Add entropy pool and strong random number generator

Entropy pool gathers environmental noise from device drivers, user-space, etc., and returns good random numbers, suitable for cryptographic use. Based on entropy pool design from *BSDs and uses BLAKE2Xs algorithm for CSPRNG output. Patch also adds /dev/urandom support for using entropy pool RNG and new 'getrandom' system call for getting randomness without file-descriptor usage (thus avoiding file-descriptor exhaustion attacks). The 'getrandom' interface is similar as 'getentropy' and 'getrandom' available on OpenBSD and Linux respectively.
2026-05-13 10:38:40 +08:00 · 2017-03-30 07:38:37 -06:00
parent 21545ab643
commit dffb8a67e3
50 changed files with 2005 additions and 9 deletions
@@ -2015,6 +2015,27 @@ config BOARD_RESET_ON_CRASH
 		If selected the board_crashdump should reset the machine after
 		saveing the state of the machine

+config BOARD_ENTROPY_POOL
+	bool "Enable Board level storing of entropy pool structure"
+	default n
+	depends on CRYPTO_RANDOM_POOL
+	---help---
+		Entropy pool structure can be provided by board source.
+		Use for this is, for example, to allocate entropy pool
+		from special area of RAM which content is kept over
+		system reset.
+
+config BOARD_INITRNGSEED
+	bool "Enable Board level initial seeding of entropy pool RNG"
+	default n
+	depends on CRYPTO_RANDOM_POOL
+	---help---
+		If enabled, entropy pool random number generator will call
+		board_init_rndseed() upon initialization. This function
+		can then provide early entropy seed to the pool through
+		entropy injection APIs provided at 'nuttx/random.h'.
+#endif
+
 config LIB_BOARDCTL
 	bool "Enable boardctl() interface"
 	default n
@@ -50,4 +50,35 @@ config CRYPTO_SW_AES
 		implemenations.  This needs to support up_aesinitialize() and
 		aes_cypher() per include/nuttx/crypto/crypto.h.

+config CRYPTO_BLAKE2S
+	bool "BLAKE2s hash algorithm"
+	default n
+	---help---
+		Enable the BLAKE2s hash algorithm
+
+config CRYPTO_RANDOM_POOL
+	bool "Entropy pool and strong randon number generator"
+	default n
+	select CRYPTO_BLAKE2S
+	---help---
+		Entropy pool gathers environmental noise from device drivers,
+		user-space, etc., and returns good random numbers, suitable
+		for cryptographic use. Based on entropy pool design from
+		*BSDs and uses BLAKE2Xs algorithm for CSPRNG output.
+
+		NOTE: May not actually be cyptographically secure, if
+		not enough entropy is made available to the entropy pool.
+
+if CRYPTO_RANDOM_POOL
+
+config CRYPTO_RANDOM_POOL_COLLECT_IRQ_RANDOMNESS
+	bool "Use interrupts to feed timing randomness to entropy pool"
+	default y
+	---help---
+		Feed entropy pool with interrupt randomness from interrupt
+		dispatch function 'irq_dispatch'. This adds some overhead
+		for every interrupt handled.
+
+endif # CRYPTO_RANDOM_POOL
+
 endif # CRYPTO
@@ -56,6 +56,18 @@ ifeq ($(CONFIG_CRYPTO_SW_AES),y)
  CRYPTO_CSRCS += aes.c
 endif

+# BLAKE2s hash algorithm
+
+ifeq ($(CONFIG_CRYPTO_BLAKE2S),y)
+  CRYPTO_CSRCS += blake2s.c
+endif
+
+# Entropy pool random number generator
+
+ifeq ($(CONFIG_CRYPTO_RANDOM_POOL),y)
+  CRYPTO_CSRCS += random_pool.c
+endif
+
 endif # CONFIG_CRYPTO

 ASRCS = $(CRYPTO_ASRCS)
@@ -97,4 +109,4 @@ distclean: clean
 	$(call DELFILE, Make.dep)
 	$(call DELFILE, .depend)

-include Make.dep
+-include Make.dep
@@ -69,6 +69,15 @@ config DEV_URANDOM_CONGRUENTIAL

 		NOTE: Not cyptographically secure

+config DEV_URANDOM_RANDOM_POOL
+	bool "Entropy pool"
+	depends on CRYPTO_RANDOM_POOL
+	---help---
+		Use the entropy pool CPRNG output for urandom algorithm.
+
+		NOTE: May or may not be cyptographically secure, depending upon the
+		quality entropy available to entropy pool.
+
 config DEV_URANDOM_ARCH
 	bool "Architecture-specific"
 	depends on ARCH_HAVE_RNG
@@ -60,6 +60,7 @@
 #include <nuttx/arch.h>
 #include <nuttx/semaphore.h>
 #include <nuttx/analog/adc.h>
+#include <nuttx/random.h>

 #include <nuttx/irq.h>

@@ -296,6 +297,10 @@ static ssize_t adc_read(FAR struct file *filep, FAR char *buffer, size_t buflen)
              break;
            }

+          /* Feed ADC data to entropy pool */
+
+          add_sensor_randomness(msg->am_data);
+
          /* Copy the message to the user buffer */

          if (msglen == 1)
@@ -49,11 +49,13 @@
 #include <string.h>
 #include <poll.h>
 #include <errno.h>
+#include <assert.h>

 #include <nuttx/lib/lib.h>
 #include <nuttx/lib/xorshift128.h>
 #include <nuttx/fs/fs.h>
 #include <nuttx/drivers/drivers.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_DEV_URANDOM) && !defined(CONFIG_DEV_URANDOM_ARCH)

@@ -62,13 +64,18 @@
 ****************************************************************************/

 #if !defined(CONFIG_DEV_URANDOM_CONGRUENTIAL) && \
-    !defined(CONFIG_DEV_URANDOM_XORSHIFT128)
-#  define CONFIG_DEV_URANDOM_XORSHIFT128 1
+    !defined(CONFIG_DEV_URANDOM_XORSHIFT128) && \
+    !defined(CONFIG_DEV_URANDOM_RANDOM_POOL)
+#  ifdef CONFIG_CRYPTO_RANDOM_POOL
+#    define CONFIG_DEV_URANDOM_RANDOM_POOL 1
+#  else
+#    define CONFIG_DEV_URANDOM_XORSHIFT128 1
+#  endif
 #endif

 #ifdef CONFIG_DEV_URANDOM_XORSHIFT128
 #  define PRNG() do_xorshift128()
-#else /* CONFIG_DEV_URANDOM_CONGRUENTIAL */
+#elif defined(CONFIG_DEV_URANDOM_CONGRUENTIAL)
 #  define PRNG() do_congruential()
 #endif

@@ -158,6 +165,12 @@ static inline uint32_t do_congruential(void)
 static ssize_t devurand_read(FAR struct file *filep, FAR char *buffer,
                             size_t len)
 {
+#ifdef CONFIG_DEV_URANDOM_RANDOM_POOL
+  if (len)
+    {
+      getrandom(buffer, len);
+    }
+#else
  size_t n;
  uint32_t rnd;

@@ -208,6 +221,7 @@ static ssize_t devurand_read(FAR struct file *filep, FAR char *buffer,
        }
      while (--n > 0);
    }
+#endif /* CONFIG_DEV_URANDOM_RANDOM_POOL */

  return len;
 }
@@ -228,6 +242,56 @@ static ssize_t devurand_write(FAR struct file *filep, FAR const char *buffer,
  memcpy(&seed, buffer, len);
  srand(seed);
  return len;
+#elif defined(CONFIG_DEV_URANDOM_RANDOM_POOL)
+  const unsigned int alignmask = sizeof(uint32_t) - 1;
+  const size_t initlen = len;
+  uint32_t tmp = 0;
+  size_t currlen;
+
+  if (!len)
+    {
+      return 0;
+    }
+
+  /* Seed entropy pool with data from user. */
+
+  if ((uintptr_t)buffer & alignmask)
+    {
+      /* Make unaligned input aligned. */
+
+      currlen = min(sizeof(uint32_t) - ((uintptr_t)buffer & alignmask), len);
+      memcpy(&tmp, buffer, currlen);
+      up_rngaddint(RND_SRC_SW, tmp);
+
+      len -= currlen;
+      buffer += currlen;
+    }
+
+  if (len >= sizeof(uint32_t))
+    {
+      /* Handle bulk aligned, word-sized data. */
+
+      DEBUGASSERT(((uintptr_t)buffer & alignmask) == 0);
+      currlen = len / sizeof(uint32_t);
+      up_rngaddentropy(RND_SRC_SW, (FAR uint32_t *)buffer, currlen);
+      buffer += currlen * sizeof(uint32_t);
+      len %= sizeof(uint32_t);
+    }
+
+  if (len > 0)
+    {
+      /* Handle trailing bytes. */
+
+      DEBUGASSERT(len < sizeof(uint32_t));
+      memcpy(&tmp, buffer, len);
+      up_rngaddint(RND_SRC_SW, tmp);
+    }
+
+  /* Reseeding of random number generator from entropy pool. */
+
+  up_rngreseed();
+
+  return initlen;
 #else
  len = min(len, sizeof(g_prng.u));
  memcpy(&g_prng.u, buffer, len);
@@ -274,6 +338,8 @@ void devurandom_register(void)

 #ifdef CONFIG_DEV_URANDOM_CONGRUENTIAL
  srand(10197);
+#elif defined(CONFIG_DEV_URANDOM_RANDOM_POOL)
+  up_randompool_initialize();
 #else
  g_prng.state.w = 97;
  g_prng.state.x = 101;
@@ -70,6 +70,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/spi/spi.h>
 #include <nuttx/wqueue.h>
+#include <nuttx/random.h>

 #include <nuttx/semaphore.h>
 #include <nuttx/input/touchscreen.h>
@@ -624,6 +625,8 @@ static void ads7843e_worker(FAR void *arg)
      y = ads7843e_sendcmd(priv, ADS7843_CMD_YPOSITION);
 #endif

+      add_ui_randomness((x << 16) | y);
+
      /* Perform a thresholding operation so that the results will be more stable.
       * If the difference from the last sample is small, then ignore the event.
       * REVISIT:  Should a large change in pressure also generate a event?
@@ -60,6 +60,7 @@
 #include <nuttx/kmalloc.h>
 #include <nuttx/fs/fs.h>
 #include <nuttx/input/ajoystick.h>
+#include <nuttx/random.h>

 #include <nuttx/irq.h>

@@ -321,6 +322,8 @@ static void ajoy_sample(FAR struct ajoy_upperhalf_s *priv)
  DEBUGASSERT(lower->al_buttons);
  sample = lower->al_buttons(lower);

+  add_ui_randomness(sample);
+
 #if !defined(CONFIG_DISABLE_POLL) || !defined(CONFIG_DISABLE_SIGNALS)
  /* Determine which buttons have been newly pressed and which have been
   * newly released.
@@ -56,6 +56,7 @@
 #include <nuttx/kmalloc.h>
 #include <nuttx/fs/fs.h>
 #include <nuttx/input/buttons.h>
+#include <nuttx/random.h>

 #include <nuttx/irq.h>

@@ -317,6 +318,8 @@ static void btn_sample(FAR struct btn_upperhalf_s *priv)
  DEBUGASSERT(lower->bl_buttons);
  sample = lower->bl_buttons(lower);

+  add_ui_randomness(sample);
+
 #if !defined(CONFIG_DISABLE_POLL) || !defined(CONFIG_DISABLE_SIGNALS)
  /* Determine which buttons have been newly pressed and which have been
   * newly released.
@@ -60,6 +60,7 @@
 #include <nuttx/kmalloc.h>
 #include <nuttx/fs/fs.h>
 #include <nuttx/input/djoystick.h>
+#include <nuttx/random.h>

 #include <nuttx/irq.h>

@@ -321,6 +322,8 @@ static void djoy_sample(FAR struct djoy_upperhalf_s *priv)
  DEBUGASSERT(lower->dl_sample);
  sample = lower->dl_sample(lower);

+  add_ui_randomness(sample);
+
 #if !defined(CONFIG_DISABLE_POLL) || !defined(CONFIG_DISABLE_SIGNALS)
  /* Determine which buttons have been newly pressed and which have been
   * newly released.
@@ -64,6 +64,7 @@
 #include <nuttx/wqueue.h>
 #include <nuttx/fs/fs.h>
 #include <nuttx/spi/spi.h>
+#include <nuttx/random.h>

 #include <nuttx/semaphore.h>
 #include <nuttx/input/touchscreen.h>
@@ -628,6 +629,8 @@ static void max11802_worker(FAR void *arg)
        }
      while (readycount < 2);

+      add_ui_randomness((x << 16) | y);
+
      /* Continue to sample the position while the pen is down */

      wd_start(priv->wdog, MAX11802_WDOG_DELAY, max11802_wdog, 1,
@@ -64,6 +64,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/wqueue.h>
+#include <nuttx/random.h>

 #include <nuttx/semaphore.h>
 #include <nuttx/input/touchscreen.h>
@@ -889,6 +890,8 @@ static void mxt_touch_event(FAR struct mxt_dev_s *priv,
      sample->pressure = pressure;
      sample->valid    = true;

+      add_ui_randomness((x << 16) ^ y ^ (area << 9) ^ (pressure << 1));
+
      /* If this is not the first touch report, then report it as a move:
       * Same contact, same ID, but with a new, updated position.
       * The CONTACT_REPORT state means that a contacted has been detected,
@@ -48,6 +48,7 @@
 #include <debug.h>

 #include <nuttx/input/stmpe811.h>
+#include <nuttx/random.h>

 #include "stmpe811.h"

@@ -139,6 +140,8 @@ uint16_t stmpe811_tempread(STMPE811_HANDLE handle)
  temp1 = stmpe811_getreg8(priv, STMPE811_SYS_CTRL2);
  temp2 = stmpe811_getreg8(priv, STMPE811_SYS_CTRL2+1);

+  add_sensor_randomness((temp1 << 8) | temp2);
+
  /* Scale the temperature (where Vio is assumed to be .33) */

  temp = ((uint32_t)(temp1 & 3) << 8) | temp2;
@@ -62,6 +62,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/wqueue.h>
+#include <nuttx/random.h>

 #include <nuttx/arch.h>
 #include <nuttx/input/touchscreen.h>
@@ -534,6 +535,8 @@ static ssize_t stmpe811_read(FAR struct file *filep, FAR char *buffer, size_t le
  report->point[0].y         = sample.y;
  report->point[0].pressure  = sample.z;

+  add_ui_randomness((sample.x << 16) ^ (sample.y << 8) ^ sample.z);
+
  /* Report the appropriate flags */

  if (sample.contact == CONTACT_UP)
@@ -68,6 +68,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/wqueue.h>
+#include <nuttx/random.h>

 #include <nuttx/input/touchscreen.h>
 #include <nuttx/input/tsc2007.h>
@@ -619,7 +620,7 @@ static void tsc2007_worker(FAR void *arg)
       *  vertical or horizontal resistive network.  The A/D converter converts
       *  the voltage measured at the point where the panel is touched. A measurement
       *  of the Y position of the pointing device is made by connecting the X+
-       *  input to a data converter chip, turning on the Y+ and Y– drivers, and
+       *  input to a data converter chip, turning on the Y+ and Y- drivers, and
       *  digitizing the voltage seen at the X+ input ..."
       *
       * "... it is recommended that whenever the host writes to the TSC2007, the
@@ -698,6 +699,8 @@ static void tsc2007_worker(FAR void *arg)
      priv->sample.y        = y;
      priv->sample.pressure = pressure;
      priv->sample.valid    = true;
+
+      add_ui_randomness((x << 16) ^ y ^ (pressure << 9));
    }

  /* Note the availability of new measurements */
@@ -48,6 +48,7 @@

 #include <nuttx/kmalloc.h>
 #include <nuttx/sensors/adxl345.h>
+#include <nuttx/random.h>

 #include "adxl345.h"

@@ -165,6 +166,9 @@ static ssize_t adxl345_read(FAR struct file *filep, FAR char *buffer, size_t len
  sample.data_z =  adxl345_getreg8(priv, ADXL345_DATAZ1);
  sample.data_z = (sample.data_z << 8) | adxl345_getreg8(priv, ADXL345_DATAZ0);

+  add_sensor_randomness(sample.data_x);
+  add_sensor_randomness((sample.data_z << 16) | sample.data_y);
+
  /* Return read sample */

  buffer = (FAR char *) &sample;
@@ -51,6 +51,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/bh1750fvi.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_BH1750FVI)

@@ -250,6 +251,8 @@ static ssize_t bh1750fvi_read(FAR struct file *filep, FAR char *buffer,
  buffer[0] = lux & 0xFF;
  buffer[1] = (lux & 0xFF00) >> 8;

+  add_sensor_randomness(lux);
+
  return buflen;
 }

@@ -51,6 +51,7 @@

 #include <nuttx/fs/fs.h>
 #include <nuttx/sensors/bmg160.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_SPI) && defined(CONFIG_BMG160)

@@ -243,6 +244,10 @@ static void bmg160_read_measurement_data(FAR struct bmg160_dev_s *dev)
  /* Give back the semaphore */

  sem_post(&dev->datasem);
+
+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((x_gyr << 16) ^ (y_gyr << 8) ^ z_gyr);
 }

