ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

NUVOTON: Re-implement TRNG HAL with TRNG H/W 

Targets supporting TRNG H/W:

-   NU_PFM_M2351_*
-   NUMAKER_IOT_M263A
pull/11650/head
Chun-Chieh Li 2019-10-01 17:34:20 +08:00
parent 3f9ba9e61f
commit 4cd0332ada
12 changed files with 298 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
targets/TARGET_NUVOTON/TARGET_M2351/PeripheralNames.h
View File

@ -328,6 +328,15 @@ typedef enum {
} CANName;
typedef enum {
#if defined(SCU_INIT_PNSSET5_VAL) && (SCU_INIT_PNSSET5_VAL & (1 << 25))
TRNG_0 = (int) NU_MODNAME(TRNG_BASE + NS_OFFSET, 0, 0)
#else
TRNG_0 = (int) NU_MODNAME(TRNG_BASE, 0, 0)
#endif
} TRNGName;
#ifdef __cplusplus
}
#endif

4
targets/TARGET_NUVOTON/TARGET_M2351/crypto/crypto-misc.cpp
View File

@ -27,7 +27,7 @@
#include "platform/SingletonPtr.h"
#include "platform/PlatformMutex.h"
#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
/* Consideration for choosing proper synchronization mechanism
*
@ -345,4 +345,4 @@ extern "C" void CRPT_IRQHandler()
}
}
#endif /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
#endif /* #if defined(MBEDTLS_CONFIG_HW_SUPPORT) */

17
targets/TARGET_NUVOTON/TARGET_M2351/crypto/crypto-misc.h
View File

@ -24,24 +24,23 @@
*
* There's only one CRYPTO/CRPT module and we have the following policy for configuring its secure attribute:
*
* 1. TRNG or mbedtls H/W support can be enabled on either secure target or non-secure target, but not both.
* 2. TRNG and mbedtls H/W supports cannot be enabled on different targets.
* 3. On secure target, if TRNG or mbedtls H/W support is enabled, CRYPTO/CRPT must configure to secure.
* 4. On non-secure target, if TRNG or mbedtls H/W support is enabled, CRYPTO/CRPT must configure to non-secure.
* 1. mbedtls H/W support can be enabled on either secure target or non-secure target, but not both.
* 2. On secure target, if mbedtls H/W support is enabled, CRYPTO/CRPT must configure to secure.
* 3. On non-secure target, if mbedtls H/W support is enabled, CRYPTO/CRPT must configure to non-secure.
*/
#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
#if defined(__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
#if defined(SCU_INIT_PNSSET1_VAL) && (SCU_INIT_PNSSET1_VAL & (1 << 18))
#error("CRYPTO/CRPT must configure to secure for secure target which supports TRNG or mbedtls H/W")
#error("CRYPTO/CRPT must configure to secure for secure target which supports mbedtls H/W")
#endif
#else
#if (! defined(SCU_INIT_PNSSET1_VAL)) || (! (SCU_INIT_PNSSET1_VAL & (1 << 18)))
#error("CRYPTO/CRPT must configure to non-secure for non-secure target which supports TRNG or mbedtls H/W")
#error("CRYPTO/CRPT must configure to non-secure for non-secure target which supports mbedtls H/W")
#endif
#endif
#endif
#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
#ifdef __cplusplus
extern "C" {
@ -132,6 +131,6 @@ bool crypto_dma_buffs_overlap(const void *in_buff, size_t in_buff_size, const vo
}
#endif
#endif /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
#endif /* defined(MBEDTLS_CONFIG_HW_SUPPORT) */
#endif

24
targets/TARGET_NUVOTON/TARGET_M2351/hal_secure.h
View File

@ -72,6 +72,30 @@ int64_t rtc_read_s(void);
__NONSECURE_ENTRY
void rtc_write_s(int64_t t);
/* trng_init (secure version)
*
* Its synopsis is the same as normal version except change of return/argument type for
* binary-compatible across compilers.
*/
__NONSECURE_ENTRY
void trng_init_s(void *obj);
/* trng_free (secure version)
*
* Its synopsis is the same as normal version except change of return/argument type for
* binary-compatible across compilers.
*/
__NONSECURE_ENTRY
void trng_free_s(void *obj);
/* trng_get_bytes (secure version)
*
* Its synopsis is the same as normal version except change of return/argument type for
* binary-compatible across compilers.
*/
__NONSECURE_ENTRY
int32_t trng_get_bytes_s(void *obj, uint8_t *output, uint32_t length, uint32_t *output_length);
#ifdef __cplusplus
}
#endif

