Skip to content

Commit

Permalink
[Silabs] Refactor SiWx917 random number generator (project-chip#33689)
Browse files Browse the repository at this point in the history
* Refactor TRNG function to rely on hardware instead of SW on TINYCRYPT

* fix pointer conversion

* refactor minimal changes

* Rever header change

* review comments

---------

Co-authored-by: Rohan S <3526930+brosahay@users.noreply.github.com>
  • Loading branch information
rosahay-silabs and brosahay authored Jun 13, 2024
1 parent fab01d8 commit a3bb9c3
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 36 deletions.
10 changes: 5 additions & 5 deletions examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,11 @@ extern "C" {
#include "sl_wifi.h"
#include "sl_wifi_callback_framework.h"
#include "wfx_host_events.h"
#if SLI_SI91X_MCU_INTERFACE
#if TINYCRYPT_PRIMITIVES
#include "sl_si91x_trng.h"
#define TRNGKEY_SIZE 4
#endif // SLI_SI91X_MCU_INTERFACE
} // extern "C" {
#endif // TINYCRYPT_PRIMITIVES
}

WfxRsi_t wfx_rsi;

Expand Down Expand Up @@ -477,7 +477,7 @@ static sl_status_t wfx_rsi_init(void)
return status;
}

#ifdef SLI_SI91X_MCU_INTERFACE
#ifdef TINYCRYPT_PRIMITIVES
const uint32_t trngKey[TRNGKEY_SIZE] = { 0x16157E2B, 0xA6D2AE28, 0x8815F7AB, 0x3C4FCF09 };

// To check the Entropy of TRNG and verify TRNG functioning.
Expand All @@ -495,7 +495,7 @@ static sl_status_t wfx_rsi_init(void)
SILABS_LOG("TRNG Key Programming Failed");
return status;
}
#endif // SLI_SI91X_MCU_INTERFACE
#endif // TINYCRYPT_PRIMITIVES

wfx_rsi.events = xEventGroupCreateStatic(&rsiDriverEventGroup);
wfx_rsi.dev_state |= WFX_RSI_ST_DEV_READY;
Expand Down
15 changes: 7 additions & 8 deletions src/platform/silabs/PlatformManagerImpl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@

#if defined(TINYCRYPT_PRIMITIVES)
#include "tinycrypt/ecc.h"
#endif
#endif // TINYCRYPT_PRIMITIVES

#if CHIP_SYSTEM_CONFIG_USE_LWIP
#include <lwip/tcpip.h>
Expand All @@ -46,7 +46,6 @@ namespace DeviceLayer {

PlatformManagerImpl PlatformManagerImpl::sInstance;

#if SLI_SI91X_MCU_INTERFACE
#if defined(TINYCRYPT_PRIMITIVES)
sys_mutex_t PlatformManagerImpl::rngMutexHandle = NULL;

Expand All @@ -58,8 +57,8 @@ int PlatformManagerImpl::uECC_RNG_Function(uint8_t * dest, unsigned int size)

return res;
}
#endif // TINYCRYPT_PRIMITIVES

#if !(SLI_SI91X_MCU_INTERFACE)
static void app_get_random(uint8_t * aOutput, size_t aLen)
{
VerifyOrReturn(aOutput != nullptr);
Expand All @@ -76,7 +75,8 @@ static int app_entropy_source(void * data, unsigned char * output, size_t len, s

return 0;
}
#endif // SLI_SI91X_MCU_INTERFACE
#endif // !SLI_SI91X_MCU_INTERFACE
#endif // TINYCRYPT_PRIMITIVES

CHIP_ERROR PlatformManagerImpl::_InitChipStack(void)
{
Expand All @@ -93,15 +93,14 @@ CHIP_ERROR PlatformManagerImpl::_InitChipStack(void)

ReturnErrorOnFailure(System::Clock::InitClock_RealTime());

#if SLI_SI91X_MCU_INTERFACE
ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16 /*Threshold value*/));

#if defined(TINYCRYPT_PRIMITIVES)
#if !(SLI_SI91X_MCU_INTERFACE)
ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16 /*Threshold value*/));
#endif // !SLI_SI91X_MCU_INTERFACE
/* Set RNG function for tinycrypt operations. */
VerifyOrExit(sys_mutex_new(&rngMutexHandle) == ERR_OK, err = CHIP_ERROR_NO_MEMORY);
uECC_set_rng(PlatformManagerImpl::uECC_RNG_Function);
#endif // TINYCRYPT_PRIMITIVES
#endif // SLI_SI91X_MCU_INTERFACE

// Call _InitChipStack() on the generic implementation base class
// to finish the initialization process.
Expand Down
24 changes: 21 additions & 3 deletions src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,12 @@

