From 2367baccac66bc556e4a020ceb5ef826f577aa68 Mon Sep 17 00:00:00 2001
From: henopied <henopied@users.noreply.github.com>
Date: Sun, 12 Mar 2023 15:28:50 -0500
Subject: [PATCH 1/2] Harden timer behavior

---
 docker_env/src/bin/car.rs | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/docker_env/src/bin/car.rs b/docker_env/src/bin/car.rs
index 393dfd9..04a7170 100644
--- a/docker_env/src/bin/car.rs
+++ b/docker_env/src/bin/car.rs
@@ -6,7 +6,7 @@ use embedded_hal::digital::v2::OutputPin;
 
 use tiva::{
   driverlib::*,
-  log, setup_board, Board, words_to_bytes, Signer, Verifier, get_combined_entropy
+  log, setup_board, Board, words_to_bytes, Signer, Verifier, get_combined_entropy, get_timer_entropy
 };
 
 use p256_cortex_m4::{SecretKey, Signature, PublicKey};
@@ -88,6 +88,7 @@ fn main() -> ! {
 
   // Seed RNG with entropy sources
   let entropy: [u8; 32] = get_combined_entropy();
+  let mut timer_entropy: u64 = 0;
   let mut rng = rand_chacha::ChaChaRng::from_seed(entropy);
 
   loop {
@@ -97,7 +98,7 @@ fn main() -> ! {
         MAGIC_UNLOCK_REQ => {
           // log!("Car: Received UNLOCK_REQ");
           board.led_blue.set_high().unwrap();
-          unlock_start(&mut rng, &mut board);
+          unlock_start(&mut rng, &mut board, &mut timer_entropy);
           board.led_blue.set_low().unwrap();
         }
         _ => {
@@ -109,12 +110,14 @@ fn main() -> ! {
 }
 
 /// Handle UNLOCK_REQ
-fn unlock_start(rng: &mut (impl CryptoRng + RngCore), board: &mut Board) {
+fn unlock_start(rng: &mut (impl CryptoRng + RngCore), board: &mut Board, timer_entropy: &mut u64) {
   // Start timeout timer for 500ms, need time to rx from fob
   start_delay_timer_us(500_000);
 
+  let new_timer_entropy = get_timer_entropy();
+  *timer_entropy ^= u64::from_ne_bytes(new_timer_entropy[0..8].try_into().unwrap());
   // Initialize car nonce with random value :) it's very random
-  let mut car_nonce: u64 = rng.next_u64() ^ get_tick_timer();
+  let mut car_nonce: u64 = rng.next_u64() ^ *timer_entropy;
   let car_nonce_b: [u8; 8] = car_nonce.to_be_bytes();
 
   // Get car secret key

From 5f3a0c9ed4500fe4b43453f5db423f13e495dbd2 Mon Sep 17 00:00:00 2001
From: Minh Duong <git@whitehoodhacker.net>
Date: Sun, 12 Mar 2023 16:38:35 -0500
Subject: [PATCH 2/2] Add timer entropy comment

---
 docker_env/src/bin/car.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker_env/src/bin/car.rs b/docker_env/src/bin/car.rs
index 04a7170..d31169a 100644
--- a/docker_env/src/bin/car.rs
+++ b/docker_env/src/bin/car.rs
@@ -114,8 +114,10 @@ fn unlock_start(rng: &mut (impl CryptoRng + RngCore), board: &mut Board, timer_e
   // Start timeout timer for 500ms, need time to rx from fob
   start_delay_timer_us(500_000);
 
+  // Update timer entropy
   let new_timer_entropy = get_timer_entropy();
   *timer_entropy ^= u64::from_ne_bytes(new_timer_entropy[0..8].try_into().unwrap());
+  
   // Initialize car nonce with random value :) it's very random
   let mut car_nonce: u64 = rng.next_u64() ^ *timer_entropy;
   let car_nonce_b: [u8; 8] = car_nonce.to_be_bytes();