- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- Home
- :
- i.MX Forums
- :
- i.MX RT Crossover MCUs
- :
- Why is the TRNG slow?
Why is the TRNG slow?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Why is the TRNG slow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am using the TRNG to generate 16 secure keys, each one is 16 bytes long.
Although the TRNG is working fine in the sense that it does generate random keys, it takes about 10 seconds to generate these keys!!
My code is based on the example for fsl_trng.
Init is like this:
void BOARD_ConfigTRNG(void) // random number generator
{
trng_config_t trngConfig;
status_t status;
TRNG_GetDefaultConfig(&trngConfig);
/* Set sample mode of the TRNG ring oscillator to Von Neumann, for better random data.
* It is optional.*/
trngConfig.sampleMode = kTRNG_SampleModeVonNeumann;
trngConfig.frequencyCountLimit.maximum = TRNG_MAX_FREQUENCY;
/* Initialize TRNG */
status = TRNG_Init(TRNG, &trngConfig);
if( kStatus_Success != status )
{
zprintf(CRITICAL_IMPORTANCE, "Failed to start random number generator\r\n");
}
}
And my loop to generate keys is this:
zprintf(MEDIUM_IMPORTANCE,"Generating security keys...\r\n");
for (i=0; i<MAX_NUMBER_OF_DEVICES; i++)
{
TRNG_GetRandomData(TRNG, SecurityKeys[i], 16);
}
zprintf(MEDIUM_IMPORTANCE,"Key generation complete\r\n");
Should this take 10 seconds?, what is wrong?
Thanks,
Chris.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris
From experience with the TRNG (on Kinetis parts) these long times are 'normal'. That is the price one pays for very high quality randomness....and also the reason why is is used to 'seed' further random numbers generation as opposes to generate further random numbers.
Regards
Mark
[uTasker project developer for Kinetis and i.MX RT]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Aha, so what you are saying is that I run it once, and put the answer into srand().
Sounds logical - thanks!
Chris.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chris
See also: https://community.nxp.com/message/1068168?commentID=1068168#comment-1068168
Typically pseudo random number generators are used but these need to be seeded with high quality entropy to be secure. Therefore it is the seeding that is critical and where the TRNG is of great value. I give a simplified explanation of how the mbedTLS random number generator works at the link, whereby it is noted that it can be configured to re-seed itself or add additional entropy (I think OpenSSL may call this 'sand') at regular intervals and I would suggest that if the TRNG is running in the background and happens to have new values ready when random numbers are needed its value could be used directly or to re-seed the PRNG. Like this there are never delays (apart from first seed) and the highest quality random numbers can be ensured.
In any case I would look at how srand() works and see whether is allows you to feed in new entropy. For security work it makes sense to know exactly how you PRNG is working because it is the most critical component of such work and relying on a black box which later proves to be faulty or less that adequate may be fatal when high security levels need to be ensured.
Regards
Mark
[uTasker project developer for Kinetis and i.MX RT]
