forked from wolfSSL/wolfssl
add dynamic setup of entropy delay on init
This commit is contained in:
Jacob Barthelmeh
@ -438,7 +438,8 @@ static void print_jdkek()
|
||||
/* instantiate RNG and create JDKEK, TDKEK, and TDSK key */
|
||||
static unsigned int wc_rng_start[] = {
|
||||
CAAM_HEAD | 0x00000006,
|
||||
CAAM_OP | CAAM_CLASS1 | CAAM_RNG | 0x00000004, /* Instantiate RNG handle 0 with TRNG */
|
||||
CAAM_OP | CAAM_CLASS1 | CAAM_RNG | 0x00000004, /* Instantiate RNG handle 0
|
||||
with TRNG */
|
||||
CAAM_JUMP | 0x02000001, /* wait for Class1 RNG and jump to next cmd */
|
||||
CAAM_LOAD | 0x00880004, /* Load to clear written register */
|
||||
0x00000001, /* reset done interrupt */
|
||||
@ -446,86 +447,83 @@ static unsigned int wc_rng_start[] = {
|
||||
};
|
||||
|
||||
|
||||
|
||||
/* Initialize CAAM RNG
|
||||
* returns 0 on success */
|
||||
int caamInitRng(struct CAAM_DEVICE* dev);
|
||||
int caamInitRng(struct CAAM_DEVICE* dev)
|
||||
{
|
||||
DESCSTRUCT desc;
|
||||
unsigned int reg, status;
|
||||
int ret = 0;
|
||||
unsigned int reg, entropy_delay;
|
||||
int ret = 0, i;
|
||||
|
||||
/* set up the job description for RNG initialization */
|
||||
memset(&desc, 0, sizeof(DESCSTRUCT));
|
||||
|
||||
/* Set up use of the TRNG for seeding wolfSSL HASH-DRBG */
|
||||
/* check out the status and see if already setup */
|
||||
CAAM_WRITE(CAAM_RTMCTL, CAAM_PRGM);
|
||||
CAAM_WRITE(CAAM_RTMCTL, CAAM_READ(CAAM_RTMCTL) | 0x40); /* reset */
|
||||
|
||||
/* Set up reading from TRNG */
|
||||
CAAM_WRITE(CAAM_RTMCTL, CAAM_READ(CAAM_RTMCTL) | CAAM_TRNG);
|
||||
|
||||
/* Set up delay for TRNG @TODO Optimizations?
|
||||
* Shift left with RTSDCTL because 0-15 is for sample number
|
||||
* Also setting the max and min frequencies */
|
||||
CAAM_WRITE(CAAM_RTSDCTL, (CAAM_ENT_DLY << 16) | 0x09C4);
|
||||
CAAM_WRITE(CAAM_RTFRQMIN, CAAM_ENT_DLY >> 1); /* 1/2 */
|
||||
CAAM_WRITE(CAAM_RTFRQMAX, CAAM_ENT_DLY << 3); /* up to 8x */
|
||||
|
||||
/* Set back to run mode and clear RTMCL error bit */
|
||||
reg = CAAM_READ(CAAM_RTMCTL) ^ CAAM_PRGM;
|
||||
|
||||
CAAM_WRITE(CAAM_RTMCTL, reg);
|
||||
reg = CAAM_READ(CAAM_RTMCTL);
|
||||
reg |= CAAM_CTLERR;
|
||||
CAAM_WRITE(CAAM_RTMCTL, reg);
|
||||
|
||||
/* check out the status and see if already setup */
|
||||
reg = CAAM_READ(CAAM_RDSTA);
|
||||
if (((reg >> 16) & 0xF) > 0) {
|
||||
WOLFSSL_MSG("RNG is in error state");
|
||||
caamReset();
|
||||
desc.desc[desc.idx++] = CAAM_HEAD; /* later will put size to header*/
|
||||
for (i = 1; i < 6; i = i + 1) {
|
||||
desc.desc[desc.idx++] = wc_rng_start[i];
|
||||
}
|
||||
desc.caam = dev;
|
||||
|
||||
if (reg & (1U << 30)) {
|
||||
WOLFSSL_MSG("JKDKEK rng was setup using a non determinstic key");
|
||||
return 0;
|
||||
}
|
||||
/* Attempt to start the RNG, first trying the fastest entropy delay value
|
||||
* and increasing it after each failed attempt until either a success is hit
|
||||
* or the max delay value is.