 /****************************************************************************
@@ -53,6 +53,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/bmp180.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_BMP180)

@@ -464,6 +465,10 @@ static int bmp180_getpressure(FAR struct bmp180_dev_s *priv)

  bmp180_read_press_temp(priv);

+  /* Feed raw sensor data to entropy pool */
+
+  add_sensor_randomness((priv->bmp180_utemp << 16) ^ priv->bmp180_upress);
+
  /* Calculate true temperature */

  x1 = ((priv->bmp180_utemp - priv->bmp180_cal_ac6) * priv->bmp180_cal_ac5) >> 15;
@@ -51,6 +51,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/kxtj9.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_SENSOR_KXTJ9)

@@ -459,6 +460,12 @@ static int kxtj9_read_sensor_data(FAR struct kxtj9_dev_s *priv,

  kxtj9_reg_read(priv, INT_REL, &data, 1);
  sem_post(&priv->exclsem);
+
+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((acc_data[0] << 16) ^ (acc_data[1] << 8) ^
+                        acc_data[2]);
+
  return OK;
 }

@@ -49,6 +49,7 @@

 #include <nuttx/kmalloc.h>
 #include <nuttx/wqueue.h>
+#include <nuttx/random.h>

 #include <nuttx/fs/fs.h>

@@ -257,6 +258,10 @@ static void l3gd20_read_measurement_data(FAR struct l3gd20_dev_s *dev)
  /* Give back the semaphore */

  sem_post(&dev->datasem);
+
+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((x_gyr << 16) ^ (y_gyr << 8) ^ (z_gyr << 0));
 }

 /****************************************************************************
@@ -48,6 +48,7 @@
 #include <nuttx/kmalloc.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/lis331dl.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_LIS331DL)

@@ -414,6 +415,11 @@ lis331dl_getreadings(FAR struct lis331dl_dev_s * dev)
          return NULL;
        }

+      /* Feed sensor data to entropy pool */
+
+      add_sensor_randomness((retval[2] << 16) ^ (retval[4] << 8) ^
+                            (retval[6] << 0));
+
      dev->a.x = retval[2];
      dev->a.y = retval[4];
      dev->a.z = retval[6];
@@ -48,6 +48,7 @@

 #include <nuttx/kmalloc.h>
 #include <nuttx/wqueue.h>
+#include <nuttx/random.h>

 #include <nuttx/fs/fs.h>
 #include <nuttx/sensors/lis3dsh.h>
@@ -245,6 +246,10 @@ static void lis3dsh_read_measurement_data(FAR struct lis3dsh_dev_s *dev)
  /* Give back the semaphore */

  sem_post(&dev->datasem);
+
+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((x_acc << 16) ^ (y_acc << 8) ^ (z_acc << 0));
 }

 /****************************************************************************
@@ -47,6 +47,7 @@

 #include <nuttx/kmalloc.h>
 #include <nuttx/wqueue.h>
+#include <nuttx/random.h>

 #include <nuttx/fs/fs.h>
 #include <nuttx/sensors/lis3mdl.h>
@@ -251,6 +252,11 @@ static void lis3mdl_read_measurement_data(FAR struct lis3mdl_dev_s *dev)
  /* Give back the semaphore */

  sem_post(&dev->datasem);
+
+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((x_mag << 16) ^ (y_mag << 10) ^ (z_mag << 2) ^
+                        temperature);
 }

 /****************************************************************************
@@ -49,6 +49,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/lm75.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_I2C_LM75)

@@ -269,6 +270,8 @@ static int lm75_readtemp(FAR struct lm75_dev_s *priv, FAR b16_t *temp)
      return ret;
    }

+  add_sensor_randomness(temp16);
+
  sninfo("Centigrade: %08x\n", temp16);

  /* Was fahrenheit requested? */
@@ -51,6 +51,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/lm92.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_LM92)

@@ -272,6 +273,8 @@ static int lm92_readtemp(FAR struct lm92_dev_s *priv, FAR b16_t *temp)
      return ret;
    }

+  add_sensor_randomness(temp16);
+
  sninfo("Centigrade: %08x\n", temp16);

  /* Was Fahrenheit requested? */
@@ -50,6 +50,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/lsm9ds1.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_SN_LSM9DS1)

@@ -1244,6 +1245,7 @@ static ssize_t lsm9ds1_read(FAR struct file *filep, FAR char *buffer,
  uint8_t                   regaddr;
  uint8_t                   lo;
  uint8_t                   hi;
+  uint32_t                  merge = 0;

  /* Sanity check */

@@ -1301,6 +1303,10 @@ static ssize_t lsm9ds1_read(FAR struct file *filep, FAR char *buffer,

          data = ((uint16_t)hi << 8) | (uint16_t)lo;

+          /* Collect entropy */
+
+          merge += data ^ (merge >> 16);
+
          /* The value is positive */

          if (data < 0x8000)
@@ -1329,6 +1335,10 @@ static ssize_t lsm9ds1_read(FAR struct file *filep, FAR char *buffer,
        }
    }

+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness(merge);
+
  return nsamples * samplesize;
 }

@@ -54,6 +54,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/spi/spi.h>
 #include <nuttx/sensors/max31855.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_SPI) && defined(CONFIG_MAX31855)

@@ -220,6 +221,10 @@ static ssize_t max31855_read(FAR struct file *filep, FAR char *buffer, size_t bu

  sninfo("Read from MAX31855 = 0x%08X\n", regval);

+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness(regval);
+
  /* If negative, fix signal bits */

  if (regval & 0x80000000)
@@ -54,6 +54,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/spi/spi.h>
 #include <nuttx/sensors/max6675.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_SPI) && defined(CONFIG_MAX6675)

