16] \
)
#define P(a,b,c,d,e,f,g,h,x,K) \
{ \
temp1 = h + S3(e) + F1(e,f,g) + K + x; \
temp2 = S2(a) + F0(a,b,c); \
d += temp1; h = temp1 + temp2; \
}
void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
{
uint32_t temp1, temp2, W[64];
uint32_t A[8];
unsigned int i;
for( i = 0; i < 8; i++ )
A[i] = ctx->state[i];
#if defined(MBEDTLS_SHA256_SMALLER)
for( i = 0; i < 64; i++ )
{
if( i < 16 )
GET_UINT32_BE( W[i], data, 4 * i );
else
R( i );
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
}
#else /* MBEDTLS_SHA256_SMALLER */
for( i = 0; i < 16; i++ )
GET_UINT32_BE( W[i], data, 4 * i );
for( i = 0; i < 16; i += 8 )
{
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
}
for( i = 16; i < 64; i += 8 )
{
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
}
#endif /* MBEDTLS_SHA256_SMALLER */
for( i = 0; i < 8; i++ )
ctx->state[i] += A[i];
}
#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
/*
* SHA-256 process buffer
*/
void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
size_t ilen )
{
size_t fill;
uint32_t left;
if( ilen == 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
ctx->total[0] += (uint32_t) ilen;
ctx->total[0] &= 0xFFFFFFFF;
if( ctx->total[0] < (uint32_t) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
memcpy( (void *) (ctx->buffer + left), input, fill );
mbedtls_sha256_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
left = 0;
}
while( ilen >= 64 )
{
mbedtls_sha256_process( ctx, input );
input += 64;
ilen -= 64;
}
if( ilen > 0 )
memcpy( (void *) (ctx->buffer + left), input, ilen );
}
static const unsigned char sha256_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/*
* SHA-256 final digest
*/
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
{
uint32_t last, padn;
uint32_t high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
PUT_UINT32_BE( high, msglen, 0 );
PUT_UINT32_BE( low, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
mbedtls_sha256_update( ctx, sha256_padding, padn );
mbedtls_sha256_update( ctx, msglen, 8 );
PUT_UINT32_BE( ctx->state[0], output, 0 );
PUT_UINT32_BE( ctx->state[1], output, 4 );
PUT_UINT32_BE( ctx->state[2], output, 8 );
PUT_UINT32_BE( ctx->state[3], output, 12 );
PUT_UINT32_BE( ctx->state[4], output, 16 );
PUT_UINT32_BE( ctx->state[5], output, 20 );
PUT_UINT32_BE( ctx->state[6], output, 24 );
if( ctx->is224 == 0 )
PUT_UINT32_BE( ctx->state[7], output, 28 );
}
#endif /* !MBEDTLS_SHA256_ALT */
/*
* output = SHA-256( input buffer )
*/
void mbedtls_sha256( const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 )
{
mbedtls_sha256_context ctx;
mbedtls_sha256_init( &ctx );
mbedtls_sha256_starts( &ctx, is224 );
mbedtls_sha256_update( &ctx, input, ilen );
mbedtls_sha256_finish( &ctx, output );
mbedtls_sha256_free( &ctx );
}
#if defined(MBEDTLS_SELF_TEST)
/*
* FIPS-180-2 test vectors
*/
static const unsigned char sha256_test_buf[3][57] =
{
{ "abc" },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
{ "" }
};
static const int sha256_test_buflen[3] =
{
3, 56, 1000
};
static const unsigned char sha256_test_sum[6][32] =
{
/*
* SHA-224 test vectors
*/
{ 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
0xE3, 0x6C, 0x9D, 0xA7 },
{ 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
0x52, 0x52, 0x25, 0x25 },
{ 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
0x4E, 0xE7, 0xAD, 0x67 },
/*
* SHA-256 test vectors
*/
{ 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
{ 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
{ 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
};
/*
* Checkup routine
*/
int mbedtls_sha256_self_test( int verbose )
{
int i, j, k, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha256sum[32];
mbedtls_sha256_context ctx;
mbedtls_sha256_init( &ctx );
for( i = 0; i < 6; i++ )
{
j = i % 3;
k = i < 3;
if( verbose != 0 )
mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
mbedtls_sha256_starts( &ctx, k );
if( j == 2 )
{
memset( buf, 'a', buflen = 1000 );
for( j = 0; j < 1000; j++ )
mbedtls_sha256_update( &ctx, buf, buflen );
}
else
mbedtls_sha256_update( &ctx, sha256_test_buf[j],
sha256_test_buflen[j] );
mbedtls_sha256_finish( &ctx, sha256sum );
if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
ret = 1;
goto exit;
}
if( verbose != 0 )
mbedtls_printf( "passed\n" );
}
if( verbose != 0 )
mbedtls_printf( "\n" );
exit:
mbedtls_sha256_free( &ctx );
return( ret );
}
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_SHA256_C */

