Merge branch 'development'
diff --git a/ChangeLog b/ChangeLog
index ad4d1f5..6a7100a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,9 @@
in the trusted certificate list.
* Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation.
+ * Fix issue that caused a hang when generating RSA keys of odd bitlength
+ * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
+ dereference possible.
Changes
* On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
diff --git a/library/rsa.c b/library/rsa.c
index 06f96ef..7c1f658 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -102,7 +102,8 @@
if( f_rng == NULL || nbits < 128 || exponent < 3 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
+ mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
+ mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
/*
* find primes P and Q with Q < P so that:
@@ -112,14 +113,19 @@
do
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
+ if( nbits % 2 )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0,
f_rng, p_rng ) );
-
- if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
- mbedtls_mpi_swap( &ctx->P, &ctx->Q );
+ }
+ else
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
+ f_rng, p_rng ) );
+ }
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
continue;
@@ -586,7 +592,8 @@
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- if( f_rng == NULL )
+ // We don't check p_rng because it won't be dereferenced here
+ if( f_rng == NULL || input == NULL || output == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1cc8256..5ecf868 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2,20 +2,24 @@
# all.sh
#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
#
# Purpose
#
-# Run all available tests (mostly).
+# To run all tests possible or available on the platform.
#
-# Warning: includes various build modes, so it will mess with the current
-# CMake configuration. After this script is run, the CMake cache is lost and
-# CMake is not initialised any more!
+# Warning: the test is destructive. It includes various build modes and
+# configurations, and can and will arbitrarily change the current CMake
+# configuration. After this script has been run, the CMake cache will be lost
+# and CMake will no longer be initialised.
#
-# Assumes gcc and clang (recent enough for using ASan with gcc and MemSan with
-# clang, or valgrind) are available, as well as cmake and a "good" find.
+# The script assumes the presence of gcc and clang (recent enough for using
+# ASan with gcc and MemSan with clang, or valgrind) are available, as well as
+# cmake and a "good" find.
-# Abort on errors (and uninitiliased variables)
+# Abort on errors (and uninitialised variables)
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
@@ -28,23 +32,16 @@
MEMORY=0
SHORT=0
+FORCE=0
-while [ $# -gt 0 ]; do
- case "$1" in
- -m*)
- MEMORY=${1#-m}
- ;;
- -s)
- SHORT=1
- ;;
- *)
- echo "Unknown argument: '$1'" >&2
- echo "Use the source, Luke!" >&2
- exit 1
- ;;
- esac
- shift
-done
+usage()
+{
+ echo "Usage: $0"
+ echo -e " -h|--help\t\tPrint this help."
+ echo -e " -m|--memory\t\tAdditional optional memory tests."
+ echo -e " -s|--short\t\tSubset of tests."
+ echo -e " -f|--force\t\tForce the tests to overwrite any modified files."
+}
# remove built files as well as the cmake cache/config
cleanup()
@@ -72,6 +69,50 @@
echo "******************************************************************"
}
+while [ $# -gt 0 ]; do
+ case "$1" in
+ --memory|-m*)
+ MEMORY=${1#-m}
+ ;;
+ --short|-s)
+ SHORT=1
+ ;;
+ --force|-f)
+ FORCE=1
+ ;;
+ --help|-h|*)
+ usage()
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+if [ $FORCE -eq 1 ]; then
+ rm -rf yotta/module
+ git checkout-index -f -q $CONFIG_H
+ cleanup
+else
+
+ if [ -d yotta/module ]; then
+ echo "Warning - there is an existing yotta module in the directory 'yotta/module'" >&2
+ echo "You can either delete your work and retry, or force the test to overwrite the"
+ echo "test by rerunning the script as: $0 --force"
+ exit 1
+ fi
+
+ if ! git diff-files --quiet include/mbedtls/config.h; then
+ echo $?
