128 lines
4.8 KiB
C
128 lines
4.8 KiB
C
/*
|
|
* This file is part of the MicroPython project, http://micropython.org/
|
|
*
|
|
* The MIT License (MIT)
|
|
*
|
|
* Copyright (c) 2021 Scott Shawcroft for Adafruit Industries
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
#include "genhdr/mpversion.h"
|
|
#include "py/mpconfig.h"
|
|
#include "py/objstr.h"
|
|
#include "py/objtuple.h"
|
|
#include "py/qstr.h"
|
|
|
|
#include "shared-bindings/os/__init__.h"
|
|
|
|
#include "lib/crypto-algorithms/sha256.h"
|
|
|
|
#include "hardware/structs/rosc.h"
|
|
|
|
#include <string.h>
|
|
|
|
STATIC const qstr os_uname_info_fields[] = {
|
|
MP_QSTR_sysname, MP_QSTR_nodename,
|
|
MP_QSTR_release, MP_QSTR_version, MP_QSTR_machine
|
|
};
|
|
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_sysname_obj, "rp2040");
|
|
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_nodename_obj, "rp2040");
|
|
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_release_obj, MICROPY_VERSION_STRING);
|
|
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_version_obj, MICROPY_GIT_TAG " on " MICROPY_BUILD_DATE);
|
|
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_machine_obj, MICROPY_HW_BOARD_NAME " with " MICROPY_HW_MCU_NAME);
|
|
|
|
|
|
STATIC MP_DEFINE_ATTRTUPLE(
|
|
os_uname_info_obj,
|
|
os_uname_info_fields,
|
|
5,
|
|
(mp_obj_t)&os_uname_info_sysname_obj,
|
|
(mp_obj_t)&os_uname_info_nodename_obj,
|
|
(mp_obj_t)&os_uname_info_release_obj,
|
|
(mp_obj_t)&os_uname_info_version_obj,
|
|
(mp_obj_t)&os_uname_info_machine_obj
|
|
);
|
|
|
|
mp_obj_t common_hal_os_uname(void) {
|
|
return (mp_obj_t)&os_uname_info_obj;
|
|
}
|
|
|
|
// NIST Special Publication 800-90B (draft) recommends several extractors,
|
|
// including the SHA hash family and states that if the amount of entropy input
|
|
// is twice the number of bits output from them, that output can be considered
|
|
// essentially fully random. If every RANDOM_SAFETY_MARGIN bits from
|
|
// `rosc_hw->randombit` have at least 1 bit of entropy, then this criterion is met.
|
|
//
|
|
// This works by seeding the `random_state` with plenty of random bits (SHA256
|
|
// as entropy harvesting function), then using that state it as a counter input
|
|
// (SHA256 as a CSPRNG), re-seeding at least every 256 blocks (8kB).
|
|
//
|
|
// In practice, `PractRand` doesn't detect any gross problems with the output
|
|
// random numbers on samples of 1 to 8 megabytes, no matter the setting of
|
|
// RANDOM_SAFETY_MARGIN. (it does detect "unusual" results from time to time,
|
|
// as it will with any RNG)
|
|
#define RANDOM_SAFETY_MARGIN (4)
|
|
|
|
static BYTE random_state[SHA256_BLOCK_SIZE];
|
|
static void seed_random_bits(BYTE out[SHA256_BLOCK_SIZE]) {
|
|
CRYAL_SHA256_CTX context;
|
|
sha256_init(&context);
|
|
for (int i = 0; i < 2 * RANDOM_SAFETY_MARGIN; i++) {
|
|
for (int j = 0; j < SHA256_BLOCK_SIZE; j++) {
|
|
out[j] = rosc_hw->randombit & 1;
|
|
for (int k = 0; k < 8; k++) {
|
|
out[j] = (out[j] << 1) ^ (rosc_hw->randombit & 1);
|
|
}
|
|
}
|
|
sha256_update(&context, out, SHA256_BLOCK_SIZE);
|
|
}
|
|
sha256_final(&context, out);
|
|
}
|
|
|
|
static void get_random_bits(BYTE out[SHA256_BLOCK_SIZE]) {
|
|
if (!random_state[0]++) {
|
|
seed_random_bits(random_state);
|
|
}
|
|
CRYAL_SHA256_CTX context;
|
|
sha256_init(&context);
|
|
sha256_update(&context, random_state, SHA256_BLOCK_SIZE);
|
|
sha256_final(&context, out);
|
|
}
|
|
|
|
bool common_hal_os_urandom(uint8_t *buffer, mp_uint_t length) {
|
|
#define ROSC_POWER_SAVE (1) // assume ROSC is not necessarily active all the time
|
|
#if ROSC_POWER_SAVE
|
|
uint32_t old_rosc_ctrl = rosc_hw->ctrl;
|
|
rosc_hw->ctrl = (old_rosc_ctrl & ~ROSC_CTRL_ENABLE_BITS) | (ROSC_CTRL_ENABLE_VALUE_ENABLE << 12);
|
|
#endif
|
|
while (length) {
|
|
size_t n = MIN(length, SHA256_BLOCK_SIZE);
|
|
BYTE sha_buf[SHA256_BLOCK_SIZE];
|
|
get_random_bits(sha_buf);
|
|
memcpy(buffer, sha_buf, n);
|
|
buffer += n;
|
|
length -= n;
|
|
}
|
|
#if ROSC_POWER_SAVE
|
|
rosc_hw->ctrl = old_rosc_ctrl;
|
|
#endif
|
|
return true;
|
|
}
|