blob: 88c591075f18222c6b687a4d8e60f6f70a3a1518 [file] [log] [blame]
/*
* Copyright (c) 2019, NXP
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr/init.h>
#include <zephyr/device.h>
#include <zephyr/drivers/entropy.h>
#include <zephyr/kernel.h>
#include <string.h>
#if defined(CONFIG_MBEDTLS)
#if !defined(CONFIG_MBEDTLS_CFG_FILE)
#include "mbedtls/config.h"
#else
#include CONFIG_MBEDTLS_CFG_FILE
#endif /* CONFIG_MBEDTLS_CFG_FILE */
#include <mbedtls/ctr_drbg.h>
#elif defined(CONFIG_TINYCRYPT)
#include <tinycrypt/ctr_prng.h>
#include <tinycrypt/aes.h>
#include <tinycrypt/constants.h>
#endif /* CONFIG_MBEDTLS */
/*
* entropy_dev is initialized at runtime to allow first time initialization
* of the ctr_drbg engine.
*/
static const struct device *entropy_dev;
static const unsigned char drbg_seed[] = CONFIG_CS_CTR_DRBG_PERSONALIZATION;
static bool ctr_initialised;
static struct k_mutex ctr_lock;
#if defined(CONFIG_MBEDTLS)
static mbedtls_ctr_drbg_context ctr_ctx;
static int ctr_drbg_entropy_func(void *ctx, unsigned char *buf, size_t len)
{
return entropy_get_entropy(entropy_dev, (void *)buf, len);
}
#elif defined(CONFIG_TINYCRYPT)
static TCCtrPrng_t ctr_ctx;
#endif /* CONFIG_MBEDTLS */
static int ctr_drbg_initialize(void)
{
int ret;
entropy_dev = DEVICE_DT_GET(DT_CHOSEN(zephyr_entropy));
if (!device_is_ready(entropy_dev)) {
__ASSERT(0, "Entropy device %s not ready", entropy_dev->name);
return -ENODEV;
}
#if defined(CONFIG_MBEDTLS)
mbedtls_ctr_drbg_init(&ctr_ctx);
ret = mbedtls_ctr_drbg_seed(&ctr_ctx,
ctr_drbg_entropy_func,
NULL,
drbg_seed,
sizeof(drbg_seed));
if (ret != 0) {
mbedtls_ctr_drbg_free(&ctr_ctx);
return -EIO;
}
#elif defined(CONFIG_TINYCRYPT)
uint8_t entropy[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE];
ret = entropy_get_entropy(entropy_dev, (void *)&entropy,
sizeof(entropy));
if (ret != 0) {
return -EIO;
}
ret = tc_ctr_prng_init(&ctr_ctx,
(uint8_t *)&entropy,
sizeof(entropy),
(uint8_t *)drbg_seed,
sizeof(drbg_seed));
if (ret == TC_CRYPTO_FAIL) {
return -EIO;
}
#endif
ctr_initialised = true;
return 0;
}
int z_impl_sys_csrand_get(void *dst, uint32_t outlen)
{
int ret;
k_mutex_lock(&ctr_lock, K_FOREVER);
if (unlikely(!ctr_initialised)) {
ret = ctr_drbg_initialize();
if (ret != 0) {
ret = -EIO;
goto end;
}
}
#if defined(CONFIG_MBEDTLS)
ret = mbedtls_ctr_drbg_random(&ctr_ctx, (unsigned char *)dst, outlen);
#elif defined(CONFIG_TINYCRYPT)
uint8_t entropy[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE];
ret = tc_ctr_prng_generate(&ctr_ctx, 0, 0, (uint8_t *)dst, outlen);
if (ret == TC_CRYPTO_SUCCESS) {
ret = 0;
} else if (ret == TC_CTR_PRNG_RESEED_REQ) {
ret = entropy_get_entropy(entropy_dev,
(void *)&entropy, sizeof(entropy));
if (ret != 0) {
ret = -EIO;
goto end;
}
ret = tc_ctr_prng_reseed(&ctr_ctx,
entropy,
sizeof(entropy),
drbg_seed,
sizeof(drbg_seed));
ret = tc_ctr_prng_generate(&ctr_ctx, 0, 0,
(uint8_t *)dst, outlen);
ret = (ret == TC_CRYPTO_SUCCESS) ? 0 : -EIO;
} else {
ret = -EIO;
}
#endif
end:
k_mutex_unlock(&ctr_lock);
return ret;
}