Add entropy injection function to psa cripto APIs
This commit is contained in:
parent
3d5d8372a5
commit
2bcd312cda
2 changed files with 55 additions and 1 deletions
|
@ -34,6 +34,9 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* UID for secure storage seed */
|
||||
#define MBED_RANDOM_SEED_ITS_UID 0xFFFFFF52
|
||||
|
||||
/**
|
||||
* \brief Library deinitialization.
|
||||
*
|
||||
|
@ -44,6 +47,30 @@ extern "C" {
|
|||
*/
|
||||
void mbedtls_psa_crypto_free( void );
|
||||
|
||||
|
||||
#if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
|
||||
/**
|
||||
* \brief Inject initial entropy seed into persistent storage for random capabilities.
|
||||
*
|
||||
* \warning This function **can** fail! Callers MUST check the return status.
|
||||
*
|
||||
* \note To use this function both mbedtls_nv_seed_read and mbedtls_nv_seed_write
|
||||
* must be defined.
|
||||
*
|
||||
* \param seed[in] Buffer storing the seed value to inject.
|
||||
* \param seed_size[in] Size of the \p seed buffer. The minimum size of the seed is MBEDTLS_ENTROPY_MIN_PLATFORM
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
*/
|
||||
psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed,
|
||||
size_t seed_size);
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -69,6 +69,7 @@
|
|||
#include "mbedtls/ecdh.h"
|
||||
#include "mbedtls/ecp.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/entropy_poll.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
#include "mbedtls/md2.h"
|
||||
|
@ -85,7 +86,9 @@
|
|||
#include "mbedtls/sha512.h"
|
||||
#include "mbedtls/xtea.h"
|
||||
|
||||
|
||||
#if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
|
||||
#include "psa_prot_internal_storage.h"
|
||||
#endif
|
||||
|
||||
#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
|
||||
|
||||
|
@ -4223,6 +4226,30 @@ psa_status_t psa_generate_random( uint8_t *output,
|
|||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
|
||||
#if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
|
||||
psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
|
||||
size_t seed_size )
|
||||
{
|
||||
psa_status_t status;
|
||||
struct psa_its_info_t p_info;
|
||||
if( global_data.initialized )
|
||||
return( PSA_ERROR_NOT_PERMITTED );
|
||||
if( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) || ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
status = psa_its_get_info( MBED_RANDOM_SEED_ITS_UID, &p_info );
|
||||
if( PSA_ITS_ERROR_KEY_NOT_FOUND == status ) /* No seed exists */
|
||||
{
|
||||
status = psa_its_set( MBED_RANDOM_SEED_ITS_UID, seed_size, seed, 0 );
|
||||
}
|
||||
else if( PSA_ITS_SUCCESS == status )
|
||||
{
|
||||
/* You should not be here. Seed needs to be injected only once */
|
||||
status = PSA_ERROR_NOT_PERMITTED;
|
||||
}
|
||||
return( status );
|
||||
}
|
||||
#endif
|
||||
|
||||
psa_status_t psa_generate_key( psa_key_slot_t key,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
|
|
Loading…
Reference in a new issue