Implement a fast PRNG based on ascon

Fix a bunch of bias related bugs in the process

Author: nextgens

examples/companion_radio/MyMesh.cpp

@@ -882,10 +882,10 @@ void MyMesh::begin(bool has_display) {
   BaseChatMesh::begin();
 
   if (!_store->loadMainIdentity(self_id)) {
-    self_id = radio_new_identity(); // create new random identity
+    self_id = mesh::LocalIdentity(getRNG()); // create new random identity
     int count = 0;
     while (count < 10 && (self_id.pub_key[0] == 0x00 || self_id.pub_key[0] == 0xFF)) { // reserved id hashes
-      self_id = radio_new_identity();
+      self_id = mesh::LocalIdentity(getRNG());
       count++;
     }
     _store->saveMainIdentity(self_id);
@@ -930,8 +930,7 @@ void MyMesh::begin(bool has_display) {
   if (_prefs.ble_pin == 0) {
 #ifdef DISPLAY_CLASS
     if (has_display && BLE_PIN_CODE == 123456) {
-      StdRNG rng;
-      _active_ble_pin = rng.nextInt(100000, 999999); // random pin each session
+      _active_ble_pin = getRNG()->nextInt(100000, 999999); // random pin each session
     } else {
       _active_ble_pin = BLE_PIN_CODE; // otherwise static pin
     }

examples/companion_radio/main.cpp

@@ -109,6 +109,7 @@ void setup() {
   Serial.begin(115200);
 
   board.begin();
+  mesh::initHardwareRNG();
 
 #ifdef DISPLAY_CLASS
   DisplayDriver* disp = NULL;
@@ -123,12 +124,13 @@ void setup() {
   }
 #endif
 
-  if (!radio_init()) { halt(); }
-
-  fast_rng.begin(radio_get_rng_seed());
-
 #if defined(NRF52_PLATFORM) || defined(STM32_PLATFORM)
   InternalFS.begin();
+  fast_rng.attachPersistence(InternalFS, "/seed.rng");
+  fast_rng.setRadioEntropySource(radio_driver);
+  fast_rng.begin();
+  mesh::deinitHardwareRNG();
+  if (!radio_init()) { halt(); }
   #if defined(QSPIFLASH)
     if (!QSPIFlash.begin()) {
       // debug output might not be available at this point, might be too early. maybe should fall back to InternalFS here?
@@ -158,6 +160,11 @@ void setup() {
   the_mesh.startInterface(serial_interface);
 #elif defined(RP2040_PLATFORM)
   LittleFS.begin();
+  fast_rng.attachPersistence(LittleFS, "/seed.rng");
+  fast_rng.setRadioEntropySource(radio_driver);
+  fast_rng.begin();
+  mesh::deinitHardwareRNG();
+  if (!radio_init()) { halt(); }
   store.begin();
   the_mesh.begin(
     #ifdef DISPLAY_CLASS
@@ -184,6 +191,11 @@ void setup() {
     the_mesh.startInterface(serial_interface);
 #elif defined(ESP32)
   SPIFFS.begin(true);
+  fast_rng.attachPersistence(SPIFFS, "/seed.rng");
+  fast_rng.setRadioEntropySource(radio_driver);
+  fast_rng.begin();
+  mesh::deinitHardwareRNG();
+  if (!radio_init()) { halt(); }
   store.begin();
   the_mesh.begin(
     #ifdef DISPLAY_CLASS

examples/kiss_modem/main.cpp

@@ -32,24 +32,29 @@ void halt() {
 }
 
 void loadOrCreateIdentity() {
+  FILESYSTEM* fs;
 #if defined(NRF52_PLATFORM) || defined(STM32_PLATFORM)
   InternalFS.begin();
+  fs = &InternalFS;
   IdentityStore store(InternalFS, "");
 #elif defined(ESP32)
   SPIFFS.begin(true);
+  fs = &SPIFFS;
   IdentityStore store(SPIFFS, "/identity");
 #elif defined(RP2040_PLATFORM)
   LittleFS.begin();
+  fs = &LittleFS;
   IdentityStore store(LittleFS, "/identity");
   store.begin();
 #else
   #error "Filesystem not defined"
 #endif
+  rng.attachPersistence(*fs, "/seed.rng");
 
