Random data generation
When making a security application, you may require a random data generator. Arm Mbed TLS includes the CTR-DRBG module for random generation.
Setting up CTR-DRBG in your code requires an entropy source and a personalization string.
Setting up the entropy source
Mbed TLS includes the entropy collection module to provide a central pool of entropy from which to extract entropy.
To use the entropy collector in your code, include the header file:
#include "mbedtls/entropy.h"
Add the following somewhere in your main()
:
mbedtls_entropy_context entropy;
mbedtls_entropy_init( &entropy );
If your platform has a hardware TRNG or PRNG in the processor or TPM, you can hook it up to the entropy collector with entropy_add_source()
to enhance the entropy even further. Please see our article on how to add an entropy source to the entropy pool for more information.
The random generator
To use the CTR-DRBG module in your code, you need to include the header file:
#include "mbedtls/ctr_drbg.h"
Add:
mbedtls_ctr_drbg_context ctr_drbg;
char *personalization = "my_app_specific_string";
mbedtls_ctr_drbg_init( &ctr_drbg );
ret = mbedtls_ctr_drbg_seed( &ctr_drbg , mbedtls_entropy_func, &entropy,
(const unsigned char *) personalization,
strlen( personalization ) );
if( ret != 0 )
{
// ERROR HANDLING CODE FOR YOUR APP
}
The personalization string is a small protection against a lack of startup entropy and ensures each application has at least a different starting point.
Enabling prediction resistance
To prevent an adversary from reading your random data, you can enable prediction resistance:
mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
Note: If enabled, entropy is gathered before each call. Only use this if you have ample supply of good entropy.
Loading a seed file
Another way to add entropy at the start of your application is to use a seed file. The Mbed TLS random generator can read and update a seed file with mbedtls_ctr_drbg_update_seed_file()
to increase entropy.
Multithreaded use
If you intend to use the CTR-DRBG module in multiple threads, please read our article on entropy collection, random generation with threads.