Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Study: PSA random generation drivers for 4.0 (replace entropy.h) #8150

Open
daverodgman opened this issue Sep 1, 2023 · 1 comment
Open

Study: PSA random generation drivers for 4.0 (replace entropy.h) #8150

daverodgman opened this issue Sep 1, 2023 · 1 comment
Labels
api-break This issue/PR breaks the API and must wait for a new major version component-crypto Crypto primitives and low-level interfaces enhancement size-l Estimated task size: large (2w+)

Comments

@daverodgman
Copy link
Contributor

daverodgman commented Sep 1, 2023
edited by gilles-peskine-arm
Loading

As per #5156 (comment) - investigate what is required to support PSA entropy drivers. The outcome of this task is to define an epic with the work needed for 4.0.

https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-interface.md#random-generation-entry-points

This includes an overhaul of support for a stored seed, replacing MBEDTLS_ENTROPY_NV_SEED and mbedtls_psa_inject_entropy().

The functionality of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and mbedtls_psa_external_get_random will be subsumed. But we may want to keep them as a simpler interface, especially until we have driver generation scripts.
@daverodgman daverodgman added component-crypto Crypto primitives and low-level interfaces size-m Estimated task size: medium (~1w) enhancement size-l Estimated task size: large (2w+) and removed size-m Estimated task size: medium (~1w) labels Oct 11, 2023
@gilles-peskine-arm gilles-peskine-arm changed the title Study: investigate entropy work for 4.0 Study: PSA random generation drivers for 4.0 (replace entropy.h) Nov 14, 2023
@daverodgman daverodgman added the api-break This issue/PR breaks the API and must wait for a new major version label Nov 28, 2023
@mpg mpg mentioned this issue Dec 28, 2023
Open
@gilles-peskine-arm
Copy link
Contributor

Mbed TLS has a number of ways to configure the entropy and DRBG modules, which we may or may want to offer in the new random module.

  • MBEDTLS_ENTROPY_FORCE_SHA256: choice of primitive to combine and whiten entropy sources.
  • MBEDTLS_ENTROPY_MIN_HARDWARE: cryptographic strength of the entropy collection.
  • MBEDTLS_ENTROPY_NV_SEED: support for an entropy store in addition to or in combination with entropy peripherals. This needs to stay, but not necessarily in its present form. On PSA platforms, the NV seed should be in the PSA storage. But on hosted platforms such as Linux, users generally don't use the PSA storage but use a named file instead.

@gilles-peskine-arm gilles-peskine-arm moved this to Design needed in Mbed TLS 4.0 planning Jun 5, 2024
@yanesca yanesca moved this to 4.0 - PSA RNG in Mbed TLS Backlog Aug 27, 2024
@github-project-automation github-project-automation bot moved this to Mbed TLS 4.0 MUST in Backlog for Mbed TLS Aug 30, 2024
This was referenced Oct 18, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-break This issue/PR breaks the API and must wait for a new major version component-crypto Crypto primitives and low-level interfaces enhancement size-l Estimated task size: large (2w+)
Projects
Backlog for Mbed TLS
Status: Mbed TLS 4.0 MUST
Mbed TLS 4.0 planning
Status: Design needed
Mbed TLS Backlog
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daverodgman @gilles-peskine-arm