Platform entropy is available when `MBEDTLS_NO_PLATFORM_ENTROPY` is _not_
defined.
This caused the ok/not-supported behavior of `broke
psa_random_set_prediction_resistance() to be inverted, and the unit tests
checking that behavior to be similarly inverted, so the unit tests didn't
catch it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Let applications configure prediction resistance at runtime.
Prediction resistance is always considered disabled when there is no actual
entropy source, only a nonvolatile seed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In some scenarios, application or integration code knows that the random
generator should be reseeded, but the reseed cannot or must not happen
immediately and there is no way to report errors. In such scenarios, users
can call the new function `psa_random_deplete()`, which just marks the DRBG
as needing a reseed.
This change requires DRBG modules to treat `reseed_counter == reseed_interval`
as a condition that requires a reseed. Historically they reseeded when
`reseed_counter > reseed_interval`, but that made it impossible to require
a reseed when `reseed_interval == MAX_INT`. Note that this edge case is not
tested.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Change `reseed_counter` to be the number of requests made since the last
reseed, rather than this number minus 1. Thus, reseed when
`reseed_counter >= reseed_interval` rather than
`reseed_counter > reseed_interval`. The field `reseed_counter` is private so
this is not an API change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define `MBEDTLS_ENTROPY_TRUE_SOURCES` and `MBEDTLS_ENTROPY_HAVE_SOURCES`
similarly to TF-PSA-Crypto 1.0. Also define
`MBEDTLS_ENTROPY_HAVE_TRUE_SOURCES` for test function dependencies.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Document when this is not used. This was the case in TF-PSA-Crypto 1.0.0,
but not yet in Mbed TLS 3.6.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Instead of unconditionally using `/dev/urandom`, make the device path
configurable at compile time through `MBEDTLS_PLATFORM_DEV_RANDOM` or
at run time through `mbedtls_platform_dev_random`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix the location of the ending braket of "extern C" block in order to
have it balanced between C guards.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Take also MAC's key types into account when computing the size of the
buffer to store key material in static key slot configuration.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Integrators in a client-server architecture need to provide this function on
the client side.
Fixesmbedtls/issues#10341.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The decrypted length reveals the amount of padding that was eliminated, and
thus reveals partial information about the last ciphertext block.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
