mbedtls/psa: provides PSA method for using hardware random driver
Signed-off-by: makejian <makejian@xiaomi.com>
This commit is contained in:
parent
96b220659d
commit
9a1a8d3ca3
@ -70,6 +70,11 @@ if(CONFIG_CRYPTO_MBEDTLS)
|
||||
|
||||
file(GLOB CSRCS ${MBEDTLS_DIR}/library/*.c)
|
||||
|
||||
if(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||
OR CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/entropy_alt.c)
|
||||
endif()
|
||||
|
||||
if(CONFIG_MBEDTLS_ALT)
|
||||
list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/dev_alt.c)
|
||||
|
||||
|
@ -331,6 +331,11 @@ config MBEDTLS_PK_RSA_ALT_SUPPORT
|
||||
bool "Support external private RSA keys (eg from a HSM) in the PK layer."
|
||||
default y
|
||||
|
||||
config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
bool "Make the PSA Crypto module use an external random generator provided by a driver, instead of Mbed TLS's entropy and DRBG modules."
|
||||
depends on DEV_RANDOM
|
||||
default n
|
||||
|
||||
config MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||
bool "Enable serialization of the TLS context structures."
|
||||
depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C
|
||||
|
@ -107,7 +107,7 @@ endif
|
||||
|
||||
# Configuration alternative implementation
|
||||
|
||||
ifeq ($(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT),y)
|
||||
ifneq ($(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT)$(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG),)
|
||||
CSRCS += $(APPDIR)/crypto/mbedtls/source/entropy_alt.c
|
||||
endif
|
||||
|
||||
|
@ -1465,7 +1465,9 @@
|
||||
* \note This option is experimental and may be removed without notice.
|
||||
*/
|
||||
|
||||
/* #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||
#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PSA_CRYPTO_SPM
|
||||
|
@ -153,7 +153,7 @@ int mbedtls_cipher_cmac_reset(FAR mbedtls_cipher_context_t *ctx)
|
||||
ret = cryptodev_get_session(&cmac_ctx->dev);
|
||||
if (ret != 0)
|
||||
{
|
||||
cryptodev_free(cmac_ctx->dev);
|
||||
cryptodev_free(&cmac_ctx->dev);
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
|
@ -25,11 +25,14 @@
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include <psa/crypto.h>
|
||||
#include <psa/crypto_platform.h>
|
||||
|
||||
/****************************************************************************
|
||||
* Public Functions
|
||||
****************************************************************************/
|
||||
|
||||
#ifdef CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||
int mbedtls_hardware_poll(FAR void *data,
|
||||
FAR unsigned char *output,
|
||||
size_t len,
|
||||
@ -57,3 +60,35 @@ int mbedtls_hardware_poll(FAR void *data,
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT */
|
||||
|
||||
#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
||||
psa_status_t mbedtls_psa_external_get_random(
|
||||
FAR mbedtls_psa_external_random_context_t *context,
|
||||
FAR uint8_t *output, size_t output_size, FAR size_t *output_length)
|
||||
{
|
||||
int fd;
|
||||
size_t read_len;
|
||||
*output_length = 0;
|
||||
|
||||
(void)context;
|
||||
|
||||
fd = open("/dev/random", O_RDONLY, 0);
|
||||
if (fd < 0)
|
||||
{
|
||||
return -errno;
|
||||
}
|
||||
|
||||
read_len = read(fd, output, output_size);
|
||||
if (read_len != output_size)
|
||||
{
|
||||
close(fd);
|
||||
return -errno;
|
||||
}
|
||||
|
||||
close(fd);
|
||||
*output_length = read_len;
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||
|
Loading…
Reference in New Issue
Block a user