Fail hard if no random bytes available for encryption (#3067)

This commit is contained in:
Oxan van Leeuwen 2022-01-18 02:29:57 +01:00 committed by GitHub
parent db21731b14
commit 737188ae50
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 6 deletions

View file

@ -1,6 +1,7 @@
#include "api_frame_helper.h" #include "api_frame_helper.h"
#include "esphome/core/log.h" #include "esphome/core/log.h"
#include "esphome/core/hal.h"
#include "esphome/core/helpers.h" #include "esphome/core/helpers.h"
#include "proto.h" #include "proto.h"
#include <cstring> #include <cstring>
@ -721,7 +722,12 @@ APIError APINoiseFrameHelper::shutdown(int how) {
} }
extern "C" { extern "C" {
// declare how noise generates random bytes (here with a good HWRNG based on the RF system) // declare how noise generates random bytes (here with a good HWRNG based on the RF system)
void noise_rand_bytes(void *output, size_t len) { esphome::random_bytes(reinterpret_cast<uint8_t *>(output), len); } void noise_rand_bytes(void *output, size_t len) {
if (!esphome::random_bytes(reinterpret_cast<uint8_t *>(output), len)) {
ESP_LOGE(TAG, "Failed to acquire random bytes, rebooting!");
arch_restart();
}
}
} }
#endif // USE_API_NOISE #endif // USE_API_NOISE

View file

@ -287,13 +287,12 @@ uint32_t random_uint32() {
#endif #endif
} }
float random_float() { return static_cast<float>(random_uint32()) / static_cast<float>(UINT32_MAX); } float random_float() { return static_cast<float>(random_uint32()) / static_cast<float>(UINT32_MAX); }
void random_bytes(uint8_t *data, size_t len) { bool random_bytes(uint8_t *data, size_t len) {
#ifdef USE_ESP32 #ifdef USE_ESP32
esp_fill_random(data, len); esp_fill_random(data, len);
return true;
#elif defined(USE_ESP8266) #elif defined(USE_ESP8266)
if (os_get_random(data, len) != 0) { return os_get_random(data, len) == 0;
ESP_LOGE(TAG, "Failed to generate random bytes!");
}
#else #else
#error "No random source available for this configuration." #error "No random source available for this configuration."
#endif #endif

View file

@ -311,7 +311,7 @@ uint32_t random_uint32();
/// Return a random float between 0 and 1. /// Return a random float between 0 and 1.
float random_float(); float random_float();
/// Generate \p len number of random bytes. /// Generate \p len number of random bytes.
void random_bytes(uint8_t *data, size_t len); bool random_bytes(uint8_t *data, size_t len);
///@} ///@}