mbedtls: add option to use CSPRNG as random source for PSA_CRYPTO_C
Add a choice to select between legacy modules (i.e. ENTROPY + CTR_DRBG/HMAC_DRBG) and CSPRNG as random generators for PSA_CRYPTO_C. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
parent
b25f322b73
commit
a364fc8a41
3 changed files with 49 additions and 2 deletions
|
@ -460,10 +460,30 @@ config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
|||
which ensures that master secrets are different for every
|
||||
connection and every session.
|
||||
|
||||
choice MBEDTLS_PSA_CRYPTO_RND_SOURCE
|
||||
prompt "Select random source for built-in PSA crypto"
|
||||
default MBEDTLS_PSA_CRYPTO_LEGACY_RNG
|
||||
|
||||
config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
bool "Use a cryptographically secure driver as random source"
|
||||
depends on CSPRNG_ENABLED
|
||||
help
|
||||
Use cryptographically secure random generator to provide random data
|
||||
instead of legacy MbedTLS modules (ENTROPY + CTR_DRBG/HMAC_DRBG).
|
||||
|
||||
config MBEDTLS_PSA_CRYPTO_LEGACY_RNG
|
||||
bool "Use legacy modules to generate random data"
|
||||
select MBEDTLS_ENTROPY_ENABLED
|
||||
select MBEDTLS_CTR_DRBG_ENABLED if !MBEDTLS_HMAC_DRBG_ENABLED
|
||||
help
|
||||
Use legacy MbedTLS modules (ENTROPY + CTR_DRBG/HMAC_DRBG) as random
|
||||
source generators.
|
||||
|
||||
endchoice
|
||||
|
||||
config MBEDTLS_PSA_CRYPTO_C
|
||||
bool "Platform Security Architecture cryptography API"
|
||||
depends on MBEDTLS_ENTROPY_ENABLED
|
||||
depends on MBEDTLS_CTR_DRBG_ENABLED || MBEDTLS_HMAC_DRBG_ENABLED
|
||||
depends on MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG || MBEDTLS_PSA_CRYPTO_LEGACY_RNG
|
||||
default y if UOSCORE || UEDHOC
|
||||
|
||||
config MBEDTLS_LMS
|
||||
|
|
|
@ -468,6 +468,10 @@
|
|||
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C)
|
||||
#define MBEDTLS_PSA_CRYPTO_C
|
||||
#define MBEDTLS_USE_PSA_CRYPTO
|
||||
|
|
|
@ -115,3 +115,26 @@ mbedtls_ms_time_t mbedtls_ms_time(void)
|
|||
{
|
||||
return (mbedtls_ms_time_t)k_uptime_get();
|
||||
}
|
||||
|
||||
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
/* MBEDTLS_PSA_CRYPTO_C requires a random generator to work and this can
|
||||
* be achieved through either legacy MbedTLS modules
|
||||
* (ENTROPY + CTR_DRBG/HMAC_DRBG) or provided externally by enabling the
|
||||
* CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. In the latter case the following
|
||||
* callback functions needs to be defined.
|
||||
*/
|
||||
psa_status_t mbedtls_psa_external_get_random(
|
||||
mbedtls_psa_external_random_context_t *context,
|
||||
uint8_t *output, size_t output_size, size_t *output_length)
|
||||
{
|
||||
(void) context;
|
||||
|
||||
if (sys_csrand_get(output, output_size) != 0) {
|
||||
return PSA_ERROR_GENERIC_ERROR;
|
||||
}
|
||||
|
||||
*output_length = output_size;
|
||||
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue