feat: hash superkey

Author: bmax

.github/workflows/build.yml

@@ -64,10 +64,6 @@ jobs:
           make
           mv syscallhook.kpm demo-syscallhook.kpm
 
-          cd ../make-shamiko-happy
-          make
-          mv syscallhook.kpm demo-make-shamiko-happy.kpm
-
       - name: Upload elf
         uses: actions/upload-artifact@v3
         with:
@@ -87,7 +83,6 @@ jobs:
             kpms/demo-hello/demo-hello.kpm
             kpms/demo-inlinehook/demo-inlinehook.kpm
             kpms/demo-syscallhook/demo-syscallhook.kpm
-            kpms/make-shamiko-happy/demo-make-shamiko-happy.kpm
           generateReleaseNotes: true
           omitBodyDuringUpdate: true
           allowUpdates: true

.github/workflows/build_dev.yml

@@ -72,9 +72,6 @@ jobs:
           make
           mv syscallhook.kpm demo-syscallhook.kpm
 
-          cd ../make-shamiko-happy
-          make
-
       - name: Upload elf
         uses: actions/upload-artifact@v3
         with:
@@ -95,7 +92,6 @@ jobs:
             kpms/demo-hello/demo-hello.kpm
             kpms/demo-inlinehook/demo-inlinehook.kpm
             kpms/demo-syscallhook/demo-syscallhook.kpm
-            kpms/make-shamiko-happy/shamiko.kpm
           generateReleaseNotes: true
           allowUpdates: true
           replacesArtifacts: true

kernel/Makefile

@@ -35,6 +35,7 @@ BASE_SRCS += base/hmem.c
 BASE_SRCS += base/predata.c 
 BASE_SRCS += base/symbol.c 
 BASE_SRCS += base/baselib.c 
+BASE_SRCS += base/sha256.c 
 
 BASE_SRCS += $(wildcard patch/*.c)
 BASE_SRCS += $(wildcard patch/common/*.c)

kernel/base/baselib.c

@@ -277,7 +277,7 @@ char *lib_strncpy(char *dst, const char *src, size_t n)
         *q++ = ch = *p++;
         if (!ch) break;
     }
-    lib_memset(q, 0, n);
+    *q = '\0';
     return dst;
 }
 

kernel/base/predata.c

@@ -6,6 +6,7 @@
 #include <predata.h>
 #include <common.h>
 #include <log.h>
+#include <sha256.h>
 
 #include "start.h"
 #include "pgtable.h"
@@ -14,11 +15,54 @@
 extern start_preset_t start_preset;
 
 static char *superkey = 0;
+static char *root_superkey = 0;
 static struct patch_symbol *patch_symbol = 0;
 
-int superkey_auth(const char *key)
+static const char bstr[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+static uint64_t _rand_next = 1000000007;
+static int enable_root_key = 1;
+
+int auth_superkey(const char *key)
+{
+    int rc = 0;
+    rc = lib_strncmp(superkey, key, SUPER_KEY_LEN);
+    if (!rc) return rc;
+
+    if (!enable_root_key) return rc;
+
+    BYTE hash[SHA256_BLOCK_SIZE];
+    SHA256_CTX ctx;
+    sha256_init(&ctx);
+    sha256_update(&ctx, (const BYTE *)key, lib_strnlen(key, SUPER_KEY_LEN));
+    sha256_final(&ctx, hash);
+    int len = SHA256_BLOCK_SIZE > ROOT_SUPER_KEY_HASH_LEN ? ROOT_SUPER_KEY_HASH_LEN : SHA256_BLOCK_SIZE;
+    rc = lib_memcmp(root_superkey, hash, len);
+
+    static int first_time = 1;
+    if (!rc && first_time) {
+        first_time = 0;
+        reset_superkey(key);
+    }
+
+    return rc;
+}
+
+void reset_superkey(const char *key)
 {
-    return lib_strncmp(superkey, key, SUPER_KEY_LEN);
+    lib_strncpy(superkey, key, SUPER_KEY_LEN - 1);
+    superkey[SUPER_KEY_LEN - 1] = '\0';
+}
+
+void enable_auth_root_key(int enable)
+{
+    enable_root_key = enable;
+}
+
+uint64_t rand_next()
+{
+    _rand_next = 1103515245 * _rand_next + 12345;
+    return _rand_next;
 }
 
