I' musing mbedtls_ctr_drbg_seed function in order to generate seed. Should I do this before each encryption operation or it might be done one when program starts?
Asked
Active
Viewed 78 times
0
Gilles 'SO- stop being evil'
- 104,111
- 38
- 209
- 254
vico
- 17,051
- 45
- 159
- 315
1 Answers
0
You can use a single DRBG instance for the whole program. It's meant for that. In a high-performance multi-threaded program running on a multicore machine, you might prefer one DRBG instance per thread to reduce inter-thread contention.
Per the documentation, you must call mbedtls_ctr_drbg_seed exactly once per context. This function associates the DRBG with an entropy source. The DRBG will query the entropy source function from time to time when it wants more entropy1 (in all cases, at least once when you call the seed function).
You can see how to the entropy and DRBG APIs of Mbed TLS in sample programs such as key_app.c.
1 Depending on the reseed interval and the prediction resistance setting). These are secondary concerns, which matter only to recover if the DRBG state leaks (e.g. through a memory read vulnerability or through side channels).
Gilles 'SO- stop being evil'
- 104,111
- 38
- 209
- 254