#include <sec/util.h>
#include <sec/hash/sha1.h>
#include <sec/prng/isaac.h>
+#include <sec/prng/x917.h>
+#include <sec/prng/yarrow.h>
/********************************************************************************/
/* Configuration of the random module */
/********************************************************************************/
-#define POOL_CONTEXT PP_CAT(PP_CAT(PRNG_NAME, CONFIG_RANDOM_POOL), _Context)
+#define POOL_CONTEXT PP_CAT(PP_CAT(PRNG_NAME, CONFIG_RANDOM_POOL), Context)
#define POOL_INIT PP_CAT(PP_CAT(PRNG_NAME, CONFIG_RANDOM_POOL), _init)
#define EXTRACTOR_STACKINIT PP_CAT(PP_CAT(EXTRACTOR_NAME, CONFIG_RANDOM_EXTRACTOR), _stackinit)
-#define PRNG_CONTEXT PP_CAT(PP_CAT(PRNG_NAME, CONFIG_RANDOM_PRNG), _Context)
-#define PRNG_INIT PP_CAT(PP_CAT(PRNG_NAME, CONFIG_RANDOM_PRNG), _init)
+#define PRNG_CONTEXT PP_CAT(PP_CAT(PRNG_NAMEU, CONFIG_RANDOM_PRNG), Context)
+#define PRNG_INIT PP_CAT(PP_CAT(PRNG_NAMEL, CONFIG_RANDOM_PRNG), _init)
/********************************************************************************/
/*
* Reseed the PRNG if there is enough entropy available at this time.
- *
- * Some designs (eg: fortuna) suggest to artificially limit the frequency of
+ *
+ * Some designs (eg: fortuna) suggest to artificially limit the frequency of
* this operation to something like 0.1s, to avoid attacks that try to exhaust
* the entropy pool.
- *
+ *
* We don't believe such attacks are available in an embedded system (as an attacker
* does not have a way to ask random numbers from the pool) but we will play safe
* here in case eg. the user does something wrong.
#if CONFIG_RANDOM_POOL != POOL_NONE
static ticks_t last_reseed = 0;
- // We don't allow more than 10 reseedings per second
+ // We don't allow more than 10 reseedings per second
// (as suggested by Fortuna)
ticks_t current = timer_clock();
if (ticks_to_ms(current - last_reseed) < 100)
return;
-
+
if (entropy_seeding_ready(epool))
{
uint8_t seed[prng_seed_len(prng)];
-
+
entropy_make_seed(epool, seed, sizeof(seed));
prng_reseed(prng, seed);
-
+
last_reseed = current;
PURGE(seed);
}
/*
* Perform the initial seeding of the PRNG.
- *
+ *
* At startup, we want to immediately seed the PRNG to a point where it can
* generate safe-enough random numbers. To do this, we rely on a hw-dependent
* function to pull entropy from available hw sources, and then feed it
random_pull_entropy(buf, sizeof(buf));
entropy_add(epool, 0, buf, sizeof(buf), sizeof(buf)*8);
} while (!entropy_seeding_ready(epool));
-
+
optional_reseeding();
#elif CONFIG_RANDOM_EXTRACTOR != EXTRACTOR_NONE
/**
* Configure the security level required by the application.
- *
+ *
* Application developers are suggested to keep the strongest
* setting (default) unless there are memory or code size issues.
- *
+ *
* Available settings are:
- *
+ *
* * \a RANDOM_SECURITY_STRONG: The random library will use
* an entropy pool, automatically feeded by drivers, to gather
* entropy from hardware sources. Data from the pool will
* be used to reseed a secure random number generator. Moreover,
* the generator will be automatically initialised
- * with enough entropy to generate safe random numbers even
+ * with enough entropy to generate safe random numbers even
* immediately after hw reset.
* The overall structure is the same as used by modern
* desktop PCs for generating secure random numbers.
- *
+ *
* * \a RANDOM_SECURITY_MEDIUM: This intermediate settings will
- * avoid usage of an entropy pool, to reduce memory and code
+ * avoid usage of an entropy pool, to reduce memory and code
* usage. The security of this settings relies only on the
* good behaviour of the random number generator (even though
* it will be well-seeded at startup).
- *
+ *
* * \a RANDOM_SECURITY_MINIMUM: This is the lighter setting that
* allows minimal memory and code usage, and it suggested only
* for extremely constrained systems, that only generates few
{
uint8_t x;
random_gen(&x, 2);
- return x;
+ return x;
}
INLINE uint32_t random_gen32(void)
{
uint8_t x;
random_gen(&x, 4);
- return x;
+ return x;
}
#endif /* SEC_RANDOM_H */
#define PRNG_ISAAC 1
#define PRNG_X917 2
#define PRNG_YARROW 3
-#define PRNG_NAME1 ISAAC
-#define PRNG_NAME2 X917
-#define PRNG_NAME3 Yarrow
+#define PRNG_NAMEU1 ISAAC
+#define PRNG_NAMEL1 isaac
+#define PRNG_NAMEU2 X917
+#define PRNG_NAMEL2 x917
+#define PRNG_NAMEU3 Yarrow
+#define PRNG_NAMEL3 yarrow
#define EXTRACTOR_NONE 0
#define EXTRACTOR_SHA1 1
#if RANDOM_SECURITY_LEVEL == RANDOM_SECURITY_STRONG
#define CONFIG_RANDOM_POOL POOL_YARROW
#define CONFIG_RANDOM_EXTRACTOR EXTRACTOR_NONE // not required with a pool
- #define CONFIG_RANDOM_PRNG PRNG_ISAAC // FIXME: PRNG_YARROW
+ #define CONFIG_RANDOM_PRNG PRNG_YARROW
#elif RANDOM_SECURITY_LEVEL == RANDOM_SECURITY_MEDIUM
#define CONFIG_RANDOM_POOL POOL_NONE
#define CONFIG_RANDOM_EXTRACTOR EXTRACTOR_SHA1
- #define CONFIG_RANDOM_PRNG PRNG_ISAAC // FIXME: PRNG_X917
+ #define CONFIG_RANDOM_PRNG PRNG_X917
#elif RANDOM_SECURITY_LEVEL == RANDOM_SECURITY_MINIMUM
#define CONFIG_RANDOM_POOL POOL_NONE
#define CONFIG_RANDOM_EXTRACTOR EXTRACTOR_NONE
/*
* Add entropy to the global entropy pool.
*/
-void random_add_entropy(enum EntropySource source_idx,
+void random_add_entropy(enum EntropySource source_idx,
const uint8_t *data, size_t len,
int entropy);
/*
* Add entropy to the global interrupt pool based on the IRQ
* call time.
- *
+ *
* This function can be called from interrupt handlers that are
- * triggered at unpredictable intervals (so it should not be
+ * triggered at unpredictable intervals (so it should not be
* called from clock-driven interrupts like ADC, PWM, etc.).
- *
+ *
*/
void random_add_entropy_irq(int irq);