   if (!store.load("_main", identity)) {
-    identity = radio_new_identity();
+    identity = mesh::LocalIdentity(&rng);
     while (identity.pub_key[0] == 0x00 || identity.pub_key[0] == 0xFF) {
-      identity = radio_new_identity();
+      identity = mesh::LocalIdentity(&rng);
     }
     store.save("_main", identity);
   }
@@ -75,16 +80,19 @@ void onGetStats(uint32_t* rx, uint32_t* tx, uint32_t* errors) {
 
 void setup() {
   board.begin();
+  mesh::initHardwareRNG();
+
+  loadOrCreateIdentity();
+  rng.setRadioEntropySource(radio_driver);
+  rng.begin();
+  mesh::deinitHardwareRNG();
 
   if (!radio_init()) {
     halt();
   }
 
   radio_driver.begin();
 
-  rng.begin(radio_get_rng_seed());
-  loadOrCreateIdentity();
-
   sensors.begin();
 
 #if defined(KISS_UART_RX) && defined(KISS_UART_TX)

examples/simple_repeater/main.cpp

@@ -33,6 +33,7 @@ void setup() {
   delay(1000);
 
   board.begin();
+  mesh::initHardwareRNG();
 
 #if defined(MESH_DEBUG) && defined(NRF52_PLATFORM)
   // give some extra time for serial to settle so
@@ -52,13 +53,6 @@ void setup() {
   }
 #endif
 
-  if (!radio_init()) {
-    MESH_DEBUG_PRINTLN("Radio init failed!");
-    halt();
-  }
-
-  fast_rng.begin(radio_get_rng_seed());
-
   FILESYSTEM* fs;
 #if defined(NRF52_PLATFORM) || defined(STM32_PLATFORM)
   InternalFS.begin();
@@ -76,12 +70,22 @@ void setup() {
 #else
   #error "need to define filesystem"
 #endif
+  fast_rng.attachPersistence(*fs, "/seed.rng");
+  fast_rng.setRadioEntropySource(radio_driver);
+  fast_rng.begin();
+  mesh::deinitHardwareRNG();
+
+  if (!radio_init()) {
+    MESH_DEBUG_PRINTLN("Radio init failed!");
+    halt();
+  }
+
   if (!store.load("_main", the_mesh.self_id)) {
     MESH_DEBUG_PRINTLN("Generating new keypair");
-    the_mesh.self_id = radio_new_identity();   // create new random identity
+    the_mesh.self_id = mesh::LocalIdentity(the_mesh.getRNG());   // create new random identity
     int count = 0;
     while (count < 10 && (the_mesh.self_id.pub_key[0] == 0x00 || the_mesh.self_id.pub_key[0] == 0xFF)) {  // reserved id hashes
-      the_mesh.self_id = radio_new_identity(); count++;
+      the_mesh.self_id = mesh::LocalIdentity(the_mesh.getRNG()); count++;
     }
     store.save("_main", the_mesh.self_id);
   }

examples/simple_room_server/main.cpp

@@ -23,6 +23,7 @@ void setup() {
   delay(1000);
 
   board.begin();
+  mesh::initHardwareRNG();
 
 #ifdef DISPLAY_CLASS
   if (display.begin()) {
@@ -33,10 +34,6 @@ void setup() {
   }
 #endif
 
