aboutsummaryrefslogblamecommitdiff
path: root/src/cc20rng/main.c
blob: cc063f481842591f54d170c37f71162054705171 (plain) (tree)
1
2
3

                                              
                           






























                                                                        
                      
                     
 

                                                


                                  

                                       

              
                                                           


                     


                                                                        


                                                           

                                                                              

                                                                            

                                                                                






                                           
              

  
                                   
                                                                
                               


                                                                            

                                                                   
                                                    
                                                 
 
                         
 
            


                                         








                                          
                                                    
 

                                   








                                                                     


                                            

   



                                                                    
 
                 
             
                                
                                               


                                                                
                                                                    

                                                                   



                                              
 
                                        

                        
                                         
                  
     






                                                           



                                             





                                       


                                                                 
                                 
   
                                                  
                                                      
 
                                              
                
                                           
 
                                                        

                       







                                                    
                                                                        





                            
                                 














                                                                         
                                      
















































                                                                         
                                                         







                                                                     
                                                          







                                                                          
                                             


                                                                        


                                                                             


                                      
                                                          
















                                                                          

                                                                    









                                                                  
                                                      









                                                                            
                                                     














                                                                       
                          

                                                     

           
 
/*
 * Copyright (c) 2014, 2015, 2016 NORDUnet A/S
 * Copyright (c) 2019 Sunet
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or
 * without modification, are permitted provided that the following
 * conditions are met:
 *
 *    1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *    2. Redistributions in binary form must reproduce the above
 *       copyright notice, this list of conditions and the following
 *       disclaimer in the documentation and/or other materials provided
 *       with the distribution.
 *    3. Neither the name of the NORDUnet nor the names of its
 *       contributors may be used to endorse or promote products derived
 *       from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
#include <string.h>

#include "cc20_prng.h"
#include "stm_init.h"

#define UART_RANDOM_BYTES_PER_CHUNK 8
#define RESEED_BLOCKS CHACHA20_MAX_BLOCK_COUNTER

extern DMA_HandleTypeDef hdma_tim;

static UART_HandleTypeDef *huart;
static __IO ITStatus UartReady = RESET;

static union {
  uint8_t rnd[257]; /* 256 bytes + 1 for use in the POST */
  uint32_t rnd32[64];
} buf;

/* First DMA value (DMA_counters[0]) is unreliable, leftover in DMA FIFO
 * perhaps? */
#define FIRST_DMA_IDX_USED 3

/*
 * Number of counters used to produce 8 bits of entropy is:
 *   8 * 4 - four flanks are used to produce two (hopefully) uncorrelated bits
 * (a and b)
 *     * 2 - von Neumann will on average discard 1/2 of the bits 'a' and 'b'
 */
#define DMA_COUNTERS_NUM                                                       \
  ((UART_RANDOM_BYTES_PER_CHUNK * 8 * 4 * 2) + FIRST_DMA_IDX_USED + 1)
struct DMA_params {
  volatile uint32_t buf0[DMA_COUNTERS_NUM];
  volatile uint32_t buf1[DMA_COUNTERS_NUM];
  volatile uint32_t write_buf;
};

static struct DMA_params DMA = {
    {}, {}, 0,
};

/* The main work horse functions */
static void get_entropy32(uint32_t num_bytes, uint32_t buf_idx);
/* Various support functions */
static inline uint32_t get_one_bit(void) __attribute__((__always_inline__));
static volatile uint32_t *restart_DMA(void);
static inline volatile uint32_t *get_DMA_read_buf(void);
static inline uint32_t safe_get_counter(volatile uint32_t *dmabuf,
                                        const uint32_t dmabuf_idx);
static void check_uart_rx(UART_HandleTypeDef *this);
static uint32_t cc_reseed(struct cc20_state *cc);

void Error_Handler(void);

int main() {
  uint32_t i, timeout, block_counter;
  struct cc20_state cc_state = {0};
  uint8_t cc_result[CHACHA20_BLOCK_SIZE];
  HAL_StatusTypeDef res;

  /* Initialize buffers */
  memset(buf.rnd, 0, sizeof(buf.rnd));
  for (i = 0; i < DMA_COUNTERS_NUM; i++) {
    DMA.buf0[i] = 0xffff0000 + i;
    DMA.buf1[i] = 0xffff0100 + i;
  }

  stm_init((uint32_t *)&DMA.buf0, DMA_COUNTERS_NUM);

  if (!chacha20_prng_self_test()) {
    Error_Handler();
  }

  /* Ensure there is actual Timer IC counters in both DMA buffers. */
  restart_DMA();
  restart_DMA();

  huart = &huart1;

  /* Toggle GREEN LED to show we've initialized */
  for (i = 0; i < 10; i++) {
    HAL_GPIO_TogglePin(LED_PORT, LED_GREEN);
    HAL_Delay(125);
  }

  /* Generate initial block of ChaCha20 output directly into buf. */
  block_counter = cc_reseed(&cc_state);
  chacha20_prng_block(&cc_state, buf.rnd);
  block_counter--;

  /* Main loop */
  while (1) {
    if (!(block_counter % 1000))
      HAL_GPIO_TogglePin(LED_PORT, LED_YELLOW);

    /* Send buf on UART (non blocking interrupt driven send). */
    UartReady = RESET;
    res = HAL_UART_Transmit_IT(huart, buf.rnd, CHACHA20_BLOCK_SIZE);

    /* Generate next block while this block is being transmitted */
    if (!block_counter)
      block_counter = cc_reseed(&cc_state);
    chacha20_prng_block(&cc_state, cc_result);
    block_counter--;

    /* Wait for transfer to complete. */
    if (res == HAL_OK) {
      timeout = 0xffff;
      while (UartReady != SET && timeout)
        timeout--;
    }
    if (UartReady != SET) {
      /* Failed to send, turn on RED LED for one second */
      HAL_GPIO_WritePin(LED_PORT, LED_RED, GPIO_PIN_SET);
      HAL_Delay(1000);
      HAL_GPIO_WritePin(LED_PORT, LED_RED, GPIO_PIN_RESET);
    }

    /* Fill buffer with ChaCha20 output. */
    for (i = 0; i < CHACHA20_BLOCK_SIZE; i++)
      buf.rnd[i] = cc_result[i];

    /* Check for UART change request */
    check_uart_rx(&huart1);
    check_uart_rx(&huart2);
  }
}

/**
 * @brief  Reseed chacha20 state with hardware generated entropy.
 * @param  cc: ChaCha20 state
 * @retval ChaCha20 block counter
 */
static uint32_t cc_reseed(struct cc20_state *cc) {
  HAL_GPIO_WritePin(LED_PORT, LED_BLUE, GPIO_PIN_SET);

  get_entropy32(CHACHA20_BLOCK_SIZE_WORDS, 0);
  restart_DMA();
  memcpy(cc, buf.rnd, CHACHA20_BLOCK_SIZE);

  HAL_GPIO_WritePin(LED_PORT, LED_BLUE, GPIO_PIN_RESET);

  return cc->s.counter;
}

/**
 * @brief  Collect `count' times 32 bits of entropy.
 * @param  count: Number of 32 bit words to collect.
 * @param  start: Start index value into buf.rnd32.
 * @retval None
 */
static inline void get_entropy32(uint32_t count, const uint32_t start) {
  uint32_t i, bits, buf_idx;

  buf_idx = start;

  do {
    bits = 0;
    /* Get 32 bits of entropy. */
    for (i = 32; i; i--) {
      bits <<= 1;
      bits += get_one_bit();
    }

    /* Store the 32 bits in output buffer */
    buf.rnd32[buf_idx++] = bits;
  } while (--count);
}

/**
 * @brief  Return one bit of entropy.
 * @param  None
 * @retval One bit, in the LSB of an uint32_t since this is a 32 bit MCU.
 */
static inline uint32_t get_one_bit() {
  register uint32_t a, b, temp;
  /* Start at end of buffer so restart_DMA() is called. */
  static uint32_t dmabuf_idx = DMA_COUNTERS_NUM - 1;
  volatile uint32_t *dmabuf;

  dmabuf = get_DMA_read_buf();

  do {
    if (dmabuf_idx > DMA_COUNTERS_NUM - 1 - 4) {
      /* If there are less than four counters available in the dmabuf,
       * we need to get a fresh DMA buffer first.
       */
      dmabuf = restart_DMA();
      dmabuf_idx = FIRST_DMA_IDX_USED;
    }

    /* Get one bit from two subsequent counter values */
    a = safe_get_counter(dmabuf, dmabuf_idx++) & 1;
    temp = safe_get_counter(dmabuf, dmabuf_idx++) & 1;
    a ^= temp;

