modules: mbedtls: fix entropy polling

ENTROPY_C is now an internal module in tf-psa-crypto so it cannot be
included directly. So first thing all error codes are changed to
standard Zephyr ones.

Moreover MBEDTLS_ENTROPY_HARDWARE_ALT, MBEDTLS_NO_PLATFORM_ENTROPY and
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES were removed. Now the platform must
define MBEDTLS_PSA_DRIVER_GET_ENTROPY when not using
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.

Due to the build symbol name change CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR
is modified to CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY to make a 1:1
match between Kconfig and build symbol.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

Author: valeriosetti

modules/mbedtls/Kconfig.tf-psa-crypto

@@ -263,7 +263,6 @@ comment "Random number generators"
 config MBEDTLS_CTR_DRBG_C
 	bool "CTR_DRBG AES-256-based random generator"
 	depends on MBEDTLS_CIPHER_AES_ENABLED
-	default y
 
 config MBEDTLS_HMAC_DRBG_C
 	bool "HMAC_DRBG random generator"
@@ -318,13 +317,14 @@ config MBEDTLS_HAVE_ASM
 
 config MBEDTLS_ENTROPY_C
 	bool "Mbed TLS entropy accumulator"
-	depends on MBEDTLS_SHA256 || MBEDTLS_SHA384 || MBEDTLS_SHA512
+	imply PSA_WANT_ALG_SHA_256 if !PSA_WANT_ALG_SHA_512
 	help
 	  This module gathers entropy data from enabled entropy sources. It's
 	  mostly used in conjunction with CTR_DRBG or HMAC_DRBG to create
 	  a deterministic random number generator.
+	  It requires either PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_512.
 
-config MBEDTLS_ENTROPY_POLL_ZEPHYR
+config MBEDTLS_PSA_DRIVER_GET_ENTROPY
 	bool "Provide entropy data to Mbed TLS through entropy driver or random generator"
 	default y
 	depends on MBEDTLS_ENTROPY_C

modules/mbedtls/configs/config-tf-psa-crypto.h

@@ -12,7 +12,6 @@
 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE (sizeof(void *))
 #define MBEDTLS_PLATFORM_EXIT_ALT
-#define MBEDTLS_NO_PLATFORM_ENTROPY
 
 #if defined(CONFIG_MBEDTLS_ZEROIZE_ALT)
 #define MBEDTLS_PLATFORM_ZEROIZE_ALT
@@ -26,10 +25,8 @@
 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
 #endif /* defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) */
 
-#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR)
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
-#else
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#if defined(CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY)
+#define MBEDTLS_PSA_DRIVER_GET_ENTROPY
 #endif
 
 #if defined(CONFIG_MBEDTLS_HAVE_ASM)

modules/mbedtls/zephyr_entropy.c

@@ -5,14 +5,14 @@
  */
 
 #include <zephyr/random/random.h>
-#include <mbedtls/entropy.h>
 #include <psa/crypto.h>
+#include <psa/crypto_driver_random.h>
 
 
-#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR) || defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#if defined(CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY) || defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 static int get_random_data(uint8_t *output, size_t output_size, bool allow_non_cs)
 {
-	int ret = MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED;
+	int ret = -EINVAL;
 
 #if defined(CONFIG_CSPRNG_ENABLED)
 	ret = sys_csrand_get(output, output_size);
@@ -30,29 +30,22 @@ static int get_random_data(uint8_t *output, size_t output_size, bool allow_non_c
 }
 #endif /* CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR || CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
-#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR)
-int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
-			  size_t *olen)
+#if defined(CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY)
+int mbedtls_platform_get_entropy(psa_driver_get_entropy_flags_t flags,
+				 size_t *estimate_bits,
+				 unsigned char *output, size_t output_size)
 {
-	int ret;
-	uint16_t request_len = len > UINT16_MAX ? UINT16_MAX : len;
-
-	ARG_UNUSED(data);
-
-	if (output == NULL || olen == NULL || len == 0) {
-		return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-	}
+	ARG_UNUSED(flags);
 
-	ret = get_random_data(output, len, true);
-	if (ret < 0) {
-		return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+	if (get_random_data(output, output_size, true) < 0) {
+		return -EIO;
 	}
 
-	*olen = request_len;
+	*estimate_bits = 8 * output_size;
 
 	return 0;
 }
-#endif /* CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR */
+#endif /* CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY */
 
 #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 psa_status_t mbedtls_psa_external_get_random(

modules/mbedtls/zephyr_init.c

@@ -12,8 +12,10 @@
  */
 
 #include <zephyr/init.h>
+#include <zephyr/kernel.h>
 #include <zephyr/app_memory/app_memdomain.h>
 #include <mbedtls/platform_time.h>
+#include <errno.h>
 
 #include <mbedtls/debug.h>