securechip_random : multiple tries

asi345 · asi345 · commit d143187c8b42 · 2024-06-05T11:48:45.000+02:00
secure_chip random function uses atca library for randomness, but this
call to library may not be successful and error codes might be returned
by atca. In this case, firmware was also calling `Abort()`. This stops
the usb connection and terminates the program. Should it happen during a
factory reset, then it means the device is left in a half-reset state.

That's why it is a good practice to try this atca library call for
randomness multiple times, making it possible to avoid rare unexpected
errors from atca random implementation. Furthermore, the primary factory
reset functions `securechip_update_keys` and
`securechip_u2f_counter_set` are also retried to avoid unexpected errors
in them, quitting the execution half-reset.

Signed-off-by: asi345 &lt;inanata15@gmail.com&gt;
diff --git a/src/reset.c b/src/reset.c
@@ -48,11 +48,25 @@ void reset_reset(bool status)
 {
     keystore_lock();
 #if !defined(TESTING)
-    if (!securechip_update_keys()) {
+    bool sc_result_update_keys = false;
+    for (int retries = 0; retries < 5; retries++) {
+        sc_result_update_keys = securechip_update_keys();
+        if (sc_result_update_keys) {
+            break;
+        }
+    }
+    if (!sc_result_update_keys) {
         Abort("Could not reset secure chip.");
     }
 #if APP_U2F == 1
-    if (!securechip_u2f_counter_set(0)) {
+    bool sc_result_u2f_counter_set = false;
+    for (int retries = 0; retries < 5; retries++) {
+        sc_result_u2f_counter_set = securechip_u2f_counter_set(0);
+        if (sc_result_u2f_counter_set) {
+            break;
+        }
+    }
+    if (!sc_result_u2f_counter_set) {
         Abort("Could not initialize U2F counter.");
     }
 #endif
diff --git a/src/securechip/securechip.c b/src/securechip/securechip.c
@@ -605,7 +605,12 @@ bool securechip_monotonic_increments_remaining(uint32_t* remaining_out)
 
 bool securechip_random(uint8_t* rand_out)
 {
-    return atcab_random(rand_out) == ATCA_SUCCESS;
+    for (int retries = 0; retries < 5; retries++) {
+        if (atcab_random(rand_out) == ATCA_SUCCESS) {
+            return true;
+        }
+    }
+    return false;
 }
 
 // Length of priv_key must be 32 bytes

Original file line number	Diff line number	Diff line change
`@@ -605,7 +605,12 @@ bool securechip_monotonic_increments_remaining(uint32_t* remaining_out)`
`605`	`605`
`606`	`606`	`bool securechip_random(uint8_t* rand_out)`
`607`	`607`	`{`
`608`		`- return atcab_random(rand_out) == ATCA_SUCCESS;`
	`608`	`+ for (int retries = 0; retries < 5; retries++) {`
	`609`	`+ if (atcab_random(rand_out) == ATCA_SUCCESS) {`
	`610`	`+ return true;`
	`611`	`+ }`
	`612`	`+ }`
	`613`	`+ return false;`
`609`	`614`	`}`
`610`	`615`
`611`	`616`	`// Length of priv_key must be 32 bytes`