From 18381f88fe796c07d01a7912aec93027ed845bf1 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 18 Sep 2015 15:12:09 +1000 Subject: [PATCH] mbedTLS: Add ESP8266 hardware entropy source discovered by @foogod Addresses #3, provided turns out to be an effective HWRNG. --- core/include/esp/wdev_regs.h | 44 +++++++++++++++++++++++++ extras/mbedtls/hardware_entropy.c | 27 +++++++++++++++ extras/mbedtls/include/mbedtls/config.h | 8 +++-- 3 files changed, 76 insertions(+), 3 deletions(-) create mode 100644 core/include/esp/wdev_regs.h create mode 100644 extras/mbedtls/hardware_entropy.c diff --git a/core/include/esp/wdev_regs.h b/core/include/esp/wdev_regs.h new file mode 100644 index 0000000..bc7d54b --- /dev/null +++ b/core/include/esp/wdev_regs.h @@ -0,0 +1,44 @@ +/* esp/dport_regs.h + * + * ESP8266 WDEV register definitions + * + * In the DPORT memory space, alongside DPORT regs. However mostly + * concerned with the WiFi hardware interface. + * + * Not well understood at all, 100% figured out via reverse engineering. + */ + +#ifndef _ESP_WDEV__REGS_H +#define _ESP_WDEV__REGS_H + +#include "esp/types.h" +#include "common_macros.h" + +#define WDEV_BASE 0x3ff20e00 +#define WDEV (*(struct WDEV_REGS *)(WDEV_BASE)) + +/* WDEV registers +*/ + +struct WDEV_REGS { + uint32_t volatile _unknown00; // 0x00 + uint32_t volatile _unknown04; // 0x04 + uint32_t volatile _unknown08; // 0x08 + uint32_t volatile _unknown0c; // 0x0c + uint32_t volatile _unknown10; // 0x10 + uint32_t volatile _unknown14; // 0x14 + uint32_t volatile _unknown18; // 0x18 + uint32_t volatile _unknown1c; // 0x1c + uint32_t volatile _unknown20; // 0x20 + uint32_t volatile _unknown24; // 0x24 + uint32_t volatile _unknown28; // 0x28 + uint32_t volatile _unknown2c; // 0x2c + uint32_t volatile _unknown30; // 0x30 + uint32_t volatile _unknown34; // 0x34 + uint32_t volatile _unknown38; // 0x38 + uint32_t volatile _unknown3c; // 0x3c + uint32_t volatile _unknown40; // 0x40 + uint32_t volatile HWRNG; // 0x44 Appears to be HW RNG, see https://github.com/SuperHouse/esp-open-rtos/issues/3#issuecomment-139453094 +}; + +#endif diff --git a/extras/mbedtls/hardware_entropy.c b/extras/mbedtls/hardware_entropy.c new file mode 100644 index 0000000..85dd00d --- /dev/null +++ b/extras/mbedtls/hardware_entropy.c @@ -0,0 +1,27 @@ +/* ESP8266 "Hardware RNG" (validity still being confirmed) support for ESP8266 + * + * Based on research done by @foogod. + * + * Please don't rely on this too much as an entropy source, quite yet... + * + * Part of esp-open-rtos + * Copyright (C) 2015 Angus Gratton + * BSD Licensed as described in the file LICENSE + */ +#include +#include +#include + +int mbedtls_hardware_poll( void *data, + unsigned char *output, size_t len, size_t *olen ) +{ + (void)(data); + for(int i = 0; i < len; i+=4) { + uint32_t random = WDEV.HWRNG; + /* using memcpy here in case output is unaligned */ + memcpy(output + i, &random, (i+4 <= len) ? 4 : (len % 4)); + } + if(olen) + *olen = len; + return 0; +} diff --git a/extras/mbedtls/include/mbedtls/config.h b/extras/mbedtls/include/mbedtls/config.h index 903006d..54ce5be 100644 --- a/extras/mbedtls/include/mbedtls/config.h +++ b/extras/mbedtls/include/mbedtls/config.h @@ -289,7 +289,8 @@ * * Uncomment to use your own hardware entropy collector. */ -//#define MBEDTLS_ENTROPY_HARDWARE_ALT +/* hardware RNG interface provided in hardware_entropy.c */ +#define MBEDTLS_ENTROPY_HARDWARE_ALT /** * \def MBEDTLS_AES_ROM_TABLES @@ -777,7 +778,7 @@ * This option is only useful if both MBEDTLS_SHA256_C and * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. */ -//#define MBEDTLS_ENTROPY_FORCE_SHA256 +#define MBEDTLS_ENTROPY_FORCE_SHA256 /** * \def MBEDTLS_MEMORY_DEBUG @@ -2350,7 +2351,8 @@ /* CTR_DRBG options */ //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +/* this is normally 10x higher, but reseeding seems quite inexpensive on esp8266 */ +#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 1000 /**< Interval before reseed is performed by default */ //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */