[mbed-tls] Re: Regarding implementation of MBED CRYPTO libraries without entropy source on baremetal

7 Dec 2022


      Hello,
With no random generator at all, only a few cryptographic operations are 
possible: signature verification, hashes, MAC, symmetric decryption, 
symmetric encryption with a deterministic nonce.
If you have no entropy sources on the device, you can provision a seed 
during the device manufacturing, and use that for the random generator. 
In Mbed TLS, enable MBEDTLS_ENTROPY_NV_SEED, disable other entropy 
sources, and provide seed read/write functions as described in 
https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how_to_integrate_nv_seed... 
.
The usage of the RNG is the same whether the entropy comes from a 
hardware RNG or only from a provisioned seed. You just have to configure 
the entropy module appropriately. Then you use CTR_DRBG or HMAC_DRBG or 
PSA normally.
Best regards,
-- 
Gilles Peskine
Mbed TLS developer

On 07/12/2022 12:20, PRASHANT TRIPATHI via mbed-tls wrote:
> Dear sir/madam
>
> I have following queries regarding implementation of MBED CRYPTO 
> Libraries :
>
> 1) How crypto libraries files could be used on baremetal with no 
> entropy source(cross compilation )?
>
> 2) How asymmetric cryptographic operations  like RSA , RNG , EC ,DSA 
> etc , could be implemented on baremetal without entropy , seed 
> provisions ?
>
> 3) If i want to use some custom PRNG and entropy , then how the 
> respective contexts structures could be filled ?
>
>
>
>
> Thanks & Regards,
> *Prashant Tripathi*
>
>

2024

2023

2022

2021

2020

[mbed-tls] Re: Regarding implementation of MBED CRYPTO libraries without entropy source on baremetal