Browse Source

Merge remote-tracking branch 'remotes/rth/tags/pull-rng-20190522' into staging

Introduce qemu_guest_getrandom.
Use qemu_guest_getrandom in aspeed, nrf51, bcm2835, exynos4210 rng devices.
Use qemu_guest_getrandom in target/ppc darn instruction.
Support ARMv8.5-RNG extension.
Support x86 RDRAND extension.

Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Laurent Vivier <laurent@vivier.eu>

# gpg: Signature made Wed 22 May 2019 19:36:43 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-rng-20190522: (25 commits)
  target/i386: Implement CPUID_EXT_RDRAND
  target/ppc: Use qemu_guest_getrandom for DARN
  target/ppc: Use gen_io_start/end around DARN
  target/arm: Implement ARMv8.5-RNG
  target/arm: Put all PAC keys into a structure
  hw/misc/exynos4210_rng: Use qemu_guest_getrandom
  hw/misc/bcm2835_rng: Use qemu_guest_getrandom_nofail
  hw/misc/nrf51_rng: Use qemu_guest_getrandom_nofail
  aspeed/scu: Use qemu_guest_getrandom_nofail
  linux-user: Remove srand call
  linux-user/aarch64: Use qemu_guest_getrandom for PAUTH keys
  linux-user: Use qemu_guest_getrandom_nofail for AT_RANDOM
  linux-user: Call qcrypto_init if not using -seed
  linux-user: Initialize pseudo-random seeds for all guest cpus
  cpus: Initialize pseudo-random seeds for all guest cpus
  util: Add qemu_guest_getrandom and associated routines
  ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
  ui/vnc: Split out authentication_failed
  crypto: Change the qcrypto_random_bytes buffer type to void*
  crypto: Use getrandom for qcrypto_random_bytes
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
master
Peter Maydell 3 weeks ago
parent
commit
d418238dca

+ 2
- 2
Makefile View File

@@ -413,7 +413,7 @@ dummy := $(call unnest-vars,, \
413 413
                 block-obj-y \
414 414
                 block-obj-m \
415 415
                 crypto-obj-y \
416
-                crypto-aes-obj-y \
416
+                crypto-user-obj-y \
417 417
                 qom-obj-y \
418 418
                 io-obj-y \
419 419
                 common-obj-y \
@@ -487,7 +487,7 @@ subdir-slirp: .git-submodule-status
487 487
 	$(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
488 488
 
489 489
 $(SUBDIR_RULES): libqemuutil.a $(common-obj-y) \
490
-	$(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
490
+	$(qom-obj-y) $(crypto-user-obj-$(CONFIG_USER_ONLY))
491 491
 
492 492
 ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
493 493
 # Only keep -O and -g cflags

+ 1
- 1
Makefile.objs View File

@@ -25,7 +25,7 @@ block-obj-m = block/
25 25
 # crypto-obj-y is code used by both qemu system emulation and qemu-img
26 26
 
27 27
 crypto-obj-y = crypto/
28
-crypto-aes-obj-y = crypto/
28
+crypto-user-obj-y = crypto/
29 29
 
30 30
 #######################################################################
31 31
 # qom-obj-y is code used by both qemu system emulation and qemu-img

+ 2
- 2
Makefile.target View File

@@ -180,7 +180,7 @@ dummy := $(call unnest-vars,.., \
180 180
                block-obj-m \
181 181
                chardev-obj-y \
182 182
                crypto-obj-y \
183
-               crypto-aes-obj-y \
183
+               crypto-user-obj-y \
184 184
                qom-obj-y \
185 185
                io-obj-y \
186 186
                common-obj-y \
@@ -189,7 +189,7 @@ all-obj-y += $(common-obj-y)
189 189
 all-obj-y += $(qom-obj-y)
190 190
 all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
191 191
 all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
192
-all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
192
+all-obj-$(CONFIG_USER_ONLY) += $(crypto-user-obj-y)
193 193
 all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
194 194
 all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)
195 195
 

+ 58
- 29
configure View File

@@ -2784,17 +2784,23 @@ fi
2784 2784
 # GNUTLS probe
2785 2785
 
2786 2786
 if test "$gnutls" != "no"; then
2787
+    pass="no"
2787 2788
     if $pkg_config --exists "gnutls >= 3.1.18"; then
2788 2789
         gnutls_cflags=$($pkg_config --cflags gnutls)
2789 2790
         gnutls_libs=$($pkg_config --libs gnutls)
2790
-        libs_softmmu="$gnutls_libs $libs_softmmu"
2791
-        libs_tools="$gnutls_libs $libs_tools"
2792
-	QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
2793
-        gnutls="yes"
2794
-    elif test "$gnutls" = "yes"; then
2791
+        # Packaging for the static libraries is not always correct.
2792
+        # At least ubuntu 18.04 ships only shared libraries.
2793
+        write_c_skeleton
2794
+        if compile_prog "" "$gnutls_libs" ; then
2795
+            LIBS="$gnutls_libs $LIBS"
2796
+            QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
2797
+            pass="yes"
2798
+        fi
2799
+    fi
2800
+    if test "$pass" = "no" && test "$gnutls" = "yes"; then
2795 2801
 	feature_not_found "gnutls" "Install gnutls devel >= 3.1.18"
2796 2802
     else
2797
-        gnutls="no"
2803
+        gnutls="$pass"
2798 2804
     fi
2799 2805
 fi
2800 2806
 
@@ -2849,43 +2855,52 @@ has_libgcrypt() {
2849 2855
 
2850 2856
 
2851 2857
 if test "$nettle" != "no"; then
2858
+    pass="no"
2852 2859
     if $pkg_config --exists "nettle >= 2.7.1"; then
2853 2860
         nettle_cflags=$($pkg_config --cflags nettle)
2854 2861
         nettle_libs=$($pkg_config --libs nettle)
2855 2862
         nettle_version=$($pkg_config --modversion nettle)
2856
-        libs_softmmu="$nettle_libs $libs_softmmu"
2857
-        libs_tools="$nettle_libs $libs_tools"
2858
-        QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
2859
-        nettle="yes"
2860
-
2861
-        if test -z "$gcrypt"; then
2862
-           gcrypt="no"
2863
+        # Link test to make sure the given libraries work (e.g for static).
2864
+        write_c_skeleton
2865
+        if compile_prog "" "$nettle_libs" ; then
2866
+            LIBS="$nettle_libs $LIBS"
2867
+            QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
2868
+            if test -z "$gcrypt"; then
2869
+               gcrypt="no"
2870
+            fi
2871
+            pass="yes"
2863 2872
         fi
2873
+    fi
2874
+    if test "$pass" = "no" && test "$nettle" = "yes"; then
2875
+        feature_not_found "nettle" "Install nettle devel >= 2.7.1"
2864 2876
     else
2865
-        if test "$nettle" = "yes"; then
2866
-            feature_not_found "nettle" "Install nettle devel >= 2.7.1"
2867
-        else
2868
-            nettle="no"
2869
-        fi
2877
+        nettle="$pass"
2870 2878
     fi
2871 2879
 fi
2872 2880
 
2873 2881
 if test "$gcrypt" != "no"; then
2882
+    pass="no"
2874 2883
     if has_libgcrypt; then
2875 2884
         gcrypt_cflags=$(libgcrypt-config --cflags)
2876 2885
         gcrypt_libs=$(libgcrypt-config --libs)
2877
-        # Debian has remove -lgpg-error from libgcrypt-config
2886
+        # Debian has removed -lgpg-error from libgcrypt-config
2878 2887
         # as it "spreads unnecessary dependencies" which in
2879 2888
         # turn breaks static builds...
2880 2889
         if test "$static" = "yes"
2881 2890
         then
2882 2891
             gcrypt_libs="$gcrypt_libs -lgpg-error"
2883 2892
         fi
2884
-        libs_softmmu="$gcrypt_libs $libs_softmmu"
2885
-        libs_tools="$gcrypt_libs $libs_tools"
2886
-        QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
2887
-        gcrypt="yes"
2888 2893
 
2894
+        # Link test to make sure the given libraries work (e.g for static).
2895
+        write_c_skeleton
2896
+        if compile_prog "" "$gcrypt_libs" ; then
2897
+            LIBS="$gcrypt_libs $LIBS"
2898
+            QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
2899
+            pass="yes"
2900
+        fi
2901
+    fi
2902
+    if test "$pass" = "yes"; then
2903
+        gcrypt="yes"
2889 2904
         cat > $TMPC << EOF
2890 2905
 #include <gcrypt.h>
2891 2906
 int main(void) {
@@ -2898,12 +2913,10 @@ EOF
2898 2913
         if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
2899 2914
             gcrypt_hmac=yes
2900 2915
         fi
2916
+    elif test "$gcrypt" = "yes"; then
2917
+        feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
2901 2918
     else
2902
-        if test "$gcrypt" = "yes"; then
2903
-            feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
2904
-        else
2905
-            gcrypt="no"
2906
-        fi
2919
+        gcrypt="no"
2907 2920
     fi
2908 2921
 fi
2909 2922
 
