Hi,

Mbed TLS establishes variable-length access to random data in a three step fashion:

1) At the bottommost layer, there is a variable number of entropy sources external to the library.

Such sources are supposed to provide some true randomness, though the exact amount of

entropy they contain isn't yet specified (at least to my knowledge).

2) Mbed TLS' entropy module mixes those entropy sources into a single source of randomness.

In contrast to the entropy sources themselves, the idea here is that, ideally, the data obtained

from the entropy module has full entropy. This is achieved by (a) accumulating random data

from available entropy sources and depending on the amount of entropy each of them offers,

and (b) 'mixing' them by a application of hash functions.

3) Based on true randomness, Mbed TLS' provides two implementations of pseudo random

number generators: CTR-DRBG and HMAC-DRBG. Those build on top of an entropy context

and expand the underlying randomness as standardized in NIST SP 800-90.

Applications should use the PRNGs from step 3) as their actual source of randomness,

and not directly hook into the underlying TRNGs.

Take a look at the example programs such as `ssl_client2` or `ssl_server2` to see how this

works practically. Also see https://tls.mbed.org/kb/how-to/add-a-random-generator.

Now specifically to your question: You should register your STM32 hardware entropy

as an entropy source via `mbedtls_entropy_add_source()` but not (need) to change

anything else in your code. In particular, steps 2) and 3) above are entirely independent

of the exact source of true randomness.

Hope this helps,

Hanno

From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org> on behalf of ROSHINI DEVI via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: Tuesday, April 28, 2020 6:06 AM
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: Re: [mbed-tls] Random Number Generator module in mbed TLS

Hello,

Can anyone confirm this? Its urgent.

Thanks

On Fri, Apr 17, 2020 at 4:50 PM ROSHINI DEVI <roshinilachi@gmail.com> wrote:

Hello,

Is there any random number library available in mbedTLS?

Right now, I am using hardware entropy in STM32 boards.

If hardware platform changes and if there is no hardware entropy present, then again we need to redefine the API.

Thanks

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.