From f677a0f0db308e6e028ab62c9fbd9dd137263798 Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Fri, 7 Jun 2019 20:16:40 +0200 Subject: [PATCH] core: Use PRNG when generating random delays. --- core/SConscript.bootloader | 2 ++ core/SConscript.prodtest | 3 +++ core/embed/bootloader/main.c | 1 + core/embed/firmware/main.c | 3 +++ core/embed/prodtest/main.c | 1 + core/embed/trezorhal/common.c | 26 ++++++++++++++++++++++++-- core/embed/trezorhal/common.h | 6 ++++++ 7 files changed, 40 insertions(+), 2 deletions(-) diff --git a/core/SConscript.bootloader b/core/SConscript.bootloader index ec0ba8462c..c38168919a 100644 --- a/core/SConscript.bootloader +++ b/core/SConscript.bootloader @@ -26,7 +26,9 @@ SOURCE_MOD += [ 'vendor/trezor-crypto/ed25519-donna/ed25519-donna-32bit-tables.c', 'vendor/trezor-crypto/ed25519-donna/ed25519-donna-impl-base.c', 'vendor/trezor-crypto/ed25519-donna/modm-donna-32bit.c', + 'vendor/trezor-crypto/hmac_drbg.c', 'vendor/trezor-crypto/memzero.c', + 'vendor/trezor-crypto/rand.c', 'vendor/trezor-crypto/sha2.c', ] diff --git a/core/SConscript.prodtest b/core/SConscript.prodtest index d1be76d112..77075f8934 100644 --- a/core/SConscript.prodtest +++ b/core/SConscript.prodtest @@ -12,7 +12,10 @@ CPPPATH_MOD += [ 'vendor/trezor-crypto', ] SOURCE_MOD += [ + 'vendor/trezor-crypto/hmac_drbg.c', 'vendor/trezor-crypto/memzero.c', + 'vendor/trezor-crypto/rand.c', + 'vendor/trezor-crypto/sha2.c', ] # modtrezorui diff --git a/core/embed/bootloader/main.c b/core/embed/bootloader/main.c index f1d225ea5a..f80ed50315 100644 --- a/core/embed/bootloader/main.c +++ b/core/embed/bootloader/main.c @@ -234,6 +234,7 @@ static void check_bootloader_version(void) { #endif int main(void) { + drbg_init(); touch_init(); touch_power_on(); diff --git a/core/embed/firmware/main.c b/core/embed/firmware/main.c index eb026b95db..8f62e4cc81 100644 --- a/core/embed/firmware/main.c +++ b/core/embed/firmware/main.c @@ -43,6 +43,9 @@ #include "touch.h" int main(void) { + // initialize pseudo-random number generator + drbg_init(); + // reinitialize HAL for Trezor One #if TREZOR_MODEL == 1 HAL_Init(); diff --git a/core/embed/prodtest/main.c b/core/embed/prodtest/main.c index a59b5e2d08..3d4affe61f 100644 --- a/core/embed/prodtest/main.c +++ b/core/embed/prodtest/main.c @@ -371,6 +371,7 @@ static secbool startswith(const char *s, const char *prefix) { int main(void) { display_orientation(0); + drbg_init(); sdcard_init(); touch_init(); sbu_init(); diff --git a/core/embed/trezorhal/common.c b/core/embed/trezorhal/common.c index 0fba1d0f5b..512c9272f9 100644 --- a/core/embed/trezorhal/common.c +++ b/core/embed/trezorhal/common.c @@ -25,13 +25,15 @@ #include "display.h" #include "flash.h" #include "rand.h" -#include "rng.h" +#include "hmac_drbg.h" #include "stm32f4xx_ll_utils.h" // from util.s extern void shutdown(void); +static HMAC_DRBG_CTX drbg_ctx; + #define COLOR_FATAL_ERROR RGB16(0x7F, 0x00, 0x00) void __attribute__((noreturn)) @@ -121,7 +123,7 @@ void __assert_func(const char *file, int line, const char *func, void hal_delay(uint32_t ms) { HAL_Delay(ms); } void delay_random(void) { - int wait = rng_get() & 0xff; + int wait = drbg_random32() & 0xff; volatile int i = 0; volatile int j = wait; while (i < wait) { @@ -185,3 +187,23 @@ void collect_hw_entropy(void) { FLASH_OTP_BLOCK_SIZE), NULL); } + +void drbg_init() { + uint8_t entropy[48]; + random_buffer(entropy, sizeof(entropy)); + hmac_drbg_init(&drbg_ctx, entropy, sizeof(entropy), NULL, 0); +} + +void drbg_reseed(const uint8_t *entropy, size_t len) { + hmac_drbg_reseed(&drbg_ctx, entropy, len, NULL, 0); +} + +void drbg_generate(uint8_t *buf, size_t len) { + hmac_drbg_generate(&drbg_ctx, buf, len); +} + +uint32_t drbg_random32(void) { + uint32_t value; + drbg_generate((uint8_t *)&value, sizeof(value)); + return value; +} diff --git a/core/embed/trezorhal/common.h b/core/embed/trezorhal/common.h index 2954580bdb..229d1678ae 100644 --- a/core/embed/trezorhal/common.h +++ b/core/embed/trezorhal/common.h @@ -20,6 +20,7 @@ #ifndef __TREZORHAL_COMMON_H__ #define __TREZORHAL_COMMON_H__ +#include #include #include "secbool.h" @@ -75,6 +76,11 @@ void collect_hw_entropy(void); #define HW_ENTROPY_LEN (12 + 32) extern uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN]; +void drbg_init(); +void drbg_reseed(const uint8_t *entropy, size_t len); +void drbg_generate(uint8_t *buf, size_t len); +uint32_t drbg_random32(void); + // the following functions are defined in util.s void memset_reg(volatile void *start, volatile void *stop, uint32_t val);