@@ -230,6 +231,10 @@ static ssize_t max6675_read(FAR struct file *filep, FAR char *buffer, size_t buf
      ret = -EINVAL;
    }

+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness(regval);
+
  /* Get the temperature */

  *temp = (regval & MAX6675_TEMP_COUPLE) >> 3;
@@ -51,6 +51,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/mb7040.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_MB7040)

@@ -323,6 +324,10 @@ static int mb7040_ioctl(FAR struct file *filep, int cmd, unsigned long arg)
          if (ret == OK)
            {
              *ptr = (int32_t)range;
+
+              /* Feed sensor data to entropy pool */
+
+              add_sensor_randomness(range);
            }

          sninfo("range: %04x ret: %d\n", *ptr, ret);
@@ -50,6 +50,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/mcp9844.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_MCP9844)

@@ -274,6 +275,10 @@ static int mcp9844_ioctl(FAR struct file *filep, int cmd, unsigned long arg)

          if (ret == OK)
            {
+              /* Feed sensor data to entropy pool */
+
+              add_sensor_randomness(raw_temperature);
+
              /* BIT15 - 13 contain information if preset temperature values
               * have been exceeded or undercut. BIT12 is now not any longer
               * needed since we do have the sign information retrieved.
@@ -50,6 +50,7 @@

 #include <nuttx/fs/fs.h>
 #include <nuttx/sensors/mlx90393.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_SPI) && defined(CONFIG_MLX90393)

@@ -232,6 +233,11 @@ static void mlx90393_read_measurement_data(FAR struct mlx90393_dev_s *dev)
  /* Give back the semaphore */

  sem_post(&dev->datasem);
+
+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((x_mag << 17) ^ (y_mag << 9) ^ (z_mag << 1) ^
+                        temperature);
 }

 /****************************************************************************
@@ -50,6 +50,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/spi/spi.h>
 #include <nuttx/sensors/mpl115a.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_SPI) && defined(CONFIG_MPL115A)

@@ -227,6 +228,11 @@ static void mpl115a_read_press_temp(FAR struct mpl115a_dev_s *priv)
  priv->mpl115a_temperature >>= 6; /* Tadc is 10bit unsigned */

  sninfo("Temperature = %d\n", priv->mpl115a_temperature);
+
+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((priv->mpl115a_pressure << 16) ^
+                        priv->mpl115a_temperature);
 }

 /****************************************************************************
@@ -53,6 +53,7 @@
 #include <nuttx/arch.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/ms58xx.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_MS58XX)

@@ -725,6 +726,8 @@ static int ms58xx_measure(FAR struct ms58xx_dev_s *priv)
      return ret;
    }

+  add_sensor_randomness(rawpress ^ rawtemp);
+
  diff = (int32_t)rawtemp - (int32_t)priv->c5 * ((int32_t)1 << 8);
  temp = (int32_t)((int64_t)2000 +
                   (int64_t)diff * (int64_t)priv->c6 / ((int64_t)1 << 23));
@@ -48,6 +48,7 @@
 #include <nuttx/fs/fs.h>
 #include <nuttx/i2c/i2c_master.h>
 #include <nuttx/sensors/veml6070.h>
+#include <nuttx/random.h>

 #if defined(CONFIG_I2C) && defined(CONFIG_VEML6070)

@@ -272,6 +273,10 @@ static ssize_t veml6070_read(FAR struct file *filep, FAR char *buffer,

  buffer[0] = regdata;

+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((buffer[1] << 16) ^ buffer[0]);
+
  return buflen;
 }

@@ -49,6 +49,7 @@
 #include <nuttx/kmalloc.h>
 #include <nuttx/spi/spi.h>
 #include <nuttx/sensors/xen1210.h>
+#include <nuttx/random.h>

 #include "xen1210.h"

@@ -442,6 +443,12 @@ void xen1210_getdata(FAR struct xen1210_dev_s *priv)
 #ifdef CONFIG_XEN1210_REGDEBUG
  _err("%02x->%02x\n", regaddr, regval);
 #endif
+
+  /* Feed sensor data to entropy pool */
+
+  add_sensor_randomness((priv->sample.data_x << 8) ^
+                        (priv->sample.data_y << 4) ^
+                        (priv->sample.data_z << 4));
 }

 /****************************************************************************
@@ -646,4 +646,20 @@ void board_crashdump(uintptr_t currentsp, FAR void *tcb,
                     int lineno);
 #endif

+/****************************************************************************
+ * Name: board_initrngseed
+ *
+ * Description:
+ *   If CONFIG_BOARD_INITRNGSEED is selected then board_init_rngseed is
+ *   called at up_randompool_initialize() to feed initial random seed
+ *   to RNG. Implemenation of this functions should feed at least
+ *   MIN_SEED_NEW_ENTROPY_WORDS 32-bit random words to entropy-pool using
+ *   up_rngaddentropy() or up_rngaddint().
+ *
+ ****************************************************************************/
+
+#ifdef CONFIG_BOARD_INITRNGSEED
+void board_init_rngseed(void);
+#endif
+
 #endif /* __INCLUDE_NUTTX_BOARD_H */
@@ -0,0 +1,197 @@
+/****************************************************************************
+ * include/nuttx/crypto/blake2s.h
+ *
+ * This code is based on public-domain/CC0 BLAKE2 reference implementation
+ * by Samual Neves, at https://github.com/BLAKE2/BLAKE2/tree/master/ref
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ *
+ * Copyright (C) 2017 Haltian Ltd. All rights reserved.
+ * Authors: Jussi Kivilinna <jussi.kivilinna@haltian.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+#ifndef __INCLUDE_NUTTX_CRYPTO_BLAKE2S_H
+#define __INCLUDE_NUTTX_CRYPTO_BLAKE2S_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+enum blake2s_constant
+{
+  BLAKE2S_BLOCKBYTES = 64,
+  BLAKE2S_OUTBYTES = 32,
+  BLAKE2S_KEYBYTES = 32,
+  BLAKE2S_SALTBYTES = 8,
+  BLAKE2S_PERSONALBYTES = 8
+};
+
+typedef struct blake2s_state__
+{
+  uint32_t h[8];
+  uint32_t t[2];
+  uint32_t f[2];
+  size_t buflen;
+  size_t outlen;
+  uint8_t buf[BLAKE2S_BLOCKBYTES];
+} blake2s_state;
+
+typedef struct blake2s_param__
+{
+  uint8_t digest_length;                        /* 1 */
+  uint8_t key_length;                           /* 2 */
+  uint8_t fanout;                               /* 3 */
+  uint8_t depth;                                /* 4 */
+  uint8_t leaf_length[4];                       /* 8 */
+  uint8_t node_offset[4];                       /* 12 */
+  uint8_t xof_length[2];                        /* 14 */
+  uint8_t node_depth;                           /* 15 */
+  uint8_t inner_length;                         /* 16 */
+  /* uint8_t  reserved[0]; */
+  uint8_t salt[BLAKE2S_SALTBYTES];              /* 24 */
+  uint8_t personal[BLAKE2S_PERSONALBYTES];      /* 32 */
+} blake2s_param;
+
+#ifdef __GNUC__ > 3
+#define BLAKE2_UNALIGNED 1
+typedef uint32_t uint32_alias_t __attribute__((may_alias, aligned(1)));
+typedef uint16_t uint16_alias_t __attribute__((may_alias, aligned(1)));
+#endif
+
+/****************************************************************************
+ * Public Function Prototypes
+ ****************************************************************************/
+
+/* Streaming API */
+
+int blake2s_init(FAR blake2s_state *S, size_t outlen);
+int blake2s_init_key(FAR blake2s_state *S, size_t outlen, FAR const void *key,
+                     size_t keylen);
+int blake2s_init_param(FAR blake2s_state *S, FAR const blake2s_param *P);
+int blake2s_update(FAR blake2s_state *S, FAR const void *in, size_t inlen);
+int blake2s_final(FAR blake2s_state *S, FAR void *out, size_t outlen);
+
+/* Simple API */
+
+int blake2s(FAR void *out, size_t outlen, FAR const void *in, size_t inlen,
+            FAR const void *key, size_t keylen);
+
+/****************************************************************************
+ * Public Inline Functions
+ ****************************************************************************/
+
+static inline uint32_t blake2_load32(FAR const void *src)
+{
+#if defined(BLAKE2_UNALIGNED) && !defined(CONFIG_ENDIAN_BIG)
+  return *(FAR uint32_alias_t *)src;
+#elif !defined(CONFIG_ENDIAN_BIG)
+  FAR const uint8_t *p = (FAR const uint8_t *)src;
+  return ((uint32_t)(p[0]) << 24) |
+         ((uint32_t)(p[1]) << 16) |
+         ((uint32_t)(p[2]) << 8) |
+         ((uint32_t)(p[3]) << 0);
+#else
+  FAR const uint8_t *p = (FAR const uint8_t *)src;
+  return ((uint32_t)(p[0]) << 0) |
+         ((uint32_t)(p[1]) << 8) |
+         ((uint32_t)(p[2]) << 16) |
+         ((uint32_t)(p[3]) << 24);
+#endif
+}
+
+static inline uint16_t blake2_load16(FAR const void *src)
+{
+#if defined(BLAKE2_UNALIGNED) && !defined(CONFIG_ENDIAN_BIG)
+  return *(FAR uint16_alias_t *)src;
+#elif !defined(CONFIG_ENDIAN_BIG)
+  const uint8_t *p = (FAR const uint8_t *)src;
+  return ((uint16_t)(p[0]) << 8) | ((uint16_t)(p[1]) << 0);
+#else
+  const uint8_t *p = (FAR const uint8_t *)src;
+  return ((uint16_t)(p[0]) << 0) | ((uint16_t)(p[1]) << 8);
+#endif
+}
+
+static inline void blake2_store16(FAR void *dst, uint16_t w)
+{
+#if defined(BLAKE2_UNALIGNED) && !defined(CONFIG_ENDIAN_BIG)
+  *(FAR uint16_alias_t *)dst = w;
+#elif !defined(CONFIG_ENDIAN_BIG)
+  FAR uint8_t *p = (FAR uint8_t *)dst;
+  p[1] = (uint8_t)w; w >>= 8;
+  p[0] = (uint8_t)w;
+#else
+  FAR uint8_t *p = (FAR uint8_t *)dst;
+  p[0] = (uint8_t)w; w >>= 8;
+  p[1] = (uint8_t)w;
+#endif
+}
+
+static inline void blake2_store32(FAR void *dst, uint32_t w)
+{
+#if defined(BLAKE2_UNALIGNED) && !defined(CONFIG_ENDIAN_BIG)
+  *(FAR uint32_alias_t *)dst = w;
+#elif !defined(CONFIG_ENDIAN_BIG)
+  FAR uint8_t *p = (FAR uint8_t *) dst;
+  p[0] = (uint8_t)(w >> 24);
+  p[1] = (uint8_t)(w >> 16);
+  p[2] = (uint8_t)(w >> 8);
+  p[3] = (uint8_t)(w >> 0);
+#else
+  FAR uint8_t *p = (FAR uint8_t *) dst;
+  p[0] = (uint8_t)(w >> 0);
+  p[1] = (uint8_t)(w >> 8);
+  p[2] = (uint8_t)(w >> 16);
+  p[3] = (uint8_t)(w >> 24);
+#endif
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __INCLUDE_NUTTX_CRYPTO_BLAKE2S_H */
@@ -0,0 +1,171 @@
+/****************************************************************************
+ * include/nuttx/random.h
+ *
+ *   Copyright (C) 2015-2017 Haltian Ltd. All rights reserved.
+ *   Authors: Juha Niskanen <juha.niskanen@haltian.com>
+ *            Jussi Kivilinna <jussi.kivilinna@haltian.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+#ifndef __INCLUDE_NUTTX_RANDOM_H
+#define __INCLUDE_NUTTX_RANDOM_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+#include <stddef.h>
+
+#include <sys/random.h> /* getrandom() */
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+/* Size of entropy pool in 32-bit integers, must be power of two */
+
+#define ENTROPY_POOL_SIZE        128
+
+#define add_irq_randomness(x)    up_rngaddint(RND_SRC_IRQ, (x))
+#define add_sensor_randomness(x) up_rngaddint(RND_SRC_SENSOR, (x))
+#define add_time_randomness(x)   up_rngaddint(RND_SRC_TIME, (x))
+#define add_hw_randomness(x)     up_rngaddint(RND_SRC_HW, (x))
+#define add_sw_randomness(x)     up_rngaddint(RND_SRC_SW, (x))
+#define add_ui_randomness(x)     up_rngaddint(RND_SRC_UI, (x))
+
+/* Allow above macros to always exist in source without ifdefs */
+
+#ifndef CONFIG_CRYPTO_RANDOM_POOL
+#  define up_rngaddint(k, x)            ((void)(k),(void)(x))
+#  define up_rngaddentropy(k, buf, n)   ((void)(k),(void)(buf),(void)(x))
+#endif
+
+/****************************************************************************
+ * Public Type Definitions
+ ****************************************************************************/
+
+/* Entropy pool structure */
+
+struct entropy_pool_s
+{
+  volatile uint32_t pool[ENTROPY_POOL_SIZE];
+};
+
+/* Randomness sources */
+
+enum rnd_source_t
+{
+  RND_SRC_TIME = 0,
+  RND_SRC_IRQ,
+  RND_SRC_SENSOR,
+  RND_SRC_HW,      /* unique per HW UID or coming from factory line. */
+  RND_SRC_SW,      /* unique per SW version. */
+  RND_SRC_UI       /* buttons etc. user-visible interface elements. */
+};
+
+/****************************************************************************
+ * Public Data
+ ****************************************************************************/
+
+#ifdef CONFIG_BOARD_ENTROPY_POOL
+/* Entropy pool structure can be provided by board source. Use for this is,
+ * for example, allocate entropy pool from special area of RAM which content
+ * is kept over system reset. */
+
+extern struct entropy_pool_s board_entropy_pool;
+#endif
+
+/****************************************************************************
+ * Public Function Prototypes
+ ****************************************************************************/
+
+#ifdef CONFIG_CRYPTO_RANDOM_POOL
+
+/****************************************************************************
+ * Function: up_rngaddint
+ *
+ * Description:
+ *   Add one integer to entropy pool, contributing a specific kind
+ *   of entropy to pool.
+ *
+ * Parameters:
+ *   kindof  - Enumeration constant telling where val came from
+ *   val     - Integer to be added
+ *
+ * Returned Value:
+ *   None
+ *
+ ****************************************************************************/
+
+void up_rngaddint(enum rnd_source_t kindof, int val);
+
+/****************************************************************************
+ * Function: up_rngaddentropy
+ *
+ * Description:
+ *   Add buffer of integers to entropy pool.
+ *
+ * Parameters:
+ *   kindof  - Enumeration constant telling where val came from
+ *   buf     - Buffer of integers to be added
+ *   n       - Number of elements in buf
+ *
+ * Returned Value:
+ *   None
+ *
+ ****************************************************************************/
+
+void up_rngaddentropy(enum rnd_source_t kindof, FAR const uint32_t *buf,
+                      size_t n);
+
+/****************************************************************************
+ * Function: up_rngreseed
+ *
+ * Description:
+ *   Force reseeding random number generator from entropy pool
+ *
+ ****************************************************************************/
+
+void up_rngreseed(void);
+
+/****************************************************************************
+ * Function: up_randompool_initialize
+ *
+ * Description:
+ *   Initialize entropy pool and random number generator
+ *
+ ****************************************************************************/
+
+void up_randompool_initialize(void);
+
+#endif /* CONFIG_CRYPTO_RANDOM_POOL */
+
+#endif /* __INCLUDE_NUTTX_RANDOM_H */
@@ -93,6 +93,8 @@ FAR void  *memcpy(FAR void *dest, FAR const void *src, size_t n);
 FAR void  *memmove(FAR void *dest, FAR const void *src, size_t count);
 FAR void  *memset(FAR void *s, int c, size_t n);

