[Silabs] Refactor SiWx917 random number generator (#33689)

* Refactor TRNG function to rely on hardware instead of SW on TINYCRYPT

* fix pointer conversion

* refactor minimal changes

* Rever header change

* review comments

---------

Co-authored-by: Rohan S <3526930+brosahay@users.noreply.github.com>

Author: rosahay-silabs

examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp

@@ -70,11 +70,11 @@ extern "C" {
 #include "sl_wifi.h"
 #include "sl_wifi_callback_framework.h"
 #include "wfx_host_events.h"
-#if SLI_SI91X_MCU_INTERFACE
+#if TINYCRYPT_PRIMITIVES
 #include "sl_si91x_trng.h"
 #define TRNGKEY_SIZE 4
-#endif // SLI_SI91X_MCU_INTERFACE
-} // extern "C" {
+#endif // TINYCRYPT_PRIMITIVES
+}
 
 WfxRsi_t wfx_rsi;
 
@@ -477,7 +477,7 @@ static sl_status_t wfx_rsi_init(void)
         return status;
     }
 
-#ifdef SLI_SI91X_MCU_INTERFACE
+#ifdef TINYCRYPT_PRIMITIVES
     const uint32_t trngKey[TRNGKEY_SIZE] = { 0x16157E2B, 0xA6D2AE28, 0x8815F7AB, 0x3C4FCF09 };
 
     // To check the Entropy of TRNG and verify TRNG functioning.
@@ -495,7 +495,7 @@ static sl_status_t wfx_rsi_init(void)
         SILABS_LOG("TRNG Key Programming Failed");
         return status;
     }
-#endif // SLI_SI91X_MCU_INTERFACE
+#endif // TINYCRYPT_PRIMITIVES
 
     wfx_rsi.events = xEventGroupCreateStatic(&rsiDriverEventGroup);
     wfx_rsi.dev_state |= WFX_RSI_ST_DEV_READY;

src/platform/silabs/PlatformManagerImpl.cpp

@@ -33,7 +33,7 @@
 
 #if defined(TINYCRYPT_PRIMITIVES)
 #include "tinycrypt/ecc.h"
-#endif
+#endif // TINYCRYPT_PRIMITIVES
 
 #if CHIP_SYSTEM_CONFIG_USE_LWIP
 #include <lwip/tcpip.h>
@@ -46,7 +46,6 @@ namespace DeviceLayer {
 
 PlatformManagerImpl PlatformManagerImpl::sInstance;
 
-#if SLI_SI91X_MCU_INTERFACE
 #if defined(TINYCRYPT_PRIMITIVES)
 sys_mutex_t PlatformManagerImpl::rngMutexHandle = NULL;
 
@@ -58,8 +57,8 @@ int PlatformManagerImpl::uECC_RNG_Function(uint8_t * dest, unsigned int size)
 
     return res;
 }
-#endif // TINYCRYPT_PRIMITIVES
 
+#if !(SLI_SI91X_MCU_INTERFACE)
 static void app_get_random(uint8_t * aOutput, size_t aLen)
 {
     VerifyOrReturn(aOutput != nullptr);
@@ -76,7 +75,8 @@ static int app_entropy_source(void * data, unsigned char * output, size_t len, s
 
     return 0;
 }
-#endif // SLI_SI91X_MCU_INTERFACE
+#endif // !SLI_SI91X_MCU_INTERFACE
+#endif // TINYCRYPT_PRIMITIVES
 
 CHIP_ERROR PlatformManagerImpl::_InitChipStack(void)
 {
@@ -93,15 +93,14 @@ CHIP_ERROR PlatformManagerImpl::_InitChipStack(void)
 
     ReturnErrorOnFailure(System::Clock::InitClock_RealTime());
 
-#if SLI_SI91X_MCU_INTERFACE
-    ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16 /*Threshold value*/));
-
 #if defined(TINYCRYPT_PRIMITIVES)
+#if !(SLI_SI91X_MCU_INTERFACE)
+    ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16 /*Threshold value*/));
+#endif // !SLI_SI91X_MCU_INTERFACE
     /* Set RNG function for tinycrypt operations. */
     VerifyOrExit(sys_mutex_new(&rngMutexHandle) == ERR_OK, err = CHIP_ERROR_NO_MEMORY);
     uECC_set_rng(PlatformManagerImpl::uECC_RNG_Function);
 #endif // TINYCRYPT_PRIMITIVES
-#endif // SLI_SI91X_MCU_INTERFACE
 
     // Call _InitChipStack() on the generic implementation base class
     // to finish the initialization process.

src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp

@@ -60,6 +60,12 @@
 
 #include <string.h>
 
+#ifdef SLI_SI91X_MCU_INTERFACE
+extern "C" {
+#include "sl_si91x_trng.h"
+}
+#endif // SLI_SI91X_MCU_INTERFACE
+
 namespace chip {
 namespace Crypto {
 