@@ -5802,6 +5815,20 @@ if compile_prog "" "" ; then
5802 5815
     have_utmpx=yes
5803 5816
 fi
5804 5817
 
5818
+##########################################
5819
+# check for getrandom()
5820
+
5821
+have_getrandom=no
5822
+cat > $TMPC << EOF
5823
+#include <sys/random.h>
5824
+int main(void) {
5825
+    return getrandom(0, 0, GRND_NONBLOCK);
5826
+}
5827
+EOF
5828
+if compile_prog "" "" ; then
5829
+    have_getrandom=yes
5830
+fi
5831
+
5805 5832
 ##########################################
5806 5833
 # checks for sanitizers
5807 5834
 
@@ -7191,7 +7218,9 @@ fi
7191 7218
 if test "$have_utmpx" = "yes" ; then
7192 7219
   echo "HAVE_UTMPX=y" >> $config_host_mak
7193 7220
 fi
7194
-
7221
+if test "$have_getrandom" = "yes" ; then
7222
+  echo "CONFIG_GETRANDOM=y" >> $config_host_mak
7223
+fi
7195 7224
 if test "$ivshmem" = "yes" ; then
7196 7225
   echo "CONFIG_IVSHMEM=y" >> $config_host_mak
7197 7226
 fi

+ 9
- 0
cpus.c View File

@@ -50,6 +50,7 @@
50 50
 #include "qemu/option.h"
51 51
 #include "qemu/bitmap.h"
52 52
 #include "qemu/seqlock.h"
53
+#include "qemu/guest-random.h"
53 54
 #include "tcg.h"
54 55
 #include "hw/nmi.h"
55 56
 #include "sysemu/replay.h"
@@ -1276,6 +1277,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
1276 1277
     /* signal CPU creation */
1277 1278
     cpu->created = true;
1278 1279
     qemu_cond_signal(&qemu_cpu_cond);
1280
+    qemu_guest_random_seed_thread_part2(cpu->random_seed);
1279 1281
 
1280 1282
     do {
1281 1283
         if (cpu_can_run(cpu)) {
@@ -1319,6 +1321,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
1319 1321
     /* signal CPU creation */
1320 1322
     cpu->created = true;
1321 1323
     qemu_cond_signal(&qemu_cpu_cond);
1324
+    qemu_guest_random_seed_thread_part2(cpu->random_seed);
1322 1325
 
1323 1326
     do {
1324 1327
         qemu_mutex_unlock_iothread();
@@ -1478,6 +1481,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
1478 1481
     cpu->created = true;
1479 1482
     cpu->can_do_io = 1;
1480 1483
     qemu_cond_signal(&qemu_cpu_cond);
1484
+    qemu_guest_random_seed_thread_part2(cpu->random_seed);
1481 1485
 
1482 1486
     /* wait for initial kick-off after machine start */
1483 1487
     while (first_cpu->stopped) {
@@ -1592,6 +1596,7 @@ static void *qemu_hax_cpu_thread_fn(void *arg)
1592 1596
 
1593 1597
     hax_init_vcpu(cpu);
1594 1598
     qemu_cond_signal(&qemu_cpu_cond);
1599
+    qemu_guest_random_seed_thread_part2(cpu->random_seed);
1595 1600
 
1596 1601
     do {
1597 1602
         if (cpu_can_run(cpu)) {
@@ -1631,6 +1636,7 @@ static void *qemu_hvf_cpu_thread_fn(void *arg)
1631 1636
     /* signal CPU creation */
1632 1637
     cpu->created = true;
1633 1638
     qemu_cond_signal(&qemu_cpu_cond);
1639
+    qemu_guest_random_seed_thread_part2(cpu->random_seed);
1634 1640
 
1635 1641
     do {
1636 1642
         if (cpu_can_run(cpu)) {
@@ -1671,6 +1677,7 @@ static void *qemu_whpx_cpu_thread_fn(void *arg)
1671 1677
     /* signal CPU creation */
1672 1678
     cpu->created = true;
1673 1679
     qemu_cond_signal(&qemu_cpu_cond);
1680
+    qemu_guest_random_seed_thread_part2(cpu->random_seed);
1674 1681
 
1675 1682
     do {
1676 1683
         if (cpu_can_run(cpu)) {
@@ -1724,6 +1731,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
1724 1731
     cpu->can_do_io = 1;
1725 1732
     current_cpu = cpu;
1726 1733
     qemu_cond_signal(&qemu_cpu_cond);
1734
+    qemu_guest_random_seed_thread_part2(cpu->random_seed);
1727 1735
 
1728 1736
     /* process any pending work */
1729 1737
     cpu->exit_request = 1;
@@ -2071,6 +2079,7 @@ void qemu_init_vcpu(CPUState *cpu)
2071 2079
     cpu->nr_cores = smp_cores;
2072 2080
     cpu->nr_threads = smp_threads;
2073 2081
     cpu->stopped = true;
2082
+    cpu->random_seed = qemu_guest_random_seed_thread_part1();
2074 2083
 
2075 2084
     if (!cpu->as) {
2076 2085
         /* If the target cpu hasn't set up any address spaces itself,

+ 6
- 5
crypto/Makefile.objs View File

@@ -19,9 +19,10 @@ crypto-obj-y += tlscredspsk.o
19 19
 crypto-obj-y += tlscredsx509.o
20 20
 crypto-obj-y += tlssession.o
21 21
 crypto-obj-y += secret.o
22
-crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
23
-crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
24
-crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
22
+crypto-rng-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
23
+crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
24
+crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
25
+crypto-obj-y += $(crypto-rng-obj-y)
25 26
 crypto-obj-y += pbkdf.o
26 27
 crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
27 28
 crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o
@@ -35,7 +36,7 @@ crypto-obj-y += block.o
35 36
 crypto-obj-y += block-qcow.o
36 37
 crypto-obj-y += block-luks.o
37 38
 
38
-# Let the userspace emulators avoid linking gnutls/etc
39
-crypto-aes-obj-y = aes.o
39
+# Let the userspace emulators avoid linking stuff they won't use.
40
+crypto-user-obj-y = aes.o $(crypto-rng-obj-y) init.o
40 41
 
41 42
 stub-obj-y += pbkdf-stub.o

+ 1
- 1
crypto/random-gcrypt.c View File

@@ -24,7 +24,7 @@
24 24
 
25 25
 #include <gcrypt.h>
26 26
 
27
-int qcrypto_random_bytes(uint8_t *buf,
27
+int qcrypto_random_bytes(void *buf,
28 28
                          size_t buflen,
29 29
                          Error **errp G_GNUC_UNUSED)
30 30
 {

+ 1
- 1
crypto/random-gnutls.c View File

@@ -26,7 +26,7 @@
26 26
 #include <gnutls/gnutls.h>
27 27
 #include <gnutls/crypto.h>
28 28
 
29
-int qcrypto_random_bytes(uint8_t *buf,
29
+int qcrypto_random_bytes(void *buf,
30 30
                          size_t buflen,
31 31
                          Error **errp)
32 32
 {

+ 62
- 42
crypto/random-platform.c View File

@@ -27,68 +27,88 @@
27 27
 #include <wincrypt.h>
28 28
 static HCRYPTPROV hCryptProv;
29 29
 #else
30
-static int fd; /* a file handle to either /dev/urandom or /dev/random */
30
+# ifdef CONFIG_GETRANDOM
31
+#  include <sys/random.h>
32
+# endif
33
+/* This is -1 for getrandom(), or a file handle for /dev/{u,}random.  */
34
+static int fd;
31 35
 #endif
32 36
 
33 37
 int qcrypto_random_init(Error **errp)
34 38
 {
35
-#ifndef _WIN32
36
-    /* TBD perhaps also add support for BSD getentropy / Linux
37
-     * getrandom syscalls directly */
38
-    fd = open("/dev/urandom", O_RDONLY);
39
-    if (fd == -1 && errno == ENOENT) {
40
-        fd = open("/dev/random", O_RDONLY);
41
-    }
42
-
43
-    if (fd < 0) {
44
-        error_setg(errp, "No /dev/urandom or /dev/random found");
45
-        return -1;
46
-    }
47
-#else
39
+#ifdef _WIN32
48 40
     if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
49 41
                              CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
50 42
         error_setg_win32(errp, GetLastError(),
51 43
                          "Unable to create cryptographic provider");
52 44
         return -1;
53 45
     }
46
+#else
47
+# ifdef CONFIG_GETRANDOM
48
+    if (getrandom(NULL, 0, 0) == 0) {
49
+        /* Use getrandom() */
50
+        fd = -1;
51
+        return 0;
52
+    }
53
+    /* Fall through to /dev/urandom case.  */
54
+# endif
55
+    fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
56
+    if (fd == -1 && errno == ENOENT) {
57
+        fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
58
+    }
59
+    if (fd < 0) {
60
+        error_setg_errno(errp, errno, "No /dev/urandom or /dev/random");
61
+        return -1;
62
+    }
54 63
 #endif
55
-
56 64
     return 0;
57 65
 }
58 66
 
