apps/mbedtls-alt: Provide system alternative implementation for mbedtls #2572
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: makejian <makejian@xiaomi.com>
cederom
requested changes
Sep 15, 2024
There was a problem hiding this comment.
Thank you @ThePassionate :-)
- Please update PR Summary and git commit messages with more detailed description why the change is needed, what it does and how.
- Please update PR Impact section - there are two important impacts one is provision of new encryption method (why it is called alternative if it also comes from mbedtls?) and second is providing entropy from
/dev/randomthat may be considered insecure (inadequate entropy). What hardware random number generator did you use? Did you verify its entropy? - Please update PR Testing section with test run logs.
- There are build errors, I have restarted CI lets see if that helps.
thanks, 3 and 4 i will verify in local and update after. |
|
Thank you @ThePassionate :-) |
ThePassionate
force-pushed
the
nuttx-20240914
branch
2 times, most recently
from
c65d849 to
ec6d1ce
Compare
Signed-off-by: makejian <makejian@xiaomi.com>
ThePassionate
force-pushed
the
nuttx-20240914
branch
from
ec6d1ce to
c88a0e3
Compare
xiaoxiang781216
approved these changes
Sep 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The computing process and software algorithm of AESCMAC are already provided in the crypto module of NuttX, and the mbedtls-alt interface is provided for the convenience of the upper layer, which can be used to directly replace the implementation of the mbedtls interface. Drive capability is used imperceptibly, and that replacement has gone through the MBEDTLS internal selftest case.
There is a conflict between using the PSA random number interface provided by MBEDTLS and trying to use AES to drive the acceleration function. This is due to the fact that the software random number source of the PSA is a global variable, and the driving ability of AES is exposed through fd, and there will be cross-process call errors. So there is a need to provide the ability for PSA to also use random number driven.
Impact
Testing
ci & mbedselftest
`ap> mbedselftest cmac
AES 128 CMAC subkey #1: passed
AES 128 CMAC subkey #2: passed
AES 128 CMAC subkey #3: passed
AES 128 CMAC subkey #4: passed
AES 128 CMAC #1: passed
AES 128 CMAC #2: passed
AES 128 CMAC #3: passed
AES 128 CMAC #4: passed`