 const char *get_superkey()
@@ -56,6 +100,29 @@ int on_each_extra_item(int (*callback)(const patch_extra_item_t *extra, const ch
 void predata_init()
 {
     superkey = (char *)start_preset.superkey;
+    root_superkey = (char *)start_preset.root_superkey;
+    char *compile_time = start_preset.header.compile_time;
+
+    // RNG
+    _rand_next *= kernel_va;
+    _rand_next *= kver;
+    _rand_next *= kpver;
+    _rand_next *= _kp_region_start;
+    _rand_next *= _kp_region_end;
+    if (*(uint64_t *)compile_time) _rand_next *= *(uint64_t *)compile_time;
+    if (*(uint64_t *)(superkey)) _rand_next *= *(uint64_t *)(superkey);
+    if (*(uint64_t *)(root_superkey)) _rand_next *= *(uint64_t *)(root_superkey);
+
+    // random key
+    if (lib_strnlen(superkey, SUPER_KEY_LEN) <= 0) {
+        int len = SUPER_KEY_LEN > 16 ? 16 : SUPER_KEY_LEN;
+        len--;
+        for (int i = 0; i < len; ++i) {
+            uint64_t rand = rand_next() % (sizeof(bstr) - 1);
+            superkey[i] = bstr[rand];
+        }
+    }
+    log_boot("gen rand key: %s\n", superkey);
 
     patch_symbol = &start_preset.patch_symbol;
 
@@ -64,4 +131,6 @@ void predata_init()
         uintptr_t *p = (uintptr_t *)addr;
         if (*p) *p += kernel_va;
     }
+
+    dsb(ish);
 }

kernel/base/setup1.S

@@ -103,6 +103,12 @@ start_prepare:
     mov x2, #SUPER_KEY_LEN
     bl memcpy8
 
+    // memcpy(start_preset.root_superkey, setup_preset.root_superkey, ROOT_SUPER_KEY_HASH_LEN);
+    add x0, x11, #start_root_superkey_offset;
+    add x1, x10, #setup_root_superkey_offset
+    mov x2, #ROOT_SUPER_KEY_HASH_LEN
+    bl memcpy8
+
     // memcpy(&start_preset.patch_symbol, &setup_preset.patch_symbol, sizeof(header.patch_symbol));
     add x0, x11, #start_patch_symbol_offset;
     add x1, x10, #setup_patch_symbol_offset

