dev_random: initial import of a high-level hwnrg API #5153
Conversation
miri64
added
Type: new feature
|
This new feature requires more discussion, as other related PRs about RNG. Postponed. |
|
I'd like to have some input. Especially e.g. from @kaspar030. |
miri64
force-pushed
the
dev_random/api/initial
branch
2 times, most recently
from
7e26747 to
983a3d2
Compare
miri64
added
the
State: waiting for other PR
miri64
force-pushed
the
dev_random/api/initial
branch
3 times, most recently
from
22e1ab5 to
fcb7e85
Compare
|
Why did you choose to use function macros? |
|
To be perfectly honest... I'm not sure anymore :-/. I guess to make absolutely clear that these just wrap around some kind of hardware access. But I'm fine with changing it to inline functions, if that is better suited. |
|
Moved to a inline function based API. |
|
Added config for |
miri64
force-pushed
the
dev_random/api/initial
branch
from
47b924f to
ed98b73
Compare
|
Rebased and squashed. |
miri64
removed
the
State: waiting for other PR
|
(#4989 was merged) |
miri64
force-pushed
the
dev_random/api/initial
branch
from
ed98b73 to
92e2c50
Compare
miri64
added
the
Community: Hack'n'ACK candidate
|
Prepared for review tomorrow ;-) |
|
Will there be some Makefile flag, to make a project depend onto the availability of a random source? I mean somethin like we have now in |
miri64
added
the
CI: ready for build
@mtausig the randomness source would be chosen by the board's configuration as I already prepared it for the boards it applies for. We can make this configurable, but I don't see the use case right now. |
|
On Die, 2016-10-04 at 09:33 -0700, Martine Lenders wrote:
You have misunderstood me. I do not want to make the random source configurable, |
I both misunderstood and was confused about the context, because I actually thought we talked about |
I've seen that. But for security relevant code, I'd rather not use random numbers at all, before using /dev/zero as an entropy source. |
|
Fixes #2264 |
| hwrng_read(buf, (unsigned int)num); | ||
| #elif DEV_RANDOM_SRC == DEV_RANDOM_SRC_PERIPH_ADC | ||
| for (unsigned i = 0; i < num * 8; i++) { | ||
| bf_set(buf, adc_sample(DEV_RANDOM_ADC, ADC_RES_16BIT) & 0x1); |
There was a problem hiding this comment.
Have you tested this code? In my understanding it sets the second bit of the first byte of the buffer. More than one byte isn't written to buffer and when my buffer content is 0xff i get back 0xff.
Please test your results http://www.fdk.com/cyber-e/pdf/HM-RAE103.pdf there is a command "rngtest" available in many Linux distribution.
I have tested reading a floating pin on a nRF52 and nRF51. On a Floating nRF52 pin the FIPS test was successful. On a nRF51 i have a 100% fail of FIPS 140-2. For inspiration take a look at https://github.com/infomaniac50/Random/blob/master/Random.cpp
There was a problem hiding this comment.
Instead of bf_set I think its better use XOR here. So it doesn't matter what value are initially stored. You can do multiple ADC reads for a single bit to compensate bad randomness.
There was a problem hiding this comment.
No I wasn't able to test, yet. I don't have the hardware for that :-/
| #elif DEV_RANDOM_SRC == DEV_RANDOM_SRC_AT86RF2XX | ||
| at86rf2xx_get_random(dev_random_at86rf2xx, buf, num); | ||
| #else | ||
| memset(buf, 0, num); |
There was a problem hiding this comment.
This is very dangerous. What is, when someone using this random function without reviewing all code line by line on a platform without HWRNG and ADC for AES key generation in a commercial product?
Whats about letting compilation fail?
There was a problem hiding this comment.
Yes, I wanted to change this.
|
When using ADC as source, this code needs a check if the data is random. Otherwise if someone has access to a Board he can force generating 0 as random data by connecting the RNG pin to GND. This can used to easily attack cryptographic operations. |
|
@miri64 I think we need to get back to the drawing board. This PR's solution leaves some important things open. |
|
I think getting random data should use more then one source when no HWRNG is available or it is not trust-able. |
Well, at least we are getting there... ;-) |
|
I won't find time to fix the issues in this PR for the release. |
|
Improved on ADC implementation and also removed NULL randomness source. Problem now is that the build will fail, if there is no device supplied. |
|
Okay, after thinking about it (and watching a lot of talks about randomness at 33C3), I agree with @kaspar030: back to the drawing board. |
A shot at fixing #5150 (name up to discussion).
This modules requires the board to define a randomness source
DEV_RANDOM_SRCin itsboard.h(DEV_RANDOM_SRC_PERIPH_HWRNG, i.e.periph_hwrngis the default). Since this module is purely macro-based it is easy to override for otherDEV_RANDOM_SRCcases (e.g. the functionality in #4989). I added the ADC as another example.Depending on #4989.