Fix: VIN_ANALOG_PIN undeclared in generateSessionToken() — improved entropy and pin configurability

[Copilot]

The "Enforce single-session login with tokens" commit introduced generateSessionToken() at line 704 referencing VIN_ANALOG_PIN, but that macro is only #define'd at line 930 — causing a compilation error on the Server sketch.

Changes

Compilation fix

Moved the #ifndef VIN_ANALOG_PIN / #define VIN_ANALOG_PIN A0 block to before generateSessionToken() so the symbol is always available for preprocessing/macro expansion. Removed the duplicate define from its original location and replaced it with a clarifying comment. The function now uses VIN_ANALOG_PIN directly, respecting any user override (e.g. #define VIN_ANALOG_PIN A1).

Configurable supplementary entropy pins

Added three new #ifndef macros — ENTROPY_ADC_PIN_1, ENTROPY_ADC_PIN_2, ENTROPY_ADC_PIN_3 — defaulting to A1, A2, A3. These can be overridden if those pins are in use for other hardware purposes.

Improved entropy construction

The token generator was updated from a single-source seed to a multi-source entropy pool with a 64-bit LCG state:

• ADC noise from 4 analog pins (VIN_ANALOG_PIN + 3 supplementary)
• Two micros() samples bracketing the ADC reads to capture execution jitter
• millis() for coarser timing entropy
• All entropy inputs cast to uint64_t before shifting to preserve full bit width
• Entropy mixed into named seedHigh/seedLow halves before combining into a 64-bit seed
• 64-bit LCG using Knuth MMIX constants (6364136223846793005 / 1442695040888963407) — full-period over 2^64
• Top-4-bit extraction (seed >> 60) from 64-bit state, giving 2^64 possible seeds and making brute-force infeasible

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Arduino Compilation Error in TankAlarm-112025-Server-BluesOpta (2026-03-12)</issue_title>
<issue_description>## Arduino Compilation Failed - TankAlarm 112025

The Arduino code compilation failed for the TankAlarm-112025 (Blues Opta) projects.

Workflow Run: https://github.com/SenaxInc/ArduinoSMSTankAlarm/actions/runs/23017661827
Commit: edc1777
Branch: master

Details

TankAlarm-112025 (Arduino Opta)

• Client Sketch: TankAlarm-112025-Client-BluesOpta/TankAlarm-112025-Client-BluesOpta.ino ✅
• Server Sketch: TankAlarm-112025-Server-BluesOpta/TankAlarm-112025-Server-BluesOpta.ino ❌
• Viewer Sketch: TankAlarm-112025-Viewer-BluesOpta/TankAlarm-112025-Viewer-BluesOpta.ino ✅

Board:

• Arduino Opta (arduino:mbed_opta:opta)

Triggered by: push

Next Steps

1. Review the workflow logs for detailed error messages
2. Fix compilation errors in the Arduino code
3. Re-run the workflow to verify the fix

/cc @copilot</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Arduino Compilation Error in TankAlarm-112025-Server-BluesOpta (2026-03-12) #275

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Updates session token generation in the Server (Blues Opta) sketch to avoid referencing VIN_ANALOG_PIN before it is defined later in the .ino file.

Changes:

• Adjusts generateSessionToken() to read A0 directly (instead of VIN_ANALOG_PIN) when seeding the session token RNG.
• Adds clarifying comments explaining the compile-order motivation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

generateSessionToken() now hardcodes analogRead(A0). That avoids the compile-order issue, but it also ignores VIN_ANALOG_PIN overrides (e.g., if someone configures the VIN divider on A1, the session token still samples A0). Prefer defining VIN_ANALOG_PIN (or a dedicated ENTROPY_ANALOG_PIN) before this function and using that symbol here, so the behavior stays consistent with configuration and doesn’t assume A0 is available/free.

[Copilot]

Session tokens are used as an authentication/session mechanism, but the generator is a simple LCG seeded with micros()/millis() and a single analogRead, which is not a cryptographically secure RNG and can be guessable if an attacker can estimate boot/login timing and the analog pin is driven. Consider sourcing randomness from a hardware-backed/secure source (or at least mixing in additional unpredictable state and using a stronger construction) to reduce token predictability.

[dorkmo]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Done in commit 2a40dd4. Changes applied from the review threads:

1. Configured pin — Moved the VIN_ANALOG_PIN #ifndef block to before generateSessionToken() so the function uses the configured pin (respects overrides like #define VIN_ANALOG_PIN A1). Removed the duplicate define from its original position further down.

2. Configurable entropy pins — Added ENTROPY_ADC_PIN_1/2/3 macros (defaulting to A1/A2/A3) with override guidance, so supplementary entropy pins can be reconfigured if they're in use for other hardware.

3. Improved entropy — The generator now mixes 4 ADC reads (VIN pin + 3 supplementary) with two micros() samples (bracketing the ADC reads to capture execution jitter) and millis(). Prime-valued XOR shifts spread entropy across all 32 bits. Updated to Numerical Recipes LCG constants with top-bit extraction.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

Session token generation is still limited by a 32-bit internal state (uint32_t seed + 32-bit LCG). Even though the token is 16 hex chars (64 bits), the number of possible tokens is effectively capped at 2^32, which is relatively small for an authentication bearer token and makes brute-force guessing more feasible (especially since /api/session/check provides a fast oracle). Consider switching to a larger state (e.g., 64/128-bit) and/or using a hardware RNG/true entropy source if available on this platform for session tokens.

[Copilot]

The note about avoiding a “forward-reference” is a bit misleading for a macro: the actual issue is that #define expansion is order-dependent during preprocessing, so VIN_ANALOG_PIN needs to be defined before it is used. Suggest rewording to avoid confusion (e.g., “defined earlier so it’s available for preprocessing in generateSessionToken()”).

Suggested change

	// VIN_ANALOG_PIN is defined earlier (before generateSessionToken) to avoid forward-reference.
	// VIN_ANALOG_PIN is defined earlier (before generateSessionToken) so it is available for preprocessing/macro expansion.

[dorkmo]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Done in commit 1074c7d. Changes applied from the review threads:

1. 64-bit LCG state — Upgraded generateSessionToken() from uint32_t to uint64_t internal state using Knuth MMIX constants (6364136223846793005 / 1442695040888963407), expanding the effective seed space from 2^32 to 2^64. Token characters are now extracted from (seed >> 60) & 0xF. All entropy inputs are cast to uint64_t before shifting to prevent 32-bit truncation. Entropy sources are split into named seedHigh/seedLow halves for readability before being combined.

2. Comment fix — Updated the comment near the relocated VIN_ANALOG_PIN define from "to avoid forward-reference" to the reviewer's suggested wording: "so it is available for preprocessing/macro expansion."