Hi @athorath
While instantiating CTR DRBG using mbedtls_ctr_drbg_seed_entropy_len, nonce is a concatenation of nonce and personalization string is that correct?
Yes. As you can see from the internal function’s documentation:
* with inputs
* custom[:len] = nonce || personalization_string
Note that mbedtls_ctr_drbg_seed_entropy_len() as not a public function, and used for tests alone. You should be using mbedtls_ctr_drbg_seed() in your product.
How would they be used because we are only passing 1 entropy value into
ctr_drbg_validate_internal()
As you can see from the entropy test function used for the test alone, all the entropy data is in a single buffer, but every time a seed is called, this test function only returns the relevent entropy, with specific required size, in index test_offset_idx. So, every time you request to reseed, test_offset_idx is incremented by the length of entropy requsted, and the relevant entropyInputPR should be returned. You don’t need to instantiate the context again.
I hope my answer was clear enough.
Regards