Add option to overwrite RNG implementation

Previously, the RNG implementation was provided by us, with no way to overwrite it. Similar to the cryptographic algorithms, users can now overwrite the RNG implementation by setting USE_SOFTWARE_RNG to false and setting the fido_get_random function in random.h accordingly. This is especially useful when using a board that provides a hardware RNG.
All-Your-Locks-Are-Belong-To-Us · Aug 31, 2022 · 603d6e7 · 603d6e7
1 parent 07247ff
commit 603d6e7
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 3 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -117,6 +117,11 @@ if(NOT USE_SOFTWARE_CRYPTO_SHA512)
     add_compile_definitions(NO_SOFTWARE_CRYPTO_SHA512)
 endif()
 
+option(USE_SOFTWARE_RNG "include software RNG" ON)
+if(NOT USE_SOFTWARE_RNG)
+    add_compile_definitions(NO_SOFTWARE_RNG)
+endif()
+
 #######################################
 # External libraries
 

diff --git a/include/fido.h b/include/fido.h
@@ -24,3 +24,4 @@
 #include "largeblob.h"
 #include "nfc.h"
 #include "param.h"
+#include "random.h"
diff --git a/include/internal.h b/include/internal.h
@@ -15,7 +15,6 @@
 
 int fido_rx(fido_dev_t *d, const uint8_t cmd, void *buf, const size_t len);
 int fido_tx(fido_dev_t *d, const uint8_t cmd, const void *buf, const size_t len);
-int fido_get_random(void *buf, size_t len);
 
 /**
  * @brief Read from a given buffer, copying the data and checking for overflow.

diff --git a/include/random.h b/include/random.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2022 Felix Gohla, Konrad Hanff, Tobias Kantusch,
+ *                    Quentin Kuth, Felix Roth. All rights reserved.
+ *
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+
+#pragma once
+
+#include <stdint.h>
+
+/**
+ * @brief Random number generation
+ *
+ * @param buf Pointer to the buffer to write the random bytes to.
+ * @param random_len Amount of random bytes to generate.
+ * @return int FIDO_OK when the random data was written successfully
+ */
+typedef int (*fido_get_random_t)(
+    const uint8_t *buf,
+    size_t random_len
+);
+
+/**
+ * This is a pointer to a function for random number generation.
+ * It can be set to other functions, for example when the platform provides
+ * hardware support for RNGs.
+ *
+ * fido_get_random = &my_hardware_rng;
+ *
+ * You can define the macro NO_SOFTWARE_RNG to prevent the software implementation
+ * of this algorithm to be included in the library.
+ */
+extern fido_get_random_t fido_get_random;
diff --git a/src/dev.c b/src/dev.c
@@ -104,7 +104,12 @@ static int fido_dev_open_tx(fido_dev_t *dev) {
         return (FIDO_ERR_INVALID_ARGUMENT);
     }
 
-    if (fido_get_random(&dev->nonce, sizeof(dev->nonce)) < 0) {
+    if(fido_get_random == NULL) {
+        fido_log_debug("%s: fido_get_random is NULL", __func__);
+        return (FIDO_ERR_INTERNAL);
+    }
+
+    if (fido_get_random((uint8_t*) &dev->nonce, sizeof(dev->nonce)) < 0) {
         fido_log_debug("%s: fido_get_random", __func__);
         return (FIDO_ERR_INTERNAL);
     }

diff --git a/src/random.c b/src/random.c
@@ -11,7 +11,12 @@
 
 #include <stdint.h>
 
-int fido_get_random(void *buf, size_t len) {
+#if defined(NO_SOFTWARE_RNG)
+fido_get_random_t fido_get_random = NULL;
+#else
+int get_random(const uint8_t *buf, size_t random_len) {
     // TODO: Implement randomness here according to the standard.
     return 0;
 }
+fido_get_random_t fido_get_random = get_random;
+#endif