Contiki-NG
Files | Data Structures | Functions
Cryptographically-secure PRNG
Libraries and services

Expands a truly random seed into a stream of pseudo-random numbers. More...

Files

file  cc2538-sram-seeder.c
 SRAM-based CSPRNG seeder.
 
file  cc2538-sram-seeder.h
 SRAM-based CSPRNG seeder.
 
file  iq-seeder.c
 I/Q data-based seeder.
 
file  iq-seeder.h
 I/Q data-based seeder.
 

Data Structures

struct  csprng_seed
 This is the structure of a seed. More...
 

Functions

void cc2538_sram_seeder_seed (void)
 This function will feed the CSPRNG with a new seed. More...
 
void csprng_feed (struct csprng_seed *new_seed)
 Mixes a new seed with the current one. More...
 
bool csprng_rand (uint8_t *result, unsigned len)
 Generates a cryptographic random number. More...
 
static uint8_t mul_gf_256 (uint8_t a, uint8_t b)
 Performs a multiplication within GF(256)
 
static void extract (uint8_t *target, uint8_t *source)
 Toeplitz matrix-based extractor. More...
 
void iq_seeder_seed (void)
 This function will feed the CSPRNG with a new seed. More...
 

Detailed Description

Expands a truly random seed into a stream of pseudo-random numbers.

In contrast to a normal PRNG, a CSPRNG generates a stream of pseudo-random numbers that is indistinguishable from the uniform distribution to a computationally-bounded adversary who does not know the seed.

Function Documentation

◆ cc2538_sram_seeder_seed()

void cc2538_sram_seeder_seed ( void  )

This function will feed the CSPRNG with a new seed. 

   Its implementation leverages the fact that SRAM cells are partly
   random due to manufacturing variations. For randomness extraction,
   this function uses the well-known von Neumann extractor. Note that
   this function can only be called at start up and only if
   LPM_CONF_MAX_PM >= LPM_PM2.

Definition at line 66 of file cc2538-sram-seeder.c.

Referenced by soc_init().

◆ csprng_feed()

void csprng_feed ( struct csprng_seed new_seed)

Mixes a new seed with the current one.

Parameters
new_seedPointer to the new seed. 
            This function is called at start up and/or at runtime by
            what we call a "seeder". Seeders generate seeds in arbi-
            trary ways and feed this CSPRNG with their generated seeds.

Definition at line 61 of file csprng.c.

◆ csprng_rand()

bool csprng_rand ( uint8_t *  result,
unsigned  len 
)

Generates a cryptographic random number.

Parameters
resultThe place to store the generated cryptographic random number.
lenThe length of the cryptographic random number to be generated. 
          We use output feedback mode (OFB) for generating cryptographic
          pseudo-random numbers [RFC 4086]. A potential problem with OFB
          is that OFB at some point enters a cycle. However, the
          expected cycle length given a random key and a random state
          is about 2^127 in our case [Davies and Parkin, The Average
          Cycle Size of The Key Stream in Output Feedback Encipherment].
Returns
Returns true on success and false otherwise.

Definition at line 84 of file csprng.c.

◆ extract()

static void extract ( uint8_t *  target,
uint8_t *  source 
)
static

Toeplitz matrix-based extractor.

For theory, see [Skorski, True Random Num- ber Generators Secure in a Changing Environment: Improved Security Bounds]

Definition at line 99 of file iq-seeder.c.

◆ iq_seeder_seed()

void iq_seeder_seed ( void  )

This function will feed the CSPRNG with a new seed. 

   Many manuals of radio chips from Texas Instruments suggest using I/Q
   data (Cartesian representations of the received signal) for
   generating true random numbers. This function follows this suggestion
   and extracts seeds from I/Q data. However, since those manuals state
   that I/Q data is not uniformly distributed, this function does not use
   I/Q data directly as seeds, but first applies an extractor function.
   Note that this function can only be called at start up.

Definition at line 142 of file iq-seeder.c.