The RNG module provides the capability to generate true random numbers for applications and other Cryptography library modules.
For API documentation of this module, see RNG related functions.
The following backends can be used for RNG:
CC310 is the preferred backend on devices that support it, as it meets the NIST 800-90B3 and AIS-31 (Class “P2 High”) standards. The nRF HW RNG backend is available on all nRF5 devices. Devices that do not include CC310 should normally use the nRF HW RNG with mbed TLS CTR-DRBG. The mbed TLS CTR-DRBG code is standardized by NIST (NIST SP 800-90A Revision 1 ).
Use the following configuration defines to select the RNG backend in the sdk_config
file:
Backend | Enabled define |
---|---|
CC310 | NRF_CRYPTO_BACKEND_CC310_RNG_ENABLED |
nRF HW RNG | NRF_CRYPTO_BACKEND_NRF_HW_RNG_ENABLED |
CTR-DRBG mode for the nRF HW RNG backend can be disabled by disabling NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED.
You can manage the context and the temporary buffer in three ways:
sdk_config
file. See Configuring nrf_crypto frontend and backends. When enabled, both the context and work memory are statically allocated internally in the RNG module. Use this approach for applications that use nRF HW RNG as a backend, and non-RAM constrained applications that use the CC310 backend.Memory usage for the context and temporary buffer for each backend:
Backend | sizeof(nrf_crypto_rng_context_t) | sizeof(nrf_crypto_rng_temp_buffer_t) |
---|---|---|
CC310 | 232 bytes | 6112 bytes |
nRF HW RNG CTR-DRBG mode1 | 324 bytes | 4 bytes |
nRF HW RNG Raw mode1 | 4 bytes | 4 bytes |
1 The nRF HW RNG also uses some memory for the RNG pool (RNG_CONFIG_POOL_SIZE).
The RNG can be automatically initialized during nrf_crypto initialization by enabling NRF_CRYPTO_RNG_AUTO_INIT_ENABLED, provided that static (NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED) or internal memory allocation is used. The RNG must be manually initialized using nrf_crypto_rng_init if memory is allocated explicitly.
Basic configuration and usage:
sdk_config
file.Example:
Optional manual memory allocation and initialization:
sdk_config
file.Refer to RNG Example for a usage example of this library.