pkg/mbedtls: add contrib RNG module

pkg/mbedtls/Makefile.include

@@ -26,6 +26,11 @@ ifneq (,$(filter entropy_source_adc_noise,$(USEMODULE)))
   endif
 endif
 
+NO_PSEUDOMODULES += mbedtls_random
+ifneq (,$(filter mbedtls_random,$(USEMODULE)))
+  DIRS += $(RIOTPKG)/mbedtls/contrib/random
+endif
+
 ifneq (,$(filter mbedtls_self_test,$(USEMODULE)))
   CFLAGS += -DCONFIG_MBEDTLS_SELF_TEST=1
 endif

pkg/mbedtls/contrib/random/Makefile

@@ -0,0 +1,3 @@
+MODULE := mbedtls_random
+
+include $(RIOTBASE)/Makefile.base

pkg/mbedtls/contrib/random/Makefile.dep

@@ -1,6 +1,8 @@
 # Resolve RNG requirements according to the documentation in mbedtls_config.h.
 # Please keep the order.
 
+USEMODULE += mbedtls_entropy
+
 ifneq (,$(filter mbedtls_ctr_drbg,$(USEMODULE)))
   USEMODULE += mbedtls_aes
 endif

pkg/mbedtls/contrib/random/random_mbedtls_riot.c

@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2022 Otto-von-Guericke-Universität Magdeburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     pkg_mbedtls_random
+ *
+ * @{
+ * @file
+ *
+ * @author      Fabian Hüßler <fabian.huessler@ovgu.de>
+ *
+ * @}
+ */
+
+#include <stddef.h>
+
+#include "modules.h"
+#include "entropy_mbedtls_riot.h"
+#include "random_mbedtls_riot.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/hmac_drbg.h"
+
+static mbedtls_entropy_context _entropy;
+
+#if IS_USED(MODULE_MBEDTLS_CTR_DRBG)
+static mbedtls_ctr_drbg_context _ctr_drbg;
+#endif
+
+#if IS_USED(MODULE_MBEDTLS_HMAC_DRBG)
+static mbedtls_hmac_drbg_context _hmac_drbg;
+#endif
+
+void random_mbedtls_riot_init(void)
+{
+    mbedtls_entropy_init(&_entropy);
+
+#if IS_USED(MODULE_MBEDTLS_CTR_DRBG)
+    mbedtls_ctr_drbg_init(&_ctr_drbg);
+    /* entropy sources are added by module mbedtls_entropy */
+    mbedtls_ctr_drbg_seed(&_ctr_drbg,
+                          mbedtls_entropy_func,
+                          &_entropy,
+                          (const unsigned char *)"r10T-0$",
+                          7);
+#endif
+
+#if IS_USED(MODULE_MBEDTLS_HMAC_DRBG)
+    mbedtls_hmac_drbg_init(&_hmac_drbg);
+    const mbedtls_md_info_t *md_info = NULL;
+#if IS_USED(MODULE_MBEDTLS_SHA256)
+    md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+#elif IS_USED(MODULE_MBEDTLS_SHA1)
+    md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
+#endif
+    /* entropy sources are added by module mbedtls_entropy */
+    mbedtls_hmac_drbg_seed(&_hmac_drbg,
+                           md_info,
+                           mbedtls_entropy_func,
+                           &_entropy,
+                           (const unsigned char *)"r10T-0$",
+                           7);
+#endif
+}
+
+void random_ctr_drbg_mbedtls_get(void *out, size_t size)
+{
+    (void)out; (void)size;
+#if IS_USED(MODULE_MBEDTLS_CTR_DRBG)
+    mbedtls_ctr_drbg_random(&_ctr_drbg, out, size);
+#endif
+}
+
+void random_hmac_drbg_mbedtls_get(void *out, size_t size)
+{
+    (void)out; (void)size;
+#if IS_USED(MODULE_MBEDTLS_HMAC_DRBG)
+    mbedtls_hmac_drbg_random(&_hmac_drbg, out, size);
+#endif
+}

pkg/mbedtls/include/random_mbedtls_riot.h

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2023 ML!PA Consulting Gmbh
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @defgroup    pkg_mbedtls_random Access API to Mbed TLS random module
+ * @ingroup     pkg_mbedtls
+ *
+ * @{
+ * @file
+ * @brief       Internal wrapper around Mbed TLS API with internally allocated
+ *              context to generate random data
+ *
+ * @author      Fabian Hüßler <fabian.huessler@ml-pa.com>
+ *
+ */
+
+#ifndef RANDOM_MBEDTLS_RIOT_H
+#define RANDOM_MBEDTLS_RIOT_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief   Initialize and seed the internal RNGs
+ */
+void random_mbedtls_riot_init(void);
+
+/**
+ * @brief   Read random data based on CTR-DRBG Pseudorandom Number Generator
+ *
+ * @param[out]  out     Output buffer containing random data
+ * @param[in]   size    Number of random bytes to write to @p buf
+ */
+void random_ctr_drbg_mbedtls_get(void *out, size_t size);
+
+/**
+ * @brief   Read random data based on HMAC-DRBG Deterministic Random Bit Generator
+ *
+ * @param[out]  out     Output buffer containing random data
+ * @param[in]   size    Number of random bytes to write to @p buf
+ */
+void random_hmac_drbg_mbedtls_get(void *out, size_t size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RANDOM_MBEDTLS_RIOT_H */
+/** @} */

pkg/mbedtls/include/riot_mbedtls_config.h

@@ -62,6 +62,42 @@ extern "C" {
 #define MBEDTLS_ECP_DP_CURVE448_ENABLED
 /** @} */
 
+/**
+ * @brief   Use precomputed AES tables stored in ROM.
+ *
+ * Uncomment this macro to use precomputed AES tables stored in ROM.
+ * Comment this macro to generate AES tables in RAM at runtime.
+ *
+ * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
+ * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
+ * initialization time before the first AES operation can be performed.
+ * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
+ * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
+ * performance if ROM access is slower than RAM access.
+ *
+ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
+ */
+#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * @brief   Use less ROM/RAM for AES tables.
+ *
+ * Uncommenting this macro omits 75% of the AES tables from
+ * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
+ * by computing their values on the fly during operations
+ * (the tables are entry-wise rotations of one another).
+ *
+ * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
+ * by ~6kb but at the cost of more arithmetic operations during
+ * runtime. Specifically, one has to compare 4 accesses within
+ * different tables to 4 accesses with additional arithmetic
+ * operations within the same table. The performance gain/loss
+ * depends on the system and memory details.
+ *
+ * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
+ */
+#define MBEDTLS_AES_FEWER_TABLES
+
 /**
  * @cond
  * This translates RIOT exposed options to Mbed TLS macros, it is hidden from Doxygen.