Random number generator (RNG) module

Detailed Description

The Random number generator (RNG) module provides random number generation, see mbedtls_ctr_drbg_random().

The block-cipher counter-mode based deterministic random bit generator (CTR_DBRG) as specified in NIST SP800-90. It needs an external source of entropy. For these purposes mbedtls_entropy_func() can be used. This is an implementation based on a simple entropy accumulator design.

The other number generator that is included is less strong and uses the HAVEGE (HArdware Volatile Entropy Gathering and Expansion) software heuristic which considered unsafe for primary usage, but provides additional random to the entropy pool if enables.

Meaning that there seems to be no practical algorithm that can guess the next bit with a probability larger than 1/2 in an output sequence.

This module can be used to generate random numbers.

Silicon Labs Hardware Entropy Source Plugins

Silicon Labs Default Entropy Source Plugin

This plugin supports using the default entropy source(s) on Silicon Labs devices, and plugs in to mbed TLS' entropy collector interface when enabled. This will cause the plugin to provide an implementation of mbedtls_hardware_poll, which the mbed TLS DRBG entropy collector interfaces with for collector updates.

This plugin can be enabled by selecting Mbed TLS support for default hardware entropy source component from Platform Security category.

True Random Number Generator (TRNG)

The TRNG peripheral collects data from from a dedicated NIST-800-90B compliant source. The TRNG peripheral may either be stand-alone or integrated in the SE or CRYPTOACC peripheral depending on the target device. It is used automatically on compatible devices for entropy collection through mbed TLS when the Silicon Labs Default Entropy Source Plugin is enabled.

Radio (RAIL) Entropy Source

The RAIL (radio) entropy source is used as a fallback entropy source for mbedTLS, which is used on devices that do not have a functional TRNG. This would provide entropy for applications needing random numbers or applications indirectly using mbedTLS modules that depend on the random number generation interfaces of mbed TLS, even when a TRNG is not present or accessible. It does, however, require that the part supports radio communications, and that the Silicon Labs RAIL library is compiled in to and initialised by the application.

Fallback mode is used automatically when the Silicon Labs Default Entropy Source Plugin is enabled and the device has a radio module, but no functional TRNG.

The user is responsible for initializing the radio properly before calling into mbedtls API functions that will use the RAIL entropy module. Normally the radio initialization is performed by calling the RAIL API. The wireless stacks from Silicon Labs perform radio initialization internally, in which case the user should just make sure the wireless stacks initializes before user code can call into mbedtls API functions that will use the RAIL entropy module.

ADC Entropy Source Plugin

This plugin supports getting entropy from a Silicon Labs ADC peripheral, instead of the default entropy source. ADC entropy collection is not automatically added to the mbed TLS entropy collector upon inclusion of this plugin, so if this is to be used with the mbed TLS DRBG collector, or for use in mbed TLS modules relying on entropy, the user needs to take extra steps in order to correctly set up the plugin.

This plugin currently only supports the ADC peripheral on Series-1 devices. See ADC Entropy Source Plugin for more details.


ADC Entropy Source Plugin
Collect entropy from the ADC on Silicon Labs devices.