From 394718510b6d3df5bb0cc9abba316fe130068b68 Mon Sep 17 00:00:00 2001 From: Rohan Sahay Date: Fri, 14 Jun 2024 04:28:13 +0530 Subject: [PATCH] [Silabs] Refactor SiWx917 random number generator (#33689) * Refactor TRNG function to rely on hardware instead of SW on TINYCRYPT * fix pointer conversion * refactor minimal changes * Rever header change * review comments --------- Co-authored-by: Rohan S <3526930+brosahay@users.noreply.github.com> --- .../silabs/SiWx917/SiWx917/sl_wifi_if.cpp | 10 ++++---- src/platform/silabs/PlatformManagerImpl.cpp | 15 ++++++------ .../silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp | 24 ++++++++++++++++--- src/platform/silabs/rs911x/BLEManagerImpl.cpp | 23 +++--------------- 4 files changed, 36 insertions(+), 36 deletions(-) diff --git a/examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp b/examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp index 1759d2df9e6e53..741dc96496aeb5 100644 --- a/examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp +++ b/examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp @@ -70,11 +70,11 @@ extern "C" { #include "sl_wifi.h" #include "sl_wifi_callback_framework.h" #include "wfx_host_events.h" -#if SLI_SI91X_MCU_INTERFACE +#if TINYCRYPT_PRIMITIVES #include "sl_si91x_trng.h" #define TRNGKEY_SIZE 4 -#endif // SLI_SI91X_MCU_INTERFACE -} // extern "C" { +#endif // TINYCRYPT_PRIMITIVES +} WfxRsi_t wfx_rsi; @@ -477,7 +477,7 @@ static sl_status_t wfx_rsi_init(void) return status; } -#ifdef SLI_SI91X_MCU_INTERFACE +#ifdef TINYCRYPT_PRIMITIVES const uint32_t trngKey[TRNGKEY_SIZE] = { 0x16157E2B, 0xA6D2AE28, 0x8815F7AB, 0x3C4FCF09 }; // To check the Entropy of TRNG and verify TRNG functioning. @@ -495,7 +495,7 @@ static sl_status_t wfx_rsi_init(void) SILABS_LOG("TRNG Key Programming Failed"); return status; } -#endif // SLI_SI91X_MCU_INTERFACE +#endif // TINYCRYPT_PRIMITIVES wfx_rsi.events = xEventGroupCreateStatic(&rsiDriverEventGroup); wfx_rsi.dev_state |= WFX_RSI_ST_DEV_READY; diff --git a/src/platform/silabs/PlatformManagerImpl.cpp b/src/platform/silabs/PlatformManagerImpl.cpp index 7692ba922d2eaa..4e54a2a53f98a5 100644 --- a/src/platform/silabs/PlatformManagerImpl.cpp +++ b/src/platform/silabs/PlatformManagerImpl.cpp @@ -33,7 +33,7 @@ #if defined(TINYCRYPT_PRIMITIVES) #include "tinycrypt/ecc.h" -#endif +#endif // TINYCRYPT_PRIMITIVES #if CHIP_SYSTEM_CONFIG_USE_LWIP #include @@ -46,7 +46,6 @@ namespace DeviceLayer { PlatformManagerImpl PlatformManagerImpl::sInstance; -#if SLI_SI91X_MCU_INTERFACE #if defined(TINYCRYPT_PRIMITIVES) sys_mutex_t PlatformManagerImpl::rngMutexHandle = NULL; @@ -58,8 +57,8 @@ int PlatformManagerImpl::uECC_RNG_Function(uint8_t * dest, unsigned int size) return res; } -#endif // TINYCRYPT_PRIMITIVES +#if !(SLI_SI91X_MCU_INTERFACE) static void app_get_random(uint8_t * aOutput, size_t aLen) { VerifyOrReturn(aOutput != nullptr); @@ -76,7 +75,8 @@ static int app_entropy_source(void * data, unsigned char * output, size_t len, s return 0; } -#endif // SLI_SI91X_MCU_INTERFACE +#endif // !SLI_SI91X_MCU_INTERFACE +#endif // TINYCRYPT_PRIMITIVES CHIP_ERROR PlatformManagerImpl::_InitChipStack(void) { @@ -93,15 +93,14 @@ CHIP_ERROR PlatformManagerImpl::_InitChipStack(void) ReturnErrorOnFailure(System::Clock::InitClock_RealTime()); -#if SLI_SI91X_MCU_INTERFACE - ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16 /*Threshold value*/)); - #if defined(TINYCRYPT_PRIMITIVES) +#if !