Skip to content

Commit 59b5cab

Browse files
committed
modules: mbedtls: fix entropy polling
ENTROPY_C is now an internal module in tf-psa-crypto so it cannot be included directly. So first thing all error codes are changed to standard Zephyr ones. Moreover MBEDTLS_ENTROPY_HARDWARE_ALT, MBEDTLS_NO_PLATFORM_ENTROPY and MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES were removed. Now the platform must define MBEDTLS_PSA_DRIVER_GET_ENTROPY when not using MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. Due to the build symbol name change CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR is modified to CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY to make a 1:1 match between Kconfig and build symbol. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
1 parent 679e354 commit 59b5cab

File tree

4 files changed

+19
-27
lines changed

4 files changed

+19
-27
lines changed

‎modules/mbedtls/Kconfig.tf-psa-crypto‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -263,7 +263,6 @@ comment "Random number generators"
263263
config MBEDTLS_CTR_DRBG_C
264264
bool "CTR_DRBG AES-256-based random generator"
265265
depends on MBEDTLS_CIPHER_AES_ENABLED
266-
default y
267266

268267
config MBEDTLS_HMAC_DRBG_C
269268
bool "HMAC_DRBG random generator"
@@ -318,13 +317,14 @@ config MBEDTLS_HAVE_ASM
318317

319318
config MBEDTLS_ENTROPY_C
320319
bool "Mbed TLS entropy accumulator"
321-
depends on MBEDTLS_SHA256 || MBEDTLS_SHA384 || MBEDTLS_SHA512
320+
imply PSA_WANT_ALG_SHA_256 if !PSA_WANT_ALG_SHA_512
322321
help
323322
This module gathers entropy data from enabled entropy sources. It's
324323
mostly used in conjunction with CTR_DRBG or HMAC_DRBG to create
325324
a deterministic random number generator.
325+
It requires either PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_512.
326326

327-
config MBEDTLS_ENTROPY_POLL_ZEPHYR
327+
config MBEDTLS_PSA_DRIVER_GET_ENTROPY
328328
bool "Provide entropy data to Mbed TLS through entropy driver or random generator"
329329
default y
330330
depends on MBEDTLS_ENTROPY_C

‎modules/mbedtls/configs/config-tf-psa-crypto.h‎

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
1313
#define MBEDTLS_MEMORY_ALIGN_MULTIPLE (sizeof(void *))
1414
#define MBEDTLS_PLATFORM_EXIT_ALT
15-
#define MBEDTLS_NO_PLATFORM_ENTROPY
1615

1716
#if defined(CONFIG_MBEDTLS_ZEROIZE_ALT)
1817
#define MBEDTLS_PLATFORM_ZEROIZE_ALT
@@ -26,10 +25,8 @@
2625
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
2726
#endif /* defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) */
2827

29-
#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR)
30-
#define MBEDTLS_ENTROPY_HARDWARE_ALT
31-
#else
32-
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
28+
#if defined(CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY)
29+
#define MBEDTLS_PSA_DRIVER_GET_ENTROPY
3330
#endif
3431

3532
#if defined(CONFIG_MBEDTLS_HAVE_ASM)

‎modules/mbedtls/zephyr_entropy.c‎

Lines changed: 12 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -5,14 +5,14 @@
55
*/
66

77
#include <zephyr/random/random.h>
8-
#include <mbedtls/entropy.h>
98
#include <psa/crypto.h>
9+
#include <psa/crypto_driver_random.h>
1010

1111

12-
#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR) || defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
12+
#if defined(CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY) || defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
1313
static int get_random_data(uint8_t *output, size_t output_size, bool allow_non_cs)
1414
{
15-
int ret = MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED;
15+
int ret = -EINVAL;
1616

1717
#if defined(CONFIG_CSPRNG_ENABLED)
1818
ret = sys_csrand_get(output, output_size);
@@ -30,29 +30,22 @@ static int get_random_data(uint8_t *output, size_t output_size, bool allow_non_c
3030
}
3131
#endif /* CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR || CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
3232

33-
#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR)
34-
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
35-
size_t *olen)
33+
#if defined(CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY)
34+
int mbedtls_platform_get_entropy(psa_driver_get_entropy_flags_t flags,
35+
size_t *estimate_bits,
36+
unsigned char *output, size_t output_size)
3637
{
37-
int ret;
38-
uint16_t request_len = len > UINT16_MAX ? UINT16_MAX : len;
39-
40-
ARG_UNUSED(data);
41-
42-
if (output == NULL || olen == NULL || len == 0) {
43-
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
44-
}
38+
ARG_UNUSED(flags);
4539

46-
ret = get_random_data(output, len, true);
47-
if (ret < 0) {
48-
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
40+
if (get_random_data(output, output_size, true) < 0) {
41+
return -EIO;
4942
}
5043

51-
*olen = request_len;
44+
*estimate_bits = 8 * output_size;
5245

5346
return 0;
5447
}
55-
#endif /* CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR */
48+
#endif /* CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY */
5649

5750
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
5851
psa_status_t mbedtls_psa_external_get_random(

‎modules/mbedtls/zephyr_init.c‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,10 @@
1212
*/
1313

1414
#include <zephyr/init.h>
15+
#include <zephyr/kernel.h>
1516
#include <zephyr/app_memory/app_memdomain.h>
1617
#include <mbedtls/platform_time.h>
18+
#include <errno.h>
1719

1820
#include <mbedtls/debug.h>
1921

0 commit comments

Comments
 (0)