59
-int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
60
-                         size_t buflen G_GNUC_UNUSED,
67
+int qcrypto_random_bytes(void *buf,
68
+                         size_t buflen,
61 69
                          Error **errp)
62 70
 {
63
-#ifndef _WIN32
64
-    int ret = -1;
65
-    int got;
66
-
67
-    while (buflen > 0) {
68
-        got = read(fd, buf, buflen);
69
-        if (got < 0) {
70
-            error_setg_errno(errp, errno,
71
-                             "Unable to read random bytes");
72
-            goto cleanup;
73
-        } else if (!got) {
74
-            error_setg(errp,
75
-                       "Unexpected EOF reading random bytes");
76
-            goto cleanup;
77
-        }
78
-        buflen -= got;
79
-        buf += got;
80
-    }
81
-
82
-    ret = 0;
83
- cleanup:
84
-    return ret;
85
-#else
71
+#ifdef _WIN32
86 72
     if (!CryptGenRandom(hCryptProv, buflen, buf)) {
87 73
         error_setg_win32(errp, GetLastError(),
88 74
                          "Unable to read random bytes");
89 75
         return -1;
90 76
     }
91
-
92
-    return 0;
77
+#else
78
+# ifdef CONFIG_GETRANDOM
79
+    if (likely(fd < 0)) {
80
+        while (1) {
81
+            ssize_t got = getrandom(buf, buflen, 0);
82
+            if (likely(got == buflen)) {
83
+                return 0;
84
+            }
85
+            if (got >= 0) {
86
+                buflen -= got;
87
+                buf += got;
88
+            } else if (errno != EINTR) {
89
+                error_setg_errno(errp, errno, "getrandom");
90
+                return -1;
91
+            }
92
+        }
93
+    }
94
+    /* Fall through to /dev/urandom case.  */
95
+# endif
96
+    while (1) {
97
+        ssize_t got = read(fd, buf, buflen);
98
+        if (likely(got == buflen)) {
99
+            return 0;
100
+        }
101
+        if (got > 0) {
102
+            buflen -= got;
103
+            buf += got;
104
+        } else if (got == 0) {
105
+            error_setg(errp, "Unexpected EOF reading random bytes");
106
+            return -1;
107
+        } else if (errno != EINTR) {
108
+            error_setg_errno(errp, errno, "Unable to read random bytes");
109
+            return -1;
110
+        }
111
+    }
93 112
 #endif
113
+    return 0;
94 114
 }

+ 2
- 8
hw/misc/aspeed_scu.c View File

@@ -16,7 +16,7 @@
16 16
 #include "qapi/visitor.h"
17 17
 #include "qemu/bitops.h"
18 18
 #include "qemu/log.h"
19
-#include "crypto/random.h"
19
+#include "qemu/guest-random.h"
20 20
 #include "trace.h"
21 21
 
22 22
 #define TO_REG(offset) ((offset) >> 2)
@@ -157,14 +157,8 @@ static const uint32_t ast2500_a1_resets[ASPEED_SCU_NR_REGS] = {
157 157
 
158 158
 static uint32_t aspeed_scu_get_random(void)
159 159
 {
160
-    Error *err = NULL;
161 160
     uint32_t num;
162
-
163
-    if (qcrypto_random_bytes((uint8_t *)&num, sizeof(num), &err)) {
164
-        error_report_err(err);
165
-        exit(1);
166
-    }
167
-
161
+    qemu_guest_getrandom_nofail(&num, sizeof(num));
168 162
     return num;
169 163
 }
170 164
 

+ 15
- 19
hw/misc/bcm2835_rng.c View File

@@ -9,30 +9,26 @@
9 9
 
10 10
 #include "qemu/osdep.h"
11 11
 #include "qemu/log.h"
12
-#include "qapi/error.h"
13
-#include "crypto/random.h"
12
+#include "qemu/guest-random.h"
14 13
 #include "hw/misc/bcm2835_rng.h"
15 14
 
16 15
 static uint32_t get_random_bytes(void)
17 16
 {
18 17
     uint32_t res;
19
-    Error *err = NULL;
20
-
21
-    if (qcrypto_random_bytes((uint8_t *)&res, sizeof(res), &err) < 0) {
22
-        /* On failure we don't want to return the guest a non-random
23
-         * value in case they're really using it for cryptographic
24
-         * purposes, so the best we can do is die here.
25
-         * This shouldn't happen unless something's broken.
26
-         * In theory we could implement this device's full FIFO
27
-         * and interrupt semantics and then just stop filling the
28
-         * FIFO. That's a lot of work, though, so we assume any
29
-         * errors are systematic problems and trust that if we didn't
30
-         * fail as the guest inited then we won't fail later on
31
-         * mid-run.
32
-         */
33
-        error_report_err(err);
34
-        exit(1);
35
-    }
18
+
19
+    /*
20
+     * On failure we don't want to return the guest a non-random
21
+     * value in case they're really using it for cryptographic
22
+     * purposes, so the best we can do is die here.
23
+     * This shouldn't happen unless something's broken.
24
+     * In theory we could implement this device's full FIFO
25
+     * and interrupt semantics and then just stop filling the
26
+     * FIFO. That's a lot of work, though, so we assume any
27
+     * errors are systematic problems and trust that if we didn't
28
+     * fail as the guest inited then we won't fail later on
29
+     * mid-run.
30
+     */
31
+    qemu_guest_getrandom_nofail(&res, sizeof(res));
36 32
     return res;
37 33
 }
38 34
 

+ 4
- 7
hw/misc/exynos4210_rng.c View File

@@ -18,10 +18,10 @@
18 18
  */
19 19
 
20 20
 #include "qemu/osdep.h"
21
-#include "crypto/random.h"
22 21
 #include "hw/sysbus.h"
23 22
 #include "qapi/error.h"
24 23
 #include "qemu/log.h"
24
+#include "qemu/guest-random.h"
25 25
 
26 26
 #define DEBUG_EXYNOS_RNG 0
27 27
 
@@ -109,7 +109,6 @@ static void exynos4210_rng_set_seed(Exynos4210RngState *s, unsigned int i,
109 109
 static void exynos4210_rng_run_engine(Exynos4210RngState *s)
110 110
 {
111 111
     Error *err = NULL;
112
-    int ret;
113 112
 
114 113
     /* Seed set? */
115 114
     if ((s->reg_status & EXYNOS4210_RNG_STATUS_SEED_SETTING_DONE) == 0) {
@@ -127,13 +126,11 @@ static void exynos4210_rng_run_engine(Exynos4210RngState *s)
127 126
     }
128 127
 
129 128
     /* Get randoms */
130
-    ret = qcrypto_random_bytes((uint8_t *)s->randr_value,
131
-                               sizeof(s->randr_value), &err);
132
-    if (!ret) {
129
+    if (qemu_guest_getrandom(s->randr_value, sizeof(s->randr_value), &err)) {
130
+        error_report_err(err);
131
+    } else {
133 132
         /* Notify that PRNG is ready */
134 133
         s->reg_status |= EXYNOS4210_RNG_STATUS_PRNG_DONE;
135
-    } else {
136
-        error_report_err(err);
137 134
     }
138 135
 
139 136
 out:

+ 2
- 2
hw/misc/nrf51_rng.c View File

@@ -14,7 +14,7 @@
14 14
 #include "qapi/error.h"
15 15
 #include "hw/arm/nrf51.h"
16 16
 #include "hw/misc/nrf51_rng.h"
17
-#include "crypto/random.h"
17
+#include "qemu/guest-random.h"
18 18
 
19 19
 static void update_irq(NRF51RNGState *s)
20 20
 {
@@ -145,7 +145,7 @@ static void nrf51_rng_timer_expire(void *opaque)
145 145
 {
146 146
     NRF51RNGState *s = NRF51_RNG(opaque);
147 147
 
148
-    qcrypto_random_bytes(&s->value, 1, &error_abort);
148
+    qemu_guest_getrandom_nofail(&s->value, 1);
149 149
 
150 150
     s->event_valrdy = 1;
151 151
     qemu_set_irq(s->eep_valrdy, 1);

+ 1
- 1
include/crypto/random.h View File

@@ -34,7 +34,7 @@
34 34
  *
35 35
  * Returns 0 on success, -1 on error
36 36
  */
37
-int qcrypto_random_bytes(uint8_t *buf,
37
+int qcrypto_random_bytes(void *buf,
38 38
                          size_t buflen,
39 39
                          Error **errp);
40 40
 

