diff --git a/legacy/common.c b/legacy/common.c index 0bd282ead..ad745f357 100644 --- a/legacy/common.c +++ b/legacy/common.c @@ -21,6 +21,7 @@ #include #include "bitmaps.h" #include "firmware/usb.h" +#include "hmac_drbg.h" #include "layout.h" #include "oled.h" #include "rng.h" @@ -28,6 +29,8 @@ uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN]; +static HMAC_DRBG_CTX drbg_ctx; + void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line_num, const char *func) { @@ -81,3 +84,40 @@ void __assert_func(const char *file, int line, const char *func, #endif void hal_delay(uint32_t ms) { usbSleep(ms); } + +void wait_random(void) { + int wait = drbg_random32() & 0xff; + volatile int i = 0; + volatile int j = wait; + while (i < wait) { + if (i + j != wait) { + shutdown(); + } + ++i; + --j; + } + // Double-check loop completion. + if (i != wait || j != 0) { + shutdown(); + } +} + +void drbg_init() { + uint8_t entropy[48]; + random_buffer(entropy, sizeof(entropy)); + hmac_drbg_init(&drbg_ctx, entropy, sizeof(entropy), NULL, 0); +} + +void drbg_reseed(const uint8_t *entropy, size_t len) { + hmac_drbg_reseed(&drbg_ctx, entropy, len, NULL, 0); +} + +void drbg_generate(uint8_t *buf, size_t len) { + hmac_drbg_generate(&drbg_ctx, buf, len); +} + +uint32_t drbg_random32(void) { + uint32_t value; + drbg_generate((uint8_t *)&value, sizeof(value)); + return value; +} diff --git a/legacy/common.h b/legacy/common.h index 1774bc7f0..08f82c96d 100644 --- a/legacy/common.h +++ b/legacy/common.h @@ -20,6 +20,7 @@ #ifndef __TREZORHAL_COMMON_H__ #define __TREZORHAL_COMMON_H__ +#include #include #include "secbool.h" @@ -40,4 +41,11 @@ error_shutdown(const char *line1, const char *line2, const char *line3, void hal_delay(uint32_t ms); +void wait_random(void); + +void drbg_init(void); +void drbg_reseed(const uint8_t *entropy, size_t len); +void drbg_generate(uint8_t *buf, size_t len); +uint32_t drbg_random32(void); + #endif diff --git a/legacy/demo/Makefile b/legacy/demo/Makefile index 306597b7e..7a58e1ff8 100644 --- a/legacy/demo/Makefile +++ b/legacy/demo/Makefile @@ -8,6 +8,8 @@ OBJS += ../vendor/trezor-crypto/bignum.o OBJS += ../vendor/trezor-crypto/bip32.o OBJS += ../vendor/trezor-crypto/ecdsa.o OBJS += ../vendor/trezor-crypto/hmac.o +OBJS += ../vendor/trezor-crypto/hmac_drbg.o +OBJS += ../vendor/trezor-crypto/rfc6979.o OBJS += ../vendor/trezor-crypto/ripemd160.o OBJS += ../vendor/trezor-crypto/secp256k1.o OBJS += ../vendor/trezor-crypto/sha2.o diff --git a/legacy/firmware/Makefile b/legacy/firmware/Makefile index 85e759fea..30e123fe7 100644 --- a/legacy/firmware/Makefile +++ b/legacy/firmware/Makefile @@ -47,6 +47,8 @@ OBJS += ../vendor/trezor-crypto/ecdsa.o OBJS += ../vendor/trezor-crypto/curves.o OBJS += ../vendor/trezor-crypto/secp256k1.o OBJS += ../vendor/trezor-crypto/nist256p1.o +OBJS += ../vendor/trezor-crypto/hmac_drbg.o +OBJS += ../vendor/trezor-crypto/rfc6979.o OBJS += ../vendor/trezor-crypto/rand.o OBJS += ../vendor/trezor-crypto/memzero.o diff --git a/legacy/firmware/trezor.c b/legacy/firmware/trezor.c index 406cd9590..6d616cf4f 100644 --- a/legacy/firmware/trezor.c +++ b/legacy/firmware/trezor.c @@ -128,6 +128,9 @@ int main(void) { __stack_chk_guard = random32(); // this supports compiler provided // unpredictable stack protection checks #endif + + drbg_init(); + if (!is_mode_unprivileged()) { collect_hw_entropy(true); timer_init(); diff --git a/legacy/firmware/usb.c b/legacy/firmware/usb.c index 45ecb9ac2..f70a86fca 100644 --- a/legacy/firmware/usb.c +++ b/legacy/firmware/usb.c @@ -20,6 +20,7 @@ #include #include +#include "common.h" #include "config.h" #include "debug.h" #include "messages.h" diff --git a/legacy/usb21_standard.c b/legacy/usb21_standard.c index f5ca3546d..b3906d941 100644 --- a/legacy/usb21_standard.c +++ b/legacy/usb21_standard.c @@ -19,6 +19,7 @@ #include "usb21_standard.h" #include #include +#include "common.h" #include "util.h" static uint16_t build_bos_descriptor(const struct usb_bos_descriptor *bos, diff --git a/legacy/usb_standard.c b/legacy/usb_standard.c index 26f5925a2..a3bcf2b40 100644 --- a/legacy/usb_standard.c +++ b/legacy/usb_standard.c @@ -38,6 +38,7 @@ LGPL License Terms @ref lgpl_license #include #include +#include "common.h" #include "usb_private.h" #include "util.h" diff --git a/legacy/util.c b/legacy/util.c index 5a96381de..95ec978d9 100644 --- a/legacy/util.c +++ b/legacy/util.c @@ -18,29 +18,11 @@ */ #include "util.h" -#include "rng.h" inline void delay(uint32_t wait) { while (--wait > 0) __asm__("nop"); } -void wait_random(void) { - int wait = random32() & 0xff; - volatile int i = 0; - volatile int j = wait; - while (i < wait) { - if (i + j != wait) { - shutdown(); - } - ++i; - --j; - } - // Double-check loop completion. - if (i != wait || j != 0) { - shutdown(); - } -} - static const char *hexdigits = "0123456789ABCDEF"; void uint32hex(uint32_t num, char *str) { diff --git a/legacy/util.h b/legacy/util.h index 54c610430..1841ff14b 100644 --- a/legacy/util.h +++ b/legacy/util.h @@ -52,8 +52,6 @@ void delay(uint32_t wait); -void wait_random(void); - // converts uint32 to hexa (8 digits) void uint32hex(uint32_t num, char *str); diff --git a/legacy/webusb.c b/legacy/webusb.c index b4f2677e2..eda931a78 100644 --- a/legacy/webusb.c +++ b/legacy/webusb.c @@ -18,6 +18,7 @@ #include +#include "common.h" #include "usb21_standard.h" #include "util.h" #include "webusb.h" diff --git a/legacy/winusb.c b/legacy/winusb.c index e18f9d0e0..9c30cf477 100644 --- a/legacy/winusb.c +++ b/legacy/winusb.c @@ -18,6 +18,7 @@ #include "winusb.h" #include +#include "common.h" #include "util.h" static int usb_descriptor_type(uint16_t wValue) { return wValue >> 8; }