webadmin/pico-keys-sdk
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-keys-sdk synced 2026-05-26 08:05:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rename random functions.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2026-04-20 13:01:14 +02:00
parent 2b28e19e61
commit 7db11c21f6
7 changed files with 20 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/crypto_utils.c
View File

@@ -97,7 +97,7 @@ int encrypt_with_aad(const uint8_t key[32], const uint8_t *in_buf, size_t in_len
uint8_t *ct = out_buf + 12;
uint8_t *tag = out_buf + 12 + in_len;
random_gen(NULL, nonce, 12);
random_fill_buffer(nonce, 12);
mbedtls_gcm_context gcm;
mbedtls_gcm_init(&gcm);

4
src/fs/otp.c
View File

@@ -530,7 +530,7 @@ void init_otp_files(void) {
uint16_t write_otp[2] = {0xFFFF, 0xFFFF};
if (OTP_EMTPY(OTP_KEY_1, 32)) {
uint8_t mkek[32] = {0};
random_gen(NULL, mkek, sizeof(mkek));
random_fill_buffer(mkek, sizeof(mkek));
ret = OTP_WRITE(OTP_KEY_1, mkek, sizeof(mkek));
if (ret != 0) {
printf("Error writing OTP key 1 [%d]\n", ret);
@@ -549,7 +549,7 @@ void init_otp_files(void) {
while (olen != 32) {
mbedtls_ecdsa_init(&ecdsa);
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256K1;
mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, NULL);
mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_fill_iterator, NULL);
mbedtls_ecp_write_key_ext(&ecdsa, &olen, pkey, sizeof(pkey));
mbedtls_ecdsa_free(&ecdsa);
}

6
src/rescue.c
View File

@@ -114,7 +114,7 @@ static int load_internal_keydev(mbedtls_ecp_keypair *ecp, mbedtls_ecp_group_id e
// Generate new key
uint8_t pkey[MBEDTLS_ECP_MAX_BYTES] = {0};
size_t olen = 0;
mbedtls_ecp_gen_key(ec_id, ecp, random_gen, NULL);
mbedtls_ecp_gen_key(ec_id, ecp, random_fill_iterator, NULL);
mbedtls_ecp_write_key_ext(ecp, &olen, pkey, sizeof(pkey));
aes_encrypt(kbase, pico_serial_hash, 32 * 8, PICO_KEYS_AES_MODE_CBC, pkey, 32);
@@ -153,7 +153,7 @@ static int cmd_keydev_sign(void) {
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
int ret = mbedtls_ecdsa_sign(&ecp.MBEDTLS_PRIVATE(grp), &r, &s, &ecp.MBEDTLS_PRIVATE(d), apdu.data, apdu.nc, random_gen, NULL);
int ret = mbedtls_ecdsa_sign(&ecp.MBEDTLS_PRIVATE(grp), &r, &s, &ecp.MBEDTLS_PRIVATE(d), apdu.data, apdu.nc, random_fill_iterator, NULL);
if (ret != 0) {
mbedtls_ecp_keypair_free(&ecp);
mbedtls_mpi_free(&r);
@@ -189,7 +189,7 @@ static int cmd_keydev_sign(void) {
return SW_EXEC_ERROR();
}
}
int ret = mbedtls_ecp_mul(&ecp.MBEDTLS_PRIVATE(grp), &ecp.MBEDTLS_PRIVATE(Q), &ecp.MBEDTLS_PRIVATE(d), &ecp.MBEDTLS_PRIVATE(grp).G, random_gen, NULL);
int ret = mbedtls_ecp_mul(&ecp.MBEDTLS_PRIVATE(grp), &ecp.MBEDTLS_PRIVATE(Q), &ecp.MBEDTLS_PRIVATE(d), &ecp.MBEDTLS_PRIVATE(grp).G, random_fill_iterator, NULL);
if (ret != 0) {
mbedtls_ecp_keypair_free(&ecp);
return SW_EXEC_ERROR();

10
src/rng/random.c
View File

@@ -40,7 +40,7 @@ void random_init(void) {
/*
* Free pointer to random 32-byte
*/
void random_bytes_free(const uint8_t *p) {
static void random_bytes_free(const uint8_t *p) {
(void) p;
memset(random_word, 0, RANDOM_BYTES_LENGTH);
hwrng_flush();
@@ -66,7 +66,7 @@ const uint8_t *random_bytes_get(size_t len) {
/*
* Random byte iterator
*/
int random_gen(void *arg, unsigned char *out, size_t out_len) {
int random_fill_iterator(void *arg, unsigned char *out, size_t out_len) {
uint8_t *index_p = (uint8_t *) arg;
uint8_t index = index_p ? *index_p : 0;
uint8_t n;
@@ -97,8 +97,6 @@ int random_gen(void *arg, unsigned char *out, size_t out_len) {
return 0;
}
#ifdef ENABLE_PQC
void randombytes(uint8_t *buf, size_t n) {
random_gen(NULL, buf, n);
int random_fill_buffer(uint8_t *buf, size_t n) {
return random_fill_iterator(NULL, buf, n);
}
#endif

