Add MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG to the list of
test Kconfigs. Typical use case of this:
- the platform has "zephyr,entropy" defined in the devicetree which means
that CSPRNG_AVAILABLE is set;
- for some reason the board actually does not have any entropy driver
enabled (ex: ENTROPY_BT_HCI is disabled in nrf5340bsim when BT is _not_
enabled in the build);
- since TEST_RANDOM_GENERATOR is enabled then also TEST_CSPRNG_GENERATOR
would be;
- unfortunately the call to psa_generate_random() would fail in
get_random_data() (in modules/mbedtls/zephyr_entropy.c) because
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG is not set and it would
not reach "subsys/random/random_test_csprng.c".
This commit fixes this problem.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
As long as MBEDTLS_ENTROPY_C is enabled, Mbed TLS needs to
poll some entropy source to gather data that will then be
processed by CTR/HMAC-DRBG modules. This means that in most
of the cases, once MBEDTLS_ENTROPY_C is enabled then also
MBEDTLS_ENTROPY_POLL_ZEPHYR needs to be enabled. This was
done manually until now, as the long list of samples/tests
demonstrate.
This commit solves this dependency by defaulting
MBEDTLS_ENTROPY_POLL_ZEPHYR to on as soon as
MBEDTLS_ENTROPY_C is set. As a consequence, all manual
enablement of MBEDTLS_ENTROPY_POLL_ZEPHYR in samples/tests
are removed.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The main problem of MBEDTLS_PSA_CRYPTO_LEGACY_RNG is that it
brings in some legacy modules (entropy + ctr_drbg/hmac_drbg)
which means extra ROM/RAM footprint.
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG instead simply calls to the
CSPRNG which makes it definitely smaller.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add a sample to demonstrate use of persistent keys in the PSA Crypto API.
The implementation of the PSA ITS API that allows storage of persistent
keys is provided either by the just-introduced secure storage subsystem
or by TF-M.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add a sample to demonstrate direct use of the PSA ITS API.
The implementation of the API is provided either by the just-introduced
secure storage subsystem or by TF-M.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