    /* Get another bit from two other counter values. Getting
     * two bits from two unrelated [1] pairs of counters is
     * supposed to help against phase correlations between the
     * frequency of the noise and the MCU sampling rate.
     *
     * [1] This is how it is done in the ARRGH board, although
     *     since this is a faster MCU and DMA is used the two
     *     pairs are more likely to still be related since they
     *     are more likely to be directly subsequent diode
     *     breakdowns. Have to evaluate if this is enough.
     */
    b = safe_get_counter(dmabuf, dmabuf_idx++) & 1;
    temp = safe_get_counter(dmabuf, dmabuf_idx++) & 1;
    b ^= temp;

    /* Do von Neumann extraction of a and b to eliminate bias
     * (only eliminates bias if a and b are uncorrelated)
     */
  } while (a == b);

  return a;
}

/**
 * @brief  Return a pointer to the DMA.buf NOT currently being written to
 * @param  None
 * @retval Pointer to buffer currently being read from.
 */
static inline volatile uint32_t *get_DMA_read_buf(void) {
  return DMA.write_buf ? DMA.buf0 : DMA.buf1;
}

/**
 * @brief  Return a pointer to the DMA.buf currently being written to
 * @param  None
 * @retval Pointer to buffer currently being written to.
 */
static inline volatile uint32_t *get_DMA_write_buf(void) {
  return DMA.write_buf ? DMA.buf1 : DMA.buf0;
}

/**
 * @brief  Initiate DMA collection of another buffer of Timer IC values.
 * @param  None
 * @retval Pointer to buffer full of Timer IC values ready to be consumed.
 */
static volatile uint32_t *restart_DMA(void) {
  /* Wait for transfer complete flag to become SET. Trying to change the
   * M0AR register while the DMA is running is a no-no.
   */
  while (__HAL_DMA_GET_FLAG(&hdma_tim,
                            __HAL_DMA_GET_TC_FLAG_INDEX(&hdma_tim)) == RESET)
    ;

  /* Switch buffer being written to */
  DMA.write_buf ^= 1;
  hdma_tim.Instance->M0AR = (uint32_t)get_DMA_write_buf();

  /* Start at 0 to help manual inspection */
  TIM2->CNT = 0;

  /* Clear the transfer complete flag before re-enabling DMA */
  __HAL_DMA_CLEAR_FLAG(&hdma_tim, __HAL_DMA_GET_TC_FLAG_INDEX(&hdma_tim));
  __HAL_DMA_ENABLE(&hdma_tim);

  return get_DMA_read_buf();
}

/**
 * @brief  Get one counter value, guaranteed to not have been used before.
 * @param  dmabuf:     Pointer to the current DMA read buffer.
 * @param  dmabuf_idx: Word index into `dmabuf'.
 * @retval One Timer IC counter value.
 */
static inline uint32_t safe_get_counter(volatile uint32_t *dmabuf,
                                        const uint32_t dmabuf_idx) {
  register uint32_t a;
  /* Prevent re-use of values. DMA stored values are <= 0xffff. */
  do {
    a = dmabuf[dmabuf_idx];
  } while (a > 0xffff);
  dmabuf[dmabuf_idx] = 0xffff0000;
  return a;
}

/* UART transmit complete callback */
void HAL_UART_TxCpltCallback(UART_HandleTypeDef *UH) {
  if ((UH->Instance == USART1 && huart->Instance == USART1) ||
      (UH->Instance == USART2 && huart->Instance == USART2)) {
    /* Signal UART transmit complete to the code in the main loop. */
    UartReady = SET;
  }
}

/*
 * If a newline is received on UART1 or UART2, redirect output to that UART.
 */
static void check_uart_rx(UART_HandleTypeDef *this) {
  uint8_t rx = 0;
  if (HAL_UART_Receive(this, &rx, 1, 0) == HAL_OK) {
    if (rx == '\n') {
      huart = this;
      /* Signal UART transmit complete to the code in the main loop. */
      UartReady = SET;
    }
  }
}

/**
 * @brief  This function is executed in case of error occurrence.
 * @param  None
 * @retval None
 */
void Error_Handler(void) {
  /* Turn on RED LED and then loop indefinitely */
  HAL_GPIO_WritePin(LED_PORT, LED_RED, GPIO_PIN_SET);
  while (1)
    ;
}