Hello,

With no random generator at all, only a few cryptographic operations are possible: signature verification, hashes, MAC, symmetric decryption, symmetric encryption with a deterministic nonce.

If you have no entropy sources on the device, you can provision a seed during the device manufacturing, and use that for the random generator. In Mbed TLS, enable MBEDTLS_ENTROPY_NV_SEED, disable other entropy sources, and provide seed read/write functions as described in https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how_to_integrate_nv_seed/#enabling-nv-seed-entropy-source-support .

The usage of the RNG is the same whether the entropy comes from a hardware RNG or only from a provisioned seed. You just have to configure the entropy module appropriately. Then you use CTR_DRBG or HMAC_DRBG or PSA normally.

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 07/12/2022 12:20, PRASHANT TRIPATHI via mbed-tls wrote:
Dear sir/madam

I have following queries regarding implementation of MBED CRYPTO Libraries :

1) How crypto libraries files could be used on baremetal with no entropy source(cross compilation )?

2) How asymmetric cryptographic operations  like RSA , RNG , EC ,DSA etc , could be implemented on baremetal without entropy , seed provisions ?

3) If i want to use some custom PRNG and entropy , then how the respective contexts structures could be filled ?




Thanks & Regards,
Prashant Tripathi