89
targets/TARGET_NUVOTON/TARGET_M2351/trng_api.c
View File

@ -1,89 +0,0 @@
/* mbed Microcontroller Library
* Copyright (c) 2017-2018 Nuvoton
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if DEVICE_TRNG
#include <stdlib.h>
#include <string.h>
#include "cmsis.h"
#include "us_ticker_api.h"
#include "trng_api.h"
#include "crypto-misc.h"
/*
* Get Random number generator.
*/
#define PRNG_KEY_SIZE (0x20UL)
static void trng_get(unsigned char *pConversionData)
{
uint32_t *p32ConversionData;
p32ConversionData = (uint32_t *)pConversionData;
PRNG_Open(CRYPTO_MODBASE(), PRNG_KEY_SIZE_256, 1, us_ticker_read());
crypto_prng_prestart();
PRNG_Start(CRYPTO_MODBASE());
crypto_prng_wait();
PRNG_Read(CRYPTO_MODBASE(), p32ConversionData);
}
void trng_init(trng_t *obj)
{
(void)obj;
/* Init crypto module */
crypto_init();
PRNG_ENABLE_INT(CRYPTO_MODBASE());
}
void trng_free(trng_t *obj)
{
(void)obj;
PRNG_DISABLE_INT(CRYPTO_MODBASE());
/* Uninit crypto module */
crypto_uninit();
}
int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *output_length)
{
(void)obj;
unsigned char tmpBuff[PRNG_KEY_SIZE];
size_t cur_length = 0;
while (length >= sizeof(tmpBuff)) {
trng_get(output);
output += sizeof(tmpBuff);
cur_length += sizeof(tmpBuff);
length -= sizeof(tmpBuff);
}
if (length > 0) {
trng_get(tmpBuff);
memcpy(output, tmpBuff, length);
cur_length += length;
crypto_zeroize(tmpBuff, sizeof(tmpBuff));
}
*output_length = cur_length;
return 0;
}
#endif

142
targets/TARGET_NUVOTON/TARGET_M2351/trng_api.cpp Normal file
View File

@ -0,0 +1,142 @@
/* mbed Microcontroller Library
* Copyright (c) 2017-2018 Nuvoton
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if DEVICE_TRNG
#include "cmsis.h"
#include <limits.h>
#include "crypto-misc.h"
#include "hal/trng_api.h"
#include "platform/mbed_toolchain.h"
#include "platform/mbed_critical.h"
#include "platform/mbed_error.h"
#include "nu_modutil.h"
#include "hal_secure.h"
#include "partition_M2351.h"
#if defined(SCU_INIT_PNSSET5_VAL) && (SCU_INIT_PNSSET5_VAL & (1 << 25))
#error("We just support secure TRNG")
#endif
#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3L)
/* Module init definition: modname, clkidx, clksrc, clkdiv, rstidx, irqnum, misc */
static const struct nu_modinit_s trng_modinit = {TRNG_0, TRNG_MODULE, 0, 0, TRNG_RST, TRNG_IRQn, NULL};
/* TRNG init counter. TRNG is kept active as it is non-zero. */
static uint16_t trng_init_counter = 0U;
#endif
void trng_init(trng_t *obj)
{
trng_init_s(obj);
}
void trng_free(trng_t *obj)
{
trng_free_s(obj);
}
int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *output_length)
{
uint32_t output_length_;
int32_t rc = trng_get_bytes_s(obj, output, (uint32_t) length, &output_length_);
if (output_length) {
*output_length = output_length_;
}
return rc;
}
#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
extern "C"
__NONSECURE_ENTRY
void trng_init_s(MBED_UNUSED void *obj)
{
core_util_critical_section_enter();
if (trng_init_counter == USHRT_MAX) {
core_util_critical_section_exit();
MBED_ERROR(MBED_MAKE_ERROR(MBED_MODULE_HAL, MBED_ERROR_CODE_OVERFLOW), \
"TRNG initialization counter would overflow");
}
++ trng_init_counter;
if (trng_init_counter == 1) {
/* Enable IP clock (secure version) */
CLK_EnableModuleClock_S(trng_modinit.clkidx);
/* Reset IP (secure version) */
SYS_ResetModule_S(trng_modinit.rsetidx);
TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
trng_base->ACT |= TRNG_ACT_ACT_Msk;
while (!(trng_base->CTL & TRNG_CTL_READY_Msk));
}
core_util_critical_section_exit();
}
extern "C"
__NONSECURE_ENTRY
void trng_free_s(MBED_UNUSED void *obj)
{
core_util_critical_section_enter();
if (trng_init_counter == 0) {
core_util_critical_section_exit();
MBED_ERROR(MBED_MAKE_ERROR(MBED_MODULE_HAL, MBED_ERROR_CODE_UNDERFLOW), \
"TRNG initialization counter would underflow");
}
-- trng_init_counter;
if (trng_init_counter == 0) {
TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
trng_base->ACT &= ~TRNG_ACT_ACT_Msk;
/* Disable IP clock (secure version) */
CLK_DisableModuleClock_S(trng_modinit.clkidx);
}
core_util_critical_section_exit();
}
extern "C"
__NONSECURE_ENTRY
int32_t trng_get_bytes_s(MBED_UNUSED void *obj, uint8_t *output, uint32_t length, uint32_t *output_length)
{
/* Check augument validity */
if (!output && length) {
return -1;
}
uint8_t *output_ind = output;
uint8_t *output_end = output + length;
TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
for (; output_ind != output_end; output_ind ++) {
trng_base->CTL |= TRNG_CTL_TRNGEN_Msk;
while (!(trng_base->CTL & TRNG_CTL_DVIF_Msk));
*output_ind = trng_base->DATA & 0xff;
}
if (output_length) {
*output_length = length;
}
return 0;
}
#endif
#endif

