diff --git a/src/random.c b/src/random.c index 34b8380d..14676057 100644 --- a/src/random.c +++ b/src/random.c @@ -33,6 +33,7 @@ #include "flash.h" #ifndef TESTING #include "ataes132.h" +#include "utils.h" #include "sha2.h" #include "mcu.h" @@ -65,54 +66,67 @@ uint32_t random_uint32(uint8_t update_seed) int random_bytes(uint8_t *buf, uint32_t len, uint8_t update_seed) { +#ifdef TESTING + // Use standard libary for off chip RNG uint32_t i = 0; -#ifndef TESTING - const uint8_t ataes_cmd[] = {0x02, 0x02, 0x00, 0x00, 0x00, 0x00}; // Pseudo RNG - const uint8_t ataes_cmd_up[] = {0x02, 0x00, 0x00, 0x00, 0x00, 0x00}; // True RNG - writes to EEPROM - uint8_t ret, ataes_ret[20] = {0}; // Random command return packet [Count(1) || Return Code (1) | Data(16) || CRC (2)] - - while (len > i) { - if (update_seed) { - ret = ataes_process(ataes_cmd_up, sizeof(ataes_cmd_up), ataes_ret, sizeof(ataes_ret)); - update_seed = 0; - } else { - ret = ataes_process(ataes_cmd, sizeof(ataes_cmd), ataes_ret, sizeof(ataes_ret)); - } - if (ret == DBB_OK && ataes_ret[0]) { - memcpy(buf + i, ataes_ret + 2, (len - i) < 16 ? (len - i) : 16); - } else { - HardFault_Handler(); - return DBB_ERROR; - } - i += 16; + (void) update_seed; + for (i = 0; i < len; i++) { + buf[i] = rand(); } +#else + uint32_t i = 0, n = 0; #ifndef BOOTLOADER - // Add ataes independent entropy from second chip (MCU UID) - uint8_t entropy[32]; + uint8_t entropy[32], usersig[FLASH_USERSIG_SIZE] = {0}; uint32_t serial[4] = {0}; + + // Add entropy from second chip (MCU UID) flash_read_unique_id(serial, 4); sha256_Raw((uint8_t *)serial, sizeof(serial), entropy); - for (i = 0; i < sizeof(serial); i++) { + for (i = 0; i < MAX(len, sizeof(serial)); i++) { buf[i % len] ^= entropy[i % MEM_PAGE_LEN]; } - // Add ataes independent entropy from random bytes set during factory install + // Add entropy from random bytes set during factory install sha256_Raw((uint8_t *)(FLASH_BOOT_START), FLASH_BOOT_LEN, entropy); sha256_Raw(entropy, sizeof(entropy), entropy); sha256_Raw(entropy, sizeof(entropy), entropy); - for (i = 0; i < MEM_PAGE_LEN; i++) { + for (i = 0; i < MAX(len, MEM_PAGE_LEN); i++) { buf[i % len] ^= entropy[i % MEM_PAGE_LEN]; } - // Add ataes independent entropy from user (hashed device password) + // Add entropy from user (hashed device password) memcpy(entropy, memory_report_user_entropy(), sizeof(entropy)); - for (i = 0; i < MEM_PAGE_LEN; i++) { + for (i = 0; i < MAX(len, MEM_PAGE_LEN); i++) { buf[i % len] ^= entropy[i % MEM_PAGE_LEN]; } + // Add entropy from usersig + flash_read_user_signature((uint32_t *)usersig, FLASH_USERSIG_SIZE / sizeof(uint32_t)); + sha256_Raw(usersig, FLASH_USERSIG_SIZE, entropy); + for (i = 0; i < MAX(len, MEM_PAGE_LEN); i++) { + buf[i % len] ^= entropy[i % MEM_PAGE_LEN]; + usersig[i % FLASH_USERSIG_RN_LEN] = entropy[i % MEM_PAGE_LEN]; + } #endif -#else - // Use standard libary for off chip RNG - (void) update_seed; - for (i = 0; i < len; i++) { - buf[i] = rand(); + // Add entropy from ataes RNG + const uint8_t ataes_cmd[] = {0x02, 0x02, 0x00, 0x00, 0x00, 0x00}; // Pseudo RNG + const uint8_t ataes_cmd_up[] = {0x02, 0x00, 0x00, 0x00, 0x00, 0x00}; // True RNG - writes to EEPROM + uint8_t ret, ataes_ret[20] = {0}; // Random command return packet [Count(1) || Return Code (1) | Data(16) || CRC (2)] + while (len > n) { + if (update_seed) { + ret = ataes_process(ataes_cmd_up, sizeof(ataes_cmd_up), ataes_ret, sizeof(ataes_ret)); + update_seed = 0; + } else { + ret = ataes_process(ataes_cmd, sizeof(ataes_cmd), ataes_ret, sizeof(ataes_ret)); + } + if (ret == DBB_OK && ataes_ret[0] && !ataes_ret[1]) { + for (i = 0; i < MIN(len - n, 16); i++) { + buf[(n + i) % len] ^= ataes_ret[(2 + i) % sizeof(ataes_ret)]; + } + } else { + flash_erase_user_signature(); + flash_write_user_signature((uint32_t *)usersig, FLASH_USERSIG_SIZE / sizeof(uint32_t)); + HardFault_Handler(); + return DBB_ERROR; + } + n += 16; } #endif return DBB_OK;