146
common/libc/secure/sha256.h Normal file
View File

@ -0,0 +1,146 @@
/**
* \file sha256.h
*
* \brief SHA-224 and SHA-256 cryptographic hash function
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#ifdef _KERNEL
#include <types.h>
#include <lib.h>
#else
#include <types/size_t.h>
#include <stdint.h>
#endif //_KERNEL
#if !defined(MBEDTLS_SHA256_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief SHA-256 context structure
*/
typedef struct
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[8]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
int is224; /*!< 0 => SHA-256, else SHA-224 */
}
mbedtls_sha256_context;
/**
* \brief Initialize SHA-256 context
*
* \param ctx SHA-256 context to be initialized
*/
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
/**
* \brief Clear SHA-256 context
*
* \param ctx SHA-256 context to be cleared
*/
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
/**
* \brief Clone (the state of) a SHA-256 context
*
* \param dst The destination context
* \param src The context to be cloned
*/
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src );
/**
* \brief SHA-256 context setup
*
* \param ctx context to be initialized
* \param is224 0 = use SHA256, 1 = use SHA224
*/
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
/**
* \brief SHA-256 process buffer
*
* \param ctx SHA-256 context
* \param input buffer holding the data
* \param ilen length of the input data
*/
void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief SHA-256 final digest
*
* \param ctx SHA-256 context
* \param output SHA-224/256 checksum result
*/
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
/* Internal use */
void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_SHA256_ALT */
#include "sha256_alt.h"
#endif /* MBEDTLS_SHA256_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = SHA-256( input buffer )
*
* \param input buffer holding the data
* \param ilen length of the input data
* \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224
*/
void mbedtls_sha256( const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_sha256_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif /* mbedtls_sha256.h */

9
kern/conf/conf.kern
View File

@ -309,6 +309,14 @@ file ../common/libc/string/strlen.c
file ../common/libc/string/strrchr.c
file ../common/libc/string/strtok_r.c
#
# Security functions that we've added to the C library and
# use for secure output.
#
file ../common/libc/secure/secure.c
file ../common/libc/secure/sha256.c
########################################
# #
# Core kernel source files #
@ -435,6 +443,7 @@ file test/threadtest.c
file test/tt3.c
file test/synchtest.c
file test/semunit.c
file test/hmacunit.c
file test/kmalloctest.c
file test/fstest.c
file test/lib.c

3
kern/include/kern/secret.h
View File

@ -44,6 +44,7 @@
* allows normally compilation and operation.
*/
#define KERNEL_SECRET ""
#undef SECRET_TESTING
#define SECRET 0
#endif /* _SECRET_H_ */

18
kern/include/kern/secure.h Normal file
View File

@ -0,0 +1,18 @@
#ifndef _KERN_SECURE_H_
#define _KERN_SECURE_H_
/*
* Compute the FIPS 198-1 complient HMAC of msg using SHA256.
*
* hmac_with_salt uses a salted key and sets salt_str to this value (in hex).
* Both functions below create hash_str with the hex readable version of the hash.
*
* Callers need to free hash_str (and salt_str) when done.
*/
int hmac(const char *msg, size_t msg_len, const char *key, size_t key_len,
char **hash_str);
int hmac_salted(const char *msg, size_t msg_len, const char *key, size_t key_len,
char **hash_str, char **salt_str);
#endif //_KERN_SECURE_H_

24
kern/include/test.h
View File

@ -32,6 +32,7 @@
/* Get __PF() for declaring printf-like functions. */
#include <cdefs.h>
#include <kern/secret.h>
#include "opt-synchprobs.h"
#include "opt-automationtest.h"
@ -95,6 +96,9 @@ int longstress(int, char **);
int createstress(int, char **);
int printfile(int, char **);
/* HMAC/hash tests */
int hmacu1(int, char**);
/* other tests */
int kmalloctest(int, char **);
int kmallocstress(int, char **);
@ -165,16 +169,26 @@ int ll1test(int, char **);
int ll16test(int, char **);
#endif
#define SUCCESS 0
#define FAIL 1
void success(bool, uint32_t, const char *);
void random_yielder(uint32_t);
void random_spinner(uint32_t);
/*
* Testing variants of kprintf. tprintf is silent during automated testing.
* sprintf prefixes the kernel secret to kprintf messages during automated
* testing. nprintf is not silent during automated testing.
* kprintf variants that do not (or only) print during automated testing.
*/
int tkprintf(const char *format, ...) __PF(1,2);
int nkprintf(const char *format, ...) __PF(1,2);
#ifdef SECRET_TESTING
#define kprintf_t(...) kprintf(__VA_ARGS__)
#define kprintf_n(...) silent(__VA_ARGS__)
#else
#define kprintf_t(...) silent(__VA_ARGS__)
#define kprintf_n(...) kprintf(__VA_ARGS__)
#endif
static inline void silent(const char * fmt, ...) { (void)fmt; };
#endif /* _TEST_H_ */

39
kern/lib/kprintf.c
View File

@ -142,45 +142,6 @@ kprintf(const char *fmt, ...)
return chars;
}
/*
* kprintf variant that is quiet during automated testing
*/
int
tkprintf(const char *fmt, ...)
{
int chars;
va_list ap;
if (strcmp(KERNEL_SECRET, "") != 0) {
return 0;
}
va_start(ap, fmt);
chars = __kprintf(fmt, ap);
va_end(ap);
return chars;
}
/*
* kprintf variant that is quiet during non-automated testing
*/
int
nkprintf(const char *fmt, ...)
{
int chars;
va_list ap;
if (strcmp(KERNEL_SECRET, "") == 0) {
return 0;
}
va_start(ap, fmt);
chars = __kprintf(fmt, ap);
va_end(ap);
return chars;
}
/*
* panic() is for fatal errors. It prints the printf arguments it's
* passed and then halts the system.

4
kern/main/menu.c
View File

@ -491,6 +491,7 @@ static const char *testmenu[] = {
"[fs4] FS write stress 2 ",
"[fs5] FS long stress ",
"[fs6] FS create stress ",
"[hm1] HMAC unit test ",
NULL
};
@ -649,6 +650,9 @@ static struct {
{ "fs4", writestress2 },
{ "fs5", longstress },
{ "fs6", createstress },
/* HMAC unit tests */
{ "hm1", hmacu1 },
#if OPT_AUTOMATIONTEST
/* automation tests */

