From e26f00fc5f7a3b86a65b650eb2550d6989f1a8ae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 2 Aug 2024 14:42:14 +0200 Subject: [PATCH] mbedtls: move entropy polling functions to a dedicated file This commit just moves some code around. For sake of cleanliness a new file is added to hold the entropy parsing functions for Mbed TLS. Signed-off-by: Valerio Setti --- modules/mbedtls/CMakeLists.txt | 1 + modules/mbedtls/zephyr_entropy.c | 75 ++++++++++++++++++++++++++++++++ modules/mbedtls/zephyr_init.c | 72 +----------------------------- 3 files changed, 78 insertions(+), 70 deletions(-) create mode 100644 modules/mbedtls/zephyr_entropy.c diff --git a/modules/mbedtls/CMakeLists.txt b/modules/mbedtls/CMakeLists.txt index 7007ba7646b..aab4ad5316c 100644 --- a/modules/mbedtls/CMakeLists.txt +++ b/modules/mbedtls/CMakeLists.txt @@ -115,6 +115,7 @@ zephyr_interface_library_named(mbedTLS) ${ZEPHYR_CURRENT_MODULE_DIR}/library/version_features.c ${ZEPHYR_CURRENT_MODULE_DIR}/library/version.c zephyr_init.c + zephyr_entropy.c ) zephyr_library_sources(${mbedtls_base_src}) diff --git a/modules/mbedtls/zephyr_entropy.c b/modules/mbedtls/zephyr_entropy.c new file mode 100644 index 00000000000..9adc308bae5 --- /dev/null +++ b/modules/mbedtls/zephyr_entropy.c @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include +#include + + +#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR) || defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +static int get_random_data(uint8_t *output, size_t output_size, bool allow_non_cs) +{ + int ret = MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED; + +#if defined(CONFIG_CSPRNG_ENABLED) + ret = sys_csrand_get(output, output_size); + if (ret == 0) { + return 0; + } +#endif /* CONFIG_CSPRNG_ENABLED */ + + if (allow_non_cs) { + sys_rand_get(output, output_size); + ret = 0; + } + + return ret; +} +#endif /* CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR || CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + +#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR) +int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, + size_t *olen) +{ + int ret; + uint16_t request_len = len > UINT16_MAX ? UINT16_MAX : len; + + ARG_UNUSED(data); + + if (output == NULL || olen == NULL || len == 0) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } + + ret = get_random_data(output, len, true); + if (ret < 0) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } + + *olen = request_len; + + return 0; +} +#endif /* CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR */ + +#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +psa_status_t mbedtls_psa_external_get_random( + mbedtls_psa_external_random_context_t *context, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) context; + int ret; + + ret = get_random_data(output, output_size, + IS_ENABLED(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG)); + if (ret != 0) { + return PSA_ERROR_GENERIC_ERROR; + } + + *output_length = output_size; + + return PSA_SUCCESS; +} +#endif /* CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ diff --git a/modules/mbedtls/zephyr_init.c b/modules/mbedtls/zephyr_init.c index 79da037422b..1d7d3b40b76 100644 --- a/modules/mbedtls/zephyr_init.c +++ b/modules/mbedtls/zephyr_init.c @@ -6,18 +6,15 @@ /* * Copyright (c) 2017 Intel Corporation + * Copyright (c) 2024 Nordic Semiconductor ASA * * SPDX-License-Identifier: Apache-2.0 */ #include #include -#include -#include -#include #include - #include #if defined(CONFIG_MBEDTLS) @@ -29,7 +26,7 @@ #endif #if defined(CONFIG_MBEDTLS_ENABLE_HEAP) && \ - defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) + defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include #if !defined(CONFIG_MBEDTLS_HEAP_SIZE) @@ -83,68 +80,3 @@ mbedtls_ms_time_t mbedtls_ms_time(void) { return (mbedtls_ms_time_t)k_uptime_get(); } - -#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR) || defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -static int get_random_data(uint8_t *output, size_t output_size, bool allow_non_cs) -{ - int ret = MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED; - -#if defined(CONFIG_CSPRNG_ENABLED) - ret = sys_csrand_get(output, output_size); - if (ret == 0) { - return 0; - } -#endif /* CONFIG_CSPRNG_ENABLED */ - - if (allow_non_cs) { - sys_rand_get(output, output_size); - ret = 0; - } - - return ret; -} -#endif /* CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR || CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - -#if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR) -int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, - size_t *olen) -{ - int ret; - uint16_t request_len = len > UINT16_MAX ? UINT16_MAX : len; - - ARG_UNUSED(data); - - if (output == NULL || olen == NULL || len == 0) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - ret = get_random_data(output, len, true); - if (ret < 0) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - *olen = request_len; - - return 0; -} -#endif /* CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR */ - -#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -psa_status_t mbedtls_psa_external_get_random( - mbedtls_psa_external_random_context_t *context, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) context; - int ret; - - ret = get_random_data(output, output_size, - IS_ENABLED(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG)); - if (ret != 0) { - return PSA_ERROR_GENERIC_ERROR; - } - - *output_length = output_size; - - return PSA_SUCCESS; -} -#endif /* CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */