embassy/embassy-stm32/src/rng.rs

#![macro_use]

use core::future::Future;
use core::task::Poll;
use embassy::traits;
use embassy::util::{AtomicWaker, Unborrow};
use embassy_hal_common::unborrow;
use futures::future::poll_fn;
use rand_core::{CryptoRng, RngCore};

use crate::pac;
use crate::peripherals;

pub(crate) static RNG_WAKER: AtomicWaker = AtomicWaker::new();

#[cfg_attr(feature = "defmt", derive(defmt::Format))]
pub enum Error {
    SeedError,
    ClockError,
}

pub struct Random<T: Instance> {
    _inner: T,
}

impl<T: Instance> Random<T> {
    pub fn new(inner: impl Unborrow<Target = T>) -> Self {
        T::enable();
        T::reset();
        unborrow!(inner);
        let mut random = Self { _inner: inner };
        random.reset();
        random
    }

    pub fn reset(&mut self) {
        unsafe {
            T::regs().cr().modify(|reg| {
                reg.set_rngen(true);
                reg.set_ie(true);
            });
            T::regs().sr().modify(|reg| {
                reg.set_seis(false);
                reg.set_ceis(false);
            });
        }
        // Reference manual says to discard the first.
        let _ = self.next_u32();
    }
}

impl<T: Instance> RngCore for Random<T> {
    fn next_u32(&mut self) -> u32 {
        loop {
            let bits = unsafe { T::regs().sr().read() };
            if bits.drdy() {
                return unsafe { T::regs().dr().read() };
            }
        }
    }

    fn next_u64(&mut self) -> u64 {
        let mut rand = self.next_u32() as u64;
        rand |= (self.next_u32() as u64) << 32;
        rand
    }

    fn fill_bytes(&mut self, dest: &mut [u8]) {
        for chunk in dest.chunks_mut(4) {
            let rand = self.next_u32();
            for (slot, num) in chunk.iter_mut().zip(rand.to_be_bytes().iter()) {
                *slot = *num
            }
        }
    }

    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand_core::Error> {
        self.fill_bytes(dest);
        Ok(())
    }
}

impl<T: Instance> CryptoRng for Random<T> {}

impl<T: Instance> traits::rng::Rng for Random<T> {
    type Error = Error;
    #[rustfmt::skip]
    type RngFuture<'a> where Self: 'a = impl Future<Output=Result<(), Self::Error>> + 'a;

    fn fill_bytes<'a>(&'a mut self, dest: &'a mut [u8]) -> Self::RngFuture<'a> {
        unsafe {
            T::regs().cr().modify(|reg| {
                reg.set_rngen(true);
            });
        }
        async move {
            for chunk in dest.chunks_mut(4) {
                poll_fn(|cx| {
                    RNG_WAKER.register(cx.waker());
                    unsafe {
                        T::regs().cr().modify(|reg| {
                            reg.set_ie(true);
                        });
                    }

                    let bits = unsafe { T::regs().sr().read() };

                    if bits.drdy() {
                        Poll::Ready(Ok(()))
                    } else if bits.seis() {
                        self.reset();
                        Poll::Ready(Err(Error::SeedError))
                    } else if bits.ceis() {
                        self.reset();
                        Poll::Ready(Err(Error::ClockError))
                    } else {
                        Poll::Pending
                    }
                })
                .await?;
                let random_bytes = unsafe { T::regs().dr().read() }.to_be_bytes();
                for (dest, src) in chunk.iter_mut().zip(random_bytes.iter()) {
                    *dest = *src
                }
            }
            Ok(())
        }
    }

    #[rustfmt::skip]
    type NextFuture<'a> where Self: 'a = impl Future<Output=Result<u32, Self::Error>> + 'a;

    fn next<'a>(&'a mut self, range: u32) -> Self::NextFuture<'a> {
        async move {
            let t = (-(range as i32) % (range as i32)) as u32;
            loop {
                let mut buf = [0; 4];
                traits::rng::Rng::fill_bytes(self, &mut buf).await?;
                let x = u32::from_le_bytes(buf);
                let m = x as u64 * range as u64;
                let l = m as u32;
                if l < t {
                    continue;
                }
                return Ok((m >> 32) as u32);
            }
        }
    }
}

pub(crate) mod sealed {
    use super::*;

    pub trait Instance {
        fn regs() -> pac::rng::Rng;
    }
}

pub trait Instance: sealed::Instance + crate::rcc::RccPeripheral {}

crate::pac::peripherals!(
    (rng, $inst:ident) => {
        impl Instance for peripherals::$inst {}

        impl sealed::Instance for peripherals::$inst {
            fn regs() -> crate::pac::rng::Rng {
                crate::pac::RNG
            }
        }
    };
);

macro_rules! irq {
    ($irq:ident) => {
        mod rng_irq {
            use crate::interrupt;

            #[interrupt]
            unsafe fn $irq() {
                let bits = $crate::pac::RNG.sr().read();
                if bits.drdy() || bits.seis() || bits.ceis() {
                    $crate::pac::RNG.cr().write(|reg| reg.set_ie(false));
                    $crate::rng::RNG_WAKER.wake();
                }
            }
        }
    };
}

crate::pac::interrupts!(
    (RNG) => {
        irq!(RNG);
    };

    (RNG_LPUART1) => {
        irq!(RNG_LPUART1);
    };

    (AES_RNG_LPUART1) => {
        irq!(AES_RNG_LPUART1);
    };

    (AES_RNG) => {
        irq!(AES_RNG);
    };

    (HASH_RNG) => {
        irq!(HASH_RNG);
    };
);
Autogenerate features for family, peripherals and peripheral versions 2021-05-06 03:59:16 +02:00			`#![macro_use]`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00
rustfmt rng 2021-05-10 01:19:07 +02:00			`use core::future::Future;`
			`use core::task::Poll;`
			`use embassy::traits;`
			`use embassy::util::{AtomicWaker, Unborrow};`
Rename embassy-extras to embassy-hal-common 2021-07-29 13:44:51 +02:00			`use embassy_hal_common::unborrow;`
rustfmt rng 2021-05-10 01:19:07 +02:00			`use futures::future::poll_fn;`
			`use rand_core::{CryptoRng, RngCore};`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00
rustfmt rng 2021-05-10 01:19:07 +02:00			`use crate::pac;`
Move DAC, I2C, SPI and RNG to macro-tables. 2021-06-03 17:09:29 +02:00			`use crate::peripherals;`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00
Add SPIv1, use cfg_attr to pick correct impl. Add IRQ to impl_rng!() to accomodate RNG vs HASH_RNG split. 2021-05-13 20:28:53 +02:00			`pub(crate) static RNG_WAKER: AtomicWaker = AtomicWaker::new();`
Stub in RNG impl. 2021-04-26 20:11:46 +02:00
Fixes #374: Ensure Rng's error is defmt-able. 2021-08-26 20:03:54 +02:00			`#[cfg_attr(feature = "defmt", derive(defmt::Format))]`
Adjust pin-names to FooPin. Move common bits up to spi/mod.rs. Isolate the RNG interrupt in a sub-module to avoid conflict with the const. 2021-05-14 16:11:43 +02:00			`pub enum Error {`
			`SeedError,`
			`ClockError,`
			`}`

Stub in RNG impl. 2021-04-26 20:11:46 +02:00			`pub struct Random<T: Instance> {`
Get rid of some warnings 2021-05-11 06:34:10 +02:00			`_inner: T,`
Stub in RNG impl. 2021-04-26 20:11:46 +02:00			`}`

			`impl<T: Instance> Random<T> {`
rustfmt rng 2021-05-10 01:19:07 +02:00			`pub fn new(inner: impl Unborrow<Target = T>) -> Self {`
Enable clock for RNG 2021-06-09 13:54:53 +02:00			`T::enable();`
			`T::reset();`
Stub in RNG impl. 2021-04-26 20:11:46 +02:00			`unborrow!(inner);`
Get rid of some warnings 2021-05-11 06:34:10 +02:00			`let mut random = Self { _inner: inner };`
Further clean-up and adjustments. Follow RM for FIPS. 2021-05-06 22:38:53 +02:00			`random.reset();`
			`random`
			`}`

			`pub fn reset(&mut self) {`
			`unsafe {`
			`T::regs().cr().modify(\|reg\| {`
			`reg.set_rngen(true);`
			`reg.set_ie(true);`
			`});`
			`T::regs().sr().modify(\|reg\| {`
			`reg.set_seis(false);`
			`reg.set_ceis(false);`
			`});`
			`}`
			`// Reference manual says to discard the first.`
			`let _ = self.next_u32();`
Stub in RNG impl. 2021-04-26 20:11:46 +02:00			`}`
			`}`

Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00			`impl<T: Instance> RngCore for Random<T> {`
			`fn next_u32(&mut self) -> u32 {`
			`loop {`
			`let bits = unsafe { T::regs().sr().read() };`
			`if bits.drdy() {`
rustfmt rng 2021-05-10 01:19:07 +02:00			`return unsafe { T::regs().dr().read() };`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00			`}`
			`}`
			`}`

			`fn next_u64(&mut self) -> u64 {`
			`let mut rand = self.next_u32() as u64;`
			`rand \|= (self.next_u32() as u64) << 32;`
			`rand`
			`}`

			`fn fill_bytes(&mut self, dest: &mut [u8]) {`
			`for chunk in dest.chunks_mut(4) {`
			`let rand = self.next_u32();`
			`for (slot, num) in chunk.iter_mut().zip(rand.to_be_bytes().iter()) {`
			`slot = num`
			`}`
			`}`
			`}`

			`fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand_core::Error> {`
rustfmt rng 2021-05-10 01:19:07 +02:00			`self.fill_bytes(dest);`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00			`Ok(())`
			`}`
			`}`

rustfmt rng 2021-05-10 01:19:07 +02:00			`impl<T: Instance> CryptoRng for Random<T> {}`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00
			`impl<T: Instance> traits::rng::Rng for Random<T> {`
			`type Error = Error;`
rustfmt rng 2021-05-10 01:19:07 +02:00			`#[rustfmt::skip]`
stm32: add missing `+ 'a` bounds on trait GATs 2021-08-04 19:39:54 +02:00			`type RngFuture<'a> where Self: 'a = impl Future<Output=Result<(), Self::Error>> + 'a;`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00
			`fn fill_bytes<'a>(&'a mut self, dest: &'a mut [u8]) -> Self::RngFuture<'a> {`
			`unsafe {`
			`T::regs().cr().modify(\|reg\| {`
			`reg.set_rngen(true);`
			`});`
			`}`
			`async move {`
			`for chunk in dest.chunks_mut(4) {`
Clean up the impl_rng!() argument. use poll_fn instead of impl'ing a Future directly. Return errors when error conditions exist. 2021-05-06 20:58:41 +02:00			`poll_fn(\|cx\| {`
			`RNG_WAKER.register(cx.waker());`
			`unsafe {`
			`T::regs().cr().modify(\|reg\| {`
			`reg.set_ie(true);`
			`});`
			`}`

			`let bits = unsafe { T::regs().sr().read() };`

			`if bits.drdy() {`
			`Poll::Ready(Ok(()))`
			`} else if bits.seis() {`
Further clean-up and adjustments. Follow RM for FIPS. 2021-05-06 22:38:53 +02:00			`self.reset();`
Clean up the impl_rng!() argument. use poll_fn instead of impl'ing a Future directly. Return errors when error conditions exist. 2021-05-06 20:58:41 +02:00			`Poll::Ready(Err(Error::SeedError))`
			`} else if bits.ceis() {`
Further clean-up and adjustments. Follow RM for FIPS. 2021-05-06 22:38:53 +02:00			`self.reset();`
Clean up the impl_rng!() argument. use poll_fn instead of impl'ing a Future directly. Return errors when error conditions exist. 2021-05-06 20:58:41 +02:00			`Poll::Ready(Err(Error::ClockError))`
			`} else {`
			`Poll::Pending`
			`}`
rustfmt rng 2021-05-10 01:19:07 +02:00			`})`
			`.await?;`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00			`let random_bytes = unsafe { T::regs().dr().read() }.to_be_bytes();`
			`for (dest, src) in chunk.iter_mut().zip(random_bytes.iter()) {`
			`dest = src`
			`}`
			`}`
			`Ok(())`
			`}`
Stub in RNG impl. 2021-04-26 20:11:46 +02:00			`}`
Add a convenience next(range) to Rng. 2021-08-27 22:10:01 +02:00
			`#[rustfmt::skip]`
			`type NextFuture<'a> where Self: 'a = impl Future<Output=Result<u32, Self::Error>> + 'a;`

			`fn next<'a>(&'a mut self, range: u32) -> Self::NextFuture<'a> {`
			`async move {`
			`let t = (-(range as i32) % (range as i32)) as u32;`
			`loop {`
			`let mut buf = [0; 4];`
			`traits::rng::Rng::fill_bytes(self, &mut buf).await?;`
			`let x = u32::from_le_bytes(buf);`
			`let m = x as u64 * range as u64;`
			`let l = m as u32;`
			`if l < t {`
			`continue;`
			`}`
			`return Ok((m >> 32) as u32);`
			`}`
			`}`
			`}`
Stub in RNG impl. 2021-04-26 20:11:46 +02:00			`}`

			`pub(crate) mod sealed {`
			`use super::*;`

			`pub trait Instance {`
Implement async RNG, including rand_core sync traits. 2021-05-06 20:33:29 +02:00			`fn regs() -> pac::rng::Rng;`
Stub in RNG impl. 2021-04-26 20:11:46 +02:00			`}`
			`}`

Enable clock for RNG 2021-06-09 13:54:53 +02:00			`pub trait Instance: sealed::Instance + crate::rcc::RccPeripheral {}`
Stub in RNG impl. 2021-04-26 20:11:46 +02:00
Move DAC, I2C, SPI and RNG to macro-tables. 2021-06-03 17:09:29 +02:00			`crate::pac::peripherals!(`
			`(rng, $inst:ident) => {`
			`impl Instance for peripherals::$inst {}`

			`impl sealed::Instance for peripherals::$inst {`
			`fn regs() -> crate::pac::rng::Rng {`
			`crate::pac::RNG`
			`}`
			`}`
			`};`
			`);`

			`macro_rules! irq {`
			`($irq:ident) => {`
			`mod rng_irq {`
			`use crate::interrupt;`

			`#[interrupt]`
			`unsafe fn $irq() {`
			`let bits = $crate::pac::RNG.sr().read();`
			`if bits.drdy() \|\| bits.seis() \|\| bits.ceis() {`
			`$crate::pac::RNG.cr().write(\|reg\| reg.set_ie(false));`
			`$crate::rng::RNG_WAKER.wake();`
			`}`
			`}`
			`}`
			`};`
			`}`

			`crate::pac::interrupts!(`
			`(RNG) => {`
			`irq!(RNG);`
			`};`

			`(RNG_LPUART1) => {`
			`irq!(RNG_LPUART1);`
			`};`

			`(AES_RNG_LPUART1) => {`
			`irq!(AES_RNG_LPUART1);`
			`};`

			`(AES_RNG) => {`
			`irq!(AES_RNG);`
			`};`

			`(HASH_RNG) => {`
			`irq!(HASH_RNG);`
			`};`
			`);`