This is an automated email from the ASF dual-hosted git repository. xiaoxiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nuttx-apps.git
commit 9a1a8d3ca3520a61821d8be4a6508d773d431a59 Author: makejian <[email protected]> AuthorDate: Wed Aug 28 20:41:54 2024 +0800 mbedtls/psa: provides PSA method for using hardware random driver Signed-off-by: makejian <[email protected]> --- crypto/mbedtls/CMakeLists.txt | 5 ++++ crypto/mbedtls/Kconfig | 5 ++++ crypto/mbedtls/Makefile | 2 +- crypto/mbedtls/include/mbedtls/mbedtls_config.h | 4 ++- crypto/mbedtls/source/cmac_alt.c | 2 +- crypto/mbedtls/source/entropy_alt.c | 35 +++++++++++++++++++++++++ 6 files changed, 50 insertions(+), 3 deletions(-) diff --git a/crypto/mbedtls/CMakeLists.txt b/crypto/mbedtls/CMakeLists.txt index bc063afa3..d48c09ca0 100644 --- a/crypto/mbedtls/CMakeLists.txt +++ b/crypto/mbedtls/CMakeLists.txt @@ -70,6 +70,11 @@ if(CONFIG_CRYPTO_MBEDTLS) file(GLOB CSRCS ${MBEDTLS_DIR}/library/*.c) + if(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT + OR CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) + list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/entropy_alt.c) + endif() + if(CONFIG_MBEDTLS_ALT) list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/dev_alt.c) diff --git a/crypto/mbedtls/Kconfig b/crypto/mbedtls/Kconfig index 39bffa85a..87c4e76a5 100644 --- a/crypto/mbedtls/Kconfig +++ b/crypto/mbedtls/Kconfig @@ -331,6 +331,11 @@ config MBEDTLS_PK_RSA_ALT_SUPPORT bool "Support external private RSA keys (eg from a HSM) in the PK layer." default y +config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + bool "Make the PSA Crypto module use an external random generator provided by a driver, instead of Mbed TLS's entropy and DRBG modules." + depends on DEV_RANDOM + default n + config MBEDTLS_SSL_CONTEXT_SERIALIZATION bool "Enable serialization of the TLS context structures." depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C diff --git a/crypto/mbedtls/Makefile b/crypto/mbedtls/Makefile index b21b6adef..2b4331a96 100644 --- a/crypto/mbedtls/Makefile +++ b/crypto/mbedtls/Makefile @@ -107,7 +107,7 @@ endif # Configuration alternative implementation -ifeq ($(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT),y) +ifneq ($(CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT)$(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG),) CSRCS += $(APPDIR)/crypto/mbedtls/source/entropy_alt.c endif diff --git a/crypto/mbedtls/include/mbedtls/mbedtls_config.h b/crypto/mbedtls/include/mbedtls/mbedtls_config.h index 1bca23800..77489f8e6 100644 --- a/crypto/mbedtls/include/mbedtls/mbedtls_config.h +++ b/crypto/mbedtls/include/mbedtls/mbedtls_config.h @@ -1465,7 +1465,9 @@ * \note This option is experimental and may be removed without notice. */ -/* #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG +#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG +#endif /** * \def MBEDTLS_PSA_CRYPTO_SPM diff --git a/crypto/mbedtls/source/cmac_alt.c b/crypto/mbedtls/source/cmac_alt.c index 965f9e0d0..0b7ed61e9 100644 --- a/crypto/mbedtls/source/cmac_alt.c +++ b/crypto/mbedtls/source/cmac_alt.c @@ -153,7 +153,7 @@ int mbedtls_cipher_cmac_reset(FAR mbedtls_cipher_context_t *ctx) ret = cryptodev_get_session(&cmac_ctx->dev); if (ret != 0) { - cryptodev_free(cmac_ctx->dev); + cryptodev_free(&cmac_ctx->dev); return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } diff --git a/crypto/mbedtls/source/entropy_alt.c b/crypto/mbedtls/source/entropy_alt.c index 8c4a3f2aa..950d78dbd 100644 --- a/crypto/mbedtls/source/entropy_alt.c +++ b/crypto/mbedtls/source/entropy_alt.c @@ -25,11 +25,14 @@ #include <stdlib.h> #include <stdio.h> #include <unistd.h> +#include <psa/crypto.h> +#include <psa/crypto_platform.h> /**************************************************************************** * Public Functions ****************************************************************************/ +#ifdef CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT int mbedtls_hardware_poll(FAR void *data, FAR unsigned char *output, size_t len, @@ -57,3 +60,35 @@ int mbedtls_hardware_poll(FAR void *data, return 0; } +#endif /* CONFIG_MBEDTLS_ENTROPY_HARDWARE_ALT */ + +#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG +psa_status_t mbedtls_psa_external_get_random( + FAR mbedtls_psa_external_random_context_t *context, + FAR uint8_t *output, size_t output_size, FAR size_t *output_length) +{ + int fd; + size_t read_len; + *output_length = 0; + + (void)context; + + fd = open("/dev/random", O_RDONLY, 0); + if (fd < 0) + { + return -errno; + } + + read_len = read(fd, output, output_size); + if (read_len != output_size) + { + close(fd); + return -errno; + } + + close(fd); + *output_length = read_len; + + return 0; +} +#endif /* CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