+ 68
- 0
include/qemu/guest-random.h View File

@@ -0,0 +1,68 @@
1
+/*
2
+ * QEMU guest-visible random functions
3
+ *
4
+ * Copyright 2019 Linaro, Ltd.
5
+ *
6
+ * This program is free software; you can redistribute it and/or modify it
7
+ * under the terms of the GNU General Public License as published by the Free
8
+ * Software Foundation; either version 2 of the License, or (at your option)
9
+ * any later version.
10
+ */
11
+
12
+#ifndef QEMU_GUEST_RANDOM_H
13
+#define QEMU_GUEST_RANDOM_H
14
+
15
+/**
16
+ * qemu_guest_random_seed_main(const char *optarg, Error **errp)
17
+ * @optarg: a non-NULL pointer to a C string
18
+ * @errp: an error indicator
19
+ *
20
+ * The @optarg value is that which accompanies the -seed argument.
21
+ * This forces qemu_guest_getrandom into deterministic mode.
22
+ *
23
+ * Returns 0 on success, < 0 on failure while setting *errp.
24
+ */
25
+int qemu_guest_random_seed_main(const char *optarg, Error **errp);
26
+
27
+/**
28
+ * qemu_guest_random_seed_thread_part1(void)
29
+ *
30
+ * If qemu_getrandom is in deterministic mode, returns an
31
+ * independent seed for the new thread.  Otherwise returns 0.
32
+ */
33
+uint64_t qemu_guest_random_seed_thread_part1(void);
34
+
35
+/**
36
+ * qemu_guest_random_seed_thread_part2(uint64_t seed)
37
+ * @seed: a value for the new thread.
38
+ *
39
+ * If qemu_guest_getrandom is in deterministic mode, this stores an
40
+ * independent seed for the new thread.  Otherwise a no-op.
41
+ */
42
+void qemu_guest_random_seed_thread_part2(uint64_t seed);
43
+
44
+/**
45
+ * qemu_guest_getrandom(void *buf, size_t len, Error **errp)
46
+ * @buf: a buffer of bytes to be written
47
+ * @len: the number of bytes in @buf
48
+ * @errp: an error indicator
49
+ *
50
+ * Fills len bytes in buf with random data.  This should only be used
51
+ * for data presented to the guest.  Host-side crypto services should
52
+ * use qcrypto_random_bytes.
53
+ *
54
+ * Returns 0 on success, < 0 on failure while setting *errp.
55
+ */
56
+int qemu_guest_getrandom(void *buf, size_t len, Error **errp);
57
+
58
+/**
59
+ * qemu_guest_getrandom_nofail(void *buf, size_t len)
60
+ * @buf: a buffer of bytes to be written
61
+ * @len: the number of bytes in @buf
62
+ *
63
+ * Like qemu_guest_getrandom, but will assert for failure.
64
+ * Use this when there is no reasonable recovery.
65
+ */
66
+void qemu_guest_getrandom_nofail(void *buf, size_t len);
67
+
68
+#endif /* QEMU_GUEST_RANDOM_H */

+ 1
- 0
include/qom/cpu.h View File

@@ -375,6 +375,7 @@ struct CPUState {
375 375
     int singlestep_enabled;
376 376
     int64_t icount_budget;
377 377
     int64_t icount_extra;
378
+    uint64_t random_seed;
378 379
     sigjmp_buf jmp_env;
379 380
 
380 381
     QemuMutex work_mutex;

+ 2
- 23
linux-user/aarch64/cpu_loop.c View File

@@ -20,6 +20,7 @@
20 20
 #include "qemu/osdep.h"
21 21
 #include "qemu.h"
22 22
 #include "cpu_loop-common.h"
23
+#include "qemu/guest-random.h"
23 24
 
24 25
 #define get_user_code_u32(x, gaddr, env)                \
25 26
     ({ abi_long __r = get_user_u32((x), (gaddr));       \
@@ -147,24 +148,6 @@ void cpu_loop(CPUARMState *env)
147 148
     }
148 149
 }
149 150
 
150
-static uint64_t arm_rand64(void)
151
-{
152
-    int shift = 64 - clz64(RAND_MAX);
153
-    int i, n = 64 / shift + (64 % shift != 0);
154
-    uint64_t ret = 0;
155
-
156
-    for (i = 0; i < n; i++) {
157
-        ret = (ret << shift) | rand();
158
-    }
159
-    return ret;
160
-}
161
-
162
-void arm_init_pauth_key(ARMPACKey *key)
163
-{
164
-    key->lo = arm_rand64();
165
-    key->hi = arm_rand64();
166
-}
167
-
168 151
 void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
169 152
 {
170 153
     ARMCPU *cpu = arm_env_get_cpu(env);
@@ -192,11 +175,7 @@ void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
192 175
 #endif
193 176
 
194 177
     if (cpu_isar_feature(aa64_pauth, cpu)) {
195
-        arm_init_pauth_key(&env->apia_key);
196
-        arm_init_pauth_key(&env->apib_key);
197
-        arm_init_pauth_key(&env->apda_key);
198
-        arm_init_pauth_key(&env->apdb_key);
199
-        arm_init_pauth_key(&env->apga_key);
178
+        qemu_guest_getrandom_nofail(&env->keys, sizeof(env->keys));
200 179
     }
201 180
 
202 181
     ts->stack_base = info->start_stack;

+ 0
- 2
linux-user/aarch64/target_syscall.h View File

@@ -29,6 +29,4 @@ struct target_pt_regs {
29 29
 # define TARGET_PR_PAC_APDBKEY   (1 << 3)
30 30
 # define TARGET_PR_PAC_APGAKEY   (1 << 4)
31 31
 
32
-void arm_init_pauth_key(ARMPACKey *key);
33
-
34 32
 #endif /* AARCH64_TARGET_SYSCALL_H */

+ 3
- 5
linux-user/elfload.c View File

@@ -7,6 +7,7 @@
7 7
 #include "qemu.h"
8 8
 #include "disas/disas.h"
9 9
 #include "qemu/path.h"
10
+#include "qemu/guest-random.h"
10 11
 
11 12
 #ifdef _ARCH_PPC64
12 13
 #undef ARCH_DLINFO
@@ -1883,12 +1884,9 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1883 1884
     }
1884 1885
 
1885 1886
     /*
1886
-     * Generate 16 random bytes for userspace PRNG seeding (not
1887
-     * cryptically secure but it's not the aim of QEMU).
1887
+     * Generate 16 random bytes for userspace PRNG seeding.
1888 1888
      */
1889
-    for (i = 0; i < 16; i++) {
1890
-        k_rand_bytes[i] = rand();
1891
-    }
1889
+    qemu_guest_getrandom_nofail(k_rand_bytes, sizeof(k_rand_bytes));
1892 1890
     if (STACK_GROWS_DOWN) {
1893 1891
         sp -= 16;
1894 1892
         u_rand_bytes = sp;

+ 20
- 13
linux-user/main.c View File

@@ -34,10 +34,12 @@
34 34
 #include "tcg.h"
35 35
 #include "qemu/timer.h"
36 36
 #include "qemu/envlist.h"
37
+#include "qemu/guest-random.h"
37 38
 #include "elf.h"
38 39
 #include "trace/control.h"
39 40
 #include "target_elf.h"
40 41
 #include "cpu_loop-common.h"
42
+#include "crypto/init.h"
41 43
 
42 44
 char *exec_path;
43 45
 
@@ -48,6 +50,7 @@ static int gdbstub_port;
48 50
 static envlist_t *envlist;
49 51
 static const char *cpu_model;
50 52
 static const char *cpu_type;
53
+static const char *seed_optarg;
51 54
 unsigned long mmap_min_addr;
52 55
 unsigned long guest_base;
53 56
 int have_guest_base;
@@ -290,15 +293,9 @@ static void handle_arg_pagesize(const char *arg)
290 293
     }
291 294
 }
292 295
 
293
-static void handle_arg_randseed(const char *arg)
296
+static void handle_arg_seed(const char *arg)
294 297
 {
295
-    unsigned long long seed;
296
-
297
-    if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
298
-        fprintf(stderr, "Invalid seed number: %s\n", arg);
299
-        exit(EXIT_FAILURE);
300
-    }
301
-    srand(seed);
298
+    seed_optarg = arg;
302 299
 }
303 300
 
304 301
 static void handle_arg_gdb(const char *arg)
@@ -433,7 +430,7 @@ static const struct qemu_argument arg_table[] = {
433 430
      "",           "run in singlestep mode"},
434 431
     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
435 432
      "",           "log system calls"},
436
-    {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_randseed,
433
+    {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_seed,
437 434
      "",           "Seed for pseudo-random number generator"},
438 435
     {"trace",      "QEMU_TRACE",       true,  handle_arg_trace,
439 436
      "",           "[[enable=]<pattern>][,events=<file>][,file=<file>]"},
@@ -626,8 +623,6 @@ int main(int argc, char **argv, char **envp)
626 623
 
