Random number generator (RNG) module
The Random number generator (RNG) module provides random number generation, see
The block-cipher counter-mode based deterministic random bit generator (CTR_DBRG) as specified in NIST SP800-90. It needs an external source of entropy. For these purposes
can be used. This is an implementation based on a simple entropy accumulator design.
The other number generator that is included is less strong and uses the HAVEGE (HArdware Volatile Entropy Gathering and Expansion) software heuristic which considered unsafe for primary usage, but provides additional random to the entropy pool if enables.
Meaning that there seems to be no practical algorithm that can guess the next bit with a probability larger than 1/2 in an output sequence.
This module can be used to generate random numbers.
This plugin supports using the default entropy source(s) on Silicon Labs devices, and plugs in to mbed TLS' entropy collector interface when enabled. This will cause the plugin to provide an implementation of
mbedtls_hardware_poll, which the mbed TLS DRBG entropy collector interfaces with for collector updates.
This plugin can be enabled by selecting Mbed TLS support for default hardware entropy source component from Platform Security category.
The TRNG peripheral collects data from from a dedicated NIST-800-90B compliant source. The TRNG peripheral may either be stand-alone or integrated in the SE or CRYPTOACC peripheral depending on the target device. It is used automatically on compatible devices for entropy collection through mbed TLS when the Silicon Labs Default Entropy Source Plugin is enabled.
The RAIL (radio) entropy source is used as a fallback entropy source for mbedTLS, which is used on devices that do not have a functional TRNG. This would provide entropy for applications needing random numbers or applications indirectly using mbedTLS modules that depend on the random number generation interfaces of mbed TLS, even when a TRNG is not present or accessible. It does, however, require that the part supports radio communications, and that the Silicon Labs RAIL library is compiled in to and initialised by the application.
Fallback mode is used automatically when the Silicon Labs Default Entropy Source Plugin is enabled and the device has a radio module, but no functional TRNG.
- The user is responsible for initializing the radio properly before calling into mbedtls API functions that will use the RAIL entropy module. Normally the radio initialization is performed by calling the RAIL API. The wireless stacks from Silicon Labs perform radio initialization internally, in which case the user should just make sure the wireless stacks initializes before user code can call into mbedtls API functions that will use the RAIL entropy module.
This plugin supports getting entropy from a Silicon Labs ADC peripheral, instead of the default entropy source. ADC entropy collection is not automatically added to the mbed TLS entropy collector upon inclusion of this plugin, so if this is to be used with the mbed TLS DRBG collector, or for use in mbed TLS modules relying on entropy, the user needs to take extra steps in order to correctly set up the plugin.
This plugin currently only supports the ADC peripheral on Series-1 devices. See ADC Entropy Source Plugin for more details.
|ADC Entropy Source Plugin|
|Collect entropy from the ADC on Silicon Labs devices. |