-  if (!radio_init()) { halt(); }
-
-  fast_rng.begin(radio_get_rng_seed());
-
   FILESYSTEM* fs;
 #if defined(NRF52_PLATFORM)
   InternalFS.begin();
@@ -54,11 +51,18 @@ void setup() {
 #else
   #error "need to define filesystem"
 #endif
+  fast_rng.attachPersistence(*fs, "/seed.rng");
+  fast_rng.setRadioEntropySource(radio_driver);
+  fast_rng.begin();
+  mesh::deinitHardwareRNG();
+
+  if (!radio_init()) { halt(); }
+
   if (!store.load("_main", the_mesh.self_id)) {
-    the_mesh.self_id = radio_new_identity();   // create new random identity
+    the_mesh.self_id = mesh::LocalIdentity(the_mesh.getRNG());   // create new random identity
     int count = 0;
     while (count < 10 && (the_mesh.self_id.pub_key[0] == 0x00 || the_mesh.self_id.pub_key[0] == 0xFF)) {  // reserved id hashes
-      the_mesh.self_id = radio_new_identity(); count++;
+      the_mesh.self_id = mesh::LocalIdentity(the_mesh.getRNG()); count++;
     }
     store.save("_main", the_mesh.self_id);
   }

examples/simple_secure_chat/main.cpp

@@ -307,14 +307,6 @@ class MyMesh : public BaseChatMesh, ContactVisitor {
     IdentityStore store(fs, "/identity");
   #endif
     if (!store.load("_main", self_id, _prefs.node_name, sizeof(_prefs.node_name))) {  // legacy: node_name was from identity file
-      // Need way to get some entropy to seed RNG
-      Serial.println("Press ENTER to generate key:");
-      char c = 0;
-      while (c != '\n') {   // wait for ENTER to be pressed
-        if (Serial.available()) c = Serial.read();
-      }
-      ((StdRNG *)getRNG())->begin(millis());
-
       self_id = mesh::LocalIdentity(getRNG());  // create new random identity
       int count = 0;
       while (count < 10 && (self_id.pub_key[0] == 0x00 || self_id.pub_key[0] == 0xFF)) {  // reserved id hashes
@@ -559,23 +551,32 @@ void setup() {
   Serial.begin(115200);
 
   board.begin();
+  mesh::initHardwareRNG();
 
-  if (!radio_init()) { halt(); }
-
-  fast_rng.begin(radio_get_rng_seed());
+  FILESYSTEM* fs;
 
 #if defined(NRF52_PLATFORM)
   InternalFS.begin();
-  the_mesh.begin(InternalFS);
+  fs = &InternalFS;
+  fast_rng.attachPersistence(InternalFS, "/seed.rng");
 #elif defined(RP2040_PLATFORM)
   LittleFS.begin();
-  the_mesh.begin(LittleFS);
+  fs = &LittleFS;
+  fast_rng.attachPersistence(LittleFS, "/seed.rng");
 #elif defined(ESP32)
   SPIFFS.begin(true);
-  the_mesh.begin(SPIFFS);
+  fs = &SPIFFS;
+  fast_rng.attachPersistence(SPIFFS, "/seed.rng");
 #else
   #error "need to define filesystem"
 #endif
+  fast_rng.setRadioEntropySource(radio_driver);
+  fast_rng.begin();
+  mesh::deinitHardwareRNG();
+
+  if (!radio_init()) { halt(); }
+
+  the_mesh.begin(*fs);
 
   radio_set_params(the_mesh.getFreqPref(), LORA_BW, LORA_SF, LORA_CR);
   radio_set_tx_power(the_mesh.getTxPowerPref());

examples/simple_sensor/main.cpp

@@ -57,6 +57,7 @@ void setup() {
   delay(1000);
 
   board.begin();
+  mesh::initHardwareRNG();
 
 #ifdef DISPLAY_CLASS
   if (display.begin()) {
@@ -66,10 +67,6 @@ void setup() {
   }
 #endif
 