627 624
     cpu_model = NULL;
628 625
 
629
-    srand(time(NULL));
630
-
631 626
     qemu_add_opts(&qemu_trace_opts);
632 627
 
633 628
     optind = parse_args(argc, argv);
@@ -689,8 +684,20 @@ int main(int argc, char **argv, char **envp)
689 684
         do_strace = 1;
690 685
     }
691 686
 
692
-    if (getenv("QEMU_RAND_SEED")) {
693
-        handle_arg_randseed(getenv("QEMU_RAND_SEED"));
687
+    if (seed_optarg == NULL) {
688
+        seed_optarg = getenv("QEMU_RAND_SEED");
689
+    }
690
+    {
691
+        Error *err = NULL;
692
+        if (seed_optarg != NULL) {
693
+            qemu_guest_random_seed_main(seed_optarg, &err);
694
+        } else {
695
+            qcrypto_init(&err);
696
+        }
697
+        if (err) {
698
+            error_reportf_err(err, "cannot initialize crypto: ");
699
+            exit(1);
700
+        }
694 701
     }
695 702
 
696 703
     target_environ = envlist_to_environ(envlist, NULL);

+ 29
- 5
linux-user/syscall.c View File

@@ -107,6 +107,8 @@
107 107
 #include "uname.h"
108 108
 
109 109
 #include "qemu.h"
110
+#include "qemu/guest-random.h"
111
+#include "qapi/error.h"
110 112
 #include "fd-trans.h"
111 113
 
112 114
 #ifndef CLONE_IO
@@ -5482,6 +5484,7 @@ static void *clone_func(void *arg)
5482 5484
         put_user_u32(info->tid, info->child_tidptr);
5483 5485
     if (info->parent_tidptr)
5484 5486
         put_user_u32(info->tid, info->parent_tidptr);
5487
+    qemu_guest_random_seed_thread_part2(cpu->random_seed);
5485 5488
     /* Enable signals.  */
5486 5489
     sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
5487 5490
     /* Signal to the parent that we're ready.  */
@@ -5568,6 +5571,7 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
5568 5571
            initializing, so temporarily block all signals.  */
5569 5572
         sigfillset(&sigmask);
5570 5573
         sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
5574
+        cpu->random_seed = qemu_guest_random_seed_thread_part1();
5571 5575
 
5572 5576
         /* If this is our first additional thread, we need to ensure we
5573 5577
          * generate code for parallel execution and flush old translations.
@@ -9762,25 +9766,45 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
9762 9766
                     int all = (TARGET_PR_PAC_APIAKEY | TARGET_PR_PAC_APIBKEY |
9763 9767
                                TARGET_PR_PAC_APDAKEY | TARGET_PR_PAC_APDBKEY |
9764 9768
                                TARGET_PR_PAC_APGAKEY);
9769
+                    int ret = 0;
9770
+                    Error *err = NULL;
9771
+
9765 9772
                     if (arg2 == 0) {
9766 9773
                         arg2 = all;
9767 9774
                     } else if (arg2 & ~all) {
9768 9775
                         return -TARGET_EINVAL;
9769 9776
                     }
9770 9777
                     if (arg2 & TARGET_PR_PAC_APIAKEY) {
9771
-                        arm_init_pauth_key(&env->apia_key);
9778
+                        ret |= qemu_guest_getrandom(&env->keys.apia,
9779
+                                                    sizeof(ARMPACKey), &err);
9772 9780
                     }
9773 9781
                     if (arg2 & TARGET_PR_PAC_APIBKEY) {
9774
-                        arm_init_pauth_key(&env->apib_key);
9782
+                        ret |= qemu_guest_getrandom(&env->keys.apib,
9783
+                                                    sizeof(ARMPACKey), &err);
9775 9784
                     }
9776 9785
                     if (arg2 & TARGET_PR_PAC_APDAKEY) {
9777
-                        arm_init_pauth_key(&env->apda_key);
9786
+                        ret |= qemu_guest_getrandom(&env->keys.apda,
9787
+                                                    sizeof(ARMPACKey), &err);
9778 9788
                     }
9779 9789
                     if (arg2 & TARGET_PR_PAC_APDBKEY) {
9780
-                        arm_init_pauth_key(&env->apdb_key);
9790
+                        ret |= qemu_guest_getrandom(&env->keys.apdb,
9791
+                                                    sizeof(ARMPACKey), &err);
9781 9792
                     }
9782 9793
                     if (arg2 & TARGET_PR_PAC_APGAKEY) {
9783
-                        arm_init_pauth_key(&env->apga_key);
9794
+                        ret |= qemu_guest_getrandom(&env->keys.apga,
9795
+                                                    sizeof(ARMPACKey), &err);
9796
+                    }
9797
+                    if (ret != 0) {
9798
+                        /*
9799
+                         * Some unknown failure in the crypto.  The best
9800
+                         * we can do is log it and fail the syscall.
9801
+                         * The real syscall cannot fail this way.
9802
+                         */
9803
+                        qemu_log_mask(LOG_UNIMP,
9804
+                                      "PR_PAC_RESET_KEYS: Crypto failure: %s",
9805
+                                      error_get_pretty(err));
9806
+                        error_free(err);
9807
+                        return -TARGET_EIO;
9784 9808
                     }
9785 9809
                     return 0;
9786 9810
                 }

+ 10
- 0
qemu-options.hx View File

@@ -3641,6 +3641,16 @@ the 0x200 sized block starting at 0xffffffc000080000 and another 0x1000 sized
3641 3641
 block starting at 0xffffffc00005f000.
3642 3642
 ETEXI
3643 3643
 
3644
+DEF("seed", HAS_ARG, QEMU_OPTION_seed, \
3645
+    "-seed number       seed the pseudo-random number generator\n",
3646
+    QEMU_ARCH_ALL)
3647
+STEXI
3648
+@item -seed @var{number}
3649
+@findex -seed
3650
+Force the guest to use a deterministic pseudo-random number generator, seeded
3651
+with @var{number}.  This does not affect crypto routines within the host.
3652
+ETEXI
3653
+
3644 3654
 DEF("L", HAS_ARG, QEMU_OPTION_L, \
3645 3655
     "-L path         set the directory for the BIOS, VGA BIOS and keymaps\n",
3646 3656
     QEMU_ARCH_ALL)

+ 12
- 5
target/arm/cpu.h View File

@@ -636,11 +636,13 @@ typedef struct CPUARMState {
636 636
     } iwmmxt;
637 637
 
638 638
 #ifdef TARGET_AARCH64
639
-    ARMPACKey apia_key;
640
-    ARMPACKey apib_key;
641
-    ARMPACKey apda_key;
642
-    ARMPACKey apdb_key;
643
-    ARMPACKey apga_key;
639
+    struct {
640
+        ARMPACKey apia;
641
+        ARMPACKey apib;
642
+        ARMPACKey apda;
643
+        ARMPACKey apdb;
644
+        ARMPACKey apga;
645
+    } keys;
644 646
 #endif
645 647
 
646 648
 #if defined(CONFIG_USER_ONLY)
@@ -3519,6 +3521,11 @@ static inline bool isar_feature_aa64_condm_5(const ARMISARegisters *id)
3519 3521
     return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) >= 2;
3520 3522
 }
3521 3523
 
3524
+static inline bool isar_feature_aa64_rndr(const ARMISARegisters *id)
3525
+{
3526
+    return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, RNDR) != 0;
3527
+}
3528
+
3522 3529
 static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id)
3523 3530
 {
3524 3531
     return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0;

+ 1
- 0
target/arm/cpu64.c View File

@@ -310,6 +310,7 @@ static void aarch64_max_initfn(Object *obj)
310 310
         t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1);
311 311
         t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1);
312 312
         t = FIELD_DP64(t, ID_AA64ISAR0, TS, 2); /* v8.5-CondM */
313
+        t = FIELD_DP64(t, ID_AA64ISAR0, RNDR, 1);
313 314
         cpu->isar.id_aa64isar0 = t;
314 315
 
315 316
         t = cpu->isar.id_aa64isar1;

+ 54
- 10
target/arm/helper.c View File

@@ -22,6 +22,8 @@
22 22
 #include "fpu/softfloat.h"
23 23
 #include "qemu/range.h"
24 24
 #include "qapi/qapi-commands-target.h"
25
+#include "qapi/error.h"
26
+#include "qemu/guest-random.h"
25 27
 
