Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime, syscall: use get_random_bytes syscall instead of SRPC on NaCl #9870

Closed
jamesr opened this issue Feb 13, 2015 · 6 comments
Closed

runtime, syscall: use get_random_bytes syscall instead of SRPC on NaCl #9870

jamesr opened this issue Feb 13, 2015 · 6 comments

Comments

@jamesr
Copy link

jamesr commented Feb 13, 2015

Native Client has a get_random_bytes syscall supported since pepper_39 that can be used to generate random bytes:

https://code.google.com/p/chromium/codesearch#chromium/src/native_client/src/trusted/service_runtime/include/bits/nacl_syscalls.h&sq=package:chromium&type=cs&l=128&rcl=1423805234

The nacl IRT calls it thusly:

https://code.google.com/p/chromium/codesearch#chromium/src/native_client/src/untrusted/irt/irt_random.c&sq=package:chromium&type=cs&q=get_random_bytes&l=20

If we're OK with depending on this (which means running on sel_ldrs from pepper_39 or newer) then we can call this directly instead of going through SRPC to look up the SecureRandom service. It appears that this is the only use of srpc in go, so we could additionally remove the SRPC support entirely as newer nacl features are not exported in this manner.

@davecheney
Copy link
Contributor

I think this is a good idea. I'm almost certain that the nacl/arm builder
needs pepper_39 at least, so this isn't a big imposition.

On Sat, Feb 14, 2015 at 9:40 AM, James Robinson notifications@github.com
wrote:

Native Client has a get_random_bytes syscall supported since pepper_39
that can be used to generate random bytes:

https://code.google.com/p/chromium/codesearch#chromium/src/native_client/src/trusted/service_runtime/include/bits/nacl_syscalls.h&sq=package:chromium&type=cs&l=128&rcl=1423805234

The nacl IRT calls it thusly:

https://code.google.com/p/chromium/codesearch#chromium/src/native_client/src/untrusted/irt/irt_random.c&sq=package:chromium&type=cs&q=get_random_bytes&l=20

If we're OK with depending on this (which means running on sel_ldrs from
pepper_39 or newer) then we can call this directly instead of going through
SRPC to look up the SecureRandom service. It appears that this is the only
use of srpc in go, so we could additionally remove the SRPC support
entirely as newer nacl features are not exported in this manner.


Reply to this email directly or view it on GitHub
#9870.

@jamesr
Copy link
Author

jamesr commented Feb 13, 2015

Great! Do you know if the other builders require something that new?

@davecheney
Copy link
Contributor

I had a quick look at the scripts which generate the base vm image for the
linux-nacl-{386,amd64} builders but it wasn't clear

https://github.com/golang/build/blob/master/env/linux-x86-nacl/scripts/build-go-builder.sh

@bradfiz which pepper version were those components taken from ?

As for the nacl/arm build, that runs on a dev board on my desk, I can
adjust it as necessary.

On Sat, Feb 14, 2015 at 10:00 AM, James Robinson notifications@github.com
wrote:

Great! Do you know if the other builders require something that new?


Reply to this email directly or view it on GitHub
#9870 (comment).

@jamesr
Copy link
Author

jamesr commented Feb 13, 2015

I wrote a patch: https://go-review.googlesource.com/#/c/4860/ but gerrit gold me somebody already did this: https://go-review.googlesource.com/#/c/1755/1 (probably better)

@jamesr
Copy link
Author

jamesr commented Feb 13, 2015

And this issue is a dupe of issue 9261 (which I didn't find since it doesn't have the os-nativeclient label).

@minux
Copy link
Member

minux commented Feb 13, 2015

Yes, it's a dupe of #9261.

@minux minux closed this as completed Feb 13, 2015
@mikioh mikioh changed the title nacl: use get_random_bytes syscall instead of SRPC runtime, syscall: use get_random_bytes syscall instead of SRPC on NaCl Feb 15, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants