-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove redundant ifdef DEVICE_TRNG from DeviceKey #9576
Conversation
@yossi2le, thank you for your changes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, though seems a bit odd.
@@ -260,7 +260,6 @@ int DeviceKey::generate_key_by_random(uint32_t *output, size_t size) | |||
return DEVICEKEY_INVALID_PARAM; | |||
} | |||
|
|||
#if DEVICE_TRNG |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This section of code is only safe if either the device has a TRNG, or MBEDTLS_ENTROPY_NV_SEED is turned on. The mbedtls_entropy_func()
might catch it if this is not the case and return an error, but it depends on the Mbed TLS configuration. I think it would be safer to add && defined(MBEDTLS_ENTROPY_NV_SEED)
to the condition than remove the macro completely. Would that solve the problem?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yanesca What will happen if there is no entropy seed? Will it be better || defined(MBEDTLS_ENTROPY_NV_SEED)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If a component registers its own weak entropy sources as strong or enables the HAVEGE source, then this function returns low entropy keys. Yes, I think that would be better: it would make explicit that we only provide output if TRNG or entropy seed is present.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yanesca thanks.
I have fixed it as you suggested.
@yossi2le Please review |
@adbridge @0xc0170 Sorry this was missed from our requested PR list but can we take this for 5.11.4 RC. |
CI started, whilst pending review comment is addressed |
Test run: SUCCESSSummary: 12 of 12 test jobs passed |
@ARMmbed/mbed-os-maintainers Mergable at your disgression. |
… derivation when there is no TRNG but there is DRBG
4bc1d50
to
d8d91c3
Compare
Hi @yanesca , please re-review the fix for your comments (this is rather urgent as it is critical for the client release). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me!
Test run: SUCCESSSummary: 12 of 12 test jobs passed |
Description
Removing the ifdef DEVICE_TRNG from the code which prevents the use of device key with pseudo-random generator supported by mbedtls entropy function.
Pull request type
Reviewers