exo2: implement GenerateRandomBytes

This commit is contained in:
Michael Scire 2020-05-15 03:23:31 -07:00 committed by SciresM
parent 6bf283ec2e
commit fa64bf4951
6 changed files with 101 additions and 7 deletions

View file

@ -21,8 +21,6 @@ namespace ams::secmon::smc {
namespace { namespace {
constexpr inline size_t MaxRandomBytes = sizeof(SmcArguments) - sizeof(SmcArguments{}.r[0]);
constinit int g_random_offset_low = 0; constinit int g_random_offset_low = 0;
constinit int g_random_offset_high = 0; constinit int g_random_offset_high = 0;

View file

@ -19,6 +19,8 @@
namespace ams::secmon::smc { namespace ams::secmon::smc {
constexpr inline size_t MaxRandomBytes = sizeof(SmcArguments) - sizeof(SmcArguments{}.r[0]);
void FillRandomCache(); void FillRandomCache();
void RefillRandomCache(); void RefillRandomCache();
void GetRandomFromCache(void *dst, size_t size); void GetRandomFromCache(void *dst, size_t size);

View file

@ -22,7 +22,7 @@ namespace ams::secmon::smc {
Success = 0, Success = 0,
NotImplemented = 1, NotImplemented = 1,
InvalidArgument = 2, InvalidArgument = 2,
InProgress = 3, Busy = 3,
NoAsyncOperation = 4, NoAsyncOperation = 4,
InvalidAsyncOperation = 5, InvalidAsyncOperation = 5,
NotPermitted = 6, NotPermitted = 6,

View file

@ -16,17 +16,69 @@
#include <exosphere.hpp> #include <exosphere.hpp>
#include "../secmon_error.hpp" #include "../secmon_error.hpp"
#include "secmon_smc_random.hpp" #include "secmon_smc_random.hpp"
#include "secmon_random_cache.hpp"
#include "secmon_smc_se_lock.hpp"
namespace ams::secmon::smc { namespace ams::secmon::smc {
namespace {
SmcResult GenerateRandomBytesImpl(SmcArguments &args) {
/* Validate the input size. */
const size_t size = args.r[1];
if (size > MaxRandomBytes) {
return SmcResult::InvalidArgument;
}
/* Create a buffer that the se can generate bytes into. */
util::AlignedBuffer<hw::DataCacheLineSize, MaxRandomBytes> buffer;
hw::FlushDataCache(buffer, size);
hw::DataSynchronizationBarrierInnerShareable();
/* Generate random bytes into the buffer. */
se::GenerateRandomBytes(buffer, size);
/* Ensure that the cpu sees consistent data. */
hw::DataSynchronizationBarrierInnerShareable();
hw::FlushDataCache(buffer, size);
hw::DataSynchronizationBarrierInnerShareable();
/* Copy the bytes to output. */
std::memcpy(std::addressof(args.r[1]), buffer, size);
return SmcResult::Success;
}
}
SmcResult SmcGenerateRandomBytes(SmcArguments &args) { SmcResult SmcGenerateRandomBytes(SmcArguments &args) {
/* TODO */ return LockSecurityEngineAndInvoke(args, GenerateRandomBytesImpl);
return SmcResult::NotImplemented;
} }
SmcResult SmcGenerateRandomBytesNonBlocking(SmcArguments &args) { SmcResult SmcGenerateRandomBytesNonBlocking(SmcArguments &args) {
/* TODO */ /* Try to lock the security engine, so that we can call the standard impl. */
return SmcResult::NotImplemented; if (TryLockSecurityEngine()) {
/* Ensure we unlock the security engine when done. */
ON_SCOPE_EXIT { UnlockSecurityEngine(); };
/* Take advantage of our lock to refill lthe random cache. */
ON_SCOPE_EXIT { RefillRandomCache(); };
/* If we lock it successfully, we can just call the blocking impl. */
return GenerateRandomBytesImpl(args);
} else {
/* Otherwise, we'll retrieve some bytes from the cache. */
const size_t size = args.r[1];
/* Validate the input size. */
if (size > MaxRandomBytes) {
return SmcResult::InvalidArgument;
}
/* Get random bytes from the cache. */
GetRandomFromCache(std::addressof(args.r[1]), size);
return SmcResult::Success;
}
} }
} }

View file

@ -38,4 +38,41 @@ namespace ams::secmon::smc {
return g_is_locked; return g_is_locked;
} }
SmcResult LockSecurityEngineAndInvoke(SmcArguments &args, SmcHandler impl) {
/* Try to lock the SE. */
if (!TryLockSecurityEngine()) {
return SmcResult::Busy;
}
ON_SCOPE_EXIT { UnlockSecurityEngine(); };
return impl(args);
}
SmcResult LockSecurityEngineAndInvokeAsync(SmcArguments &args, SmcHandler impl, GetResultHandler result_handler) {
SmcResult result = SmcResult::Busy;
/* Try to lock the security engine. */
if (TryLockSecurityEngine()) {
/* Try to start an async operation. */
if (const u64 async_key = BeginAsyncOperation(result_handler); async_key != InvalidAsyncKey) {
/* Invoke the operation. */
result = impl(args);
/* If the operation was successful, return the key. */
if (result == SmcResult::Success) {
args.r[1] = async_key;
return SmcResult::Success;
}
/* Otherwise, cancel the async operation. */
CancelAsyncOperation(async_key);
}
/* We failed to invoke the async op, so unlock the security engine. */
UnlockSecurityEngine();
}
return result;
}
} }

View file

@ -16,6 +16,8 @@
#pragma once #pragma once
#include <exosphere.hpp> #include <exosphere.hpp>
#include "secmon_smc_common.hpp" #include "secmon_smc_common.hpp"
#include "secmon_smc_handler.hpp"
#include "secmon_smc_result.hpp"
namespace ams::secmon::smc { namespace ams::secmon::smc {
@ -23,4 +25,7 @@ namespace ams::secmon::smc {
void UnlockSecurityEngine(); void UnlockSecurityEngine();
bool IsSecurityEngineLocked(); bool IsSecurityEngineLocked();
SmcResult LockSecurityEngineAndInvoke(SmcArguments &args, SmcHandler impl);
SmcResult LockSecurityEngineAndInvokeAsync(SmcArguments &args, SmcHandler impl, GetResultHandler result_handler);
} }