arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-02-08 13:42:41 +00:00
Code Issues Releases Wiki Activity

refactor(core): improve random_delays api

Browse Source 
[no changelog]
This commit is contained in:
cepetr 2024-10-01 10:58:31 +02:00 committed by cepetr
parent f54edd0d6a
commit 5eb5f8d8f2
8 changed files with 49 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/embed/bootloader/main.c
View File

@ -359,7 +359,7 @@ int bootloader_main(void) {
system_init(&rsod_panic_handler); system_init(&rsod_panic_handler);
rdi_init(); random_delays_init();
#if defined TREZOR_MODEL_T #if defined TREZOR_MODEL_T
set_core_clock(CLOCK_180_MHZ); set_core_clock(CLOCK_180_MHZ);

2
core/embed/bootloader_ci/main.c
View File

@ -181,7 +181,7 @@ static secbool check_vendor_header_lock(const vendor_header *const vhdr) {
int main(void) { int main(void) {
system_init(&rsod_panic_handler); system_init(&rsod_panic_handler);
rdi_init(); random_delays_init();
#ifdef USE_TOUCH #ifdef USE_TOUCH
touch_init(); touch_init();
#endif #endif

4
core/embed/kernel/main.c
View File

@ -77,10 +77,10 @@ void drivers_init() {
tamper_init(); tamper_init();
#endif #endif
rdi_init(); random_delays_init();
#ifdef RDI #ifdef RDI
rdi_start(); random_delays_start_rdi();
#endif #endif
#ifdef SYSTEM_VIEW #ifdef SYSTEM_VIEW

41
core/embed/trezorhal/random_delays.h
View File

@ -22,17 +22,48 @@
#include <stdint.h> #include <stdint.h>
/*
Random delay interrupts (RDI) is a contermeasure against side channel attacks.
It consists of an interrupt handler that is supposed to be called every
millisecond or so. The handler waits for a random number of cpu ticks that is a
sample of so called floating mean distribution. That means that the number is
the sum of two numbers generated uniformly at random in the interval [0, 255].
The first number is generated freshly for each call of the handler, the other
number is supposed to be refreshed when the device performs an operation that
leaks the current state of the execution flow, such as sending or receiving an
usb packet.
See Differential Power Analysis in the Presence of Hardware Countermeasures by
Christophe Clavier, Jean-Sebastien Coron, Nora Dabbous and Efficient Use of
Random Delays in Embedded Software by Michael Tunstall, Olivier Benoit:
https://link.springer.com/content/pdf/10.1007%2F3-540-44499-8_20.pdf
https://link.springer.com/content/pdf/10.1007%2F978-3-540-72354-7_3.pdf
*/
#ifdef KERNEL_MODE #ifdef KERNEL_MODE
void rdi_init(void); // Initializes the random number generator for `wait_random()` and the RDI
//
// RDI is stopped by default and can be started by calling
// `random_delays_start_rdi()`.
void random_delays_init(void);
void rdi_start(void); // Starts the RDI, introducing small random delays every millisecond via
void rdi_stop(void); // systimer callback.
void random_delays_start_rdi(void);
#endif // Stops the RDI
void random_delays_stop_rdi(void);
void rdi_refresh_session_delay(void); // Refreshes the second random number in the floating mean distribution.
// (see the module description above)
void random_delays_refresh_rdi(void);
// Waits for a random number (0-255) of CPU ticks.
//
// This function is independent of the RDI and can be used in any context.
void wait_random(void); void wait_random(void);
#endif // KERNEL_MODE
#endif // TREZORHAL_RANDOM_DELAYS_H #endif // TREZORHAL_RANDOM_DELAYS_H

28
core/embed/trezorhal/stm32f4/random_delays.c
View File

@ -17,24 +17,6 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
/*
Random delay interrupts (RDI) is a contermeasure against side channel attacks.
It consists of an interrupt handler that is supposed to be called every
millisecond or so. The handler waits for a random number of cpu ticks that is a
sample of so called floating mean distribution. That means that the number is
the sum of two numbers generated uniformly at random in the interval [0, 255].
The first number is generated freshly for each call of the handler, the other
number is supposed to be refreshed when the device performs an operation that
leaks the current state of the execution flow, such as sending or receiving an
usb packet.
See Differential Power Analysis in the Presence of Hardware Countermeasures by
Christophe Clavier, Jean-Sebastien Coron, Nora Dabbous and Efficient Use of
Random Delays in Embedded Software by Michael Tunstall, Olivier Benoit:
https://link.springer.com/content/pdf/10.1007%2F3-540-44499-8_20.pdf
https://link.springer.com/content/pdf/10.1007%2F978-3-540-72354-7_3.pdf
*/
#include "random_delays.h" #include "random_delays.h"
#include <stdatomic.h> #include <stdatomic.h>
@ -157,15 +139,15 @@ static void wait(uint32_t delay) {
// forward declaration // forward declaration
static void rdi_handler(void *context); static void rdi_handler(void *context);
void rdi_init() { void random_delays_init() {
drbg_init(); drbg_init();
systimer_t *timer = systimer_create(rdi_handler, NULL); systimer_t *timer = systimer_create(rdi_handler, NULL);
ensure(sectrue * (timer != NULL), "rdi_init failed"); ensure(sectrue * (timer != NULL), "random_delays_init failed");
systimer_set_periodic(timer, 1); systimer_set_periodic(timer, 1);
} }
void rdi_start(void) { void random_delays_start_rdi(void) {
ensure(drbg_initialized, NULL); ensure(drbg_initialized, NULL);
if (rdi_disabled == sectrue) { // if rdi disabled if (rdi_disabled == sectrue) { // if rdi disabled
@ -174,14 +156,14 @@ void rdi_start(void) {
} }
} }
void rdi_stop(void) { void random_delays_stop_rdi(void) {
if (rdi_disabled == secfalse) { // if rdi enabled if (rdi_disabled == secfalse) { // if rdi enabled
rdi_disabled = sectrue; rdi_disabled = sectrue;
session_delay = 0; session_delay = 0;
} }
} }
void rdi_refresh_session_delay(void) { void random_delays_refresh_rdi(void) {
if (rdi_disabled == secfalse) // if rdi enabled if (rdi_disabled == secfalse) // if rdi enabled
refresh_session_delay = true; refresh_session_delay = true;
} }

4
core/embed/trezorhal/stm32f4/usb/usb.c
View File

@ -644,7 +644,7 @@ static uint8_t usb_class_data_in(USBD_HandleTypeDef *dev, uint8_t ep_num) {
usb_driver_t *drv = &g_usb_driver; usb_driver_t *drv = &g_usb_driver;
#ifdef RDI #ifdef RDI
rdi_refresh_session_delay(); random_delays_refresh_rdi();
#endif #endif
for (int i = 0; i < USBD_MAX_NUM_INTERFACES; i++) { for (int i = 0; i < USBD_MAX_NUM_INTERFACES; i++) {
@ -664,7 +664,7 @@ static uint8_t usb_class_data_out(USBD_HandleTypeDef *dev, uint8_t ep_num) {
usb_driver_t *drv = &g_usb_driver; usb_driver_t *drv = &g_usb_driver;
#ifdef RDI #ifdef RDI
rdi_refresh_session_delay(); random_delays_refresh_rdi();
#endif #endif
for (int i = 0; i < USBD_MAX_NUM_INTERFACES; i++) { for (int i = 0; i < USBD_MAX_NUM_INTERFACES; i++) {

4
core/embed/trezorhal/unix/random_delays.c
View File

@ -19,6 +19,6 @@
#include "random_delays.h" #include "random_delays.h"
void wait_random(void) {} void random_delays_init(void) {}
void rdi_init(void) {} void wait_random(void) {}

26
core/embed/trezorhal/unix/random_delays.h
View File

@ -1,26 +0,0 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __TREZORHAL_RANDOM_DELAYS_H__
#define __TREZORHAL_RANDOM_DELAYS_H__
void rdi_init(void);
void wait_random(void);
#endif