Dear sir/madam
I have following queries regarding implementation of MBED CRYPTO Libraries :
1) How crypto libraries files could be used on baremetal with no entropy source(cross compilation )?
2) How asymmetric cryptographic operations like RSA , RNG , EC ,DSA etc , could be implemented on baremetal without entropy , seed provisions ?
3) If i want to use some custom PRNG and entropy , then how the respective contexts structures could be filled ?
Thanks & Regards, *Prashant Tripathi*
Hello,
With no random generator at all, only a few cryptographic operations are possible: signature verification, hashes, MAC, symmetric decryption, symmetric encryption with a deterministic nonce.
If you have no entropy sources on the device, you can provision a seed during the device manufacturing, and use that for the random generator. In Mbed TLS, enable MBEDTLS_ENTROPY_NV_SEED, disable other entropy sources, and provide seed read/write functions as described in https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how_to_integrate_nv_seed... .
The usage of the RNG is the same whether the entropy comes from a hardware RNG or only from a provisioned seed. You just have to configure the entropy module appropriately. Then you use CTR_DRBG or HMAC_DRBG or PSA normally.
Best regards,
Hello ,
Whenever I am enabling MBEDTLS_ENTROPY_NV_SEED,entire code is misbehaving. Could you please provide me some documents or example regarding this
On Wed, 7 Dec 2022, 16:50 Gilles Peskine via mbed-tls, < mbed-tls@lists.trustedfirmware.org> wrote:
Hello,
With no random generator at all, only a few cryptographic operations are possible: signature verification, hashes, MAC, symmetric decryption, symmetric encryption with a deterministic nonce.
If you have no entropy sources on the device, you can provision a seed during the device manufacturing, and use that for the random generator. In Mbed TLS, enable MBEDTLS_ENTROPY_NV_SEED, disable other entropy sources, and provide seed read/write functions as described in https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how_to_integrate_nv_seed... .
The usage of the RNG is the same whether the entropy comes from a hardware RNG or only from a provisioned seed. You just have to configure the entropy module appropriately. Then you use CTR_DRBG or HMAC_DRBG or PSA normally.
Best regards,
-- Gilles Peskine Mbed TLS developer
On 07/12/2022 12:20, PRASHANT TRIPATHI via mbed-tls wrote:
Dear sir/madam
I have following queries regarding implementation of MBED CRYPTO Libraries :
- How crypto libraries files could be used on baremetal with no entropy
source(cross compilation )?
- How asymmetric cryptographic operations like RSA , RNG , EC ,DSA etc ,
could be implemented on baremetal without entropy , seed provisions ?
- If i want to use some custom PRNG and entropy , then how the respective
contexts structures could be filled ?
Thanks & Regards, *Prashant Tripathi*
-- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
Hello,
Thanks for your reply. What is the procedure to fill Context manually incase entropy source is not present in baremetal. What exactly are the context which are required to filled for the same
On Wed, 7 Dec 2022, 16:50 Gilles Peskine via mbed-tls, < mbed-tls@lists.trustedfirmware.org> wrote:
Hello,
With no random generator at all, only a few cryptographic operations are possible: signature verification, hashes, MAC, symmetric decryption, symmetric encryption with a deterministic nonce.
If you have no entropy sources on the device, you can provision a seed during the device manufacturing, and use that for the random generator. In Mbed TLS, enable MBEDTLS_ENTROPY_NV_SEED, disable other entropy sources, and provide seed read/write functions as described in https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how_to_integrate_nv_seed... .
The usage of the RNG is the same whether the entropy comes from a hardware RNG or only from a provisioned seed. You just have to configure the entropy module appropriately. Then you use CTR_DRBG or HMAC_DRBG or PSA normally.
Best regards,
-- Gilles Peskine Mbed TLS developer
On 07/12/2022 12:20, PRASHANT TRIPATHI via mbed-tls wrote:
Dear sir/madam
I have following queries regarding implementation of MBED CRYPTO Libraries :
- How crypto libraries files could be used on baremetal with no entropy
source(cross compilation )?
- How asymmetric cryptographic operations like RSA , RNG , EC ,DSA etc ,
could be implemented on baremetal without entropy , seed provisions ?
- If i want to use some custom PRNG and entropy , then how the respective
contexts structures could be filled ?
Thanks & Regards, *Prashant Tripathi*
-- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
mbed-tls@lists.trustedfirmware.org