CM3DS Maintenance Pull Request: TRNG support (3/4) #6169
Conversation
|
ARM Internal Ref: IOTSSL-2109 |
|
Seems fine to me as long as the source project is left asis, similar to how we include external libraries as well. Apache 2.0 is fine. For reference: https://os.mbed.com/docs/latest/reference/guidelines.html#license Or are you referring to the files in targets/TARGET_ARM_SSG/TARGET_CM3DS_MPS2/device/drivers/TZ-TRNG/host/* ? |
I believe so, that is 3rd library in this pull request. Looks good to me as it is @hug-dev Please can you rebase? |
Yes, I made sure to leave the project as it is, I had to make a pull request (ARM-software/TZ-TRNG#8) to the project to make it work with mbed-os.
Yes sure, I am going to do it. |
|
Just rebased to latest master. |
| } | ||
|
|
||
| /* zeroe the rnd buff */ | ||
| tztrng_memset((uint8_t *)rndWorkBuff, 0, CC_RND_WORK_BUFFER_SIZE_WORDS * sizeof(uint32_t)); |
There was a problem hiding this comment.
Consider using sizeof( rndWorkBuff ) instead here.
| } | ||
|
|
||
| /* try to reduce the memcpy */ | ||
| if (requireBytes < (int)sourceOutSizeBytes) |
There was a problem hiding this comment.
Strictly speaking, this is a dangerous cast - if LLF_RND_GetTrngSource is compromised and sets sourceOutSizeBytes to a value above MAX_INT, then (int) sourceOutSizeBytes may be negative, and the resulting else branch performs - which uses sourceOutSizeBytes as a uint32_t - performs a fauly memcpy.
|
Thanks @hanno-arm for your review. I agree with both of them. As it has been said before, the What do you think about that? |
Sounds good 👍 @hanno-arm @mazimkhan Anything blocking that should take priority to go upstream? |
| if (requireBytes < (int)sourceOutSizeBytes) | ||
| tztrng_memcpy(outAddr, (uint8_t *)rndSrc_ptr, requireBytes); | ||
| else | ||
| tztrng_memcpy(outAddr, (uint8_t *)rndSrc_ptr, sourceOutSizeBytes); |
There was a problem hiding this comment.
rndSrc_ptr should also be scrubbed otherwise we are leaking entropy on stack.
There was a problem hiding this comment.
If rndSrc_ptr is from rndWorkBuff then please clear rndWorkBuff.
There was a problem hiding this comment.
I am not sure to understand well: do you want me to write requireBytes or sourceOutSizeBytes zeroes at rndStr_ptr address location after the memcpy call? Also, should I do it for every iteration of the while loop or just once at the end?
There was a problem hiding this comment.
Sorry for my question, I understood what you meant. I will send my pull-request soon.
There was a problem hiding this comment.
No worries. Sorry for late reply. Yes I meant:
write requireBytes or sourceOutSizeBytes zeroes at rndStr_ptr address location after the memcpy call
The (int) cast of sourceOutSizeBytes could result in a negative value if this variable is bigger than INT_MAX which can lead to a faulty memcpy. Two other changes have been done on the same function: * use sizeof on the array to have its size in bytes directly * clear the rndWorkBuff array to not leak entropy on the stack The change here proposed are a result of the review of the TZ-TRNG driver integrated into CM3DS port on mbed OS. It has been reviewed in the pull request ARMmbed/mbed-os#6169 Change-Id: Ifdfa8ac854365989723239d382f12f42648429f1 Signed-off-by: Hugues de Valon <[email protected]>
The (int) cast of sourceOutSizeBytes could result in a negative value if this variable is bigger than INT_MAX which can lead to a faulty memcpy. Two other changes have been done on the same function: * use sizeof on the array to have its size in bytes directly * clear the rndWorkBuff array to not leak entropy on the stack The change here proposed are a result of the review of the TZ-TRNG driver integrated into CM3DS port on mbed OS. It has been reviewed in the pull request ARMmbed/mbed-os#6169 Signed-off-by: Hugues de Valon <[email protected]>
|
The pull request ARM-software/TZ-TRNG#9 has been added! |
|
@hanno-arm @mazimkhan @0xc0170 Are y'all please with the updated commit? |
| * @param output_length The length of generated data | ||
| * @return 0 success, -1 fail | ||
| */ | ||
| int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *output_length) |
There was a problem hiding this comment.
Why are we including here doxygen (they are from header file copy paste?) ? If yes, we shall remove them. If there is another info that should be added here, could do via own implementation comments.
There was a problem hiding this comment.
They are indeed copied from the header file. I am going to remove them.
This patchs adds TRNG support using the upstreamed, open-source, TZ-TRNG driver. It also implements the HAL for TRNG and add it in features. The mbed-os.py script deletes files that are unused by mbed-os. Change-Id: Idf8eefd809f00d40e0ad3cf7657f2a8c2eca3505 Signed-off-by: Hugues de Valon <[email protected]>
|
I have just pushed an updated commit. It contains all the modifications previously done and, instead of adding a |
There was a problem hiding this comment.
The TRNG code in trng_api.c looks fine to me. As I understand @0xc0170, a review of the underlying CC driver code is not needed here.
|
/morph build |
Build : SUCCESSBuild number : 1701 Triggering tests/morph test |
Exporter Build : SUCCESSBuild number : 1335 |
Test : FAILUREBuild number : 1491 |
|
I may be wrong but it seems that tests that failed are not related with this PR (as the files changed may not even be compiled in the tests). It is maybe that I am using an old Mbed OS version, if that is the case I can rebase this pull request. |
|
/morph test |
Test : FAILUREBuild number : 1503 |
|
Looks like failure on a different un-related platform.. |
|
That is correct, the target needs to be looked at , not related. I've just commented in another 3 PR with the same problem |
|
/morph test |
Test : SUCCESSBuild number : 1523 |
cmonr
added
release-version: 5.9.0-rc1
release-version: 5.8.3
and removed
ready for merge
release-version: 5.9.0-rc1
labels
This commit updates the way this driver is integrated in Mbed OS. It adds a Python script, mbed-os.py that deletes some files to use the driver in 800-90B TRNG mode. It also updates the README.md with the new instructions. The pull request ARMmbed/mbed-os#6169 was merged in Mbed OS using this new way. Signed-off-by: Hugues de Valon <[email protected]>
This pull request brings TRNG support to the CM3DS target.
It is the pull request 3 among the 4 concerning CM3DS Maintenance. Please check #6119 for the full scope.
Other pull requests regarding this target: