The RNG module provides the capability to generate true random numbers for applications and other Cryptography library modules.

For API documentation of this module, see RNG related functions.

Available backends

The following backends can be used for RNG:

CryptoCell CC310 (default for devices with CC310)
nRF HW RNG peripheral:
- CTR-DRBG mode using mbed TLS (default for devices without CC310)
- Raw mode

CC310 is the preferred backend on devices that support it, as it meets the NIST 800-90B3 and AIS-31 (Class “P2 High”) standards. The nRF HW RNG backend is available on all nRF5 devices. Devices that do not include CC310 should normally use the nRF HW RNG with mbed TLS CTR-DRBG. The mbed TLS CTR-DRBG code is standardized by NIST (NIST SP 800-90A Revision 1 ).

Use the following configuration defines to select the RNG backend in the sdk_config file:

Backend	Enabled define
CC310	NRF_CRYPTO_BACKEND_CC310_RNG_ENABLED
nRF HW RNG	NRF_CRYPTO_BACKEND_NRF_HW_RNG_ENABLED

CTR-DRBG mode for the nRF HW RNG backend can be disabled by disabling NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED.

Memory management

You can manage the context and the temporary buffer in three ways:

The default memory configuration is static memory buffers, enabled with NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED in the sdk_config file. See Configuring nrf_crypto frontend and backends. When enabled, both the context and work memory are statically allocated internally in the RNG module. Use this approach for applications that use nRF HW RNG as a backend, and non-RAM constrained applications that use the CC310 backend.
The RNG module allocates a temporary buffer using Dynamic memory management module if NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is disabled, and NULL is provided as the second parameter to nrf_crypto_rng_init. Use this approach only for RAM constrained applications that use the CC310 backend.
The user can have full control over memory allocation by disabling NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED and providing pointers to context and temporary memory in the call to nrf_crypto_rng_init. Use this approach only for RAM constrained applications that use the CC310 backend.

Memory usage for the context and temporary buffer for each backend:

Backend	sizeof(nrf_crypto_rng_context_t)	sizeof(nrf_crypto_rng_temp_buffer_t)
CC310	232 bytes	6112 bytes
nRF HW RNG CTR-DRBG mode¹	324 bytes	4 bytes
nRF HW RNG Raw mode¹	4 bytes	4 bytes

¹ The nRF HW RNG also uses some memory for the RNG pool (RNG_CONFIG_POOL_SIZE).

Warning: Ensure that the stack size is sufficient if the temporary buffer for CC310 is allocated on the stack.

RNG initialization

The RNG can be automatically initialized during nrf_crypto initialization by enabling NRF_CRYPTO_RNG_AUTO_INIT_ENABLED, provided that static (NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED) or internal memory allocation is used. The RNG must be manually initialized using nrf_crypto_rng_init if memory is allocated explicitly.

RNG usage

Basic configuration and usage:

Enable an RNG backend, NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED and NRF_CRYPTO_RNG_AUTO_INIT_ENABLED in the sdk_config file.
Initialize nrf_crypto using nrf_crypto_init.
Use nrf_crypto_rng_init to generate fully random vectors of any given length, and nrf_crypto_rng_vector_generate_in_range to generate constrained random vectors.
The RNG module can be reseeded with additional entropy using nrf_crypto_rng_reseed.

Example:

uint8_t m_random_vector[VECTOR_LENGTH]; // Result buffer.
uint8_t m_min[VECTOR_LENGTH] = {0x00, 0x00, 0xFF}; // Lower bound as big-endian.
uint8_t m_max[VECTOR_LENGTH] = {0x00, 0xFF, 0xFF}; // Upper bound as big-endian.
// Initialize crypto library.
ret_val = nrf_crypto_init();
APP_ERROR_CHECK(ret_val);
// Generate a random vector of specified length.
ret_val = nrf_crypto_rng_vector_generate(m_random_vector, VECTOR_LENGTH);
APP_ERROR_CHECK(ret_val);
// Generate a constrained random vector of specified length.
ret_val = nrf_crypto_rng_vector_generate_in_range(m_random_vector, 
 m_min, 
 m_max, 
 VECTOR_LENGTH);
APP_ERROR_CHECK(ret_val);

Optional manual memory allocation and initialization:

Disable NRF_CRYPTO_RNG_AUTO_INIT_ENABLED and/or NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED in the sdk_config file.
Create a context instance (nrf_crypto_rng_context_t) that is valid for as long as the RNG is in use and optionally create a temporary buffer (nrf_crypto_rng_temp_buffer_t) that is only needed during initialization.
Initialize the RNG using nrf_crypto_rng_init after a call to nrf_crypto_init, providing a pointer to the context and a temporary buffer.

RNG example project

Refer to RNG Example for a usage example of this library.