Hi,
Hanno described perfectly how it works and I just would like to add a single remark. You mentioned that some of your platforms don’t have a hardware entropy source. In cases like that, depending on your threat model you might need to use the MBEDTLS_ENTROPY_NV_SEED feature to achieve security.
(This uses a stored secret value as a seed and on embedded systems without a hardware entropy source it is more secure against a remote adversary than trying to collect the entropy from the environment. On systems like that NV_SEED can have an edge against physical attackers – compared to attempting to collect entropy from the environment – if the seed is stored in secure storage/internal flash.)
Regards, Janos
From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org on behalf of Hanno Becker via mbed-tls mbed-tls@lists.trustedfirmware.org Reply to: Hanno Becker Hanno.Becker@arm.com Date: Tuesday, 28 April 2020 at 07:55 To: "mbed-tls@lists.trustedfirmware.org" mbed-tls@lists.trustedfirmware.org, ROSHINI DEVI roshinilachi@gmail.com Subject: Re: [mbed-tls] Random Number Generator module in mbed TLS
Hi,
Mbed TLS establishes variable-length access to random data in a three step fashion:
1) At the bottommost layer, there is a variable number of entropy sources external to the library. Such sources are supposed to provide some true randomness, though the exact amount of entropy they contain isn't yet specified (at least to my knowledge).
2) Mbed TLS' entropy module mixes those entropy sources into a single source of randomness. In contrast to the entropy sources themselves, the idea here is that, ideally, the data obtained from the entropy module has full entropy. This is achieved by (a) accumulating random data from available entropy sources and depending on the amount of entropy each of them offers, and (b) 'mixing' them by a application of hash functions.
3) Based on true randomness, Mbed TLS' provides two implementations of pseudo random number generators: CTR-DRBG and HMAC-DRBG. Those build on top of an entropy context and expand the underlying randomness as standardized in NIST SP 800-90.
Applications should use the PRNGs from step 3) as their actual source of randomness, and not directly hook into the underlying TRNGs.
Take a look at the example programs such as `ssl_client2` or `ssl_server2` to see how this works practically. Also see https://tls.mbed.org/kb/how-to/add-a-random-generator.
Now specifically to your question: You should register your STM32 hardware entropy as an entropy source via `mbedtls_entropy_add_source()` but not (need) to change anything else in your code. In particular, steps 2) and 3) above are entirely independent of the exact source of true randomness.
Hope this helps,
Hanno
________________________________ From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org on behalf of ROSHINI DEVI via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: Tuesday, April 28, 2020 6:06 AM To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] Random Number Generator module in mbed TLS
Hello,
Can anyone confirm this? Its urgent.
Thanks
On Fri, Apr 17, 2020 at 4:50 PM ROSHINI DEVI <roshinilachi@gmail.commailto:roshinilachi@gmail.com> wrote: Hello,
Is there any random number library available in mbedTLS? Right now, I am using hardware entropy in STM32 boards. If hardware platform changes and if there is no hardware entropy present, then again we need to redefine the API.
Thanks IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
mbed-tls@lists.trustedfirmware.org