#include <string.h>

#ifdef SLI_SI91X_MCU_INTERFACE
extern "C" {
#include "sl_si91x_trng.h"
}
#endif // SLI_SI91X_MCU_INTERFACE

namespace chip {
namespace Crypto {

Expand Down Expand Up @@ -414,7 +420,7 @@ CHIP_ERROR PBKDF2_sha256::pbkdf2_sha256(const uint8_t * password, size_t plen, c

return error;
}

#if !(SLI_SI91X_MCU_INTERFACE)
static EntropyContext * get_entropy_context()
{
if (!gsEntropyContext.mInitialized)
Expand Down Expand Up @@ -448,9 +454,15 @@ static mbedtls_ctr_drbg_context * get_drbg_context()

return drbgCtxt;
}

#endif // !SLI_SI91X_MCU_INTERFACE
CHIP_ERROR add_entropy_source(entropy_source fn_source, void * p_source, size_t threshold)
{
#if SLI_SI91X_MCU_INTERFACE
// SiWx917 has its hardware based generator
(void) fn_source;
(void) p_source;
(void) threshold;
#else
VerifyOrReturnError(fn_source != nullptr, CHIP_ERROR_INVALID_ARGUMENT);

EntropyContext * const entropy_ctxt = get_entropy_context();
Expand All @@ -459,19 +471,25 @@ CHIP_ERROR add_entropy_source(entropy_source fn_source, void * p_source, size_t
const int result =
mbedtls_entropy_add_source(&entropy_ctxt->mEntropy, fn_source, p_source, threshold, MBEDTLS_ENTROPY_SOURCE_STRONG);
VerifyOrReturnError(result == 0, CHIP_ERROR_INTERNAL);
#endif // SLI_SI91X_MCU_INTERFACE
return CHIP_NO_ERROR;
}

CHIP_ERROR DRBG_get_bytes(uint8_t * out_buffer, const size_t out_length)
{
VerifyOrReturnError(out_buffer != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(out_length > 0, CHIP_ERROR_INVALID_ARGUMENT);

#if SLI_SI91X_MCU_INTERFACE
sl_status_t status;
status = sl_si91x_trng_get_random_num(reinterpret_cast<uint32_t *>(out_buffer), out_length);
VerifyOrReturnError(status == SL_STATUS_OK, CHIP_ERROR_RANDOM_DATA_UNAVAILABLE);
#else
mbedtls_ctr_drbg_context * const drbg_ctxt = get_drbg_context();
VerifyOrReturnError(drbg_ctxt != nullptr, CHIP_ERROR_INTERNAL);

const int result = mbedtls_ctr_drbg_random(drbg_ctxt, Uint8::to_uchar(out_buffer), out_length);
VerifyOrReturnError(result == 0, CHIP_ERROR_INTERNAL);
#endif // SLI_SI91X_MCU_INTERFACE

return CHIP_NO_ERROR;
}
Expand Down
23 changes: 3 additions & 20 deletions src/platform/silabs/rs911x/BLEManagerImpl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,6 @@ extern "C" {
#include <platform/DeviceInstanceInfoProvider.h>
#include <string.h>

#ifdef SLI_SI91X_MCU_INTERFACE
extern "C" {
#include "sl_si91x_trng.h"
}
#endif // SLI_SI91X_MCU_INTERFACE

#if CHIP_ENABLE_ADDITIONAL_DATA_ADVERTISING
#include <setup_payload/AdditionalDataPayloadGenerator.h>
#endif
Expand Down Expand Up @@ -92,22 +86,11 @@ using namespace ::chip::DeviceLayer::Internal;
void sl_ble_init()
{
uint8_t randomAddrBLE[RSI_BLE_ADDR_LENGTH] = { 0 };
#if SLI_SI91X_MCU_INTERFACE
sl_status_t sl_status;
//! Get Random number of desired length
sl_status = sl_si91x_trng_get_random_num((uint32_t *) randomAddrBLE, RSI_BLE_ADDR_LENGTH);
if (sl_status != SL_STATUS_OK)
{
ChipLogError(DeviceLayer, " TRNG Random number generation Failed ");
return;
}
uint64_t randomAddr = chip::Crypto::GetRandU64();
memcpy(randomAddrBLE, &randomAddr, RSI_BLE_ADDR_LENGTH);
// Set the two least significant bits as the first 2 bits of the address has to be '11' to ensure the address is a random
// non-resolvable private address
randomAddrBLE[5] |= 0xC0;
#else
uint64_t randomAddr = chip::Crypto::GetRandU64();
memcpy(randomAddrBLE, &randomAddr, RSI_BLE_ADDR_LENGTH);
#endif // SLI_SI91X_MCU_INTERFACE
randomAddrBLE[(RSI_BLE_ADDR_LENGTH - 1)] |= 0xC0;

// registering the GAP callback functions
rsi_ble_gap_register_callbacks(NULL, NULL, rsi_ble_on_disconnect_event, NULL, NULL, NULL, rsi_ble_on_enhance_conn_status_event,
Expand Down

0 comments on commit a3bb9c3

Please sign in to comment.