• State Verified Answer
  • Replies 12 replies
  • Subscribers 75 subscribers
  • Views 3749 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 257751
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF52840 nRF Connect SDK/Zephyr random number generation

basvkesteren

Hi,

Looking for some guidance on how to use the 'cryptographically secure random number generator' in a Zephyr/nRF Connect SDK application on an 52840

Is this a supported combination? I found some older devzone posts about this being in development (https://devzone.nordicsemi.com/f/nordic-q-a/45500/nrf52840-and-cc310-random-number-generator-hanging/179228#179228)

Enabling CSPRNG_GENERATOR_CHOICE requires some other backend/driver options to be enabled. It seems there are multiple options here, are there examples available? What is the advised combination here?

Best regards,

-Bastiaan

  • 0 in reply to basvkesteren

    Hi Bastiaan,

    I can't give you an exact date for when it will be released, but you can contact your regional sales manager for roadmap details. You can also follow the development on our github.

    Best regards,

    Marte

  • 0 in reply to Marte Myrvold

    is there a sample showing how to generate a random number using the CC310 entropy driver, please?

    I've set `CONFIG_ENTROPY_GENERATOR` and `CONFIG_CC310_BACKEND`, but calls to `sys_rand_get` fail.

  • 0 in reply to Hayden Ball

    Hi Hayden,

    As of now, there's only one example that generates random numbers, namely the Secure Services example. However, this example is for the nRF9160 DK and uses the Secure Partition Manager to get random numbers.

    If you're still experiencing problems with generating random numbers, please open a new support ticket with your problem.

    Best regards,

    Marte

  • 0

    To update (and close) this ticket: I now have correctly behaving random numbers.

    I was using nrf_cc310_platform_entropy_get(), which works, but is rather slow. Getting 32 random bytes took close to 100ms, way too much thus breaking my protocol... The correct way (as far as i know) is to use the zephyr entropy driver (the one I could not get to work earlier).

    Using ncs 1.4.0, in my prj.conf I have the following relevant settings:

    CONFIG_ENTROPY_GENERATOR=y
    CONFIG_ENTROPY_NRF5_THR_POOL_SIZE=64
    CONFIG_ENTROPY_NRF5_THR_THRESHOLD=32

    This uses the RNG perhiperal. The pool (with size as defined above) will be filled in the background. When using entropy with entropy_get_entropy(), you read bytes from this pool. When the pool drops below the configured threshold (as defined above) it starts to fill back up.

    This avoids the slowness I was experiencing. I need blocks of 32 bytes, therefore I've configured the pool-size to be twice that, and the threshold to be exactly that. Thus, I should always have atleast one block of random bytes available.

    What I'm not quite sure about is how the cryptocell's RNG perhiperals fit into this... Both the cryptocell's TRNG and the RNG provide true randomness, according to the datasheet. Duplicated functionality?

  • 0 in reply to basvkesteren

    Hi,

    Great to hear that you managed to get it to work, and thank you for explaining it here so others can see it!

    Regarding your question about TRNG and RNG, TRNG is used to seed RNG, as a form of PRBS (pseudorandom binary sequence). If you take a look at this link you'll find the following: 

    • True random number generator (TRNG) compliant with NIST 800-90B, AIS-31, and FIPS 140-2
    • Pseudorandom number generator (PRNG) using underlying AES engine compliant with NIST 800-90A

    So to conclude, PRNG uses TRNG for seeding, as well as AES as a part of the process to make pseudorandom numbers, and then regularly reseeds from TRNG.

    Hope this answers your question!

    Best regards,

    Marte

Related
Terms of service