/**
*
* \brief Generates a random bytes stream. The ATECCX08 TRNG is
* used to seed a standard OpenSSL PRNG (RAND_SSLeay()),
* which is used to produce the random stream then. The
* PRNG is reseeded after MAX_RAND_BYTES are generated
*
* \param[out] buf - a pointer to buffer for the random byte
* stream. The caller must allocate enough space in the
* buffer in order to fit all generated bytes.
* \param[in] num - number of bytes to generate
* \return 1 for success
*/
static int RAND_eccx08_rand_bytes(unsigned char *buf, int num)
{
int rc = 0;
uint32_t atcab_buf[TLS_RANDOM_SIZE / sizeof(uint32_t)];
double entropy;
RAND_METHOD *meth_rand = RAND_SSLeay();
ATCA_STATUS status = ATCA_GEN_FAIL;
#ifdef USE_ECCX08
if (total_num > MAX_RAND_BYTES) {
total_num = 0;
}
if (total_num == 0) {
eccx08_debug("RAND_eccx08_rand_bytes() - hw\n");
status = atcatls_init(pCfg);
if (status != ATCA_SUCCESS) goto done;
status = atcatls_random((uint8_t *)atcab_buf);
if (status != ATCA_SUCCESS) goto done;
status = atcatls_finish();
if (status != ATCA_SUCCESS) goto done;
entropy = (double)atcab_buf[0];
meth_rand->add(buf, num, entropy);
}
total_num += num;
#else // USE_ECCX08
eccx08_debug("RAND_eccx08_rand_bytes() - sw\n");
#endif // USE_ECCX08
rc = meth_rand->bytes(buf, num);
done:
return (rc);
}
/**
* \brief Generate random number to be used for hash.
*/
int atmel_get_random_number(uint32_t count, uint8_t* rand_out)
{
int ret = 0;
#ifdef WOLFSSL_ATECC508A
uint8_t i = 0;
uint32_t copy_count = 0;
uint8_t rng_buffer[RANDOM_NUM_SIZE];
if (rand_out == NULL) {
return -1;
}
while(i < count) {
ret = atcatls_random(rng_buffer);
if (ret != 0) {
WOLFSSL_MSG("Failed to create random number!");
return -1;
}
copy_count = (count - i > RANDOM_NUM_SIZE) ? RANDOM_NUM_SIZE : count - i;
XMEMCPY(&rand_out[i], rng_buffer, copy_count);
i += copy_count;
}
atcab_printbin_label((const uint8_t*)"\r\nRandom Number", rand_out, count);
#else
// TODO: Use on-board TRNG
#endif
return ret;
}
/** \brief Initialize the unique encryption key for this platform.
* Write a random number to the parent encryption key slot
* Return the random number for storage on platform
* \param[out] enckeyout Pointer to a random 32 byte encryption key that will be stored on the platform and in the device
* \param[in] enckeyId Slot id on the ECC508 to store the encryption key
* \param[in] lock If this is set to true, the slot that stores the encryption key will be locked
* \return ATCA_STATUS
*/
ATCA_STATUS atcatls_init_enckey(uint8_t* enckeyout, uint8_t enckeyId, bool lock)
{
ATCA_STATUS status = ATCA_SUCCESS;
do {
// Verify input parameters
if (enckeyout == NULL) {
status = ATCA_BAD_PARAM;
BREAK(status, "NULL inputs");
}
// Get a random number
if ((status = atcatls_random(enckeyout)) != ATCA_SUCCESS) BREAK(status, "Random command failed");
// Write the random number as the encryption key
atcatls_set_enckey(enckeyout, enckeyId, lock);
} while (0);
return status;
}