14
src/rng/random.h
View File

@@ -22,16 +22,10 @@
#include <stdlib.h>
#include <stdint.h>
void random_init(void);
extern void random_init(void);
/* 32-byte random bytes */
const uint8_t *random_bytes_get(size_t);
void random_bytes_free(const uint8_t *p);
/* iterator returning a byta at a time */
extern int random_gen(void *arg, unsigned char *output, size_t output_len);
#ifdef ENABLE_PQC
extern void randombytes(uint8_t *buf, size_t n);
#endif
extern const uint8_t *random_bytes_get(size_t);
extern int random_fill_iterator(void *arg, unsigned char *output, size_t output_len);
extern int random_fill_buffer(uint8_t *buf, size_t n);
#endif

10
src/usb/lwip/rest_server.c
View File

@@ -527,7 +527,7 @@ void rest_check_and_load_credentials(void) {
while (olen != 32) {
mbedtls_ecdsa_init(&ecdsa);
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, NULL);
mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_fill_iterator, NULL);
mbedtls_ecp_write_key_ext(&ecdsa, &olen, pkey, sizeof(pkey));
mbedtls_ecdsa_free(&ecdsa);
}
@@ -555,9 +555,7 @@ void rest_check_and_load_credentials(void) {
if (ret != 0) goto out;
mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(key), file, file_len);
mbedtls_ecp_check_privkey(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->d);
mbedtls_ecp_mul(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q,
&mbedtls_pk_ec(key)->d, &mbedtls_pk_ec(key)->grp.G,
random_gen, NULL);
mbedtls_ecp_mul(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q, &mbedtls_pk_ec(key)->d, &mbedtls_pk_ec(key)->grp.G, random_fill_iterator, NULL);
mbedtls_ecp_check_pubkey(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q);
mbedtls_x509write_crt_set_md_alg(&crt, MBEDTLS_MD_SHA256);
@@ -571,7 +569,7 @@ void rest_check_and_load_credentials(void) {
ret = mbedtls_x509write_crt_set_issuer_name(&crt, "CN=pico-novus");
if (ret != 0) goto out;
uint8_t serial[16];
random_gen(NULL, serial, sizeof(serial));
random_fill_buffer(serial, sizeof(serial));
mbedtls_x509write_crt_set_serial_raw(&crt, serial, sizeof(serial));
if (ret != 0) goto out;
ret = mbedtls_x509write_crt_set_validity(&crt, "20260101000000", "20360101000000");
@@ -581,7 +579,7 @@ void rest_check_and_load_credentials(void) {
ret = mbedtls_x509write_crt_set_key_usage(&crt, MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN | MBEDTLS_X509_KU_KEY_ENCIPHERMENT);
if (ret != 0) goto out;
ret = mbedtls_x509write_crt_pem(&crt, cert_pem, sizeof(cert_pem), random_gen, NULL);
ret = mbedtls_x509write_crt_pem(&crt, cert_pem, sizeof(cert_pem), random_fill_iterator, NULL);
if (ret == 0) {
file_put_data(ef, cert_pem, strlen((char *)cert_pem) + 1);
printf("TLS certificate generated and stored, length: %u bytes\n", (unsigned)strlen((char *)cert_pem));

6
src/usb/lwip/rest_server_tls.c
View File

@@ -64,16 +64,14 @@ int tls_init_tls_context(const tls_credentials_t *tls_credentials) {
return ret;
}
mbedtls_ecp_check_privkey(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->d);
mbedtls_ecp_mul(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q,
&mbedtls_pk_ec(tls_key)->d, &mbedtls_pk_ec(tls_key)->grp.G,
random_gen, NULL);
mbedtls_ecp_mul(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q, &mbedtls_pk_ec(tls_key)->d, &mbedtls_pk_ec(tls_key)->grp.G, random_fill_iterator, NULL);
mbedtls_ecp_check_pubkey(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q);
ret = mbedtls_ssl_config_defaults(&tls_conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret != 0) {
return ret;
}
mbedtls_ssl_conf_rng(&tls_conf, random_gen, NULL);
mbedtls_ssl_conf_rng(&tls_conf, random_fill_iterator, NULL);
mbedtls_ssl_conf_min_tls_version(&tls_conf, MBEDTLS_SSL_VERSION_TLS1_2);
mbedtls_ssl_conf_max_tls_version(&tls_conf, MBEDTLS_SSL_VERSION_TLS1_2);
mbedtls_ssl_conf_ciphersuites(&tls_conf, tls_ciphersuites);