@@ -414,7 +420,7 @@ CHIP_ERROR PBKDF2_sha256::pbkdf2_sha256(const uint8_t * password, size_t plen, c
 
     return error;
 }
-
+#if !(SLI_SI91X_MCU_INTERFACE)
 static EntropyContext * get_entropy_context()
 {
     if (!gsEntropyContext.mInitialized)
@@ -448,9 +454,15 @@ static mbedtls_ctr_drbg_context * get_drbg_context()
 
     return drbgCtxt;
 }
-
+#endif // !SLI_SI91X_MCU_INTERFACE
 CHIP_ERROR add_entropy_source(entropy_source fn_source, void * p_source, size_t threshold)
 {
+#if SLI_SI91X_MCU_INTERFACE
+    // SiWx917 has its hardware based generator
+    (void) fn_source;
+    (void) p_source;
+    (void) threshold;
+#else
     VerifyOrReturnError(fn_source != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
 
     EntropyContext * const entropy_ctxt = get_entropy_context();
@@ -459,19 +471,25 @@ CHIP_ERROR add_entropy_source(entropy_source fn_source, void * p_source, size_t
     const int result =
         mbedtls_entropy_add_source(&entropy_ctxt->mEntropy, fn_source, p_source, threshold, MBEDTLS_ENTROPY_SOURCE_STRONG);
     VerifyOrReturnError(result == 0, CHIP_ERROR_INTERNAL);
+#endif // SLI_SI91X_MCU_INTERFACE
     return CHIP_NO_ERROR;
 }
 
 CHIP_ERROR DRBG_get_bytes(uint8_t * out_buffer, const size_t out_length)
 {
     VerifyOrReturnError(out_buffer != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(out_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
-
+#if SLI_SI91X_MCU_INTERFACE
+    sl_status_t status;
+    status = sl_si91x_trng_get_random_num(reinterpret_cast<uint32_t *>(out_buffer), out_length);
+    VerifyOrReturnError(status == SL_STATUS_OK, CHIP_ERROR_RANDOM_DATA_UNAVAILABLE);
+#else
     mbedtls_ctr_drbg_context * const drbg_ctxt = get_drbg_context();
     VerifyOrReturnError(drbg_ctxt != nullptr, CHIP_ERROR_INTERNAL);
 
     const int result = mbedtls_ctr_drbg_random(drbg_ctxt, Uint8::to_uchar(out_buffer), out_length);
     VerifyOrReturnError(result == 0, CHIP_ERROR_INTERNAL);
+#endif // SLI_SI91X_MCU_INTERFACE
 
     return CHIP_NO_ERROR;
 }

src/platform/silabs/rs911x/BLEManagerImpl.cpp

@@ -58,12 +58,6 @@ extern "C" {
 #include <platform/DeviceInstanceInfoProvider.h>
 #include <string.h>
 
-#ifdef SLI_SI91X_MCU_INTERFACE
-extern "C" {
-#include "sl_si91x_trng.h"
-}
-#endif // SLI_SI91X_MCU_INTERFACE
-
 #if CHIP_ENABLE_ADDITIONAL_DATA_ADVERTISING
 #include <setup_payload/AdditionalDataPayloadGenerator.h>
 #endif
@@ -92,22 +86,11 @@ using namespace ::chip::DeviceLayer::Internal;
 void sl_ble_init()
 {
     uint8_t randomAddrBLE[RSI_BLE_ADDR_LENGTH] = { 0 };
-#if SLI_SI91X_MCU_INTERFACE
-    sl_status_t sl_status;
-    //! Get Random number of desired length
-    sl_status = sl_si91x_trng_get_random_num((uint32_t *) randomAddrBLE, RSI_BLE_ADDR_LENGTH);
-    if (sl_status != SL_STATUS_OK)
-    {
-        ChipLogError(DeviceLayer, " TRNG Random number generation Failed ");
-        return;
-    }
+    uint64_t randomAddr                        = chip::Crypto::GetRandU64();
+    memcpy(randomAddrBLE, &randomAddr, RSI_BLE_ADDR_LENGTH);
     // Set the two least significant bits as the first 2 bits of the address has to be '11' to ensure the address is a random
     // non-resolvable private address
-    randomAddrBLE[5] |= 0xC0;
-#else
-    uint64_t randomAddr = chip::Crypto::GetRandU64();
-    memcpy(randomAddrBLE, &randomAddr, RSI_BLE_ADDR_LENGTH);
-#endif // SLI_SI91X_MCU_INTERFACE
+    randomAddrBLE[(RSI_BLE_ADDR_LENGTH - 1)] |= 0xC0;
 
     // registering the GAP callback functions
     rsi_ble_gap_register_callbacks(NULL, NULL, rsi_ble_on_disconnect_event, NULL, NULL, NULL, rsi_ble_on_enhance_conn_status_event,