-  if (!radio_init()) { halt(); }
-
-  fast_rng.begin(radio_get_rng_seed());
-
   FILESYSTEM* fs;
 #if defined(NRF52_PLATFORM) || defined(STM32_PLATFORM)
   InternalFS.begin();
@@ -87,12 +84,19 @@ void setup() {
 #else
   #error "need to define filesystem"
 #endif
+  fast_rng.attachPersistence(*fs, "/seed.rng");
+  fast_rng.setRadioEntropySource(radio_driver);
+  fast_rng.begin();
+  mesh::deinitHardwareRNG();
+
+  if (!radio_init()) { halt(); }
+
   if (!store.load("_main", the_mesh.self_id)) {
     MESH_DEBUG_PRINTLN("Generating new keypair");
-    the_mesh.self_id = radio_new_identity();   // create new random identity
+    the_mesh.self_id = mesh::LocalIdentity(the_mesh.getRNG());   // create new random identity
     int count = 0;
     while (count < 10 && (the_mesh.self_id.pub_key[0] == 0x00 || the_mesh.self_id.pub_key[0] == 0xFF)) {  // reserved id hashes
-      the_mesh.self_id = radio_new_identity(); count++;
+      the_mesh.self_id = mesh::LocalIdentity(the_mesh.getRNG()); count++;
     }
     store.save("_main", the_mesh.self_id);
   }

lib/ascon/api.h

@@ -0,0 +1,5 @@
+#define CRYPTO_VERSION "1.3.0"
+#define CRYPTO_BYTES 64
+#define ASCON_HASH_BYTES 0 /* XOF */
+#define ASCON_HASH_ROUNDS 12
+#define ASCON_VARIANT 3

lib/ascon/ascon.h

@@ -0,0 +1,70 @@
+#ifndef ASCON_H_
+#define ASCON_H_
+
+#include <stdint.h>
+
+#include "api.h"
+#include "config.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef union {
+  uint64_t x[5];
+  uint32_t w[5][2];
+  uint8_t b[5][8];
+} ascon_state_t;
+
+#ifdef ASCON_AEAD_RATE
+
+#define ASCON_KEYWORDS (CRYPTO_KEYBYTES + 7) / 8
+
+typedef union {
+  uint64_t x[ASCON_KEYWORDS];
+  uint32_t w[ASCON_KEYWORDS][2];
+  uint8_t b[ASCON_KEYWORDS][8];
+} ascon_key_t;
+
+#if !ASCON_INLINE_MODE
+
+void ascon_loadkey(ascon_key_t* key, const uint8_t* k);
+void ascon_initaead(ascon_state_t* s, const ascon_key_t* key,
+                    const uint8_t* npub);
+void ascon_adata(ascon_state_t* s, const uint8_t* ad, uint64_t adlen);
+void ascon_encrypt(ascon_state_t* s, uint8_t* c, const uint8_t* m,
+                   uint64_t mlen);
+void ascon_decrypt(ascon_state_t* s, uint8_t* m, const uint8_t* c,
+                   uint64_t clen);
+void ascon_final(ascon_state_t* s, const ascon_key_t* k);
+
+#endif
+
+int ascon_aead_encrypt(uint8_t* t, uint8_t* c, const uint8_t* m, uint64_t mlen,
+                       const uint8_t* ad, uint64_t adlen, const uint8_t* npub,
+                       const uint8_t* k);
+int ascon_aead_decrypt(uint8_t* m, const uint8_t* t, const uint8_t* c,
+                       uint64_t clen, const uint8_t* ad, uint64_t adlen,
+                       const uint8_t* npub, const uint8_t* k);
+
+#endif
+
+#ifdef ASCON_HASH_BYTES
+
+#if !ASCON_INLINE_MODE
+
+void ascon_inithash(ascon_state_t* s);
+void ascon_absorb(ascon_state_t* s, const uint8_t* in, uint64_t inlen);
+void ascon_squeeze(ascon_state_t* s, uint8_t* out, uint64_t outlen);
+
+#endif
+
+int ascon_xof(uint8_t* out, uint64_t outlen, const uint8_t* in, uint64_t inlen);
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ASCON_H_ */