|
1 | 1 | /* |
2 | | - * Temporary "entropy" collector for Cortex-M4 |
| 2 | + * Hardware entropy collector for the K64F, using Freescale's RNGA |
3 | 3 | * |
4 | 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
5 | 5 | * SPDX-License-Identifier: Apache-2.0 |
|
19 | 19 | * This file is part of mbed TLS (https://tls.mbed.org) |
20 | 20 | */ |
21 | 21 |
|
| 22 | +#if defined(TARGET_LIKE_K64F) |
| 23 | + |
22 | 24 | /* |
23 | | - * WARNING: this is a temporary hack! |
24 | | - * 1. Currently does not provide strong entropy, should be replaced to use the |
25 | | - * on-board hardware RNG (see IOTSSL-303) |
26 | | - * 2. This should be in a separete yotta module which would be a target |
27 | | - * dependency of mbedtls (see IOTSSL-313) |
| 25 | + * Reference: "K64 Sub-Family Reference Manual, Rev. 2", chapter 34 |
28 | 26 | */ |
29 | 27 |
|
30 | | -#if defined(TARGET_LIKE_CORTEX_M4) |
31 | | - |
32 | | -#include "MK64F12.h" |
33 | | -#include "core_cm4.h" |
34 | | -#include <string.h> |
| 28 | +#include "fsl_clock_manager.h" |
35 | 29 |
|
36 | | -unsigned long hardclock( void ) |
| 30 | +/* |
| 31 | + * Get one byte of entropy from the RNG, assuming it is up and running. |
| 32 | + * As recommended (34.1.1), get only one bit of each output. |
| 33 | + */ |
| 34 | +static void rng_get_byte( unsigned char *byte ) |
37 | 35 | { |
38 | | - static int dwt_started = 0; |
| 36 | + size_t bit; |
39 | 37 |
|
40 | | - if( dwt_started == 0 ) |
| 38 | + /* 34.5 Steps 3-4-5: poll SR and read from OR when ready */ |
| 39 | + for( bit = 0; bit < 8; bit++ ) |
41 | 40 | { |
42 | | - CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk; |
43 | | - DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk; |
| 41 | + while( ( RNG->SR & RNG_SR_OREG_LVL_MASK ) == 0 ); |
| 42 | + *byte |= ( RNG->OR & 1 ) << bit; |
44 | 43 | } |
45 | | - |
46 | | - return( DWT->CYCCNT ); |
47 | 44 | } |
48 | 45 |
|
| 46 | +/* |
| 47 | + * Get len bytes of entropy from the hardware RNG. |
| 48 | + */ |
49 | 49 | int mbedtls_hardware_poll( void *data, |
50 | 50 | unsigned char *output, size_t len, size_t *olen ) |
51 | 51 | { |
52 | | - unsigned long timer = hardclock(); |
| 52 | + size_t i; |
| 53 | + int ret; |
53 | 54 | ((void) data); |
54 | | - *olen = 0; |
55 | 55 |
|
56 | | - if( len < sizeof(unsigned long) ) |
57 | | - return( 0 ); |
| 56 | + CLOCK_SYS_EnableRngaClock( 0 ); |
| 57 | + |
| 58 | + /* Set "Interrupt Mask", "High Assurance" and "Go", |
| 59 | + * unset "Clear interrupt" and "Sleep" */ |
| 60 | + RNG->CR = RNG_CR_INTM_MASK | RNG_CR_HA_MASK | RNG_CR_GO_MASK; |
| 61 | + |
| 62 | + for( i = 0; i < len; i++ ) |
| 63 | + rng_get_byte( output + i ); |
| 64 | + |
| 65 | + /* Just be extra sure that we didn't do it wrong */ |
| 66 | + if( ( RNG->SR & RNG_SR_SECV_MASK ) != 0 ) |
| 67 | + { |
| 68 | + ret = -1; |
| 69 | + goto cleanup; |
| 70 | + } |
| 71 | + |
| 72 | + *olen = len; |
| 73 | + ret = 0; |
58 | 74 |
|
59 | | - memcpy( output, &timer, sizeof(unsigned long) ); |
60 | | - *olen = sizeof(unsigned long); |
| 75 | +cleanup: |
| 76 | + /* Disable clock to save power - assume we're the only users of RNG */ |
| 77 | + CLOCK_SYS_DisableRngaClock( 0 ); |
61 | 78 |
|
62 | | - return( 0 ); |
| 79 | + return( ret ); |
63 | 80 | } |
64 | 81 |
|
65 | 82 | #endif |
0 commit comments