NanoCrypto external entropy injection

This section describes three different ways to inject external entropy for the random number generator.

API usage with user-provided entropy source

Build flags

The following build flag must not be defined:

• __DISABLE_MOCANA_ADD_ENTROPY__

Sample code

status = RANDOM_setEntropySource(ENTROPY_SRC_EXTERNAL);
if (OK != status) goto err;

status = MOCANA_initMocana();
if (OK != status) goto err;

/* Repeat to add more entropy. User must add 48 full bytes of entropy
before it is injected into the context via a reseed operation */
status = MOCANA_addEntropy32Bits(entropyBytes);
if (OK != status) goto err;

/* g_pRandomContext has been seeded with the External Entropy.
This context is good for 2^48 requests before a reseed is needed. */

Use /dev/random as the external entropy source in MOCANA_initMocana

The MOCANA_initMocana() function internally invokes the Mocana_addExternalEntropy method to use /dev/random as the entropy source.

Build flags

The following build flags must be defined:

• __MOCANA_FORCE_ENTROPY__
• __RTOS_LINUX__ or __RTOS_VXWORKS__

The following build flag must not be defined:

• __DISABLE_MOCANA_ADD_ENTROPY__

Provide external entropy material via user-defined function

The MOCANA_initMocana() function internally invokes the user defined function MOCANA_CUSTOM_getEntropy(). The function implementation must fill the provided buffer with adequate entropy material for a full re-seed. By default, 48 bytes of entropy are required for a re-seed. If less than 48 bytes are provided, a re-seed is not triggered.

The integrator must implement the MOCANA_CUSTOM_getEntropy() function located in the source file mss/src/examples/custom_entropy.c.

Build flags

The following build flags must be defined:

• __ENABLE_MOCANA_CUSTOM_ENTROPY_INJECT__
• __RTOS_LINUX__ or __RTOS_VXWORKS__

The following build flag must not be defined:

• __DISABLE_MOCANA_ADD_ENTROPY__