|
||||
*/
|
||||
for (entropy_delay = CAAM_ENT_DLY; entropy_delay <= CAAM_ENT_DLY_MAX;
|
||||
entropy_delay = entropy_delay + CAAM_ENT_DLY_INCREMENT) {
|
||||
|
||||
if (CAAM_READ(0x1014) > 0) {
|
||||
int i;
|
||||
#ifdef CAAM_DEBUG_MODE
|
||||
for (i = 0; i < 6; i = i + 1) {
|
||||
desc.desc[desc.idx++] = wc_rng_start[i];
|
||||
/* Set up use of the TRNG for seeding wolfSSL HASH-DRBG */
|
||||
/* check out the status and see if already setup */
|
||||
CAAM_WRITE(CAAM_RTMCTL, CAAM_PRGM);
|
||||
CAAM_WRITE(CAAM_RTMCTL, CAAM_READ(CAAM_RTMCTL) | 0x40); /* reset */
|
||||
|
||||
/* Set up reading from TRNG */
|
||||
CAAM_WRITE(CAAM_RTMCTL, CAAM_READ(CAAM_RTMCTL) | CAAM_TRNG);
|
||||
|
||||
/* Set up delay for TRNG
|
||||
* Shift left with RTSDCTL because 0-15 is for sample number
|
||||
* Also setting the max and min frequencies */
|
||||
CAAM_WRITE(CAAM_RTSDCTL, (entropy_delay << 16) | CAAM_ENT_SAMPLE);
|
||||
CAAM_WRITE(CAAM_RTFRQMIN, entropy_delay >> CAAM_ENT_MINSHIFT);
|
||||
CAAM_WRITE(CAAM_RTFRQMAX, entropy_delay << CAAM_ENT_MAXSHIFT);
|
||||
|
||||
#ifdef WOLFSSL_CAAM_PRINT
|
||||
printf("Attempt with entropy delay set to %d\n", entropy_delay);
|
||||
printf("Min delay of %d and max of %d\n",
|
||||
entropy_delay >> CAAM_ENT_MINSHIFT,
|
||||
entropy_delay << CAAM_ENT_MAXSHIFT);
|
||||
#endif
|
||||
|
||||
/* Set back to run mode and clear RTMCL error bit */
|
||||
reg = CAAM_READ(CAAM_RTMCTL) ^ CAAM_PRGM;
|
||||
CAAM_WRITE(CAAM_RTMCTL, reg);
|
||||
reg = CAAM_READ(CAAM_RTMCTL);
|
||||
reg |= CAAM_CTLERR;
|
||||
CAAM_WRITE(CAAM_RTMCTL, reg);
|
||||
|
||||
/* check out the status and see if already setup */
|
||||
reg = CAAM_READ(CAAM_RDSTA);
|
||||
if (((reg >> 16) & 0xF) > 0) {
|
||||
WOLFSSL_MSG("RNG is in error state, resetting");
|
||||
caamReset();
|
||||
}
|
||||
|
||||
desc.caam = dev;
|
||||
ret = caamDoJob(&desc);
|
||||
#else
|
||||
unsigned int *pt = (unsigned int*)caam.ring.VirtualDesc;
|
||||
for (i = 0; i < 6; i = i + 1) {
|
||||
pt[i] = wc_rng_start[i];
|
||||
}
|
||||
pt = (unsigned int*)caam.ring.VirtualIn;
|
||||
pt[0] = (unsigned int)caam.ring.Desc;
|
||||
if (reg & (1U << 30)) {
|
||||
WOLFSSL_MSG("JKDKEK rng was setup using a non determinstic key");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* start process */
|
||||
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
|
||||
printf("incrementing job count\n");
|
||||
fflush(stdout);
|
||||
#endif
|
||||
CAAM_WRITE(CAAM_IRJAR0, 0x00000001);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
return CAAM_WAITING;
|
||||
}
|
||||
do {
|
||||
ret = caamDoJob(&desc);
|
||||
} while (ret == CAAM_WAITING);
|
||||
|
||||
do {
|
||||
ret = caamGetJob(dev, &status);
|
||||
CAAM_CPU_CHILL();
|
||||
} while (ret == CAAM_WAITING);
|
||||
/* if this entropy delay frequency succeeded then break out, otherwise
|
||||
* try again with increasing the delay value */
|
||||
if (ret == Success) {
|
||||
WOLFSSL_MSG("Init RNG success");
|
||||
break;
|
||||
}
|
||||
WOLFSSL_MSG("Increasing entropy delay");
|
||||
}
|
||||
|
||||
if (ret == Success)
|
||||
return 0;
|
||||
@ -1457,16 +1455,31 @@ int InitCAAM(void)
|
||||
CAAM_JOBRING_SIZE * sizeof(unsigned int),
|
||||
PROT_READ | PROT_WRITE | PROT_NOCACHE,
|
||||
MAP_SHARED | MAP_PHYS, caam.ring.JobIn);
|
||||
if (caam.ring.VirtualIn == MAP_FAILED) {
|
||||
WOLFSSL_MSG("Error mapping virtual in");
|
||||
INTERRUPT_Panic();
|
||||
return -1;
|
||||
}
|
||||
memset(caam.ring.VirtualIn, 0, CAAM_JOBRING_SIZE * sizeof(unsigned int));
|
||||
caam.ring.VirtualOut = mmap_device_memory(NULL,
|
||||
2 * CAAM_JOBRING_SIZE * sizeof(unsigned int),