+ echo "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " >&2
+ echo "You can either delete or preserve your work, or force the test by rerunning the"
+ echo "script as: $0 --force"
+ exit 1
+ fi
+fi
+
+#
+# Test Suites to be executed
+#
# The test ordering tries to optimize for the following criteria:
# 1. Catch possible problems early, by running first tests that run quickly
# and/or are more likely to fail than others (eg I use Clang most of the
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index f1b36c3..d13a8e4 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -38,6 +38,7 @@
# Step 1 - Make and instrumented build for code coverage
export CFLAGS=' --coverage -g3 -O0 '
make clean
+scripts/config.pl full
make
diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 5c623f8..5892f7b 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -2,6 +2,8 @@
# generate_code.pl
#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
# Copyright (c) 2009-2016, ARM Limited, All Rights Reserved
#
# Purpose
@@ -202,7 +204,7 @@
if( substr($def, 0, 4) eq "int " )
{
$param_defs .= " int param$i;\n";
- $param_checks .= " if( verify_int( params[$i], ¶m$i ) != 0 ) return( 2 );\n";
+ $param_checks .= " if( verify_int( params[$i], ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n";
push @dispatch_params, "param$i";
$mapping_regex .= ":([\\d\\w |\\+\\-\\(\\)]+)";
@@ -211,7 +213,7 @@
elsif( substr($def, 0, 6) eq "char *" )
{
$param_defs .= " char *param$i = params[$i];\n";
- $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n";
+ $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n";
push @dispatch_params, "param$i";
$mapping_regex .= ":[^:\n]+";
}
@@ -248,14 +250,14 @@
if( cnt != $param_count )
{
mbedtls_fprintf( stderr, "\\nIncorrect argument count (%d != %d)\\n", cnt, $param_count );
- return( 2 );
+ return( DISPATCH_INVALID_TEST_DATA );
}
$param_checks
test_suite_$function_name( $call_params );
- return ( 0 );
+ return ( DISPATCH_TEST_SUCCESS );
$function_post_code
- return ( 3 );
+ return ( DISPATCH_UNSUPPORTED_SUITE );
}
else
END
@@ -283,9 +285,9 @@
if( strcmp( str, "$key" ) == 0 )
{
#if defined($key)
- return( 0 );
+ return( DEPENDENCY_SUPPORTED );
#else
- return( 1 );
+ return( DEPENDENCY_NOT_SUPPORTED );
#endif
}
END
@@ -298,7 +300,7 @@
if( strcmp( str, "$key" ) == 0 )
{
*value = ( $key );
- return( 0 );
+ return( KEY_VALUE_MAPPING_FOUND );
}
END
@@ -315,7 +317,7 @@
$dispatch_code =~ s/^(.+)/ $1/mg;
-$test_main =~ s/TEST_FILENAME/$test_case_data/;
+$test_main =~ s/TEST_FILENAME/$test_case_data/g;
$test_main =~ s/FUNCTION_CODE//;
$test_main =~ s/DEP_CHECK_CODE/$dep_check_code/;
$test_main =~ s/DISPATCH_FUNCTION/$dispatch_code/;
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index fb77e15..58f827c 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -2,6 +2,8 @@
# run-test-suites.pl
#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
#
# Purpose
@@ -66,7 +68,8 @@
print "(test cases passed:", $suite_cases_passed,
" failed:", $suite_cases_failed,
" skipped:", $suite_cases_skipped,
- " of total:", ( $suite_cases_passed + $suite_cases_failed ),
+ " of total:", ($suite_cases_passed + $suite_cases_failed +
+ $suite_cases_skipped),
")\n"
}
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index c18eed8..2eff043 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -32,9 +32,18 @@
/*----------------------------------------------------------------------------*/
-/* Global variables */
+/* Constants */
-static int test_errors = 0;
+#define DEPENDENCY_SUPPORTED 0
+#define DEPENDENCY_NOT_SUPPORTED 1
+
+#define KEY_VALUE_MAPPING_FOUND 0
+#define KEY_VALUE_MAPPING_NOT_FOUND -1
+
+#define DISPATCH_TEST_SUCCESS 0
+#define DISPATCH_TEST_FN_NOT_FOUND 1
+#define DISPATCH_INVALID_TEST_DATA 2
+#define DISPATCH_UNSUPPORTED_SUITE 3
/*----------------------------------------------------------------------------*/
@@ -81,6 +90,12 @@
/*----------------------------------------------------------------------------*/
+/* Global variables */
+
+static int test_errors = 0;
+
+
+/*----------------------------------------------------------------------------*/
/* Helper Functions */
static int unhexify( unsigned char *obuf, const char *ibuf )
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 7ec69b4..525df5b 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -60,7 +60,7 @@
MAPPING_CODE
mbedtls_printf( "Expected integer for parameter and got: %s\n", str );
- return( -1 );
+ return( KEY_VALUE_MAPPING_NOT_FOUND );
}
@@ -81,7 +81,7 @@
DEP_CHECK_CODE
- return( 1 );
+ return( DEPENDENCY_NOT_SUPPORTED );
}
int dispatch_test(int cnt, char *params[50])
@@ -91,14 +91,18 @@
((void) params);
#if defined(TEST_SUITE_ACTIVE)
+ ret = DISPATCH_TEST_SUCCESS;
+
DISPATCH_FUNCTION
{
- mbedtls_fprintf( stdout, "FAILED\nSkipping unknown test function '%s'\n", params[0] );
+ mbedtls_fprintf( stdout,
+ "FAILED\nSkipping unknown test function '%s'\n",
+ params[0] );
fflush( stdout );
- return( 1 );
+ ret = DISPATCH_TEST_FN_NOT_FOUND;
}
#else
- return( 3 );
+ ret = DISPATCH_UNSUPPORTED_SUITE;
#endif
return( ret );
}
@@ -107,6 +111,19 @@
/*----------------------------------------------------------------------------*/
/* Main Test code */
+#define USAGE \
+ "Usage: %s [OPTIONS] files...\n\n" \
+ " Command line arguments:\n" \
+ " files... One or more test data file. If no file is specified\n" \
+ " the followimg default test case is used:\n" \
+ " %s\n\n" \
+ " Options:\n" \
+ " -v | --verbose Display full information about each test\n" \
+ " -h | --help Display this information\n\n", \
+ argv[0], \
+ "TEST_FILENAME"
+
+
int get_line( FILE *f, char *buf, size_t len )
{
char *ret;
@@ -216,11 +233,18 @@
int main(int argc, const char *argv[])
{
- int testfile_index, testfile_count, ret, i, cnt;
- int total_errors = 0, total_tests = 0, total_skipped = 0;
+ /* Local Configurations and options */
const char *default_filename = "TEST_FILENAME";
const char *test_filename = NULL;
const char **test_files = NULL;
+ int testfile_count = 0;
+ int option_verbose = 0;
+
+ /* Other Local variables */
+ int arg_index = 1;
+ const char *next_arg;
+ int testfile_index, ret, i, cnt;
+ int total_errors = 0, total_tests = 0, total_skipped = 0;
FILE *file;
char buf[5000];
char *params[50];
@@ -253,17 +277,41 @@
return( 0 );
}
- if ( argc <= 1 )
+ while( arg_index < argc)
+ {
+ next_arg = argv[ arg_index ];
+
+ if( strcmp(next_arg, "--verbose" ) == 0 ||
+ strcmp(next_arg, "-v" ) == 0 )
+ {
+ option_verbose = 1;
+ }
+ else if( strcmp(next_arg, "--help" ) == 0 ||
+ strcmp(next_arg, "-h" ) == 0 )
+ {
+ mbedtls_fprintf( stdout, USAGE );
+ mbedtls_exit( EXIT_SUCCESS );
+ }
+ else
+ {
+ /* Not an option, therefore treat all further arguments as the file
+ * list.
+ */
+ test_files = &argv[ arg_index ];
+ testfile_count = argc - arg_index;
+ }
+
+ arg_index++;
+ }
+
+ /* If no files were specified, assume a default */
+ if ( test_files == NULL || testfile_count == 0 )
{
test_files = &default_filename;
testfile_count = 1;
}
- else
- {
- test_files = &argv[1];
- testfile_count = argc - 1;
- }
+ /* Now begin to execute the tests in the testfiles */
for ( testfile_index = 0;
testfile_index < testfile_count;
testfile_index++ )
@@ -280,7 +328,8 @@
while( !feof( file ) )
{
- int skip = 0;
+ int unmet_dep_count = 0;
+ char *unmet_dependencies[20];
if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
break;
@@ -300,32 +349,61 @@
if( strcmp( params[0], "depends_on" ) == 0 )
{
for( i = 1; i < cnt; i++ )
- if( dep_check( params[i] ) != 0 )
- skip = 1;
+ {
+ if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED )
+ {
+ unmet_dependencies[ i-1 ] = strdup(params[i]);
+ if( unmet_dependencies[ i-1 ] == NULL )
+ {
+ mbedtls_printf("FATAL: Out of memory\n");
+ mbedtls_exit( MBEDTLS_PLATFORM_STD_EXIT_FAILURE );
+ }
+ unmet_dep_count++;
+ }
+ }
if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
break;
cnt = parse_arguments( buf, strlen(buf), params );
}
-
- if( skip == 0 )
+
+ // If there are no unmet dependencies execute the test
+ if( unmet_dep_count == 0 )
{
test_errors = 0;
ret = dispatch_test( cnt, params );
}
- if( skip == 1 || ret == 3 )
+ if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
{
total_skipped++;
mbedtls_fprintf( stdout, "----\n" );
+
+ if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE )
+ {
+ mbedtls_fprintf( stdout, " Test Suite not enabled" );
+ }
+
+ if( 1 == option_verbose && unmet_dep_count > 0 )
+ {
+ mbedtls_fprintf( stdout, " Unmet dependencies: " );
+ while( unmet_dep_count > 0)
+ {
+ mbedtls_fprintf(stdout, "%s ",
+ unmet_dependencies[unmet_dep_count - 1]);
+ free(unmet_dependencies[unmet_dep_count - 1]);
+ unmet_dep_count--;
+ }
+ mbedtls_fprintf( stdout, "\n" );
+ }
fflush( stdout );
}
- else if( ret == 0 && test_errors == 0 )
+ else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 )
{
mbedtls_fprintf( stdout, "PASS\n" );
fflush( stdout );
}
- else if( ret == 2 )
+ else if( ret == DISPATCH_INVALID_TEST_DATA )
{
mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
fclose(file);
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index c43d6ae..d522332 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -345,7 +345,7 @@
RSA Public (Data larger than N)
mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-RSA Generate Key
+RSA Generate Key - 128bit key
mbedtls_rsa_gen_key:128:3:0
RSA Generate Key (Number of bits too small)
@@ -354,9 +354,15 @@
RSA Generate Key (Exponent too small)
mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-RSA Generate Key
+RSA Generate Key - 1024 bit key
mbedtls_rsa_gen_key:1024:3:0
+RSA Generate Key - 2048 bit key
+mbedtls_rsa_gen_key:2048:3:0
+
+RSA Generate Key - 1025 bit key
+mbedtls_rsa_gen_key:1025:3:0
+
RSA PKCS1 Encrypt Bad RNG
depends_on:MBEDTLS_PKCS1_V15
rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED
diff --git a/yotta/data/entropy_hardware_poll.c b/yotta/data/entropy_hardware_poll.c
index 1924302..3a61e22 100644
--- a/yotta/data/entropy_hardware_poll.c
+++ b/yotta/data/entropy_hardware_poll.c
@@ -1,5 +1,5 @@
/*
- * Temporary "entropy" collector for Cortex-M4
+ * Hardware entropy collector for the K64F, using Freescale's RNGA
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
@@ -20,46 +20,69 @@
*/
/*
- * WARNING: this is a temporary hack!
- * 1. Currently does not provide strong entropy, should be replaced to use the
- * on-board hardware RNG (see IOTSSL-303)
- * 2. This should be in a separete yotta module which would be a target
+ * WARNING: this is temporary!
+ * This should be in a separate yotta module which would be a target
* dependency of mbedtls (see IOTSSL-313)
*/
-#if defined(TARGET_LIKE_CORTEX_M4)
+#if defined(TARGET_LIKE_K64F)
-#include "MK64F12.h"
-#include "core_cm4.h"
-#include <string.h>
+/*
+ * Reference: "K64 Sub-Family Reference Manual, Rev. 2", chapter 34
+ */
-unsigned long hardclock( void )
+#include "fsl_clock_manager.h"
+
+/*
+ * Get one byte of entropy from the RNG, assuming it is up and running.
+ * As recommended (34.1.1), get only one bit of each output.
+ */
+static void rng_get_byte( unsigned char *byte )
{
- static int dwt_started = 0;
+ size_t bit;
- if( dwt_started == 0 )
+ /* 34.5 Steps 3-4-5: poll SR and read from OR when ready */
+ for( bit = 0; bit < 8; bit++ )
{
- CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk;
- DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk;
+ while( ( RNG->SR & RNG_SR_OREG_LVL_MASK ) == 0 );
+ *byte |= ( RNG->OR & 1 ) << bit;
}
-
- return( DWT->CYCCNT );
}
+/*
+ * Get len bytes of entropy from the hardware RNG.
+ */
int mbedtls_hardware_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
{
- unsigned long timer = hardclock();
+ size_t i;
+ int ret;
((void) data);
- *olen = 0;
- if( len < sizeof(unsigned long) )
- return( 0 );
+ CLOCK_SYS_EnableRngaClock( 0 );
- memcpy( output, &timer, sizeof(unsigned long) );
- *olen = sizeof(unsigned long);
+ /* Set "Interrupt Mask", "High Assurance" and "Go",
+ * unset "Clear interrupt" and "Sleep" */
+ RNG->CR = RNG_CR_INTM_MASK | RNG_CR_HA_MASK | RNG_CR_GO_MASK;
- return( 0 );
+ for( i = 0; i < len; i++ )
+ rng_get_byte( output + i );
+
+ /* Just be extra sure that we didn't do it wrong */
+ if( ( RNG->SR & RNG_SR_SECV_MASK ) != 0 )
+ {
+ ret = -1;
+ goto cleanup;
+ }
+
+ *olen = len;
+ ret = 0;
+
+cleanup:
+ /* Disable clock to save power - assume we're the only users of RNG */
+ CLOCK_SYS_DisableRngaClock( 0 );
+
+ return( ret );
}
#endif
diff --git a/yotta/data/target_config.h b/yotta/data/target_config.h
index df1a208..f350ce3 100644
--- a/yotta/data/target_config.h
+++ b/yotta/data/target_config.h
@@ -26,10 +26,10 @@
#endif
/*
- * WARNING: this is a temporary hack!
- * 2. This should be in a separete yotta module which would be a target
+ * WARNING: this is temporary!
+ * This should be in a separate yotta module which would be a target
* dependency of mbedtls (see IOTSSL-313)
*/
-#if defined(TARGET_LIKE_CORTEX_M4)
+#if defined(TARGET_LIKE_K64F)
#define MBEDTLS_ENTROPY_HARDWARE_ALT
#endif