NUVOTON: Re-implement TRNG HAL with TRNG H/W

Targets supporting TRNG H/W:

-   NU_PFM_M2351_*
-   NUMAKER_IOT_M263A

Author: ccli8

targets/TARGET_NUVOTON/TARGET_M2351/PeripheralNames.h

@@ -328,6 +328,15 @@ typedef enum {
 
 } CANName;
 
+typedef enum {
+#if defined(SCU_INIT_PNSSET5_VAL) && (SCU_INIT_PNSSET5_VAL & (1 << 25))
+    TRNG_0 = (int) NU_MODNAME(TRNG_BASE + NS_OFFSET, 0, 0)
+#else
+    TRNG_0 = (int) NU_MODNAME(TRNG_BASE, 0, 0)
+#endif
+
+} TRNGName;
+
 #ifdef __cplusplus
 }
 #endif

targets/TARGET_NUVOTON/TARGET_M2351/crypto/crypto-misc.cpp

@@ -27,7 +27,7 @@
 #include "platform/SingletonPtr.h"
 #include "platform/PlatformMutex.h"
 
-#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
+#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
 
 /* Consideration for choosing proper synchronization mechanism
  *
@@ -345,4 +345,4 @@ extern "C" void CRPT_IRQHandler()
     }
 }
 
-#endif /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
+#endif /* #if defined(MBEDTLS_CONFIG_HW_SUPPORT) */

targets/TARGET_NUVOTON/TARGET_M2351/crypto/crypto-misc.h

@@ -24,24 +24,23 @@
  *
  * There's only one CRYPTO/CRPT module and we have the following policy for configuring its secure attribute:
  *
- * 1. TRNG or mbedtls H/W support can be enabled on either secure target or non-secure target, but not both.
- * 2. TRNG and mbedtls H/W supports cannot be enabled on different targets.
- * 3. On secure target, if TRNG or mbedtls H/W support is enabled, CRYPTO/CRPT must configure to secure.
- * 4. On non-secure target, if TRNG or mbedtls H/W support is enabled, CRYPTO/CRPT must configure to non-secure.
+ * 1. mbedtls H/W support can be enabled on either secure target or non-secure target, but not both.
+ * 2. On secure target, if mbedtls H/W support is enabled, CRYPTO/CRPT must configure to secure.
+ * 3. On non-secure target, if mbedtls H/W support is enabled, CRYPTO/CRPT must configure to non-secure.
  */
-#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
+#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
     #if defined(__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
         #if defined(SCU_INIT_PNSSET1_VAL) && (SCU_INIT_PNSSET1_VAL & (1 << 18))
-            #error("CRYPTO/CRPT must configure to secure for secure target which supports TRNG or mbedtls H/W")
+            #error("CRYPTO/CRPT must configure to secure for secure target which supports mbedtls H/W")
         #endif
     #else
         #if (! defined(SCU_INIT_PNSSET1_VAL)) || (! (SCU_INIT_PNSSET1_VAL & (1 << 18)))
-            #error("CRYPTO/CRPT must configure to non-secure for non-secure target which supports TRNG or mbedtls H/W")
+            #error("CRYPTO/CRPT must configure to non-secure for non-secure target which supports mbedtls H/W")
         #endif
     #endif
 #endif
 
-#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
+#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
 
 #ifdef __cplusplus
 extern "C" {
@@ -132,6 +131,6 @@ bool crypto_dma_buffs_overlap(const void *in_buff, size_t in_buff_size, const vo
 }
 #endif
 
-#endif  /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
+#endif  /* defined(MBEDTLS_CONFIG_HW_SUPPORT) */
 
 #endif

targets/TARGET_NUVOTON/TARGET_M2351/hal_secure.h

@@ -72,6 +72,30 @@ int64_t rtc_read_s(void);
 __NONSECURE_ENTRY
 void rtc_write_s(int64_t t);
 
+/* trng_init (secure version)
+ *
+ * Its synopsis is the same as normal version except change of return/argument type for
+ * binary-compatible across compilers.
+ */
+__NONSECURE_ENTRY
+void trng_init_s(void *obj);
+
+/* trng_free (secure version)
+ *
+ * Its synopsis is the same as normal version except change of return/argument type for
+ * binary-compatible across compilers.
+ */
+__NONSECURE_ENTRY
+void trng_free_s(void *obj);
+
+/* trng_get_bytes (secure version)
+ *
+ * Its synopsis is the same as normal version except change of return/argument type for
+ * binary-compatible across compilers.
+ */
+__NONSECURE_ENTRY
+int32_t trng_get_bytes_s(void *obj, uint8_t *output, uint32_t length, uint32_t *output_length);
+
 #ifdef __cplusplus
 }
 #endif

targets/TARGET_NUVOTON/TARGET_M2351/trng_api.c

@@ -0,0 +1,157 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2017-2018 Nuvoton
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if DEVICE_TRNG
+
+#include "cmsis.h"
+#include <limits.h>
+#include "crypto-misc.h"
+#include "hal/trng_api.h"
+#include "platform/mbed_toolchain.h"
+#include "platform/mbed_critical.h"
+#include "platform/mbed_error.h"
+#include "platform/SingletonPtr.h"
+#include "platform/PlatformMutex.h"
+#include "nu_modutil.h"
+#include "hal_secure.h"
+#include "partition_M2351.h"
+
+#if defined(SCU_INIT_PNSSET5_VAL) && (SCU_INIT_PNSSET5_VAL & (1 << 25))
+#error("We just support secure TRNG")
+#endif
+
+#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3L)
+
+/* Module init definition: modname, clkidx, clksrc, clkdiv, rstidx, irqnum, misc */
+static const struct nu_modinit_s trng_modinit = {TRNG_0, TRNG_MODULE, 0, 0, TRNG_RST, TRNG_IRQn, NULL};
+
+/* TRNG init counter. TRNG is kept active as it is non-zero. */
+static uint16_t trng_init_counter = 0U;
+
+/* Mutex for synchronizing access to TRNG H/W */
+static SingletonPtr<PlatformMutex> trng_mutex;
+
+#endif
+
+void trng_init(trng_t *obj)
+{
+    trng_init_s(obj);
+}
+
+void trng_free(trng_t *obj)
+{
+    trng_free_s(obj);
+}
+
+int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *output_length)
+{
+    uint32_t output_length_;
+    int32_t rc = trng_get_bytes_s(obj, output, (uint32_t) length, &output_length_);
+    if (output_length) {
+        *output_length = output_length_;
+    }
+    return rc;
+}
+
+#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
+
+__NONSECURE_ENTRY
+extern "C"
+void trng_init_s(MBED_UNUSED void *obj)
+{
+    core_util_critical_section_enter();
+    if (trng_init_counter == USHRT_MAX) {
+        core_util_critical_section_exit();
+        MBED_ERROR(MBED_MAKE_ERROR(MBED_MODULE_HAL, MBED_ERROR_CODE_OVERFLOW), \
+                   "TRNG initialization counter would overflow");
+    }
+    core_util_atomic_incr_u16(&trng_init_counter, 1);
+    if (trng_init_counter == 1) {
+        /* Enable IP clock (secure version) */
+        CLK_EnableModuleClock_S(trng_modinit.clkidx);
+
+        /* Reset IP (secure version) */
+        SYS_ResetModule_S(trng_modinit.rsetidx);
+
+        TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
+
+        trng_base->ACT |= TRNG_ACT_ACT_Msk;
+        while (!(trng_base->CTL & TRNG_CTL_READY_Msk));
+    }
+    core_util_critical_section_exit();
+}
+
+__NONSECURE_ENTRY
+extern "C"
+void trng_free_s(MBED_UNUSED void *obj)
+{
+    core_util_critical_section_enter();
+    if (trng_init_counter == 0) {
+        core_util_critical_section_exit();
+        MBED_ERROR(MBED_MAKE_ERROR(MBED_MODULE_HAL, MBED_ERROR_CODE_UNDERFLOW), \
+                   "TRNG initialization counter would underflow");
+    }
+    core_util_atomic_decr_u16(&trng_init_counter, 1);
+    if (trng_init_counter == 0) {
+        TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
+
+        trng_base->ACT &= ~TRNG_ACT_ACT_Msk;
+
+        /* Disable IP clock (secure version) */
+        CLK_DisableModuleClock_S(trng_modinit.clkidx);
+    }
+    core_util_critical_section_exit();
+}
+
+__NONSECURE_ENTRY
+extern "C"
+int32_t trng_get_bytes_s(MBED_UNUSED void *obj, uint8_t *output, uint32_t length, uint32_t *output_length)
+{
+    /* Check augument validity */
+    if (!output && length) {
+        return -1;
+    }
+
+    uint8_t *output_ind = output;
+    uint8_t *output_end = output + length;
+
+    /* Don't check return code of Mutex::lock(void)
+     *
+     * This function treats RTOS errors as fatal system errors, so it can only return osOK.
+     * Use of the return value is deprecated, as the return is expected to become void in
+     * the future.
+     */
+    trng_mutex->lock();
+
+    TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
+
+    for (; output_ind != output_end; output_ind ++) {
+        trng_base->CTL |= TRNG_CTL_TRNGEN_Msk;
+        while (!(trng_base->CTL & TRNG_CTL_DVIF_Msk));
+        *output_ind = trng_base->DATA & 0xff;
+    }
+
+    trng_mutex->unlock();
+
+    if (output_length) {
+        *output_length = length;
+    }
+
+    return 0;
+}
+
+#endif
+#endif

targets/TARGET_NUVOTON/TARGET_M2351/trng_api.cpp

@@ -144,6 +144,11 @@ typedef enum {
 
 } CANName;
 
+typedef enum {
+    TRNG_0 = (int) NU_MODNAME(TRNG_BASE, 0, 0)
+
+} TRNGName;
+
 #ifdef __cplusplus
 }
 #endif

targets/TARGET_NUVOTON/TARGET_M261/PeripheralNames.h

@@ -27,7 +27,7 @@
 #include "platform/SingletonPtr.h"
 #include "platform/PlatformMutex.h"
 
-#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
+#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
 
 /* Consideration for choosing proper synchronization mechanism
  *
@@ -342,4 +342,4 @@ extern "C" void CRPT_IRQHandler()
     }
 }
 
-#endif /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
+#endif /* #if defined(MBEDTLS_CONFIG_HW_SUPPORT) */

targets/TARGET_NUVOTON/TARGET_M261/crypto/crypto-misc.cpp

@@ -21,7 +21,7 @@
 #include <stdbool.h>
 
 
-#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
+#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
 
 #ifdef __cplusplus
 extern "C" {
@@ -108,6 +108,6 @@ bool crypto_dma_buffs_overlap(const void *in_buff, size_t in_buff_size, const vo
 }
 #endif
 
-#endif  /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
+#endif  /* #if defined(MBEDTLS_CONFIG_HW_SUPPORT) */
 
 #endif