5
targets/TARGET_NUVOTON/TARGET_M261/PeripheralNames.h
View File

@ -144,6 +144,11 @@ typedef enum {
} CANName;
typedef enum {
TRNG_0 = (int) NU_MODNAME(TRNG_BASE, 0, 0)
} TRNGName;
#ifdef __cplusplus
}
#endif

4
targets/TARGET_NUVOTON/TARGET_M261/crypto/crypto-misc.cpp
View File

@ -27,7 +27,7 @@
#include "platform/SingletonPtr.h"
#include "platform/PlatformMutex.h"
#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
/* Consideration for choosing proper synchronization mechanism
*
@ -342,4 +342,4 @@ extern "C" void CRPT_IRQHandler()
}
}
#endif /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
#endif /* #if defined(MBEDTLS_CONFIG_HW_SUPPORT) */

4
targets/TARGET_NUVOTON/TARGET_M261/crypto/crypto-misc.h
View File

@ -21,7 +21,7 @@
#include <stdbool.h>
#if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT)
#if defined(MBEDTLS_CONFIG_HW_SUPPORT)
#ifdef __cplusplus
extern "C" {
@ -108,6 +108,6 @@ bool crypto_dma_buffs_overlap(const void *in_buff, size_t in_buff_size, const vo
}
#endif
#endif /* #if DEVICE_TRNG || defined(MBEDTLS_CONFIG_HW_SUPPORT) */
#endif /* #if defined(MBEDTLS_CONFIG_HW_SUPPORT) */
#endif

90
targets/TARGET_NUVOTON/TARGET_M261/trng_api.c
View File

@ -1,90 +0,0 @@
/*
* Copyright (c) 2019-2020 Nuvoton Technology Corporation
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if DEVICE_TRNG
#include <stdlib.h>
#include <string.h>
#include "cmsis.h"
#include "us_ticker_api.h"
#include "trng_api.h"
#include "crypto-misc.h"
/*
* Get Random number generator.
*/
#define PRNG_KEY_SIZE (0x20UL)
static void trng_get(unsigned char *pConversionData)
{
uint32_t *p32ConversionData;
p32ConversionData = (uint32_t *)pConversionData;
PRNG_Open(CRYPTO_MODBASE(), PRNG_KEY_SIZE_256, 1, us_ticker_read());
crypto_prng_prestart();
PRNG_Start(CRYPTO_MODBASE());
crypto_prng_wait();
PRNG_Read(CRYPTO_MODBASE(), p32ConversionData);
}
void trng_init(trng_t *obj)
{
(void)obj;
/* Init crypto module */
crypto_init();
PRNG_ENABLE_INT(CRYPTO_MODBASE());
}
void trng_free(trng_t *obj)
{
(void)obj;
PRNG_DISABLE_INT(CRYPTO_MODBASE());
/* Uninit crypto module */
crypto_uninit();
}
int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *output_length)
{
(void)obj;
unsigned char tmpBuff[PRNG_KEY_SIZE];
size_t cur_length = 0;
while (length >= sizeof(tmpBuff)) {
trng_get(output);
output += sizeof(tmpBuff);
cur_length += sizeof(tmpBuff);
length -= sizeof(tmpBuff);
}
if (length > 0) {
trng_get(tmpBuff);
memcpy(output, tmpBuff, length);
cur_length += length;
crypto_zeroize(tmpBuff, sizeof(tmpBuff));
}
*output_length = cur_length;
return 0;
}
#endif

