1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/*
* This file is part of the MicroPython project, http://micropython.org/
*
* The MIT License (MIT)
*
* Copyright (c) 2021 Scott Shawcroft for Adafruit Industries
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include "genhdr/mpversion.h"
#include "py/mpconfig.h"
#include "py/objstr.h"
#include "py/objtuple.h"
#include "py/qstr.h"
#include "shared-bindings/os/__init__.h"
#include "lib/crypto-algorithms/sha256.h"
#include "hardware/structs/rosc.h"
#include <string.h>
STATIC const qstr os_uname_info_fields[] = {
MP_QSTR_sysname, MP_QSTR_nodename,
MP_QSTR_release, MP_QSTR_version, MP_QSTR_machine
};
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_sysname_obj, "rp2040");
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_nodename_obj, "rp2040");
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_release_obj, MICROPY_VERSION_STRING);
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_version_obj, MICROPY_GIT_TAG " on " MICROPY_BUILD_DATE);
STATIC const MP_DEFINE_STR_OBJ(os_uname_info_machine_obj, MICROPY_HW_BOARD_NAME " with " MICROPY_HW_MCU_NAME);
STATIC MP_DEFINE_ATTRTUPLE(
os_uname_info_obj,
os_uname_info_fields,
5,
(mp_obj_t)&os_uname_info_sysname_obj,
(mp_obj_t)&os_uname_info_nodename_obj,
(mp_obj_t)&os_uname_info_release_obj,
(mp_obj_t)&os_uname_info_version_obj,
(mp_obj_t)&os_uname_info_machine_obj
);
mp_obj_t common_hal_os_uname(void) {
return (mp_obj_t)&os_uname_info_obj;
}
// NIST Special Publication 800-90B (draft) recommends several extractors,
// including the SHA hash family and states that if the amount of entropy input
// is twice the number of bits output from them, that output can be considered
// essentially fully random. If every RANDOM_SAFETY_MARGIN bits from
// `rosc_hw->randombit` have at least 1 bit of entropy, then this criterion is met.
//
// This works by seeding the `random_state` with plenty of random bits (SHA256
// as entropy harvesting function), then using that state it as a counter input
// (SHA256 as a CSPRNG), re-seeding at least every 256 blocks (8kB).
//
// In practice, `PractRand` doesn't detect any gross problems with the output
// random numbers on samples of 1 to 8 megabytes, no matter the setting of
// RANDOM_SAFETY_MARGIN. (it does detect "unusual" results from time to time,
// as it will with any RNG)
#define RANDOM_SAFETY_MARGIN (4)
static BYTE random_state[SHA256_BLOCK_SIZE];
static void seed_random_bits(BYTE out[SHA256_BLOCK_SIZE]) {
CRYAL_SHA256_CTX context;
sha256_init(&context);
for (int i = 0; i < 2 * RANDOM_SAFETY_MARGIN; i++) {
for (int j = 0; j < SHA256_BLOCK_SIZE; j++) {
out[j] = rosc_hw->randombit & 1;
for (int k = 0; k < 8; k++) {
out[j] = (out[j] << 1) ^ (rosc_hw->randombit & 1);
}
}
sha256_update(&context, out, SHA256_BLOCK_SIZE);
}
sha256_final(&context, out);
}
static void get_random_bits(BYTE out[SHA256_BLOCK_SIZE]) {
if (!random_state[0]++) {
seed_random_bits(random_state);
}
CRYAL_SHA256_CTX context;
sha256_init(&context);
sha256_update(&context, random_state, SHA256_BLOCK_SIZE);
sha256_final(&context, out);
}
bool common_hal_os_urandom(uint8_t *buffer, mp_uint_t length) {
#define ROSC_POWER_SAVE (1) // assume ROSC is not necessarily active all the time
#if ROSC_POWER_SAVE
uint32_t old_rosc_ctrl = rosc_hw->ctrl;
rosc_hw->ctrl = (old_rosc_ctrl & ~ROSC_CTRL_ENABLE_BITS) | (ROSC_CTRL_ENABLE_VALUE_ENABLE << 12);
#endif
while (length) {
size_t n = MIN(length, SHA256_BLOCK_SIZE);
BYTE sha_buf[SHA256_BLOCK_SIZE];
get_random_bits(sha_buf);
memcpy(buffer, sha_buf, n);
buffer += n;
length -= n;
}
#if ROSC_POWER_SAVE
rosc_hw->ctrl = old_rosc_ctrl;
#endif
return true;
}
|
