kmwebnet/se050-wireguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add CSPRNG with SE050 seed for embedded platforms

Browse Source 
- Implemented ChaCha20-based CSPRNG seeded from SE050 TRNG
- Optimized for ESP32 and other embedded platforms
- Single SE050 access at startup, then fast software RNG
- All 10 CSPRNG tests passing

Usage:

Benefits:
- Minimal I2C communication (only once at startup)
- Fast random generation after seeding
- Cryptographically secure (ChaCha20-based)
- Suitable for resource-constrained devices
This commit is contained in:
km
2026-03-28 20:24:15 +09:00
parent 1894e9a933
commit 999e7a6e19
4 changed files with 405 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/se050_wireguard.h
+39
View File
@@ -172,6 +172,7 @@ int se050_wireguard_compute_mac2(se050_wireguard_session_t *session,
*
* Uses system RNG (/dev/urandom on POSIX).
* For SE050 hardware RNG, use se050_wireguard_generate_keypair_se050().
* For CSPRNG (seeded from SE050), use se050_wireguard_generate_keypair_csprng().
*
* @param private_key Output: private key (32 bytes)
* @param public_key Output: public key (32 bytes)
@@ -196,6 +197,44 @@ int se050_wireguard_generate_keypair_se050(se050_session_ctx_t *session,
uint8_t *public_key);
#endif
/**
* @brief Initialize CSPRNG with seed from SE050
*
* This should be called once at system startup. After initialization,
* the CSPRNG can generate random numbers without further SE050 access.
*
* @param seed_func Function to get seed from SE050 (called once)
* @param seed_ctx Context for seed function
* @return 0 on success, -1 on error
*/
int se050_csprng_init(int (*seed_func)(uint8_t *out, size_t len, void *ctx), void *seed_ctx);
/**
* @brief Generate WireGuard keypair using CSPRNG
*
* After calling se050_csprng_init(), use this function to generate keypairs.
* This is ideal for ESP32 and other embedded platforms where I2C access should be minimized.
*
* @param private_key Output: private key (32 bytes)
* @param public_key Output: public key (32 bytes)
* @return 0 on success, -1 on error
*/
int se050_wireguard_generate_keypair_csprng(uint8_t *private_key, uint8_t *public_key);
/**
* @brief Generate random bytes using CSPRNG
*
* @param out Output buffer
* @param len Number of bytes to generate
* @return 0 on success, -1 on error
*/
int se050_csprng_random(uint8_t *out, size_t len);
/**
* @brief Cleanup CSPRNG and zeroize sensitive data
*/
void se050_csprng_cleanup(void);
/* =========================================================================
* Constants
* ========================================================================= */