|
||||
PROT_READ | PROT_WRITE | PROT_NOCACHE,
|
||||
MAP_SHARED | MAP_PHYS, caam.ring.JobOut);
|
||||
if (caam.ring.VirtualOut == MAP_FAILED) {
|
||||
WOLFSSL_MSG("Error mapping virtual out");
|
||||
INTERRUPT_Panic();
|
||||
return -1;
|
||||
}
|
||||
memset(caam.ring.VirtualOut, 0, 2 * CAAM_JOBRING_SIZE * sizeof(unsigned int));
|
||||
caam.ring.VirtualDesc = mmap_device_memory(NULL,
|
||||
CAAM_DESC_MAX * CAAM_JOBRING_SIZE,
|
||||
PROT_READ | PROT_WRITE | PROT_NOCACHE,
|
||||
MAP_SHARED | MAP_PHYS, caam.ring.Desc);
|
||||
if (caam.ring.VirtualDesc == MAP_FAILED) {
|
||||
WOLFSSL_MSG("Error mapping virtual desc");
|
||||
INTERRUPT_Panic();
|
||||
return -1;
|
||||
}
|
||||
memset(caam.ring.VirtualDesc, 0, CAAM_DESC_MAX * CAAM_JOBRING_SIZE);
|
||||
|
||||
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
|
||||
@ -1497,6 +1510,9 @@ int InitCAAM(void)
|
||||
printf("RTMCTL = 0x%08X\n", CAAM_READ(0x0600));
|
||||
#endif
|
||||
WOLFSSL_MSG("Successfully initilazed CAAM driver");
|
||||
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
|
||||
fflush(stdout);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -1255,8 +1255,8 @@ int main(int argc, char *argv[])
|
||||
if (dpp == NULL) {
|
||||
exit (1);
|
||||
}
|
||||
memset (&rattr, 0, sizeof (rattr));
|
||||
iofunc_func_init (_RESMGR_CONNECT_NFUNCS, &connect_funcs,
|
||||
memset(&rattr, 0, sizeof(rattr));
|
||||
iofunc_func_init(_RESMGR_CONNECT_NFUNCS, &connect_funcs,
|
||||
_RESMGR_IO_NFUNCS, &io_funcs);
|
||||
|
||||
connect_funcs.open = io_open;
|
||||
@ -1266,7 +1266,7 @@ int main(int argc, char *argv[])
|
||||
io_funcs.devctl = io_devctl;
|
||||
|
||||
iofunc_attr_init (&ioattr, S_IFCHR | 0666, NULL, NULL);
|
||||
name = resmgr_attach (dpp, &rattr, "/dev/wolfCrypt",
|
||||
name = resmgr_attach(dpp, &rattr, "/dev/wolfCrypt",
|
||||
_FTYPE_ANY, 0, &connect_funcs, &io_funcs, &ioattr);
|
||||
if (name == -1) {
|
||||
exit (1);
|
||||
@ -1279,7 +1279,7 @@ int main(int argc, char *argv[])
|
||||
CleanupCAAM();
|
||||
exit (1);
|
||||
}
|
||||
dispatch_handler (ctp);
|
||||
dispatch_handler(ctp);
|
||||
}
|
||||
|
||||
pthread_mutex_destroy(&sm_mutex);
|
||||
|
||||
@ -182,8 +182,28 @@
|
||||
|
||||
/* RNG Masks/Values */
|
||||
#ifndef CAAM_ENT_DLY
|
||||
#define CAAM_ENT_DLY 1200 /* @TODO lower value may gain performance */
|
||||
/*less than half the default value to try and increase entropy collection */
|
||||
#define CAAM_ENT_DLY 1200
|
||||
#endif
|
||||
#ifndef CAAM_ENT_DLY_INCREMENT
|
||||
#define CAAM_ENT_DLY_INCREMENT 500
|
||||
#endif
|
||||
#ifndef CAAM_ENT_SAMPLE
|
||||
/* default sample value from reference manual */
|
||||
#define CAAM_ENT_SAMPLE 0x09C4
|
||||
#endif
|
||||
#ifndef CAAM_ENT_DLY_MAX
|
||||
#define CAAM_ENT_DLY_MAX 12000
|
||||
#endif
|
||||
#ifndef CAAM_ENT_MINSHIFT
|
||||
/* default to the minimum entropy delay of 1/4 */
|
||||
#define CAAM_ENT_MINSHIFT 2
|
||||
#endif
|
||||
#ifndef CAAM_ENT_MAXSHIFT
|
||||
/* default to the maximum entropy delay of 16 times */
|
||||
#define CAAM_ENT_MAXSHIFT 4
|
||||
#endif
|
||||
|
||||
#define CAAM_PRGM 0x00010000 /* Set RTMCTL to program state */
|
||||
#define CAAM_TRNG 0x00000020 /* Set TRNG access */
|
||||
#define CAAM_CTLERR 0x00001000
|
||||
|
||||
@ -25,7 +25,12 @@
|
||||
#ifndef CAAM_QNX_H
|
||||
#define CAAM_QNX_H
|
||||
|
||||
#ifdef WOLFSSL_CAAM_PRINT
|
||||
#include <stdio.h>
|
||||
#define WOLFSSL_MSG(in) printf("%s\n", (in))
|
||||
#else
|
||||
#define WOLFSSL_MSG(in)
|
||||
#endif
|
||||
|
||||
#include <sys/mman.h>
|
||||
#include <hw/inout.h>
|
||||
|
||||
Reference in New Issue
Block a user