legacy: Move wait_random() to common.c and use HMAC DRBG to generate delays.

5 years ago · ad5d9168c8
parent 013929de0b
commit ad5d9168c8
12 changed files with 60 additions and 20 deletions
--- a/legacy/common.c
+++ b/legacy/common.c
@ -21,6 +21,7 @@
 #include <stdio.h>
 #include "bitmaps.h"
 #include "firmware/usb.h"
+#include "hmac_drbg.h"
 #include "layout.h"
 #include "oled.h"
 #include "rng.h"
@ -28,6 +29,8 @@

 uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];

+static HMAC_DRBG_CTX drbg_ctx;
+
 void __attribute__((noreturn))
 __fatal_error(const char *expr, const char *msg, const char *file, int line_num,
              const char *func) {
@ -81,3 +84,40 @@ void __assert_func(const char *file, int line, const char *func,
 #endif

 void hal_delay(uint32_t ms) { usbSleep(ms); }
+
+void wait_random(void) {
+  int wait = drbg_random32() & 0xff;
+  volatile int i = 0;
+  volatile int j = wait;
+  while (i < wait) {
+    if (i + j != wait) {
+      shutdown();
+    }
+    ++i;
+    --j;
+  }
+  // Double-check loop completion.
+  if (i != wait || j != 0) {
+    shutdown();
+  }
+}
+
+void drbg_init() {
+  uint8_t entropy[48];
+  random_buffer(entropy, sizeof(entropy));
+  hmac_drbg_init(&drbg_ctx, entropy, sizeof(entropy), NULL, 0);
+}
+
+void drbg_reseed(const uint8_t *entropy, size_t len) {
+  hmac_drbg_reseed(&drbg_ctx, entropy, len, NULL, 0);
+}
+
+void drbg_generate(uint8_t *buf, size_t len) {
+  hmac_drbg_generate(&drbg_ctx, buf, len);
+}
+
+uint32_t drbg_random32(void) {
+  uint32_t value;
+  drbg_generate((uint8_t *)&value, sizeof(value));
+  return value;
+}
--- a/legacy/common.h
+++ b/legacy/common.h
@ -20,6 +20,7 @@
 #ifndef __TREZORHAL_COMMON_H__
 #define __TREZORHAL_COMMON_H__

+#include <stddef.h>
 #include <stdint.h>
 #include "secbool.h"

@ -40,4 +41,11 @@ error_shutdown(const char *line1, const char *line2, const char *line3,

 void hal_delay(uint32_t ms);

+void wait_random(void);
+
+void drbg_init(void);
+void drbg_reseed(const uint8_t *entropy, size_t len);
+void drbg_generate(uint8_t *buf, size_t len);
+uint32_t drbg_random32(void);
+
 #endif
--- a/legacy/demo/Makefile
+++ b/legacy/demo/Makefile
@ -8,6 +8,8 @@ OBJS += ../vendor/trezor-crypto/bignum.o
 OBJS += ../vendor/trezor-crypto/bip32.o
 OBJS += ../vendor/trezor-crypto/ecdsa.o
 OBJS += ../vendor/trezor-crypto/hmac.o
+OBJS += ../vendor/trezor-crypto/hmac_drbg.o
+OBJS += ../vendor/trezor-crypto/rfc6979.o
 OBJS += ../vendor/trezor-crypto/ripemd160.o
 OBJS += ../vendor/trezor-crypto/secp256k1.o
 OBJS += ../vendor/trezor-crypto/sha2.o
--- a/legacy/firmware/Makefile
+++ b/legacy/firmware/Makefile
@ -47,6 +47,8 @@ OBJS += ../vendor/trezor-crypto/ecdsa.o
 OBJS += ../vendor/trezor-crypto/curves.o
 OBJS += ../vendor/trezor-crypto/secp256k1.o
 OBJS += ../vendor/trezor-crypto/nist256p1.o
+OBJS += ../vendor/trezor-crypto/hmac_drbg.o
+OBJS += ../vendor/trezor-crypto/rfc6979.o
 OBJS += ../vendor/trezor-crypto/rand.o
 OBJS += ../vendor/trezor-crypto/memzero.o

--- a/legacy/firmware/trezor.c
+++ b/legacy/firmware/trezor.c
@ -128,6 +128,9 @@ int main(void) {
  __stack_chk_guard = random32();  // this supports compiler provided
                                   // unpredictable stack protection checks
 #endif
+
+  drbg_init();
+
  if (!is_mode_unprivileged()) {
    collect_hw_entropy(true);
    timer_init();
--- a/legacy/firmware/usb.c
+++ b/legacy/firmware/usb.c
@ -20,6 +20,7 @@
 #include <libopencm3/usb/hid.h>
 #include <libopencm3/usb/usbd.h>

+#include "common.h"
 #include "config.h"
 #include "debug.h"
 #include "messages.h"
--- a/legacy/usb21_standard.c
+++ b/legacy/usb21_standard.c
@ -19,6 +19,7 @@
 #include "usb21_standard.h"
 #include <stdint.h>
 #include <string.h>
+#include "common.h"
 #include "util.h"

 static uint16_t build_bos_descriptor(const struct usb_bos_descriptor *bos,
--- a/legacy/usb_standard.c
+++ b/legacy/usb_standard.c
@ -38,6 +38,7 @@ LGPL License Terms @ref lgpl_license

 #include <string.h>
 #include <libopencm3/usb/usbd.h>
+#include "common.h"
 #include "usb_private.h"
 #include "util.h"

--- a/legacy/util.c
+++ b/legacy/util.c
@ -18,29 +18,11 @@
 */

 #include "util.h"
-#include "rng.h"

 inline void delay(uint32_t wait) {
  while (--wait > 0) __asm__("nop");
 }

-void wait_random(void) {
-  int wait = random32() & 0xff;
-  volatile int i = 0;
-  volatile int j = wait;
-  while (i < wait) {
-    if (i + j != wait) {
-      shutdown();
-    }
-    ++i;
-    --j;
-  }
-  // Double-check loop completion.
-  if (i != wait || j != 0) {
-    shutdown();
-  }
-}
-
 static const char *hexdigits = "0123456789ABCDEF";

 void uint32hex(uint32_t num, char *str) {
--- a/legacy/util.h
+++ b/legacy/util.h
@ -52,8 +52,6 @@

 void delay(uint32_t wait);

-void wait_random(void);
-
 // converts uint32 to hexa (8 digits)
 void uint32hex(uint32_t num, char *str);

--- a/legacy/webusb.c
+++ b/legacy/webusb.c
@ -18,6 +18,7 @@

 #include <string.h>

+#include "common.h"
 #include "usb21_standard.h"
 #include "util.h"
 #include "webusb.h"
--- a/legacy/winusb.c
+++ b/legacy/winusb.c
@ -18,6 +18,7 @@

 #include "winusb.h"
 #include <libopencm3/usb/usbd.h>
+#include "common.h"
 #include "util.h"

 static int usb_descriptor_type(uint16_t wValue) { return wValue >> 8; }