mbedtls/psa: provides PSA method for using hardware random driver

Signed-off-by: makejian <makejian@xiaomi.com>
This commit is contained in:
makejian 2024-08-28 20:41:54 +08:00 committed by Xiang Xiao
parent 96b220659d
commit 9a1a8d3ca3
6 changed files with 50 additions and 3 deletions

View File

@ -70,6 +70,11 @@ if(CONFIG_CRYPTO_MBEDTLS)
file(GLOB CSRCS ${MBEDTLS_DIR}/library/*.c)
if(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT
OR CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/entropy_alt.c)
endif()
if(CONFIG_MBEDTLS_ALT)
list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/dev_alt.c)

View File

@ -331,6 +331,11 @@ config MBEDTLS_PK_RSA_ALT_SUPPORT
bool "Support external private RSA keys (eg from a HSM) in the PK layer."
default y
config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
bool "Make the PSA Crypto module use an external random generator provided by a driver, instead of Mbed TLS's entropy and DRBG modules."
depends on DEV_RANDOM
default n
config MBEDTLS_SSL_CONTEXT_SERIALIZATION
bool "Enable serialization of the TLS context structures."
depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C

View File

@ -107,7 +107,7 @@ endif
# Configuration alternative implementation
ifeq ($(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT),y)
ifneq ($(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT)$(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG),)
CSRCS += $(APPDIR)/crypto/mbedtls/source/entropy_alt.c
endif

View File

@ -1465,7 +1465,9 @@
* \note This option is experimental and may be removed without notice.
*/
/* #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
#endif
/**
* \def MBEDTLS_PSA_CRYPTO_SPM

View File

@ -153,7 +153,7 @@ int mbedtls_cipher_cmac_reset(FAR mbedtls_cipher_context_t *ctx)
ret = cryptodev_get_session(&cmac_ctx->dev);
if (ret != 0)
{
cryptodev_free(cmac_ctx->dev);
cryptodev_free(&cmac_ctx->dev);
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}

View File

@ -25,11 +25,14 @@
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <psa/crypto.h>
#include <psa/crypto_platform.h>
/****************************************************************************
* Public Functions
****************************************************************************/
#ifdef CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT
int mbedtls_hardware_poll(FAR void *data,
FAR unsigned char *output,
size_t len,
@ -57,3 +60,35 @@ int mbedtls_hardware_poll(FAR void *data,
return 0;
}
#endif /* CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT */
#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
psa_status_t mbedtls_psa_external_get_random(
FAR mbedtls_psa_external_random_context_t *context,
FAR uint8_t *output, size_t output_size, FAR size_t *output_length)
{
int fd;
size_t read_len;
*output_length = 0;
(void)context;
fd = open("/dev/random", O_RDONLY, 0);
if (fd < 0)
{
return -errno;
}
read_len = read(fd, output, output_size);
if (read_len != output_size)
{
close(fd);
return -errno;
}
close(fd);
*output_length = read_len;
return 0;
}
#endif /* CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */