| /* |
| * Copyright (c) 2018 Nordic Semiconductor ASA |
| * Copyright (c) 2017 Exati Tecnologia Ltda. |
| * |
| * SPDX-License-Identifier: Apache-2.0 |
| */ |
| |
| #include <entropy.h> |
| #include <atomic.h> |
| #include <soc.h> |
| #include "nrf_rng.h" |
| |
| /* |
| * The nRF5 RNG HW has several characteristics that need to be taken |
| * into account by the driver to achieve energy efficient generation |
| * of entropy. |
| * |
| * The RNG does not support continuously DMA'ing entropy into RAM, |
| * values must be read out by the CPU byte-by-byte. But once started, |
| * it will continue to generate bytes until stopped. |
| * |
| * The generation time for byte 0 after starting generation (with BIAS |
| * correction) is: |
| * |
| * nRF51822 - 677us |
| * nRF52810 - 248us |
| * nRF52840 - 248us |
| * |
| * The generation time for byte N >= 1 after starting generation (with |
| * BIAS correction) is: |
| * |
| * nRF51822 - 677us |
| * nRF52810 - 120us |
| * nRF52840 - 120us |
| * |
| * Due to the first byte in a stream of bytes being more costly on |
| * some platforms a "water system" inspired algorithm is used to |
| * ammortize the cost of the first byte. |
| * |
| * The algorithm will delay generation of entropy until the amount of |
| * bytes goes below THRESHOLD, at which point it will generate entropy |
| * until the BUF_LEN limit is reached. |
| * |
| * The entropy level is checked at the end of every consumption of |
| * entropy. |
| * |
| * The algorithm and HW together has these characteristics: |
| * |
| * Setting a low threshold will highly ammortize the extra 120us cost |
| * of the first byte on nRF52. |
| * |
| * Setting a high threshold will minimize the time spent waiting for |
| * entropy. |
| * |
| * To minimize power consumption the threshold should either be set |
| * low or high depending on the HFCLK-usage pattern of other |
| * components. |
| * |
| * If the threshold is set close to the BUF_LEN, and the system |
| * happens to anyway be using the HFCLK for several hundred us after |
| * entropy is requested there will be no extra current-consumption for |
| * keeping clocks running for entropy generation. |
| * |
| */ |
| |
| struct rng_pool { |
| u8_t first_alloc; |
| u8_t first_read; |
| u8_t last; |
| u8_t mask; |
| u8_t threshold; |
| u8_t buffer[0]; |
| }; |
| |
| #define RNG_POOL_DEFINE(name, len) u8_t name[sizeof(struct rng_pool) + (len)] |
| |
| BUILD_ASSERT_MSG((CONFIG_ENTROPY_NRF5_ISR_POOL_SIZE & |
| (CONFIG_ENTROPY_NRF5_ISR_POOL_SIZE - 1)) == 0, |
| "The CONFIG_ENTROPY_NRF5_ISR_POOL_SIZE must be a power of 2!"); |
| |
| BUILD_ASSERT_MSG((CONFIG_ENTROPY_NRF5_THR_POOL_SIZE & |
| (CONFIG_ENTROPY_NRF5_THR_POOL_SIZE - 1)) == 0, |
| "The CONFIG_ENTROPY_NRF5_THR_POOL_SIZE must be a power of 2!"); |
| |
| struct entropy_nrf5_dev_data { |
| struct k_sem sem_lock; |
| struct k_sem sem_sync; |
| |
| RNG_POOL_DEFINE(isr, CONFIG_ENTROPY_NRF5_ISR_POOL_SIZE); |
| RNG_POOL_DEFINE(thr, CONFIG_ENTROPY_NRF5_THR_POOL_SIZE); |
| }; |
| |
| static struct entropy_nrf5_dev_data entropy_nrf5_data; |
| |
| #define DEV_DATA(dev) \ |
| ((struct entropy_nrf5_dev_data *)(dev)->driver_data) |
| |
| static int random_byte_get(void) |
| { |
| int retval = -EAGAIN; |
| unsigned int key; |
| |
| key = irq_lock(); |
| |
| if (nrf_rng_event_get(NRF_RNG_EVENT_VALRDY)) { |
| retval = nrf_rng_random_value_get(); |
| nrf_rng_event_clear(NRF_RNG_EVENT_VALRDY); |
| } |
| |
| irq_unlock(key); |
| |
| return retval; |
| } |
| |
| #pragma GCC push_options |
| #if defined(CONFIG_BT_CTLR_FAST_ENC) |
| #pragma GCC optimize ("Ofast") |
| #endif |
| static u16_t rng_pool_get(struct rng_pool *rngp, u8_t *buf, u16_t len) |
| { |
| u32_t last = rngp->last; |
| u32_t mask = rngp->mask; |
| u8_t *dst = buf; |
| u32_t first, available; |
| u32_t other_read_in_progress; |
| unsigned int key; |
| |
| key = irq_lock(); |
| first = rngp->first_alloc; |
| |
| /* |
| * The other_read_in_progress is non-zero if rngp->first_read != first, |
| * which means that lower-priority code (which was interrupted by this |
| * call) already allocated area for read. |
| */ |
| other_read_in_progress = (rngp->first_read ^ first); |
| |
| available = (last - first) & mask; |
| if (available < len) { |
| len = available; |
| } |
| |
| /* |
| * Move alloc index forward to signal, that part of the buffer is |
| * now reserved for this call. |
| */ |
| rngp->first_alloc = (first + len) & mask; |
| irq_unlock(key); |
| |
| while (likely(len--)) { |
| *dst++ = rngp->buffer[first]; |
| first = (first + 1) & mask; |
| } |
| |
| /* |
| * If this call is the last one accessing the pool, move read index |
| * to signal that all allocated regions are now read and could be |
| * overwritten. |
| */ |
| if (likely(!other_read_in_progress)) { |
| key = irq_lock(); |
| rngp->first_read = rngp->first_alloc; |
| irq_unlock(key); |
| } |
| |
| len = dst - buf; |
| available = available - len; |
| if (available <= rngp->threshold) { |
| nrf_rng_task_trigger(NRF_RNG_TASK_START); |
| } |
| |
| return len; |
| } |
| #pragma GCC pop_options |
| |
| static int rng_pool_put(struct rng_pool *rngp, u8_t byte) |
| { |
| u8_t first = rngp->first_read; |
| u8_t last = rngp->last; |
| u8_t mask = rngp->mask; |
| |
| /* Signal error if the pool is full. */ |
| if (((last - first) & mask) == mask) { |
| return -ENOBUFS; |
| } |
| |
| rngp->buffer[last] = byte; |
| rngp->last = (last + 1) & mask; |
| |
| return 0; |
| } |
| |
| static void rng_pool_init(struct rng_pool *rngp, u16_t size, u8_t threshold) |
| { |
| rngp->first_alloc = 0U; |
| rngp->first_read = 0U; |
| rngp->last = 0U; |
| rngp->mask = size - 1; |
| rngp->threshold = threshold; |
| } |
| |
| static void isr(void *arg) |
| { |
| int byte, ret; |
| |
| ARG_UNUSED(arg); |
| |
| byte = random_byte_get(); |
| if (byte < 0) { |
| return; |
| } |
| |
| ret = rng_pool_put((struct rng_pool *)(entropy_nrf5_data.isr), byte); |
| if (ret < 0) { |
| ret = rng_pool_put((struct rng_pool *)(entropy_nrf5_data.thr), |
| byte); |
| if (ret < 0) { |
| nrf_rng_task_trigger(NRF_RNG_TASK_STOP); |
| } |
| |
| k_sem_give(&entropy_nrf5_data.sem_sync); |
| } |
| } |
| |
| static int entropy_nrf5_get_entropy(struct device *device, u8_t *buf, u16_t len) |
| { |
| /* Check if this API is called on correct driver instance. */ |
| __ASSERT_NO_MSG(&entropy_nrf5_data == DEV_DATA(device)); |
| |
| while (len) { |
| u16_t bytes; |
| |
| k_sem_take(&entropy_nrf5_data.sem_lock, K_FOREVER); |
| bytes = rng_pool_get((struct rng_pool *)(entropy_nrf5_data.thr), |
| buf, len); |
| k_sem_give(&entropy_nrf5_data.sem_lock); |
| |
| if (bytes == 0U) { |
| /* Pool is empty: Sleep until next interrupt. */ |
| k_sem_take(&entropy_nrf5_data.sem_sync, K_FOREVER); |
| continue; |
| } |
| |
| len -= bytes; |
| buf += bytes; |
| } |
| |
| return 0; |
| } |
| |
| static int entropy_nrf5_get_entropy_isr(struct device *dev, u8_t *buf, u16_t len, |
| u32_t flags) |
| { |
| u16_t cnt = len; |
| |
| /* Check if this API is called on correct driver instance. */ |
| __ASSERT_NO_MSG(&entropy_nrf5_data == DEV_DATA(dev)); |
| |
| if (likely((flags & ENTROPY_BUSYWAIT) == 0U)) { |
| return rng_pool_get((struct rng_pool *)(entropy_nrf5_data.isr), |
| buf, len); |
| } |
| |
| if (len) { |
| unsigned int key; |
| int irq_enabled; |
| |
| key = irq_lock(); |
| irq_enabled = irq_is_enabled(RNG_IRQn); |
| irq_disable(RNG_IRQn); |
| irq_unlock(key); |
| |
| nrf_rng_event_clear(NRF_RNG_EVENT_VALRDY); |
| nrf_rng_task_trigger(NRF_RNG_TASK_START); |
| |
| do { |
| int byte; |
| |
| while (!nrf_rng_event_get(NRF_RNG_EVENT_VALRDY)) { |
| __WFE(); |
| __SEV(); |
| __WFE(); |
| } |
| |
| byte = random_byte_get(); |
| NVIC_ClearPendingIRQ(RNG_IRQn); |
| |
| if (byte < 0) { |
| continue; |
| } |
| |
| buf[--len] = byte; |
| } while (len); |
| |
| if (irq_enabled) { |
| irq_enable(RNG_IRQn); |
| } |
| } |
| |
| return cnt; |
| } |
| |
| static int entropy_nrf5_init(struct device *device); |
| |
| static const struct entropy_driver_api entropy_nrf5_api_funcs = { |
| .get_entropy = entropy_nrf5_get_entropy, |
| .get_entropy_isr = entropy_nrf5_get_entropy_isr |
| }; |
| |
| DEVICE_AND_API_INIT(entropy_nrf5, CONFIG_ENTROPY_NAME, |
| entropy_nrf5_init, &entropy_nrf5_data, NULL, |
| PRE_KERNEL_1, CONFIG_KERNEL_INIT_PRIORITY_DEVICE, |
| &entropy_nrf5_api_funcs); |
| |
| static int entropy_nrf5_init(struct device *device) |
| { |
| /* Check if this API is called on correct driver instance. */ |
| __ASSERT_NO_MSG(&entropy_nrf5_data == DEV_DATA(device)); |
| |
| /* Locking semaphore initialized to 1 (unlocked) */ |
| k_sem_init(&entropy_nrf5_data.sem_lock, 1, 1); |
| |
| /* Synching semaphore */ |
| k_sem_init(&entropy_nrf5_data.sem_sync, 0, 1); |
| |
| rng_pool_init((struct rng_pool *)(entropy_nrf5_data.thr), |
| CONFIG_ENTROPY_NRF5_THR_POOL_SIZE, |
| CONFIG_ENTROPY_NRF5_THR_THRESHOLD); |
| rng_pool_init((struct rng_pool *)(entropy_nrf5_data.isr), |
| CONFIG_ENTROPY_NRF5_ISR_POOL_SIZE, |
| CONFIG_ENTROPY_NRF5_ISR_THRESHOLD); |
| |
| /* Enable or disable bias correction */ |
| if (IS_ENABLED(CONFIG_ENTROPY_NRF5_BIAS_CORRECTION)) { |
| nrf_rng_error_correction_enable(); |
| } else { |
| nrf_rng_error_correction_disable(); |
| } |
| |
| nrf_rng_event_clear(NRF_RNG_EVENT_VALRDY); |
| nrf_rng_int_enable(NRF_RNG_INT_VALRDY_MASK); |
| nrf_rng_task_trigger(NRF_RNG_TASK_START); |
| |
| IRQ_CONNECT(RNG_IRQn, CONFIG_ENTROPY_NRF5_PRI, isr, |
| &entropy_nrf5_data, 0); |
| irq_enable(RNG_IRQn); |
| |
| return 0; |
| } |