26 28
 #define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */
27 29
 
@@ -5707,43 +5709,82 @@ static const ARMCPRegInfo pauth_reginfo[] = {
5707 5709
     { .name = "APDAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
5708 5710
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 0,
5709 5711
       .access = PL1_RW, .accessfn = access_pauth,
5710
-      .fieldoffset = offsetof(CPUARMState, apda_key.lo) },
5712
+      .fieldoffset = offsetof(CPUARMState, keys.apda.lo) },
5711 5713
     { .name = "APDAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
5712 5714
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 1,
5713 5715
       .access = PL1_RW, .accessfn = access_pauth,
5714
-      .fieldoffset = offsetof(CPUARMState, apda_key.hi) },
5716
+      .fieldoffset = offsetof(CPUARMState, keys.apda.hi) },
5715 5717
     { .name = "APDBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
5716 5718
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 2,
5717 5719
       .access = PL1_RW, .accessfn = access_pauth,
5718
-      .fieldoffset = offsetof(CPUARMState, apdb_key.lo) },
5720
+      .fieldoffset = offsetof(CPUARMState, keys.apdb.lo) },
5719 5721
     { .name = "APDBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
5720 5722
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 3,
5721 5723
       .access = PL1_RW, .accessfn = access_pauth,
5722
-      .fieldoffset = offsetof(CPUARMState, apdb_key.hi) },
5724
+      .fieldoffset = offsetof(CPUARMState, keys.apdb.hi) },
5723 5725
     { .name = "APGAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
5724 5726
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 3, .opc2 = 0,
5725 5727
       .access = PL1_RW, .accessfn = access_pauth,
5726
-      .fieldoffset = offsetof(CPUARMState, apga_key.lo) },
5728
+      .fieldoffset = offsetof(CPUARMState, keys.apga.lo) },
5727 5729
     { .name = "APGAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
5728 5730
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 3, .opc2 = 1,
5729 5731
       .access = PL1_RW, .accessfn = access_pauth,
5730
-      .fieldoffset = offsetof(CPUARMState, apga_key.hi) },
5732
+      .fieldoffset = offsetof(CPUARMState, keys.apga.hi) },
5731 5733
     { .name = "APIAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
5732 5734
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 0,
5733 5735
       .access = PL1_RW, .accessfn = access_pauth,
5734
-      .fieldoffset = offsetof(CPUARMState, apia_key.lo) },
5736
+      .fieldoffset = offsetof(CPUARMState, keys.apia.lo) },
5735 5737
     { .name = "APIAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
5736 5738
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 1,
5737 5739
       .access = PL1_RW, .accessfn = access_pauth,
5738
-      .fieldoffset = offsetof(CPUARMState, apia_key.hi) },
5740
+      .fieldoffset = offsetof(CPUARMState, keys.apia.hi) },
5739 5741
     { .name = "APIBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
5740 5742
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 2,
5741 5743
       .access = PL1_RW, .accessfn = access_pauth,
5742
-      .fieldoffset = offsetof(CPUARMState, apib_key.lo) },
5744
+      .fieldoffset = offsetof(CPUARMState, keys.apib.lo) },
5743 5745
     { .name = "APIBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
5744 5746
       .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 3,
5745 5747
       .access = PL1_RW, .accessfn = access_pauth,
5746
-      .fieldoffset = offsetof(CPUARMState, apib_key.hi) },
5748
+      .fieldoffset = offsetof(CPUARMState, keys.apib.hi) },
5749
+    REGINFO_SENTINEL
5750
+};
5751
+
5752
+static uint64_t rndr_readfn(CPUARMState *env, const ARMCPRegInfo *ri)
5753
+{
5754
+    Error *err = NULL;
5755
+    uint64_t ret;
5756
+
5757
+    /* Success sets NZCV = 0000.  */
5758
+    env->NF = env->CF = env->VF = 0, env->ZF = 1;
5759
+
5760
+    if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
5761
+        /*
5762
+         * ??? Failed, for unknown reasons in the crypto subsystem.
5763
+         * The best we can do is log the reason and return the
5764
+         * timed-out indication to the guest.  There is no reason
5765
+         * we know to expect this failure to be transitory, so the
5766
+         * guest may well hang retrying the operation.
5767
+         */
5768
+        qemu_log_mask(LOG_UNIMP, "%s: Crypto failure: %s",
5769
+                      ri->name, error_get_pretty(err));
5770
+        error_free(err);
5771
+
5772
+        env->ZF = 0; /* NZCF = 0100 */
5773
+        return 0;
5774
+    }
5775
+    return ret;
5776
+}
5777
+
5778
+/* We do not support re-seeding, so the two registers operate the same.  */
5779
+static const ARMCPRegInfo rndr_reginfo[] = {
5780
+    { .name = "RNDR", .state = ARM_CP_STATE_AA64,
5781
+      .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
5782
+      .opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 0,
5783
+      .access = PL0_R, .readfn = rndr_readfn },
5784
+    { .name = "RNDRRS", .state = ARM_CP_STATE_AA64,
5785
+      .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
5786
+      .opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 1,
5787
+      .access = PL0_R, .readfn = rndr_readfn },
5747 5788
     REGINFO_SENTINEL
5748 5789
 };
5749 5790
 #endif
@@ -6690,6 +6731,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
6690 6731
     if (cpu_isar_feature(aa64_pauth, cpu)) {
6691 6732
         define_arm_cp_regs(cpu, pauth_reginfo);
6692 6733
     }
6734
+    if (cpu_isar_feature(aa64_rndr, cpu)) {
6735
+        define_arm_cp_regs(cpu, rndr_reginfo);
6736
+    }
6693 6737
 #endif
6694 6738
 
6695 6739
     /*

+ 9
- 9
target/arm/pauth_helper.c View File

@@ -403,7 +403,7 @@ uint64_t HELPER(pacia)(CPUARMState *env, uint64_t x, uint64_t y)
403 403
         return x;
404 404
     }
405 405
     pauth_check_trap(env, el, GETPC());
406
-    return pauth_addpac(env, x, y, &env->apia_key, false);
406
+    return pauth_addpac(env, x, y, &env->keys.apia, false);
407 407
 }
408 408
 
409 409
 uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -413,7 +413,7 @@ uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
413 413
         return x;
414 414
     }
415 415
     pauth_check_trap(env, el, GETPC());
416
-    return pauth_addpac(env, x, y, &env->apib_key, false);
416
+    return pauth_addpac(env, x, y, &env->keys.apib, false);
417 417
 }
418 418
 
419 419
 uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -423,7 +423,7 @@ uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
423 423
         return x;
424 424
     }
425 425
     pauth_check_trap(env, el, GETPC());
426
-    return pauth_addpac(env, x, y, &env->apda_key, true);
426
+    return pauth_addpac(env, x, y, &env->keys.apda, true);
427 427
 }
428 428
 
429 429
 uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -433,7 +433,7 @@ uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
433 433
         return x;
434 434
     }
435 435
     pauth_check_trap(env, el, GETPC());
436
-    return pauth_addpac(env, x, y, &env->apdb_key, true);
436
+    return pauth_addpac(env, x, y, &env->keys.apdb, true);
437 437
 }
438 438
 
439 439
 uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -441,7 +441,7 @@ uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
441 441
     uint64_t pac;
442 442
 
443 443
     pauth_check_trap(env, arm_current_el(env), GETPC());
444
-    pac = pauth_computepac(x, y, env->apga_key);
444
+    pac = pauth_computepac(x, y, env->keys.apga);
445 445
 
446 446
     return pac & 0xffffffff00000000ull;
447 447
 }
@@ -453,7 +453,7 @@ uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
453 453
         return x;
454 454
     }
455 455
     pauth_check_trap(env, el, GETPC());
456
-    return pauth_auth(env, x, y, &env->apia_key, false, 0);
456
+    return pauth_auth(env, x, y, &env->keys.apia, false, 0);
457 457
 }
458 458
 
459 459
 uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -463,7 +463,7 @@ uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
463 463
         return x;
464 464
     }
465 465
     pauth_check_trap(env, el, GETPC());
466
-    return pauth_auth(env, x, y, &env->apib_key, false, 1);
466
+    return pauth_auth(env, x, y, &env->keys.apib, false, 1);
467 467
 }
468 468
 
469 469
 uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -473,7 +473,7 @@ uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
473 473
         return x;
474 474
     }
475 475
     pauth_check_trap(env, el, GETPC());
476
-    return pauth_auth(env, x, y, &env->apda_key, true, 0);
476
+    return pauth_auth(env, x, y, &env->keys.apda, true, 0);
477 477
 }
478 478
 
479 479
 uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -483,7 +483,7 @@ uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
483 483
         return x;
484 484
     }
485 485
     pauth_check_trap(env, el, GETPC());
486
-    return pauth_auth(env, x, y, &env->apdb_key, true, 1);
486
+    return pauth_auth(env, x, y, &env->keys.apdb, true, 1);
487 487
 }
488 488
 
489 489
 uint64_t HELPER(xpaci)(CPUARMState *env, uint64_t a)

+ 3
- 2
target/i386/cpu.c View File

@@ -730,13 +730,14 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
730 730
           CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
731 731
           CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
732 732
           CPUID_EXT_XSAVE | /* CPUID_EXT_OSXSAVE is dynamic */   \
733
-          CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR)
733
+          CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR | \
734
+          CPUID_EXT_RDRAND)
734 735
           /* missing:
735 736
           CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
736 737
           CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
737 738
           CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
738 739
           CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_AVX,
739
-          CPUID_EXT_F16C, CPUID_EXT_RDRAND */
740
+          CPUID_EXT_F16C */
740 741
 