99
kern/test/hmacunit.c Normal file
View File

@ -0,0 +1,99 @@
/*
* Copyright (c) 2015
* The President and Fellows of Harvard College.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE UNIVERSITY AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE UNIVERSITY OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <types.h>
#include <lib.h>
#include <spinlock.h>
#include <synch.h>
#include <thread.h>
#include <current.h>
#include <clock.h>
#include <test.h>
#include <kern/secure.h>
/*
* Unit tests for hmac/sha256 hashing.
*/
////////////////////////////////////////////////////////////
// support code
static
void
ok(void)
{
kprintf("Test passed.\n");
}
/*
* Unit test 1
*
* Test some known msg/key/hashes to make sure we produce the
* right results.
*/
static const char *plaintext1[] = {
"The quick brown fox jumps over the lazy dog",
"The only people for me are the mad ones",
"I don't exactly know what I mean by that, but I mean it.",
};
static const char *keys1[] = {
"xqWmgzbvGuLIeeKOrwMA",
"ZxuvolLXL7C68pDjsclX",
"PYeuVzKuB03awYDgJotS",
};
static const char *hashes1[] = {
"251ab1da03c94435daf44898fcd11606669e222270e4ac90d04a18a9df8fdfd6",
"75bbf48c53ccba08c244447ef7eff2e0a02f23acfdac6502282ec431823fb393",
"6d7d2b5eabcda504f26de7547185483b19f9953a6eaeec6c364bb45e20b28598",
};
#define N_TESTS_1 3
int
hmacu1(int nargs, char **args)
{
char *hash;
int res;
(void)nargs; (void)args;
int i;
for (i = 0; i < N_TESTS_1; i++)
{
res = hmac(plaintext1[i], strlen(plaintext1[i]), keys1[i], strlen(keys1[i]), &hash);
KASSERT(!res);
KASSERT(strcmp(hash, hashes1[i]) == 0);
kfree(hash);
}
ok();
/* clean up */
return 0;
}

52
kern/test/lib.c
View File

@ -1,6 +1,58 @@
#include <kern/secret.h>
#include <types.h>
#include <thread.h>
#include <test.h>
#include <lib.h>
/*
* Main success function for kernel tests. Prints a multiple of the secret if
* the secret is non-zero and the test succeeded. Otherwise prints a random
* number.
*
* Ideally we would multiply the secret (a large prime) by another large prime
* to ensure that factoring was hard, but that would require either primality
* testing (slow) or augmenting sys161 with a prime number generator. This is
* sufficient for now to prevent replay attacks.
*/
#define MIN_MULTIPLIER 0x80000000
#ifndef SECRET_TESTING
void
success(bool status, uint32_t secret, const char * name) {
(void)secret;
if (status == SUCCESS) {
kprintf("%s: SUCCESS\n", name);
} else {
kprintf("%s: FAIL\n", name);
}
return;
}
#else
void
success(bool status, uint32_t secret, const char * name) {
uint32_t multiplier;
// Make sure we can get large random numbers
KASSERT(randmax() == 0xffffffff);
while (1) {
multiplier = random();
// We can at least remove the obvious non-primes...
if (multiplier % 2 == 0) {
continue;
}
if (multiplier > MIN_MULTIPLIER) {
break;
}
}
uint64_t big_secret = (uint64_t) secret * (uint64_t) multiplier;
if (status == SUCCESS) {
kprintf("%s: SUCCESS (%llu)\n", name, big_secret);
} else {
kprintf("%s: FAIL (%llu)\n", name, big_secret);
}
return;
}
#endif
/*
* Helper functions used by testing and problem driver code

