Hi,

Mbed TLS establishes variable-length access to random data in a three step fashion:

1) At the bottommost layer, there is a variable number of entropy sources external to the library. Such sources are supposed to provide some true randomness, though the exact amount of entropy they contain isn't yet specified (at least to my knowledge).

2) Mbed TLS' entropy module mixes those entropy sources into a single source of randomness. In contrast to the entropy sources themselves, the idea here is that, ideally, the data obtained from the entropy module has full entropy. This is achieved by (a) accumulating random data from available entropy sources and depending on the amount of entropy each of them offers, and (b) 'mixing' them by a application of hash functions.

3) Based on true randomness, Mbed TLS' provides two implementations of pseudo random number generators: CTR-DRBG and HMAC-DRBG. Those build on top of an entropy context and expand the underlying randomness as standardized in NIST SP 800-90.

Applications should use the PRNGs from step 3) as their actual source of randomness, and not directly hook into the underlying TRNGs.

Take a look at the example programs such as `ssl_client2` or `ssl_server2` to see how this works practically. Also see https://tls.mbed.org/kb/how-to/add-a-random-generator.

Now specifically to your question: You should register your STM32 hardware entropy as an entropy source via `mbedtls_entropy_add_source()` but not (need) to change anything else in your code. In particular, steps 2) and 3) above are entirely independent of the exact source of true randomness.

Hope this helps,

Hanno

________________________________ From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org on behalf of ROSHINI DEVI via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: Tuesday, April 28, 2020 6:06 AM To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] Random Number Generator module in mbed TLS

Hello,

Can anyone confirm this? Its urgent.

Thanks

On Fri, Apr 17, 2020 at 4:50 PM ROSHINI DEVI <roshinilachi@gmail.commailto:roshinilachi@gmail.com> wrote: Hello,

Is there any random number library available in mbedTLS? Right now, I am using hardware entropy in STM32 boards. If hardware platform changes and if there is no hardware entropy present, then again we need to redefine the API.

Thanks IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.