(SLI_SI91X_MCU_INTERFACE) + ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16 /*Threshold value*/)); +#endif // !SLI_SI91X_MCU_INTERFACE /* Set RNG function for tinycrypt operations. */ VerifyOrExit(sys_mutex_new(&rngMutexHandle) == ERR_OK, err = CHIP_ERROR_NO_MEMORY); uECC_set_rng(PlatformManagerImpl::uECC_RNG_Function); #endif // TINYCRYPT_PRIMITIVES -#endif // SLI_SI91X_MCU_INTERFACE // Call _InitChipStack() on the generic implementation base class // to finish the initialization process. diff --git a/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp b/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp index 8b9aed7298cc0e..52f2cb74b9fe86 100644 --- a/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp +++ b/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp @@ -60,6 +60,12 @@ #include +#ifdef SLI_SI91X_MCU_INTERFACE +extern "C" { +#include "sl_si91x_trng.h" +} +#endif // SLI_SI91X_MCU_INTERFACE + namespace chip { namespace Crypto { @@ -414,7 +420,7 @@ CHIP_ERROR PBKDF2_sha256::pbkdf2_sha256(const uint8_t * password, size_t plen, c return error; } - +#if !(SLI_SI91X_MCU_INTERFACE) static EntropyContext * get_entropy_context() { if (!gsEntropyContext.mInitialized) @@ -448,9 +454,15 @@ static mbedtls_ctr_drbg_context * get_drbg_context() return drbgCtxt; } - +#endif // !SLI_SI91X_MCU_INTERFACE CHIP_ERROR add_entropy_source(entropy_source fn_source, void * p_source, size_t threshold) { +#if SLI_SI91X_MCU_INTERFACE + // SiWx917 has its hardware based generator + (void) fn_source; + (void) p_source; + (void) threshold; +#else VerifyOrReturnError(fn_source != nullptr, CHIP_ERROR_INVALID_ARGUMENT); EntropyContext * const entropy_ctxt = get_entropy_context(); @@ -459,6 +471,7 @@ CHIP_ERROR add_entropy_source(entropy_source fn_source, void * p_source, size_t const int result = mbedtls_entropy_add_source(&entropy_ctxt->mEntropy, fn_source, p_source, threshold, MBEDTLS_ENTROPY_SOURCE_STRONG); VerifyOrReturnError(result == 0, CHIP_ERROR_INTERNAL); +#endif // SLI_SI91X_MCU_INTERFACE return CHIP_NO_ERROR; } @@ -466,12 +479,17 @@ CHIP_ERROR DRBG_get_bytes(uint8_t * out_buffer, const size_t out_length) { VerifyOrReturnError(out_buffer != nullptr, CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(out_length > 0, CHIP_ERROR_INVALID_ARGUMENT); - +#if SLI_SI91X_MCU_INTERFACE + sl_status_t status; + status = sl_si91x_trng_get_random_num(reinterpret_cast(out_buffer), out_length); + VerifyOrReturnError(status == SL_STATUS_OK, CHIP_ERROR_RANDOM_DATA_UNAVAILABLE); +#else mbedtls_ctr_drbg_context * const drbg_ctxt = get_drbg_context(); VerifyOrReturnError(drbg_ctxt != nullptr, CHIP_ERROR_INTERNAL); const int result = mbedtls_ctr_drbg_random(drbg_ctxt, Uint8::to_uchar(out_buffer), out_length); VerifyOrReturnError(result == 0, CHIP_ERROR_INTERNAL); +#endif // SLI_SI91X_MCU_INTERFACE return CHIP_NO_ERROR; } diff --git a/src/platform/silabs/rs911x/BLEManagerImpl.cpp b/src/platform/silabs/rs911x/BLEManagerImpl.cpp index a4327b20acdb4b..962c78fb9d3daa 100644 --- a/src/platform/silabs/rs911x/BLEManagerImpl.cpp +++ b/src/platform/silabs/rs911x/BLEManagerImpl.cpp @@ -58,12 +58,6 @@ extern "C" { #include #include -#ifdef SLI_SI91X_MCU_INTERFACE -extern "C" { -#include "sl_si91x_trng.h" -} -#endif // SLI_SI91X_MCU_INTERFACE - #if CHIP_ENABLE_ADDITIONAL_DATA_ADVERTISING #include #endif @@ -92,22 +86,11 @@ using namespace ::chip::DeviceLayer::Internal; void sl_ble_init() { uint8_t randomAddrBLE[RSI_BLE_ADDR_LENGTH] = { 0 }; -#if SLI_SI91X_MCU_INTERFACE - sl_status_t sl_status; - //! Get Random number of desired length - sl_status = sl_si91x_trng_get_random_num((uint32_t *) randomAddrBLE, RSI_BLE_ADDR_LENGTH); - if (sl_status != SL_STATUS_OK) - { - ChipLogError(DeviceLayer, " TRNG Random number generation Failed "); - return; - } + uint64_t randomAddr = chip::Crypto::GetRandU64(); + memcpy(randomAddrBLE, &randomAddr, RSI_BLE_ADDR_LENGTH); // Set the two least significant bits as the first 2 bits of the address has to be '11' to ensure the address is a random // non-resolvable private address - randomAddrBLE[5] |= 0xC0; -#else - uint64_t randomAddr = chip::Crypto::GetRandU64(); - memcpy(randomAddrBLE, &randomAddr, RSI_BLE_ADDR_LENGTH); -#endif // SLI_SI91X_MCU_INTERFACE + randomAddrBLE[(RSI_BLE_ADDR_LENGTH - 1)] |= 0xC0; // registering the GAP callback functions rsi_ble_gap_register_callbacks(NULL, NULL, rsi_ble_on_disconnect_event, NULL, NULL, NULL, rsi_ble_on_enhance_conn_status_event,