16
kern/test/synchprobs.c
View File

@ -78,14 +78,14 @@ male_start(uint32_t index) {
(void)index;
random_yielder(PROBLEMS_MAX_YIELDER);
random_spinner(PROBLEMS_MAX_SPINNER);
tkprintf("%s starting\n", curthread->t_name);
kprintf_n("%s starting\n", curthread->t_name);
}
void
male_end(uint32_t index) {
(void)index;
random_yielder(PROBLEMS_MAX_YIELDER);
random_spinner(PROBLEMS_MAX_SPINNER);
tkprintf("%s ending\n", curthread->t_name);
kprintf_n("%s ending\n", curthread->t_name);
}
static
@ -112,14 +112,14 @@ female_start(uint32_t index) {
(void) index;
random_yielder(PROBLEMS_MAX_YIELDER);
random_spinner(PROBLEMS_MAX_SPINNER);
tkprintf("%s starting\n", curthread->t_name);
kprintf_n("%s starting\n", curthread->t_name);
}
void
female_end(uint32_t index) {
(void) index;
random_yielder(PROBLEMS_MAX_YIELDER);
random_spinner(PROBLEMS_MAX_SPINNER);
tkprintf("%s ending\n", curthread->t_name);
kprintf_n("%s ending\n", curthread->t_name);
}
static
@ -146,14 +146,14 @@ matchmaker_start(uint32_t index) {
(void)index;
random_yielder(PROBLEMS_MAX_YIELDER);
random_spinner(PROBLEMS_MAX_SPINNER);
tkprintf("%s starting\n", curthread->t_name);
kprintf_n("%s starting\n", curthread->t_name);
}
void
matchmaker_end(uint32_t index) {
(void)index;
random_yielder(PROBLEMS_MAX_YIELDER);
random_spinner(PROBLEMS_MAX_SPINNER);
tkprintf("%s ending\n", curthread->t_name);
kprintf_n("%s ending\n", curthread->t_name);
}
#define NMATING 10
@ -267,7 +267,7 @@ inQuadrant(int quadrant, uint32_t index) {
random_yielder(PROBLEMS_MAX_YIELDER);
random_spinner(PROBLEMS_MAX_SPINNER);
tkprintf("%s in quadrant %d\n", curthread->t_name, quadrant);
kprintf_n("%s in quadrant %d\n", curthread->t_name, quadrant);
}
void
@ -276,7 +276,7 @@ leaveIntersection(uint32_t index) {
random_yielder(PROBLEMS_MAX_YIELDER);
random_spinner(PROBLEMS_MAX_SPINNER);
tkprintf("%s left the intersection\n", curthread->t_name);
kprintf_n("%s left the intersection\n", curthread->t_name);
}
#define NCARS 64

