wolfEntropy, a software-based entropy source developed by the wolfSSL team, leverages timing jitter variations in memory accesses across various cache levels to generate entropy. It has been available since wolfSSL v5.5.4, and support for Windows has been introduced. This eliminates the need for hardware redesign to incorporate a hardware-based entropy source.
The first general purpose high performance software entropy source is available now!
It is designed to fully conform with SP800-90B. The SP800-90B is a publication by the National Institute of Standards and Technology (NIST) that specifies the requirements for entropy sources used in cryptographic applications.
The wolfEntropy library source is undergoing testing to meet the criteria of a certified entropy source as outlined in the publication. It will soon proceed through the FIPS Entropy Source Validation (ESV) process.
The design of wolfEntropy is depicted in this figure:
When dealing with Unix-style systems that employ autoconf/autotools for configuring the wolfCrypt cryptographic module and integrating wolfEntropy as a component, you need to adhere to these basic configuration prerequisites:
Using Auto-tools:
./configure –enable-entropy-memuse=nofallback
Enabling the nofallback feature is crucial in this context. It restricts the system from using any other entropy source apart from wolfEntropy, even if wolfEntropy experiences a failure in any of its health tests. This strict condition ensures SP800-90B compliance.
For Windows and systems using user_settings.h to fine-tune the wolfCrypt cryptographic module along with wolfEntropy as a component, you can configure your CFLAGS with the following options:
CFLAGS=”-DHAVE_ENTROPY_MEMUSE -DWOLFSSL_SHA3 -DENTROPY_MEMUSE_FORCE_FAILURE”
Much like the Unix-style systems, the ENTROPY_MEMUSE_FORCE_FAILURE option is pivotal. It disables the use of any other entropy source, allowing only wolfEntropy to be utilized. This adherence to ENTROPY_MEMUSE_FORCE_FAILURE ensures SP800-90B compliance.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now