741 742
 #ifdef TARGET_X86_64
742 743
 #define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)

+ 2
- 0
target/i386/helper.h View File

@@ -226,3 +226,5 @@ DEF_HELPER_3(rcrl, tl, env, tl, tl)
226 226
 DEF_HELPER_3(rclq, tl, env, tl, tl)
227 227
 DEF_HELPER_3(rcrq, tl, env, tl, tl)
228 228
 #endif
229
+
230
+DEF_HELPER_1(rdrand, tl, env)

+ 21
- 0
target/i386/int_helper.c View File

@@ -22,6 +22,8 @@
22 22
 #include "exec/exec-all.h"
23 23
 #include "qemu/host-utils.h"
24 24
 #include "exec/helper-proto.h"
25
+#include "qapi/error.h"
26
+#include "qemu/guest-random.h"
25 27
 
26 28
 //#define DEBUG_MULDIV
27 29
 
@@ -470,3 +472,22 @@ void helper_cr4_testbit(CPUX86State *env, uint32_t bit)
470 472
         raise_exception_ra(env, EXCP06_ILLOP, GETPC());
471 473
     }
472 474
 }
475
+
476
+target_ulong HELPER(rdrand)(CPUX86State *env)
477
+{
478
+    Error *err = NULL;
479
+    target_ulong ret;
480
+
481
+    if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
482
+        qemu_log_mask(LOG_UNIMP, "rdrand: Crypto failure: %s",
483
+                      error_get_pretty(err));
484
+        error_free(err);
485
+        /* Failure clears CF and all other flags, and returns 0.  */
486
+        env->cc_src = 0;
487
+        return 0;
488
+    }
489
+
490
+    /* Success sets CF and clears all others.  */
491
+    env->cc_src = CC_C;
492
+    return ret;
493
+}

+ 47
- 15
target/i386/translate.c View File

@@ -5332,31 +5332,63 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
5332 5332
     case 0x1c7: /* cmpxchg8b */
5333 5333
         modrm = x86_ldub_code(env, s);
5334 5334
         mod = (modrm >> 6) & 3;
5335
-        if ((mod == 3) || ((modrm & 0x38) != 0x8))
5336
-            goto illegal_op;
5337
-#ifdef TARGET_X86_64
5338
-        if (dflag == MO_64) {
5339
-            if (!(s->cpuid_ext_features & CPUID_EXT_CX16))
5335
+        switch ((modrm >> 3) & 7) {
5336
+        case 1: /* CMPXCHG8, CMPXCHG16 */
5337
+            if (mod == 3) {
5340 5338
                 goto illegal_op;
5341
-            gen_lea_modrm(env, s, modrm);
5342
-            if ((s->prefix & PREFIX_LOCK) && (tb_cflags(s->base.tb) & CF_PARALLEL)) {
5343
-                gen_helper_cmpxchg16b(cpu_env, s->A0);
5344
-            } else {
5345
-                gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
5346 5339
             }
5347
-        } else
5340
+#ifdef TARGET_X86_64
5341
+            if (dflag == MO_64) {
5342
+                if (!(s->cpuid_ext_features & CPUID_EXT_CX16)) {
5343
+                    goto illegal_op;
5344
+                }
5345
+                gen_lea_modrm(env, s, modrm);
5346
+                if ((s->prefix & PREFIX_LOCK) &&
5347
+                    (tb_cflags(s->base.tb) & CF_PARALLEL)) {
5348
+                    gen_helper_cmpxchg16b(cpu_env, s->A0);
5349
+                } else {
5350
+                    gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
5351
+                }
5352
+                set_cc_op(s, CC_OP_EFLAGS);
5353
+                break;
5354
+            }
5348 5355
 #endif        
5349
-        {
5350
-            if (!(s->cpuid_features & CPUID_CX8))
5356
+            if (!(s->cpuid_features & CPUID_CX8)) {
5351 5357
                 goto illegal_op;
5358
+            }
5352 5359
             gen_lea_modrm(env, s, modrm);
5353
-            if ((s->prefix & PREFIX_LOCK) && (tb_cflags(s->base.tb) & CF_PARALLEL)) {
5360
+            if ((s->prefix & PREFIX_LOCK) &&
5361
+                (tb_cflags(s->base.tb) & CF_PARALLEL)) {
5354 5362
                 gen_helper_cmpxchg8b(cpu_env, s->A0);
5355 5363
             } else {
5356 5364
                 gen_helper_cmpxchg8b_unlocked(cpu_env, s->A0);
5357 5365
             }
5366
+            set_cc_op(s, CC_OP_EFLAGS);
5367
+            break;
5368
+
5369
+        case 7: /* RDSEED */
5370
+        case 6: /* RDRAND */
5371
+            if (mod != 3 ||
5372
+                (s->prefix & (PREFIX_LOCK | PREFIX_REPZ | PREFIX_REPNZ)) ||
5373
+                !(s->cpuid_ext_features & CPUID_EXT_RDRAND)) {
5374
+                goto illegal_op;
5375
+            }
5376
+            if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5377
+                gen_io_start();
5378
+            }
5379
+            gen_helper_rdrand(s->T0, cpu_env);
5380
+            rm = (modrm & 7) | REX_B(s);
5381
+            gen_op_mov_reg_v(s, dflag, rm, s->T0);
5382
+            set_cc_op(s, CC_OP_EFLAGS);
5383
+            if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5384
+                gen_io_end();
5385
+                gen_jmp(s, s->pc - s->cs_base);
5386
+            }
5387
+            break;
5388
+
5389
+        default:
5390
+            goto illegal_op;
5358 5391
         }
5359
-        set_cc_op(s, CC_OP_EFLAGS);
5360 5392
         break;
5361 5393
 
5362 5394
         /**************************/

+ 26
- 11
target/ppc/int_helper.c View File

@@ -23,6 +23,8 @@
23 23
 #include "exec/helper-proto.h"
24 24
 #include "crypto/aes.h"
25 25
 #include "fpu/softfloat.h"
26
+#include "qapi/error.h"
27
+#include "qemu/guest-random.h"
26 28
 
27 29
 #include "helper_regs.h"
28 30
 /*****************************************************************************/
@@ -158,24 +160,37 @@ uint32_t helper_cmpeqb(target_ulong ra, target_ulong rb)
158 160
 #undef hasvalue
159 161
 
160 162
 /*
161
- * Return invalid random number.
162
- *
163
- * FIXME: Add rng backend or other mechanism to get cryptographically suitable
164
- * random number
163
+ * Return a random number.
165 164
  */
166
-target_ulong helper_darn32(void)
165
+uint64_t helper_darn32(void)
167 166
 {
168
-    return -1;
167
+    Error *err = NULL;
168
+    uint32_t ret;
169
+
170
+    if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
171
+        qemu_log_mask(LOG_UNIMP, "darn: Crypto failure: %s",
172
+                      error_get_pretty(err));
173
+        error_free(err);
174
+        return -1;
175
+    }
176
+
177
+    return ret;
169 178
 }
170 179
 
171
-target_ulong helper_darn64(void)
180
+uint64_t helper_darn64(void)
172 181
 {
173
-    return -1;
174
-}
182
+    Error *err = NULL;
183
+    uint64_t ret;
175 184
 
176
-#endif
185
+    if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
186
+        qemu_log_mask(LOG_UNIMP, "darn: Crypto failure: %s",
187
+                      error_get_pretty(err));
188
+        error_free(err);
189
+        return -1;
190
+    }
177 191
 
178
-#if defined(TARGET_PPC64)
192
+    return ret;
193
+}
179 194
 
180 195
 uint64_t helper_bpermd(uint64_t rs, uint64_t rb)
181 196
 {

+ 15
- 6
target/ppc/translate.c View File

@@ -1847,13 +1847,22 @@ static void gen_darn(DisasContext *ctx)
1847 1847
 {
1848 1848
     int l = L(ctx->opcode);
1849 1849
 
1850
-    if (l == 0) {
1851
-        gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
1852
-    } else if (l <= 2) {
1853
-        /* Return 64-bit random for both CRN and RRN */
1854
-        gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
1855
-    } else {
1850
+    if (l > 2) {
1856 1851
         tcg_gen_movi_i64(cpu_gpr[rD(ctx->opcode)], -1);
1852
+    } else {
1853
+        if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
1854
+            gen_io_start();
1855
+        }
1856
+        if (l == 0) {
1857
+            gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
1858
+        } else {
1859
+            /* Return 64-bit random for both CRN and RRN */
1860
+            gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
1861
+        }
1862
+        if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
1863
+            gen_io_end();
1864
+            gen_stop_exception(ctx);
1865
+        }
1857 1866
     }
1858 1867
 }
1859 1868
 #endif

