feat: Add CSPRNG with SE050 seed for embedded platforms

- Implemented ChaCha20-based CSPRNG seeded from SE050 TRNG - Optimized for ESP32 and other embedded platforms - Single SE050 access at startup, then fast software RNG - All 10 CSPRNG tests passing Usage: Benefits: - Minimal I2C communication (only once at startup) - Fast random generation after seeding - Cryptographically secure (ChaCha20-based) - Suitable for resource-constrained devices
2026-03-28 20:24:15 +09:00
parent 1894e9a933
commit 999e7a6e19
4 changed files with 405 additions and 0 deletions
@@ -172,6 +172,7 @@ int se050_wireguard_compute_mac2(se050_wireguard_session_t *session,
 * 
 * Uses system RNG (/dev/urandom on POSIX).
 * For SE050 hardware RNG, use se050_wireguard_generate_keypair_se050().
+ * For CSPRNG (seeded from SE050), use se050_wireguard_generate_keypair_csprng().
 * 
 * @param private_key Output: private key (32 bytes)
 * @param public_key Output: public key (32 bytes)
@@ -196,6 +197,44 @@ int se050_wireguard_generate_keypair_se050(se050_session_ctx_t *session,
                                           uint8_t *public_key);
 #endif

+/**
+ * @brief Initialize CSPRNG with seed from SE050
+ * 
+ * This should be called once at system startup. After initialization,
+ * the CSPRNG can generate random numbers without further SE050 access.
+ * 
+ * @param seed_func Function to get seed from SE050 (called once)
+ * @param seed_ctx Context for seed function
+ * @return 0 on success, -1 on error
+ */
+int se050_csprng_init(int (*seed_func)(uint8_t *out, size_t len, void *ctx), void *seed_ctx);
+
+/**
+ * @brief Generate WireGuard keypair using CSPRNG
+ * 
+ * After calling se050_csprng_init(), use this function to generate keypairs.
+ * This is ideal for ESP32 and other embedded platforms where I2C access should be minimized.
+ * 
+ * @param private_key Output: private key (32 bytes)
+ * @param public_key Output: public key (32 bytes)
+ * @return 0 on success, -1 on error
+ */
+int se050_wireguard_generate_keypair_csprng(uint8_t *private_key, uint8_t *public_key);
+
+/**
+ * @brief Generate random bytes using CSPRNG
+ * 
+ * @param out Output buffer
+ * @param len Number of bytes to generate
+ * @return 0 on success, -1 on error
+ */
+int se050_csprng_random(uint8_t *out, size_t len);
+
+/**
+ * @brief Cleanup CSPRNG and zeroize sensitive data
+ */
+void se050_csprng_cleanup(void);
+
 /* =========================================================================
 * Constants
 * ========================================================================= */