Contiki-NG
Loading...
Searching...
No Matches
Files | Data Structures | Functions
Cryptographically-secure PRNG
Libraries and services » Cryptographic primitives

In contrast to a normal PRNG, a CSPRNG generates a stream of pseudo-random numbers that is indistinguishable from the uniform distribution to a computationally-bounded adversary who does not know the seed. More...

Files

file  cc2538-sram-seeder.c
 SRAM-based CSPRNG seeder.
 
file  cc2538-sram-seeder.h
 SRAM-based CSPRNG seeder.
 
file  csprng.c
 An OFB-AES-128-based CSPRNG.
 
file  csprng.h
 An OFB-AES-128-based CSPRNG.
 
file  iq-seeder.c
 I/Q data-based seeder.
 
file  iq-seeder.h
 I/Q data-based seeder.
 

Data Structures

struct  csprng_seed
 This is the structure of a seed. More...
 

Functions

void cc2538_sram_seeder_seed (void)
 This function will feed the CSPRNG with a new seed.
 
void csprng_feed (struct csprng_seed *new_seed)
 Mixes a new seed with the current one.
 
bool csprng_rand (uint8_t *result, size_t len)
 Generates a cryptographic random number.
 
static uint8_t mul_gf_256 (uint8_t a, uint8_t b)
 Performs a multiplication within GF(256)
 
static void extract (uint8_t *target, uint8_t *source)
 Toeplitz matrix-based extractor.
 
bool iq_seeder_seed (void)
 This function will feed the CSPRNG with a new seed.
 

Detailed Description

In contrast to a normal PRNG, a CSPRNG generates a stream of pseudo-random numbers that is indistinguishable from the uniform distribution to a computationally-bounded adversary who does not know the seed.

Function Documentation

◆ cc2538_sram_seeder_seed()

void cc2538_sram_seeder_seed ( void )

This function will feed the CSPRNG with a new seed. 

   Its implementation leverages the fact that SRAM cells are partly
   random due to manufacturing variations. For randomness extraction,
   this function uses the well-known von Neumann extractor. Note that
   this function can only be called at start up and only if
   LPM_CONF_MAX_PM >= LPM_PM2.

Definition at line 66 of file cc2538-sram-seeder.c.

References csprng_feed(), and csprng_seed::u8.

Referenced by soc_init().

◆ csprng_feed()

void csprng_feed ( struct csprng_seed * new_seed)

Mixes a new seed with the current one.

Parameters
new_seedPointer to the new seed. 
            This function is called at start up and/or at runtime by
            what we call a "seeder". Seeders generate seeds in arbi-
            trary ways and feed this CSPRNG with their generated seeds.

Definition at line 58 of file csprng.c.

References csprng_seed::key, csprng_seed::state, and csprng_seed::u8.

Referenced by cc2538_sram_seeder_seed(), iq_seeder_seed(), platform_init_stage_one(), and platform_init_stage_two().

◆ csprng_rand()

bool csprng_rand ( uint8_t * result,
size_t len )

Generates a cryptographic random number.

Parameters
resultThe place to store the generated cryptographic random number.
lenThe length of the cryptographic random number to be generated. 
          We use output feedback mode (OFB) for generating cryptographic
          pseudo-random numbers [RFC 4086]. A potential problem with OFB
          is that OFB at some point enters a cycle. However, the
          expected cycle length given a random key and a random state
          is about 2^127 in our case [Davies and Parkin, The Average
          Cycle Size of The Key Stream in Output Feedback Encipherment].
Returns
Returns true on success and false otherwise.

Definition at line 81 of file csprng.c.

References csprng_seed::key, and csprng_seed::state.

◆ extract()

static void extract ( uint8_t * target,
uint8_t * source )
static

Toeplitz matrix-based extractor.

For theory, see [Skorski, True Random Num- ber Generators Secure in a Changing Environment: Improved Security Bounds]

Definition at line 100 of file iq-seeder.c.

References mul_gf_256().

◆ iq_seeder_seed()

bool iq_seeder_seed ( void )

This function will feed the CSPRNG with a new seed.

Returns
A boolean indicating whether the operation succeeded. 
   Many manuals of radio chips from Texas Instruments suggest using I/Q
   data (Cartesian representations of the received signal) for
   generating true random numbers. This function follows this suggestion
   and extracts seeds from I/Q data. However, since those manuals state
   that I/Q data is not uniformly distributed, this function does not use
   I/Q data directly as seeds, but first applies an extractor function.
   Note that this function can only be called at start up.

Definition at line 149 of file iq-seeder.c.

References csprng_feed(), csprng_seed::key, and csprng_seed::state.

Referenced by init().