+ 23
- 30
ui/vnc.c View File

@@ -43,6 +43,7 @@
43 43
 #include "crypto/hash.h"
44 44
 #include "crypto/tlscredsanon.h"
45 45
 #include "crypto/tlscredsx509.h"
46
+#include "crypto/random.h"
46 47
 #include "qom/object_interfaces.h"
47 48
 #include "qemu/cutils.h"
48 49
 #include "io/dns-resolver.h"
@@ -2535,14 +2536,16 @@ void start_client_init(VncState *vs)
2535 2536
     vnc_read_when(vs, protocol_client_init, 1);
2536 2537
 }
2537 2538
 
2538
-static void make_challenge(VncState *vs)
2539
+static void authentication_failed(VncState *vs)
2539 2540
 {
2540
-    int i;
2541
-
2542
-    srand(time(NULL)+getpid()+getpid()*987654+rand());
2543
-
2544
-    for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2545
-        vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2541
+    vnc_write_u32(vs, 1); /* Reject auth */
2542
+    if (vs->minor >= 8) {
2543
+        static const char err[] = "Authentication failed";
2544
+        vnc_write_u32(vs, sizeof(err));
2545
+        vnc_write(vs, err, sizeof(err));
2546
+    }
2547
+    vnc_flush(vs);
2548
+    vnc_client_error(vs);
2546 2549
 }
2547 2550
 
2548 2551
 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
@@ -2609,21 +2612,23 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2609 2612
     return 0;
2610 2613
 
2611 2614
 reject:
2612
-    vnc_write_u32(vs, 1); /* Reject auth */
2613
-    if (vs->minor >= 8) {
2614
-        static const char err[] = "Authentication failed";
2615
-        vnc_write_u32(vs, sizeof(err));
2616
-        vnc_write(vs, err, sizeof(err));
2617
-    }
2618
-    vnc_flush(vs);
2619
-    vnc_client_error(vs);
2615
+    authentication_failed(vs);
2620 2616
     qcrypto_cipher_free(cipher);
2621 2617
     return 0;
2622 2618
 }
2623 2619
 
2624 2620
 void start_auth_vnc(VncState *vs)
2625 2621
 {
2626
-    make_challenge(vs);
2622
+    Error *err = NULL;
2623
+
2624
+    if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2625
+        trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2626
+                            error_get_pretty(err));
2627
+        error_free(err);
2628
+        authentication_failed(vs);
2629
+        return;
2630
+    }
2631
+
2627 2632
     /* Send client a 'random' challenge */
2628 2633
     vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2629 2634
     vnc_flush(vs);
@@ -2638,13 +2643,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2638 2643
      * must pick the one we sent. Verify this */
2639 2644
     if (data[0] != vs->auth) { /* Reject auth */
2640 2645
        trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2641
-       vnc_write_u32(vs, 1);
2642
-       if (vs->minor >= 8) {
2643
-           static const char err[] = "Authentication failed";
2644
-           vnc_write_u32(vs, sizeof(err));
2645
-           vnc_write(vs, err, sizeof(err));
2646
-       }
2647
-       vnc_client_error(vs);
2646
+       authentication_failed(vs);
2648 2647
     } else { /* Accept requested auth */
2649 2648
        trace_vnc_auth_start(vs, vs->auth);
2650 2649
        switch (vs->auth) {
@@ -2673,13 +2672,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2673 2672
 
2674 2673
        default: /* Should not be possible, but just in case */
2675 2674
            trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2676
-           vnc_write_u8(vs, 1);
2677
-           if (vs->minor >= 8) {
2678
-               static const char err[] = "Authentication failed";
2679
-               vnc_write_u32(vs, sizeof(err));
2680
-               vnc_write(vs, err, sizeof(err));
2681
-           }
2682
-           vnc_client_error(vs);
2675
+           authentication_failed(vs);
2683 2676
        }
2684 2677
     }
2685 2678
     return 0;

+ 1
- 0
util/Makefile.objs View File

@@ -54,5 +54,6 @@ util-obj-y += iova-tree.o
54 54
 util-obj-$(CONFIG_INOTIFY1) += filemonitor-inotify.o
55 55
 util-obj-$(CONFIG_LINUX) += vfio-helpers.o
56 56
 util-obj-$(CONFIG_OPENGL) += drm.o
57
+util-obj-y += guest-random.o
57 58
 
58 59
 stub-obj-y += filemonitor-stub.o

+ 93
- 0
util/guest-random.c View File

@@ -0,0 +1,93 @@
1
+/*
2
+ * QEMU guest-visible random functions
3
+ *
4
+ * Copyright 2019 Linaro, Ltd.
5
+ *
6
+ * This program is free software; you can redistribute it and/or modify it
7
+ * under the terms of the GNU General Public License as published by the Free
8
+ * Software Foundation; either version 2 of the License, or (at your option)
9
+ * any later version.
10
+ */
11
+
12
+#include "qemu/osdep.h"
13
+#include "qemu-common.h"
14
+#include "qemu/cutils.h"
15
+#include "qapi/error.h"
16
+#include "qemu/guest-random.h"
17
+#include "crypto/random.h"
18
+
19
+
20
+static __thread GRand *thread_rand;
21
+static bool deterministic;
22
+
23
+
24
+static int glib_random_bytes(void *buf, size_t len)
25
+{
26
+    GRand *rand = thread_rand;
27
+    size_t i;
28
+    uint32_t x;
29
+
30
+    if (unlikely(rand == NULL)) {
31
+        /* Thread not initialized for a cpu, or main w/o -seed.  */
32
+        thread_rand = rand = g_rand_new();
33
+    }
34
+
35
+    for (i = 0; i + 4 <= len; i += 4) {
36
+        x = g_rand_int(rand);
37
+        __builtin_memcpy(buf + i, &x, 4);
38
+    }
39
+    if (i < len) {
40
+        x = g_rand_int(rand);
41
+        __builtin_memcpy(buf + i, &x, i - len);
42
+    }
43
+    return 0;
44
+}
45
+
46
+int qemu_guest_getrandom(void *buf, size_t len, Error **errp)
47
+{
48
+    if (unlikely(deterministic)) {
49
+        /* Deterministic implementation using Glib's Mersenne Twister.  */
50
+        return glib_random_bytes(buf, len);
51
+    } else {
52
+        /* Non-deterministic implementation using crypto routines.  */
53
+        return qcrypto_random_bytes(buf, len, errp);
54
+    }
55
+}
56
+
57
+void qemu_guest_getrandom_nofail(void *buf, size_t len)
58
+{
59
+    qemu_guest_getrandom(buf, len, &error_fatal);
60
+}
61
+
62
+uint64_t qemu_guest_random_seed_thread_part1(void)
63
+{
64
+    if (deterministic) {
65
+        uint64_t ret;
66
+        glib_random_bytes(&ret, sizeof(ret));
67
+        return ret;
68
+    }
69
+    return 0;
70
+}
71
+
72
+void qemu_guest_random_seed_thread_part2(uint64_t seed)
73
+{
74
+    g_assert(thread_rand == NULL);
75
+    if (deterministic) {
76
+        thread_rand =
77
+            g_rand_new_with_seed_array((const guint32 *)&seed,
78
+                                       sizeof(seed) / sizeof(guint32));
79
+    }
80
+}
81
+
82
+int qemu_guest_random_seed_main(const char *optarg, Error **errp)
83
+{
84
+    unsigned long long seed;
85
+    if (parse_uint_full(optarg, &seed, 0)) {
86
+        error_setg(errp, "Invalid seed number: %s", optarg);
87
+        return -1;
88
+    } else {
89
+        deterministic = true;
90
+        qemu_guest_random_seed_thread_part2(seed);
91
+        return 0;
92
+    }
93
+}

+ 4
- 0
vl.c View File

@@ -128,6 +128,7 @@ int main(int argc, char **argv)
128 128
 #include "qapi/qapi-commands-ui.h"
129 129
 #include "qapi/qmp/qerror.h"
130 130
 #include "sysemu/iothread.h"
131
+#include "qemu/guest-random.h"
131 132
 
132 133
 #define MAX_VIRTIO_CONSOLES 1
133 134
 
@@ -3349,6 +3350,9 @@ int main(int argc, char **argv, char **envp)
3349 3350
             case QEMU_OPTION_DFILTER:
3350 3351
                 qemu_set_dfilter_ranges(optarg, &error_fatal);
3351 3352
                 break;
3353
+            case QEMU_OPTION_seed:
3354
+                qemu_guest_random_seed_main(optarg, &error_fatal);
3355
+                break;
3352 3356
             case QEMU_OPTION_s:
3353 3357
                 add_device_config(DEV_GDB, "tcp::" DEFAULT_GDBSTUB_PORT);
3354 3358
                 break;

Loading…
Cancel
Save