66
kern/test/synchtest.c
View File

@ -40,9 +40,6 @@
#include <kern/secret.h>
#include <spinlock.h>
#define SUCCESS 0
#define FAIL 1
#define NSEMLOOPS 63
#define NLOCKLOOPS 120
#define NCVLOOPS 5
@ -94,15 +91,6 @@ inititems(void)
spinlock_init(&status_lock);
}
static
void
success(bool status, const char *msg) {
if (status == SUCCESS) {
kprintf("%s%s: SUCCESS\n", KERNEL_SECRET, msg);
} else {
kprintf("%s%s: FAIL\n", KERNEL_SECRET, msg);
}
}
static
void
@ -117,10 +105,10 @@ semtestthread(void *junk, unsigned long num)
random_yielder(4);
P(testsem);
semtest_current = num;
tkprintf("Thread %2lu: ", num);
kprintf_n("Thread %2lu: ", num);
for (i=0; i<NSEMLOOPS; i++) {
tkprintf("%c", (int)num+64);
kprintf_n("%c", (int)num+64);
random_yielder(4);
if (semtest_current != num) {
spinlock_acquire(&status_lock);
@ -129,7 +117,7 @@ semtestthread(void *junk, unsigned long num)
}
}
tkprintf("\n");
kprintf_n("\n");
V(donesem);
}
@ -143,12 +131,12 @@ semtest(int nargs, char **args)
inititems();
test_status = FAIL;
tkprintf("Starting semaphore test...\n");
tkprintf("If this hangs, it's broken: ");
kprintf_n("Starting semaphore test...\n");
kprintf_n("If this hangs, it's broken: ");
P(testsem);
P(testsem);
test_status = SUCCESS;
tkprintf("ok\n");
kprintf_n("ok\n");
for (i=0; i<NTHREADS; i++) {
result = thread_fork("semtest", NULL, semtestthread, NULL, i);
@ -167,8 +155,8 @@ semtest(int nargs, char **args)
V(testsem);
V(testsem);
tkprintf("Semaphore test done.\n");
success(test_status, "semtest");
kprintf_n("Semaphore test done.\n");
success(test_status, SECRET, "sy1");
return 0;
}
@ -177,8 +165,8 @@ static
void
fail(unsigned long num, const char *msg)
{
tkprintf("thread %lu: Mismatch on %s\n", num, msg);
tkprintf("Test failed\n");
kprintf_n("thread %lu: Mismatch on %s\n", num, msg);
kprintf_n("Test failed\n");
lock_release(testlock);
@ -251,7 +239,7 @@ locktest(int nargs, char **args)
inititems();
test_status = SUCCESS;
tkprintf("Starting lock test...\n");
kprintf_n("Starting lock test...\n");
for (i=0; i<NTHREADS; i++) {
result = thread_fork("synchtest", NULL, locktestthread, NULL, i);
@ -263,8 +251,8 @@ locktest(int nargs, char **args)
P(donesem);
}
tkprintf("Lock test done.\n");
success(test_status, "locktest");
kprintf_n("Lock test done.\n");
success(test_status, SECRET, "sy2");
return 0;
}
@ -294,8 +282,8 @@ cvtestthread(void *junk, unsigned long num)
/* Require at least 2000 cpu cycles (we're 25mhz) */
if (ts2.tv_sec == 0 && ts2.tv_nsec < 40*2000) {
tkprintf("cv_wait took only %u ns\n", ts2.tv_nsec);
tkprintf("That's too fast... you must be " "busy-looping\n");
kprintf_n("cv_wait took only %u ns\n", ts2.tv_nsec);
kprintf_n("That's too fast... you must be " "busy-looping\n");
spinlock_acquire(&status_lock);
test_status = FAIL;
spinlock_release(&status_lock);
@ -323,7 +311,7 @@ cvtestthread(void *junk, unsigned long num)
}
spinlock_release(&status_lock);
tkprintf("Thread %lu\n", testval2);
kprintf_n("Thread %lu\n", testval2);
testval1 = (testval1 + NTHREADS - 1) % NTHREADS;
lock_release(testlock);
}
@ -339,8 +327,8 @@ cvtest(int nargs, char **args)
(void)args;
inititems();
tkprintf("Starting CV test...\n");
tkprintf("Threads should print out in reverse order.\n");
kprintf_n("Starting CV test...\n");
kprintf_n("Threads should print out in reverse order.\n");
testval1 = NTHREADS-1;
@ -354,8 +342,8 @@ cvtest(int nargs, char **args)
P(donesem);
}
tkprintf("CV test done\n");
success(test_status, "cvtest");
kprintf_n("CV test done\n");
success(test_status, SECRET, "sy3");
return 0;
}
@ -401,7 +389,7 @@ sleepthread(void *junk1, unsigned long junk2)
random_yielder(4);
lock_release(testlocks[i]);
}
tkprintf("sleepthread: %u\n", j);
kprintf_n("sleepthread: %u\n", j);
}
V(exitsem);
}
@ -434,7 +422,7 @@ wakethread(void *junk1, unsigned long junk2)
random_yielder(4);
lock_release(testlocks[i]);
}
tkprintf("wakethread: %u\n", j);
kprintf_n("wakethread: %u\n", j);
}
V(exitsem);
}
@ -458,7 +446,7 @@ cvtest2(int nargs, char **args)
gatesem = sem_create("gatesem", 0);
exitsem = sem_create("exitsem", 0);
tkprintf("cvtest2...\n");
kprintf_n("cvtest2...\n");
result = thread_fork("cvtest2", NULL, sleepthread, NULL, 0);
if (result) {
@ -482,8 +470,8 @@ cvtest2(int nargs, char **args)
testcvs[i] = NULL;
}
tkprintf("cvtest2 done\n");
success(test_status, "cvtest2");
kprintf_n("cvtest2 done\n");
success(test_status, SECRET, "sy4");
return 0;
}
@ -497,8 +485,8 @@ int rwtest(int nargs, char **args) {
(void) nargs;
(void) args;
tkprintf("rwtest unimplemented\n");
success(FAIL, "rwtest");
kprintf_n("rwtest unimplemented\n");
success(FAIL, SECRET, "sy5");
return 0;
}

7
userland/include/secure.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef _SECURE_H_
#define _SECURE_H_
// Just include the kernel verison
#include <kern/secure.h>
#endif //_SECURE_H_

5
userland/lib/libc/Makefile
View File

@ -13,6 +13,11 @@ SRCS+=\
$(COMMON)/printf/snprintf.c \
$(COMMON)/printf/tprintf.c
# secure
SRCS+=\
$(COMMON)/secure/secure.c \
$(COMMON)/secure/sha256.c \
# stdio
SRCS+=\
stdio/__puts.c \