104
targets/TARGET_NUVOTON/TARGET_M261/trng_api.cpp Normal file
View File

@ -0,0 +1,104 @@
/*
* Copyright (c) 2019-2020 Nuvoton Technology Corporation
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if DEVICE_TRNG
#include "cmsis.h"
#include <limits.h>
#include "crypto-misc.h"
#include "hal/trng_api.h"
#include "platform/mbed_toolchain.h"
#include "platform/mbed_critical.h"
#include "platform/mbed_error.h"
#include "nu_modutil.h"
/* Module init definition: modname, clkidx, clksrc, clkdiv, rstidx, irqnum, misc */
static const struct nu_modinit_s trng_modinit = {TRNG_0, TRNG_MODULE, 0, 0, TRNG_RST, TRNG_IRQn, NULL};
/* TRNG init counter. TRNG is kept active as it is non-zero. */
static uint16_t trng_init_counter = 0U;
void trng_init(MBED_UNUSED trng_t *obj)
{
core_util_critical_section_enter();
if (trng_init_counter == USHRT_MAX) {
core_util_critical_section_exit();
MBED_ERROR(MBED_MAKE_ERROR(MBED_MODULE_HAL, MBED_ERROR_CODE_OVERFLOW), \
"TRNG initialization counter would overflow");
}
++ trng_init_counter;
if (trng_init_counter == 1) {
/* Enable IP clock */
CLK_EnableModuleClock(trng_modinit.clkidx);
/* Reset IP */
SYS_ResetModule(trng_modinit.rsetidx);
TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
trng_base->ACT |= TRNG_ACT_ACT_Msk;
while (!(trng_base->CTL & TRNG_CTL_READY_Msk));
}
core_util_critical_section_exit();
}
void trng_free(MBED_UNUSED trng_t *obj)
{
core_util_critical_section_enter();
if (trng_init_counter == 0) {
core_util_critical_section_exit();
MBED_ERROR(MBED_MAKE_ERROR(MBED_MODULE_HAL, MBED_ERROR_CODE_UNDERFLOW), \
"TRNG initialization counter would underflow");
}
-- trng_init_counter;
if (trng_init_counter == 0) {
TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
trng_base->ACT &= ~TRNG_ACT_ACT_Msk;
/* Disable IP clock */
CLK_DisableModuleClock(trng_modinit.clkidx);
}
core_util_critical_section_exit();
}
int trng_get_bytes(MBED_UNUSED trng_t *obj, uint8_t *output, size_t length, size_t *output_length)
{
/* Check augument validity */
if (!output && length) {
return -1;
}
uint8_t *output_ind = output;
uint8_t *output_end = output + length;
TRNG_T *trng_base = (TRNG_T *) NU_MODBASE(trng_modinit.modname);
for (; output_ind != output_end; output_ind ++) {
trng_base->CTL |= TRNG_CTL_TRNGEN_Msk;
while (!(trng_base->CTL & TRNG_CTL_DVIF_Msk));
*output_ind = trng_base->DATA & 0xff;
}
if (output_length) {
*output_length = length;
}
return 0;
}
#endif

1
targets/targets.json
View File

@ -8891,7 +8891,6 @@
"extra_labels_add": [
"M23_S"
],
"device_has_remove": ["TRNG"],
"components_add": ["FLASHIAP"],
"deliver_to_target": "NU_PFM_M2351_NPSA_NS",
"delivery_dir": "TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE",