RNG #448
Merged
RNG #448
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
a new humility command has been submitted in oxidecomputer/humility#109 to get entropy from the RNGs |
mx-shift
reviewed
Mar 15, 2022
mx-shift
reviewed
Mar 15, 2022
flihp
force-pushed
the
drv-rng
branch
2 times, most recently
from
1f825c5 to
38be198
Compare
This commit changes the lpc55-rng syscall to fill an arbitrary buffer provided by the caller. This new interface is defined using the IDL. To simplify access to the RNG we add the rng-api library crate that: allows consumers to use the familiar 'getrand' and 'rand::os::OsRng' interfaces to get random bytes from the rng_server task.
Chacha20 rng will be reseeded after a threashold number of bytes. This is currently set to 1 MiB. This is a similar approach to the one taken in rand::rngs::adapter::ReseedingRng but without the std dependency that comes from dealing with process forking.
The RNG has been tested on an h743 & h753.
The RNG hardware is functional on my nucleo h743. This commit is necessary to enable the Rng clock through the sys api.
This driver is compatible with h743 and h753 stm32 variants. It uses the hardware interface described in the ST RM0433 Reference manual, revision 7, section 34. Entropy is taken directly from the hardware RNG and returned to the caller.
This interface allows humility to request a variable number of bytes from the RNG. The number of bytes requested by the caller is passed as a usize on the stack. Hiffy then uses the drv-rng-api crate to fill the provided rval with entropy from the RNG.
timblakely
pushed a commit
to timblakely/hubris
that referenced
this pull request
Apr 27, 2022
* lpc55-rng: Update interface to fill an arbitrary buffer with entropy. This commit changes the lpc55-rng syscall to fill an arbitrary buffer provided by the caller. This new interface is defined using the IDL. To simplify access to the RNG we add the rng-api library crate that: allows consumers to use the familiar 'getrand' and 'rand::os::OsRng' interfaces to get random bytes from the rng_server task. * lpc55-rng: Condition RNG output with reseeding ChaCha20 rng. Chacha20 rng will be reseeded after a threashold number of bytes. This is currently set to 1 MiB. This is a similar approach to the one taken in rand::rngs::adapter::ReseedingRng but without the std dependency that comes from dealing with process forking. * chips: Uncomment offset & size of rng peripheral / registers on stm32h7. The RNG has been tested on an h743 & h753. * stm32h7-startup: Configure RNG to use PLL1 clock for h743 & h753. * stm32xx-sys-api: Add h743 to features gating the Rng Peripheral. The RNG hardware is functional on my nucleo h743. This commit is necessary to enable the Rng clock through the sys api. * drv: Add RNG driver for stm32h7. This driver is compatible with h743 and h753 stm32 variants. It uses the hardware interface described in the ST RM0433 Reference manual, revision 7, section 34. Entropy is taken directly from the hardware RNG and returned to the caller. * hiffy: Add RNG interface. This interface allows humility to request a variable number of bytes from the RNG. The number of bytes requested by the caller is passed as a usize on the stack. Hiffy then uses the drv-rng-api crate to fill the provided rval with entropy from the RNG.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR creates a common API crate for using RNGs on Hubris. The interfaces is defined using the IDL. It's a single function that takes a byte slice from the caller and fills it with entropy from the RNG. The API crate wraps this new API in the RngCore trait from rand_core & exposes a custom 'getrandom' implementation for convenience.
The Lpc55 RNG driver to is updated to support this new interface and its output is conditioned through a ChaCha20 CPRNG that is reseeded from the RNG hardware every 1MiB output to clients. We do this because this part is not validated against any standard statistical tests by NXP (section 48.15.2 from UM11126 rev 2.4). NOTE: The chi^2 test for the Lpc55 has been removed because it keeps getting wedged.
A driver for the RNG on the stm32h743 & h753 are added as well. According to STM this hardware RNG is certified against BSI AIS-31 statistical tests and so we return entropy from the hardware directly to the caller.
Finally we add a function to hiffy to allow humility to interact with the RNG drivers.