diff options
-rw-r--r-- | 3rdparty/p256-m/README.md | 5 | ||||
-rw-r--r-- | 3rdparty/p256-m/p256-m/p256-m.c | 34 | ||||
-rw-r--r-- | docs/psa-driver-example-and-guide.md | 3 | ||||
-rw-r--r-- | include/mbedtls/mbedtls_config.h | 5 |
4 files changed, 36 insertions, 11 deletions
diff --git a/3rdparty/p256-m/README.md b/3rdparty/p256-m/README.md index 5efbd12..497c401 100644 --- a/3rdparty/p256-m/README.md +++ b/3rdparty/p256-m/README.md @@ -1,3 +1,4 @@ -The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m), which is distributed under the Apache 2.0 license. They are authored by Manuel Pégourié-Gonnard. The files `p256-m.c` and `.h` have been taken from the repository. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. +The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m), which is distributed under the Apache 2.0 license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. -It should be noted that p256-m does not supply its own cryptographically secure RNG function. An implementation based on `rand()` (taken from `benchmark.c` in the p256-m repo) has been added to `p256-m.c` to support key generation. This means that while key generation will work, p256-m's key generation entry point should not be called in production builds. +The files `p256-m.c` and `.h`, along with the license, have been taken from the `p256-m` repository. +It should be noted that p256-m deliberately does not supply its own cryptographically secure RNG function. As a result, an RNG function using `mbedtls_ctr_dbrg` has been implemented and added to `p256m.c`. diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c index 7f2f0f1..9e23a2d 100644 --- a/3rdparty/p256-m/p256-m/p256-m.c +++ b/3rdparty/p256-m/p256-m/p256-m.c @@ -6,7 +6,11 @@ */ #include "p256-m.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include <stdio.h> #include <stdlib.h> +#include <string.h> /* * Zeroize memory - this should not be optimized away @@ -1149,14 +1153,36 @@ static int scalar_from_bytes(uint32_t s[8], const uint8_t p[32]) return -1; } -/* test version based on stdlib - never do this in production! */ +/* Using RNG functions from Mbed TLS as p256-m does not come with a + * cryptographically secure RNG function. + */ int p256_generate_random(uint8_t *output, unsigned output_size) { - for (unsigned i = 0; i < output_size; i++) { - output[i] = (uint8_t) rand(); +#if defined(MBEDTLS_CTR_DRBG_C) + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + char *personalization = "p256m"; + mbedtls_entropy_init(&entropy); + mbedtls_ctr_drbg_init(&ctr_drbg); + int ret; + + ret = mbedtls_ctr_drbg_seed(&ctr_drbg , mbedtls_entropy_func, &entropy, + (const unsigned char *) personalization, + strlen(personalization)); + if (ret != 0) { + goto exit; } - return 0; + ret = mbedtls_ctr_drbg_random(&ctr_drbg, output, output_size); + if (ret != 0) { + goto exit; + } + + return P256_SUCCESS; +#endif + +exit: + return P256_RANDOM_FAILED; } /* diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md index f09ea79..d5be2b0 100644 --- a/docs/psa-driver-example-and-guide.md +++ b/docs/psa-driver-example-and-guide.md @@ -127,9 +127,6 @@ This guide assumes you are building Mbed TLS from source alongside your project. [p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on NIST P-256 curves, specifically optimized for use in constrained 32-bit environments. As such, it serves as a software accelerator. This section demonstrates the integration of `p256-m` as a transparent driver alongside Mbed TLS, serving as a guide for implementation. The code for p256-m can be found in `3rdparty/p256-m/p256m`. In this demonstration, p256-m is built from source alongside Mbed TLS. - -**NOTE:** p256-m also implements key generation. However, it's RNG is based on `stdlib`, making this feature **unsuitable for production builds**. It is included with Mbed TLS purely to be used as an example. - The driver prefix for p256-m is `P256`/`p256`. The driver macro is `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. To build with and use p256-m, set the macro using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run: python3 scripts/config.py set MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 84b6531..f10c092 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3925,8 +3925,9 @@ * document how a third-party driver or software accelerator can be integrated * to work alongside Mbed TLS. * - * \warning As of now, the built-in RNG for p256-m depends on rand(). This is - * fine for examples, but not in production. + * \warning p256-m has only been included to serve as a sample implementation + * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not + * intented for use in production. * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS! */ //#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED |