Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snapsafe-type uniqueness breaking event detection #1640

Merged
merged 17 commits into from
Jun 20, 2024
Merged

Snapsafe-type uniqueness breaking event detection #1640

merged 17 commits into from
Jun 20, 2024

Conversation

justsmth
Copy link
Contributor

@justsmth justsmth commented Jun 17, 2024
edited
Loading

Issues:

  • Resolves: CryptoAlg-2505

Description of changes:

  • Add support for Snapsafe-type uniqueness breaking event detection on Linux using SysGenID (/dev/sysgenid). Adds 4 new (internal-use) functions:
    • int CRYPTO_get_snapsafe_generation(uint32_t *snapsafe_generation_number);
    • int CRYPTO_get_snapsafe_active(void);
    • int CRYPTO_get_snapsafe_supported(void);
    • const char *CRYPTO_get_sysgenid_path(void);

Call-outs:

New build flags added:

  • TEST_SYSGENID_PATH -- a temporary file path that will be used for testing. The user executing the test must have permission read/write to this path and it must be created prior to running the tests.

Testing:

  • Added new "SnapsafeGenerationTest" test-suite. The test logic differs by platform.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@justsmth justsmth force-pushed the snap-safe branch 2 times, most recently from 862776d to 65e631f Compare June 17, 2024 21:46
andrewhop
andrewhop reviewed Jun 17, 2024
View reviewed changes
crypto/fipsmodule/rand/rand.c Show resolved Hide resolved
crypto/fipsmodule/rand/rand.c Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/snapsafe_detect.c Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/snapsafe_detect.c Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/snapsafe_detect.c Show resolved Hide resolved
crypto/fipsmodule/rand/snapsafe_detect_test.cc Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/snapsafe_detect_test.cc Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/snapsafe_detect_test.cc Outdated Show resolved Hide resolved
@justsmth justsmth marked this pull request as ready for review June 18, 2024 13:50
@justsmth justsmth requested a review from a team as a code owner June 18, 2024 13:50
@justsmth justsmth changed the title [DRAFT] Snapsafe-type uniqueness breaking event detection Snapsafe-type uniqueness breaking event detection Jun 18, 2024
@justsmth justsmth force-pushed the snap-safe branch 2 times, most recently from 58ad6b2 to b2a37c3 Compare June 18, 2024 16:55
@dkostic dkostic requested review from torben-hansen and dkostic June 18, 2024 17:32
torben-hansen
torben-hansen reviewed Jun 18, 2024
View reviewed changes
Copy link
Contributor

@torben-hansen torben-hansen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still need to review crypto/fipsmodule/rand/snapsafe_*

BUILDING.md Outdated Show resolved Hide resolved
CMakeLists.txt Outdated Show resolved Hide resolved
crypto/fipsmodule/bcm.c Outdated Show resolved Hide resolved
util/build_compilation_database.sh Outdated Show resolved Hide resolved
util/all_tests.json Outdated Show resolved Hide resolved
tests/ci/run_posix_tests.sh Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/rand.c Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/rand.c Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/rand.c Outdated Show resolved Hide resolved
crypto/fipsmodule/rand/rand.c Outdated Show resolved Hide resolved
andrewhop
andrewhop reviewed Jun 18, 2024
View reviewed changes
Copy link
Contributor

@andrewhop andrewhop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Core change looks good to me, ship it pending urandom test fix.

crypto/fipsmodule/rand/snapsafe_detect.c Outdated Show resolved Hide resolved
@justsmth justsmth force-pushed the snap-safe branch 2 times, most recently from de6ed05 to afd1ac0 Compare June 19, 2024 00:13
@justsmth justsmth force-pushed the snap-safe branch 3 times, most recently from f247920 to de1ea99 Compare June 19, 2024 01:03
@justsmth justsmth force-pushed the snap-safe branch 7 times, most recently from 4d70027 to 044c69d Compare June 19, 2024 16:36
torben-hansen
torben-hansen reviewed Jun 19, 2024
View reviewed changes
crypto/fipsmodule/rand/snapsafe_detect.h Outdated Show resolved Hide resolved
crypto/internal.h Show resolved Hide resolved
@justsmth @torben-hansen
Update snapsafe_detect.h
a2b82e7 
Co-authored-by: torben-hansen <[email protected]>
torben-hansen
torben-hansen previously approved these changes Jun 19, 2024
View reviewed changes
crypto/fipsmodule/rand/rand.c Outdated Show resolved Hide resolved
@justsmth @torben-hansen
Update rand.c
f1afb57 
Co-authored-by: torben-hansen <[email protected]>
@justsmth justsmth merged commit f31fd31 into aws:main Jun 20, 2024
96 of 99 checks passed
@justsmth justsmth deleted the snap-safe branch June 20, 2024 11:22
justsmth added a commit to justsmth/aws-lc that referenced this pull request Jun 20, 2024
@justsmth
Snapsafe-type uniqueness breaking event detection (aws#1640)
291212a 
(cherry picked from commit f31fd31)
@justsmth justsmth mentioned this pull request Jun 20, 2024
Merged
justsmth added a commit that referenced this pull request Jun 20, 2024
@justsmth
Snapsafe-type uniqueness breaking event detection (#1640) (#1648)
a3a86b5 
(cherry picked from commit f31fd31)

### Description of changes: 
Backport of Snapsafe UBE detection change to the fips-2022-11-02 branch.
Original PR is here: #1640

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewhop andrewhop andrewhop left review comments

@WillChilds-Klein WillChilds-Klein WillChilds-Klein left review comments

@lilpoozie2005 lilpoozie2005 lilpoozie2005 approved these changes

@torben-hansen torben-hansen torben-hansen approved these changes

@dkostic dkostic dkostic approved these changes

Assignees
No one assigned
Labels
reviewers-assigned
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@justsmth @WillChilds-Klein @dkostic @andrewhop @torben-hansen @lilpoozie2005