Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • F firmware
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
  • Issues 74
    • Issues 74
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 29
    • Merge requests 29
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • External wiki
    • External wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • card10card10
  • firmware
  • Merge requests
  • !399

Add CSPRNG

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged schneider requested to merge schneider/rng into master Sep 13, 2020
  • Overview 16
  • Commits 8
  • Pipelines 7
  • Changes 14

Tries to seed an AES-CTR based PRNG using the TRNG, RTC, SysTick and ADC.

It is not really a CSPRNG as revealing its state allows to compute all previous outputs (it has no forward secrecy). It also is only good up to a limited amount of randomness after seeding it. Fortuna for example does not use more than 1 MiB without reseeding such a construct. I guess that limit is set very conservative though.

I guess these two limitations (no forward secrecy and only a limited amount of strong randomness) is acceptable for us. Calls to the RNG seem to be very few and the device is usually power cycled often in comparison.

Seeding is done via a SHA256 over the following data:

  • 256x 16 bytes from the TRNG. Amount of entropy is unknown.
  • The current second and subsecond values from the RTC.
  • Current value of the SysTick.
  • 256x a 10 bit ADC reading. Maybe 1 bit of entropy per reading.

CSPRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator

FORTUNA: https://en.wikipedia.org/wiki/Fortuna_(PRNG)

Other potential options for a CSPRNG:

  • https://github.com/smuellerDD/chacha20_drng
  • https://www.silabs.com/documents/public/application-notes/AN0806.pdf
Edited Sep 13, 2020 by schneider
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: schneider/rng