cotton-unique 0.1.0

Deterministic per-device unique IDs for embedded systems
Documentation
  • Coverage
  • 100%
    9 out of 9 items documented0 out of 7 items with examples
  • Size
  • Source code size: 18.49 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 919.27 kB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 10s Average build duration of successful builds.
  • all releases: 10s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Homepage
  • pdh11/cotton
    31 13 4
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • pdh11

CI status codecov dependency status Crates.io Crates.io docs.rs License: CC0-1.0

cotton-unique

Part of the Cotton project.

Implementing statistically-unique per-device IDs based on chip IDs

The cotton-unique crate encapsulates the creation of per-device unique identifiers -- for things such as Ethernet MAC addresses, or UPnP UUIDs.

Most microcontrollers (e.g. STM32, RA6M5) have a unique per-unit identifier built-in; RP2040 does not, but on that platform it's intended to use the unique identifier in the associated SPI flash chip instead.

But it's not a good idea to just use the raw chip ID as the MAC address, for several reasons: it's the wrong size, it's quite predictable (it's not 96 random bits per chip, it typically encodes the chip batch number and die position on the wafer, so two different STM32s might have IDs that differ only in one or two bits, meaning we can't just pick any 46 bits from the 96 in case we accidentally pick seldom-changing ones) — and, worst of all, if anyone were to use the same ID for anything else later, they might be surprised if it were very closely correlated with the device's MAC address.

So the thing to do, is to hash the unique ID along with a key, or salt, which indicates what we're using it for. The result is thus deterministic and consistent on any one device for a particular salt, but varies from one device to another (and from one salt to another).

For instance, the cotton-ssdp device tests obtain a MAC address by hashing the STM32 unique ID with the salt string "stm32-eth", and UPnP UUIDs by hashing the same ID with a different salt.

This does not guarantee uniqueness, but if the hash function is doing its job, the odds of a collision involve a factor of 2^-64 -- or in other words are highly unlikely.

There's more about the thinking behind for this crate on my blog.