search

ARMmbed / mbed-crypto

The development of Mbed Crypto has moved to Mbed TLS. No updates will be made to the mbed-crypto repository anymore.
Apache License 2.0
103 stars 100 forks source link

Make PSA entropy injection easier to use #147

Open Patater opened 5 years ago

Patater commented 5 years ago

Description

Currently, a user must define their own NV seed read and write callbacks when they enable PSA entropy injection. Also, they must ensure that their NV seed read and write callbacks are compatible with how the seed is written from Mbed Crypto. This is bad coupling and makes the feature too hard to use.

Instead, provide default, Mbed-Crypto-compatible NV seed read and write callbacks, automatically register them with the Mbed TLS NV Seed system, and error if any other NV Seed configuration options are set (as only one set of NV Seed callbacks can be present in any given system).

Issue request type

[ ] Question
[x] Enhancement
[ ] Bug
gilles-peskine-arm commented 5 years ago

In https://github.com/gilles-peskine-arm/mbed-crypto/tree/psa-inject_entropy-force_seed-1 I've implemented some unit tests and added NV seed callbacks that use the PSA entropy file. I've also patched the platform module to always use the PSA NV seed callbacks, which isn't right because it breaks non-PSA use of the NV seed.

ciarmcom commented 5 years ago

Internal Jira reference: https://jira.arm.com/browse/IOTCRYPT-806

adbridge commented 4 years ago

Apologies, this was closed in error by the automated bot - re-opening.