+void explicit_bzero(FAR void *s, size_t n);
+
 #undef EXTERN
 #if defined(__cplusplus)
 }
@@ -0,0 +1,77 @@
+/****************************************************************************
+ * include/sys/random.h
+ *
+ *   Copyright (C) 2015-2017 Haltian Ltd. All rights reserved.
+ *   Authors: Juha Niskanen <juha.niskanen@haltian.com>
+ *            Jussi Kivilinna <jussi.kivilinna@haltian.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+#ifndef __INCLUDE_SYS_RANDOM_H
+#define __INCLUDE_SYS_RANDOM_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+#include <stddef.h>
+
+/****************************************************************************
+ * Public Function Prototypes
+ ****************************************************************************/
+
+#ifdef CONFIG_CRYPTO_RANDOM_POOL
+
+/****************************************************************************
+ * Function: getrandom
+ *
+ * Description:
+ *   Fill a buffer of arbitrary length with randomness. This is the
+ *   preferred interface for getting random numbers. The traditional
+ *   /dev/random approach is susceptible for things like the attacker
+ *   exhausting file descriptors on purpose.
+ *
+ *   Note that this function cannot fail, other than by asserting.
+ *
+ * Parameters:
+ *   bytes  - Buffer for returned random bytes
+ *   nbytes - Number of bytes requested.
+ *
+ * Returned Value:
+ *   None
+ *
+ ****************************************************************************/
+
+void getrandom(FAR void *bytes, size_t nbytes);
+
+#endif /* CONFIG_CRYPTO_RANDOM_POOL */
+
+#endif /* __INCLUDE_SYS_RANDOM_H */
@@ -524,10 +524,19 @@
 /* The following is defined only if CONFIG_TASK_NAME_SIZE > 0 */

