• Registered: Yesterday
  • Posts: 2

Topic: How to enable TRNG?

Hello, I’m relatively new to embedded systems and security, so I appreciate your patience. I am developing a secure file system in a bare metal platform, and for that I am using some encryption algorithms that use a RNG. To initialize the RNG, I used the wc_InitRng function. However, when testing, I received an error relating to the initialization of the RNG. Here, I remembered that my platform does not have an OS. I figured out that it supports RNG through it's hardware (TRNG). This led me to believe that the issue may be related to how wolfSSL expects RNG sources to be configured in a bare-metal environment. However, I couldn't figure out how that can be done.

My question is: How can I configure wolfSSL to use my platform’s hardware TRNG instead of the default RNG implementation?

Any guidance or examples would be greatly appreciated.

Thank you!

Share

  • Registered: 2021-07-06
  • Posts: 195

Re: How to enable TRNG?

Hello Abhmulla,

Great question.  We offer multiple implementations of wc_GenerateSeed for various hardware platforms, depending on your exact hardware you will either need to use your platform's define, or implement your own seed generation function by defining CUSTOM_RAND_GENERATE_SEED.
You mentioned TRNG, but this is used by multiple platforms.  Assuming you meant Freescale for example, we do support this with the define FREESCALE_KSDK_2_0_TRNG.
If you're able to share your platform, I can assist further.  If this information is sensitive feel free to send this information to support [AT] wolfssl [DOT] com.

Are you able to share any information on your project?  Are you working on a personal or commercial project?

Thanks,
Kareem

Share

  • Registered: Yesterday
  • Posts: 2

Re: How to enable TRNG?

Hello Kareem,
Thank you for your response! I am using the MSPM0 platform and based on what you said, I think I have to use the TRNG api's in the SDK. Would this mean I have to compile wolfssl with a custom header file which provides a function to use the TRNG instructions for the library?
Thank you again!

Share

  • Registered: 2021-07-06
  • Posts: 195

Re: How to enable TRNG?

Hello Abhmulla,

That is correct, we don't currently support that platform so you'll need to implement your own RNG callback function.  Yes, you will need to provide a user_settings.h file with CUSTOM_RAND_GENERATE_SEED set to your callback function.  Here is a general example from our codebase, you will of course need to adjust the function for your platform:

extern int my_rng_generate_seed(unsigned char* output, int sz);
#undef CUSTOM_RAND_GENERATE_SEED
#define CUSTOM_RAND_GENERATE_SEED my_rng_generate_seed

int my_rng_generate_seed(unsigned char* output, int sz)
{
    int i;
    srand(get_byte_from_pool());

    for (i = 0; i < sz; i++) {
        output[i] = (unsigned char) rand();
        srand(get_byte_from_pool());
    }

    return 0;
}

Here is a general example user_settings.h: https://github.com/wolfSSL/wolfssl/blob … template.h
We do have some IDE examples which you may find helpful as well: https://github.com/wolfSSL/wolfssl/tree/master/IDE

Note that wolfSSL expects your application to initialize the RNG before wolfSSL is initialized.

Share