Use true randomness as a seed for the PRNG, also added a CSPRN

2023-08-27 04:10:03 +02:00 · 2023-08-27 04:10:03 +02:00 · b9e8ba3ea6
commit b9e8ba3ea6
parent 686d4be560
3 changed files with 36 additions and 9 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1172,6 +1172,12 @@ dependencies = [
 "syn 1.0.109",
 ]

+[[package]]
+name = "ppv-lite86"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
+
 [[package]]
 name = "precomputed-hash"
 version = "0.1.1"
@ -1226,6 +1232,17 @@ version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
+ "rand_chacha",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
 "rand_core",
 ]

--- a/Cargo.toml
+++ b/Cargo.toml
@ -64,6 +64,7 @@ rust-mqtt = { version = "0.1.5", features = [
 rand = { version = "0.8.5", features = [
 	"nightly",
 	"small_rng",
+	"std_rng",
 ], default-features = false }
 serde-json-core = "0.5.1"

--- a/src/main.rs
+++ b/src/main.rs
@ -12,7 +12,9 @@ use embassy_futures::{
 };
 use embassy_net::{tcp::TcpSocket, Config, Ipv4Address, Stack, StackResources};
 use embassy_rp::{
-    bind_interrupts, gpio,
+    bind_interrupts,
+    clocks::RoscRng,
+    gpio,
    peripherals::{DMA_CH0, PIN_23, PIN_25, PIO0, UART0},
    pio::{self, Pio},
    uart::{self, BufferedUartRx, Parity},
@ -27,7 +29,10 @@ use embassy_sync::{
 };
 use gpio::{Level, Output};
 use heapless::Vec;
-use rand::{rngs::SmallRng, RngCore, SeedableRng};
+use rand::{
+    rngs::{SmallRng, StdRng},
+    RngCore, SeedableRng,
+};
 use rust_mqtt::client::{client::MqttClient, client_config::ClientConfig};
 use static_cell::make_static;

@ -187,17 +192,16 @@ async fn main(spawner: Spawner) {

    let config = Config::dhcpv4(Default::default());

-    let mut seed = [0; 8];
-    // TODO: Make the seed actually random?
-    let mut rng = SmallRng::seed_from_u64(0x51ac_3101_6468_8cdf);
-    rng.fill_bytes(&mut seed);
-    let seed = u64::from_le_bytes(seed);
+    // Use the Ring Oscillator of the RP2040 as a source of true randomness to seed the
+    // cryptographically secure PRNG
+    let mut rng_rosc = RoscRng;
+    let mut rng = StdRng::from_rng(&mut rng_rosc).unwrap();

    let stack = make_static!(Stack::new(
        net_device,
        config,
        make_static!(StackResources::<2>::new()),
-        seed,
+        rng.next_u64(),
    ));

    spawner.spawn(net_task(stack)).unwrap();
@ -232,7 +236,12 @@ async fn main(spawner: Spawner) {
    }
    info!("TCP Connected!");

-    let mut config = ClientConfig::new(rust_mqtt::client::client_config::MqttVersion::MQTTv5, rng);
+    let mut config = ClientConfig::new(
+        rust_mqtt::client::client_config::MqttVersion::MQTTv5,
+        // Use fast and simple PRNG to generate packet identifiers, there is no need for this to be
+        // cryptographically secure
+        SmallRng::from_rng(&mut rng_rosc).unwrap(),
+    );

    config.add_username(env!("MQTT_USERNAME"));
    config.add_password(env!("MQTT_PASSWORD"));