kernel/base/sha256.c

@@ -0,0 +1,156 @@
+/*********************************************************************
+* Filename:   sha256.c
+* Author:     Brad Conte (brad AT bradconte.com)
+* Copyright:
+* Disclaimer: This code is presented "as is" without any guarantees.
+* Details:    Implementation of the SHA-256 hashing algorithm.
+              SHA-256 is one of the three algorithms in the SHA2
+              specification. The others, SHA-384 and SHA-512, are not
+              offered in this implementation.
+              Algorithm specification can be found here:
+               * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
+              This implementation uses little endian byte order.
+*********************************************************************/
+
+/*************************** HEADER FILES ***************************/
+#include "sha256.h"
+
+/****************************** MACROS ******************************/
+#define ROTLEFT(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
+#define ROTRIGHT(a, b) (((a) >> (b)) | ((a) << (32 - (b))))
+
+#define CH(x, y, z) (((x) & (y)) ^ (~(x) & (z)))
+#define MAJ(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define EP0(x) (ROTRIGHT(x, 2) ^ ROTRIGHT(x, 13) ^ ROTRIGHT(x, 22))
+#define EP1(x) (ROTRIGHT(x, 6) ^ ROTRIGHT(x, 11) ^ ROTRIGHT(x, 25))
+#define SIG0(x) (ROTRIGHT(x, 7) ^ ROTRIGHT(x, 18) ^ ((x) >> 3))
+#define SIG1(x) (ROTRIGHT(x, 17) ^ ROTRIGHT(x, 19) ^ ((x) >> 10))
+
+/**************************** VARIABLES *****************************/
+static const WORD k[64] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4,
+                            0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe,
+                            0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f,
+                            0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+                            0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc,
+                            0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
+                            0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116,
+                            0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+                            0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7,
+                            0xc67178f2 };
+
+/*********************** FUNCTION DEFINITIONS ***********************/
+void sha256_transform(SHA256_CTX *ctx, const BYTE data[])
+{
+    WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64];
+
+    for (i = 0, j = 0; i < 16; ++i, j += 4)
+        m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]);
+    for (; i < 64; ++i)
+        m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
+
+    a = ctx->state[0];
+    b = ctx->state[1];
+    c = ctx->state[2];
+    d = ctx->state[3];
+    e = ctx->state[4];
+    f = ctx->state[5];
+    g = ctx->state[6];
+    h = ctx->state[7];
+
+    for (i = 0; i < 64; ++i) {
+        t1 = h + EP1(e) + CH(e, f, g) + k[i] + m[i];
+        t2 = EP0(a) + MAJ(a, b, c);
+        h = g;
+        g = f;
+        f = e;
+        e = d + t1;
+        d = c;
+        c = b;
+        b = a;
+        a = t1 + t2;
+    }
+
+    ctx->state[0] += a;
+    ctx->state[1] += b;
+    ctx->state[2] += c;
+    ctx->state[3] += d;
+    ctx->state[4] += e;
+    ctx->state[5] += f;
+    ctx->state[6] += g;
+    ctx->state[7] += h;
+}
+
+void sha256_init(SHA256_CTX *ctx)
+{
+    ctx->datalen = 0;
+    ctx->bitlen = 0;
+    ctx->state[0] = 0x6a09e667;
+    ctx->state[1] = 0xbb67ae85;
+    ctx->state[2] = 0x3c6ef372;
+    ctx->state[3] = 0xa54ff53a;
+    ctx->state[4] = 0x510e527f;
+    ctx->state[5] = 0x9b05688c;
+    ctx->state[6] = 0x1f83d9ab;
+    ctx->state[7] = 0x5be0cd19;
+}
+
+void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len)
+{
+    WORD i;
+
+    for (i = 0; i < len; ++i) {
+        ctx->data[ctx->datalen] = data[i];
+        ctx->datalen++;
+        if (ctx->datalen == 64) {
+            sha256_transform(ctx, ctx->data);
+            ctx->bitlen += 512;
+            ctx->datalen = 0;
+        }
+    }
+}
+
+void sha256_final(SHA256_CTX *ctx, BYTE hash[])
+{
+    WORD i;
+
+    i = ctx->datalen;
+
+    // Pad whatever data is left in the buffer.
+    if (ctx->datalen < 56) {
+        ctx->data[i++] = 0x80;
+        while (i < 56)
+            ctx->data[i++] = 0x00;
+    } else {
+        ctx->data[i++] = 0x80;
+        while (i < 64)
+            ctx->data[i++] = 0x00;
+        sha256_transform(ctx, ctx->data);
+        for (int i = 0; i < 56; i++)
+            ctx->data[i] = 0;
+    }
+
+    // Append to the padding the total message's length in bits and transform.
+    ctx->bitlen += ctx->datalen * 8;
+    ctx->data[63] = ctx->bitlen;
+    ctx->data[62] = ctx->bitlen >> 8;
+    ctx->data[61] = ctx->bitlen >> 16;
+    ctx->data[60] = ctx->bitlen >> 24;
+    ctx->data[59] = ctx->bitlen >> 32;
+    ctx->data[58] = ctx->bitlen >> 40;
+    ctx->data[57] = ctx->bitlen >> 48;
+    ctx->data[56] = ctx->bitlen >> 56;
+    sha256_transform(ctx, ctx->data);
+
+    // Since this implementation uses little endian byte ordering and SHA uses big endian,
+    // reverse all the bytes when copying the final state to the output hash.
+    for (i = 0; i < 4; ++i) {
+        hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff;
+        hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff;
+    }
+}

kernel/base/start.h

@@ -23,6 +23,7 @@ typedef struct
     int64_t map_backup_len;
     uint8_t map_backup[MAP_MAX_SIZE];
     uint8_t superkey[SUPER_KEY_LEN];
+    uint8_t root_superkey[ROOT_SUPER_KEY_HASH_LEN];
     patch_symbol_t patch_symbol;
 } start_preset_t;
 #else
@@ -37,7 +38,8 @@ typedef struct
 #define start_map_backup_len_offset (start_map_offset_offset + 8)
 #define start_map_backup_offset (start_map_backup_len_offset + 8)
 #define start_superkey_offset (start_map_backup_offset + MAP_MAX_SIZE)
-#define start_patch_symbol_offset (start_superkey_offset + SUPER_KEY_LEN)
+#define start_root_superkey_offset (start_superkey_offset + SUPER_KEY_LEN)
+#define start_patch_symbol_offset (start_root_superkey_offset + ROOT_SUPER_KEY_HASH_LEN)
 #define start_patch_extra_offset_offset (start_patch_symbol_offset + PATCH_SYMBOL_LEN)
 #define start_patch_extra_size_offset (start_patch_extra_offset_offset + 8)
 #define start_end (start_patch_extra_size_offset + 8)

kernel/include/predata.h

@@ -9,10 +9,15 @@
 #include <ktypes.h>
 #include <preset.h>
 
-int superkey_auth(const char *key);
+int auth_superkey(const char *key);
+void reset_superkey(const char *key);
+void enable_auth_root_key(int skip_hash);
 const char *get_superkey();
+
+uint64_t rand_next();
 uint64_t get_build_config();
 struct patch_symbol *get_preset_patch_sym();
+
 int on_each_extra_item(int (*callback)(const patch_extra_item_t *extra, const char *arg, const void *data, void *udata),
                        void *udata);