Separate application

Ok, so we want to make an application using parts or module of mbed TLS, but we don't want to build and include the entire mbed TLS library.

No worries! mbed TLS was made for this ;)

Simple Random Number Generator

For our example we will make an application called rng that generated random data. The application needs the CTR_DRBG module, which depends on the Entropy module, the SHA-512 module and the AES module.

In order to make this application we will need to take a number of steps:

  • Make a directory structure to work in
  • Copy the relevant mbed TLS files to the correct location
  • Write a Makefile
  • Write a config.h file for mbed TLS
  • Write a rng.c source file for our application
  • Make and run our application

Our directory

First make a directory structure as follows:


The mbed TLS files

We copy the following files from the mbed TLS source directory (library/) to my_dir/:

  • aes.c
  • entropy.c
  • entropy_poll.c
  • mbedtls_sha512.c
  • ctr_drbg.c

In addition we copy the following files from the mbed TLS include directory (include/mbedtls/) to my_dir/mbedtls/:

  • aes.h
  • entropy.h
  • entropy_poll.h
  • mbedtls_sha512.h
  • ctr_drbg.h

Our Makefile

Because we are using Linux, we will make a very basic Makefile so that we can build our application. So let's make a basic one for your application in my_dir/Makefile:

CFLAGS  += -I. -D_FILE_OFFSET_BITS=64 -Wall -W -Wdeclaration-after-statement

OBJS=   entropy.o       entropy_poll.o  ctr_drbg.o      mbedtls_sha512.o        aes.o

all: rng


        echo "  CC    $<"
        $(CC) $(CFLAGS) $(OFLAGS) -c $<

rng: rng.c $(OBJS)
        echo   "  CC    rng"
        $(CC) $(CFLAGS) $(OFLAGS) rng.c -o $@ $(OBJS)

    rm -f *.o rng

Our configuration: config.h

We still need to tell the mbed TLS modules which parts they should activate during compilation. In order to enable compilation of the actual modules, mbed TLS uses a configuration file which should also be located in mbedtls/. In this case, we only want to activate basic functionality, so we will use the following file for mbedtls/config.h:

#define MBEDTLS_SHA512_C

This makes sure our content gets compiled.

The Application: rng.c

Ok.. So now for our basic application. We are making an application that generates 1024 bytes of random and writes them to output.rnd.

 *  \brief Simple RNG generation example

#include "mbedtls/config.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"

#include <stdio.h>

int main( void )
    FILE *f;
    int ret;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_entropy_context entropy;
    unsigned char buf[1024];

    if( ( f = fopen( "output.rnd", "wb+" ) ) == NULL )
        printf( "failed to open 'output.rnd' for writing.\n" );
        return( 1 );

    mbedtls_entropy_init( &entropy );
    if( ( ret = mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, &entropy,
                               (const unsigned char *) "RANDOM_GEN",
                               10 ) ) != 0 )
        printf( "failed in ctr_drbg_init\n");
        goto cleanup;

    if( ( ret = mbedtls_ctr_drbg_random( &ctr_drbg, buf, sizeof( buf ) ) ) != 0 )
        printf("failed in ctr_drbg_random!\n");
        goto cleanup;

    fwrite( buf, 1, sizeof( buf ), f );

    ret = 0;
    printf("Random generated in 'output.rng'\n");

    fclose( f );
    mbedtls_entropy_free( &entropy );

    return( ret );

Final directory content

So now our file structure should look as follows:


Making the application

By typing make in the my_dir/ directory, we now make our application:

$ make
  CC    entropy.c
  CC    entropy_poll.c
  CC    ctr_drbg.c
  CC    mbedtls_sha512.c
  CC    aes.c
  CC    rng

Generating our random data

And now we can run the application by running the rng application:

$ ./rng
Random generated in 'output.rnd'

Did this help?