Skip to content

refactor random.c and add extra entropy during RNG #225

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 28, 2018
Merged

refactor random.c and add extra entropy during RNG #225

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 45 additions & 31 deletions src/random.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
#include "flash.h"
#ifndef TESTING
#include "ataes132.h"
#include "utils.h"
#include "sha2.h"
#include "mcu.h"

Expand Down Expand Up @@ -65,54 +66,67 @@ uint32_t random_uint32(uint8_t update_seed)

int random_bytes(uint8_t *buf, uint32_t len, uint8_t update_seed)
{
#ifdef TESTING
// Use standard libary for off chip RNG
uint32_t i = 0;
#ifndef TESTING
const uint8_t ataes_cmd[] = {0x02, 0x02, 0x00, 0x00, 0x00, 0x00}; // Pseudo RNG
const uint8_t ataes_cmd_up[] = {0x02, 0x00, 0x00, 0x00, 0x00, 0x00}; // True RNG - writes to EEPROM
uint8_t ret, ataes_ret[20] = {0}; // Random command return packet [Count(1) || Return Code (1) | Data(16) || CRC (2)]

while (len > i) {
if (update_seed) {
ret = ataes_process(ataes_cmd_up, sizeof(ataes_cmd_up), ataes_ret, sizeof(ataes_ret));
update_seed = 0;
} else {
ret = ataes_process(ataes_cmd, sizeof(ataes_cmd), ataes_ret, sizeof(ataes_ret));
}
if (ret == DBB_OK && ataes_ret[0]) {
memcpy(buf + i, ataes_ret + 2, (len - i) < 16 ? (len - i) : 16);
} else {
HardFault_Handler();
return DBB_ERROR;
}
i += 16;
(void) update_seed;
for (i = 0; i < len; i++) {
buf[i] = rand();
}
#else
uint32_t i = 0, n = 0;
#ifndef BOOTLOADER
// Add ataes independent entropy from second chip (MCU UID)
uint8_t entropy[32];
uint8_t entropy[32], usersig[FLASH_USERSIG_SIZE] = {0};
uint32_t serial[4] = {0};

// Add entropy from second chip (MCU UID)
flash_read_unique_id(serial, 4);
sha256_Raw((uint8_t *)serial, sizeof(serial), entropy);
for (i = 0; i < sizeof(serial); i++) {
for (i = 0; i < MAX(len, sizeof(serial)); i++) {
buf[i % len] ^= entropy[i % MEM_PAGE_LEN];
}
// Add ataes independent entropy from random bytes set during factory install
// Add entropy from random bytes set during factory install
sha256_Raw((uint8_t *)(FLASH_BOOT_START), FLASH_BOOT_LEN, entropy);
sha256_Raw(entropy, sizeof(entropy), entropy);
sha256_Raw(entropy, sizeof(entropy), entropy);
for (i = 0; i < MEM_PAGE_LEN; i++) {
for (i = 0; i < MAX(len, MEM_PAGE_LEN); i++) {
buf[i % len] ^= entropy[i % MEM_PAGE_LEN];
}
// Add ataes independent entropy from user (hashed device password)
// Add entropy from user (hashed device password)
memcpy(entropy, memory_report_user_entropy(), sizeof(entropy));
for (i = 0; i < MEM_PAGE_LEN; i++) {
for (i = 0; i < MAX(len, MEM_PAGE_LEN); i++) {
buf[i % len] ^= entropy[i % MEM_PAGE_LEN];
}
// Add entropy from usersig
flash_read_user_signature((uint32_t *)usersig, FLASH_USERSIG_SIZE / sizeof(uint32_t));
sha256_Raw(usersig, FLASH_USERSIG_SIZE, entropy);
for (i = 0; i < MAX(len, MEM_PAGE_LEN); i++) {
buf[i % len] ^= entropy[i % MEM_PAGE_LEN];
usersig[i % FLASH_USERSIG_RN_LEN] = entropy[i % MEM_PAGE_LEN];
}
#endif
#else
// Use standard libary for off chip RNG
(void) update_seed;
for (i = 0; i < len; i++) {
buf[i] = rand();
// Add entropy from ataes RNG
const uint8_t ataes_cmd[] = {0x02, 0x02, 0x00, 0x00, 0x00, 0x00}; // Pseudo RNG
const uint8_t ataes_cmd_up[] = {0x02, 0x00, 0x00, 0x00, 0x00, 0x00}; // True RNG - writes to EEPROM
uint8_t ret, ataes_ret[20] = {0}; // Random command return packet [Count(1) || Return Code (1) | Data(16) || CRC (2)]
while (len > n) {
if (update_seed) {
ret = ataes_process(ataes_cmd_up, sizeof(ataes_cmd_up), ataes_ret, sizeof(ataes_ret));
update_seed = 0;
} else {
ret = ataes_process(ataes_cmd, sizeof(ataes_cmd), ataes_ret, sizeof(ataes_ret));
}
if (ret == DBB_OK && ataes_ret[0] && !ataes_ret[1]) {
for (i = 0; i < MIN(len - n, 16); i++) {
buf[(n + i) % len] ^= ataes_ret[(2 + i) % sizeof(ataes_ret)];
}
} else {
flash_erase_user_signature();
flash_write_user_signature((uint32_t *)usersig, FLASH_USERSIG_SIZE / sizeof(uint32_t));
HardFault_Handler();
return DBB_ERROR;
}
n += 16;
}
#endif
return DBB_OK;
Expand Down