 #if CONFIG_TASK_NAME_SIZE > 0
-#  define SYS_prctl                    (SYS_nnetsocket+0)
-#  define SYS_maxsyscall               (SYS_nnetsocket+1)
+#  define SYS_prctl                    (SYS_nnetsocket+1)
 #else
-#  define SYS_maxsyscall               SYS_nnetsocket
+#  define SYS_prctl                    SYS_nnetsocket
+#endif
+
+/* The following is defined only if entropy pool random number generator
+ * is enabled. */
+
+#ifdef CONFIG_CRYPTO_RANDOM_POOL
+#  define SYS_getrandom                (SYS_prctl+1)
+#  define SYS_maxsyscall               (SYS_prctl+2)
+#else
+#  define SYS_maxsyscall               SYS_prctl
 #endif

 /* Note that the reported number of system calls does *NOT* include the
@@ -44,6 +44,7 @@ CSRCS += lib_strerror.c lib_strlen.c lib_strnlen.c lib_strncasecmp.c
 CSRCS += lib_strncat.c lib_strncmp.c lib_strncpy.c lib_strndup.c
 CSRCS += lib_strcasestr.c lib_strpbrk.c lib_strrchr.c lib_strspn.c
 CSRCS += lib_strstr.c lib_strtok.c lib_strtokr.c lib_strerrorr.c
+CSRCS += lib_explicit_bzero.c

 ifneq ($(CONFIG_LIBC_ARCH_MEMCPY),y)
 ifeq ($(CONFIG_MEMCPY_VIK),y)
@@ -0,0 +1,56 @@
+/****************************************************************************
+ * libc/string/lib_explicit_bzero.c
+ *
+ *   Copyright (C) 2015,2017 Haltian Ltd. All rights reserved.
+ *   Author: Juha Niskanen <juha.niskanen@haltian.com>
+ *           Jussi Kivilinna <jussi.kivilinna@haltian.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <string.h>
+
+/****************************************************************************
+ * Global Functions
+ ****************************************************************************/
+
+/* memset that must not be optimized away by compiler (not even with LTO). */
+
+void explicit_bzero(FAR void *s, size_t n)
+{
+  static FAR void *(*FAR const volatile memset_v)(FAR void *, int, size_t) =
+      &memset;
+
+  memset_v(s, 0, n);
+}
@@ -42,6 +42,7 @@
 #include <debug.h>
 #include <nuttx/arch.h>
 #include <nuttx/irq.h>
+#include <nuttx/random.h>

 #include "irq/irq.h"

@@ -53,7 +54,7 @@
 * Name: irq_dispatch
 *
 * Description:
- *   This function must be called from the achitecture-specific logic in
+ *   This function must be called from the architecture-specific logic in
 *   order to dispatch an interrupt to the appropriate, registered handling
 *   logic.
 *
@@ -97,6 +98,12 @@ void irq_dispatch(int irq, FAR void *context)
  arg    = NULL;
 #endif

+#ifdef CONFIG_CRYPTO_RANDOM_POOL_COLLECT_IRQ_RANDOMNESS
+  /* Add interrupt timing randomness to entropy pool */
+
+  add_irq_randomness(irq);
+#endif
+
  /* Then dispatch to the interrupt handler */

  vector(irq, context, arg);
@@ -30,6 +30,7 @@
 "get_errno_ptr","errno.h","defined(__DIRECT_ERRNO_ACCESS)","FAR int*"
 "getenv","stdlib.h","!defined(CONFIG_DISABLE_ENVIRON)","FAR char*","FAR const char*"
 "getpid","unistd.h","","pid_t"
+"getrandom","sys/random.h","defined(CONFIG_CRYPTO_RANDOM_POOL)","void","FAR void*","size_t"
 "getsockopt","sys/socket.h","CONFIG_NSOCKET_DESCRIPTORS > 0 && defined(CONFIG_NET)","int","int","int","int","FAR void*","FAR socklen_t*"
 "insmod","nuttx/module.h","defined(CONFIG_MODULE)","FAR void *","FAR const char *","FAR const char *"
 "ioctl","sys/ioctl.h","!defined(CONFIG_LIBC_IOCTL_VARIADIC) && (CONFIG_NSOCKET_DESCRIPTORS > 0 || CONFIG_NFILE_DESCRIPTORS > 0)","int","int","int","unsigned long"
@@ -379,6 +379,13 @@ SYSCALL_LOOKUP(up_assert,                  2, STUB_up_assert)
  SYSCALL_LOOKUP(prctl,                    5, STUB_prctl)
 #endif

+/* The following is defined only if entropy pool random number generator
+ * is enabled. */
+
+#ifdef CONFIG_CRYPTO_RANDOM_POOL
+  SYSCALL_LOOKUP(getrandom,               2, STUB_getrandom)
+#endif
+
 /****************************************************************************
 * Private Functions
 ****************************************************************************/
@@ -391,6 +391,11 @@ uintptr_t STUB_socket(int nbr, uintptr_t parm1, uintptr_t parm2,
 uintptr_t STUB_prctl(int nbr, uintptr_t parm1, uintptr_t parm2,
            uintptr_t parm3, uintptr_t parm4, uintptr_t parm5);

+/* The following is defined only if entropy pool random number generator
+ * is enabled. */
+
+uintptr_t STUB_getrandom(int nbr, uintptr_t parm1, uintptr_t parm2);
+
 /****************************************************************************
 * Public Data
 ****************************************************************************/