Add CSPRNG

Tries to seed an AES-CTR based PRNG using the TRNG, RTC, SysTick and ADC.

It is not really a CSPRNG as revealing its state allows to compute all previous outputs (it has no forward secrecy). It also is only good up to a limited amount of randomness after seeding it. Fortuna for example does not use more than 1 MiB without reseeding such a construct. I guess that limit is set very conservative though.

I guess these two limitations (no forward secrecy and only a limited amount of strong randomness) is acceptable for us. Calls to the RNG seem to be very few and the device is usually power cycled often in comparison.

Seeding is done via a SHA256 over the following data:

• 256x 16 bytes from the TRNG. Amount of entropy is unknown.
• The current second and subsecond values from the RTC.
• Current value of the SysTick.
• 256x a 10 bit ADC reading. Maybe 1 bit of entropy per reading.

CSPRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator

FORTUNA: https://en.wikipedia.org/wiki/Fortuna_(PRNG)

Other potential options for a CSPRNG:

• https://github.com/smuellerDD/chacha20_drng
• https://www.silabs.com/documents/public/application-notes/AN0806.pdf

changed the description

added 4 commits

• a202bd21 - feat(aes): add tiny-AES-c submodule
• 82bbeeaa - feat(aes): add libtinyAESc meson files
• 710dd39e - chore(rng): Rename epicaridum trng module to rng
• 02a17753 - feat(rng): add CSPRNG core

Compare with previous version

Looks good to me! Thanks for keeping our codebase clean.

However, I'm only a bot - so a human will still have to approve this request.

changed the description

added 2 commits

• b291f9f8 - feat(crypto): Add SHA256 implementation
• bb1335eb - feat(rng): Use SHA256 to extract entropy for seeding

Compare with previous version

changed the description

resolved all threads

added 7 commits

• 46632854 - 1 commit from branch master
• 4bca31c9 - feat(aes): add tiny-AES-c submodule
• 7bf8556d - feat(aes): add libtinyAESc meson files
• f3b1d002 - chore(rng): Rename epicaridum trng module to rng
• 3311ff2b - feat(rng): add CSPRNG core
• 7fabc43b - feat(crypto): Add SHA256 implementation
• 3c94c622 - feat(rng): Use SHA256 to extract entropy for seeding

Compare with previous version

added 7 commits

• b09240e9 - feat(aes): add tiny-AES-c submodule
• a734ff8f - feat(aes): add libtinyAESc meson files
• a58c3374 - chore(rng): Rename epicaridum trng module to rng
• 385f89f7 - feat(rng): add CSPRNG core
• 372ceb82 - feat(crypto): Add SHA256 implementation
• b3b10c3c - feat(rng): Use SHA256 to extract entropy for seeding
• b9b972a4 - fix(pycardium): Use CSPRNG for random numbers

Compare with previous version

added 8 commits

• 46632854 - 1 commit from branch master
• 85e81d12 - feat(aes): add tiny-AES-c submodule
• 247cede1 - feat(aes): add libtinyAESc meson files
• ad61af45 - chore(rng): Rename epicaridum trng module to rng
• 5c8819d8 - feat(rng): add CSPRNG core
• b5ab19c6 - feat(crypto): Add SHA256 implementation
• 403d51a2 - feat(rng): Use SHA256 to extract entropy for seeding
• c635986c - fix(pycardium): Use CSPRNG for random numbers

Compare with previous version

assigned to @rahix

changed milestone to %v1.16

mentioned in merge request !400 (merged)