Hi Heinrich,
The reason psa_crypto_init() initializes everything is for simplicity.
Once psa_crypto_init() returns, you know that the whole cryptography
subsystem is available. It avoids a common implementation error where an
application needs randomness but ignores a rare situation where the RNG
initialization failed and so can be coerced into operating with
predictable values.
We are aware that there are scenarios where this is not flexible enough.
The scenario you describe (verifying a signature before initializing the
RNG — perhaps the signature of a separately-installed RNG driver!) is
the most common use case.
A future version of the PSA API will add a more flexible alternative to
psa_crypto_init(). I've just created public tasks so you can follow
progress on that: https://github.com/Mbed-TLS/mbedtls/issues/6006,
https://github.com/Mbed-TLS/mbedtls/issues/6008. Unfortunately at this
time I can't give a date for when this will be done.
Best regards,
--
Gilles Peskine
PSA Crypto architect and Mbed TLS developer
On 01/07/2022 11:36, heinrich.mueller--- via mbed-tls wrote:
> Hello,
>
> currently, I am evaluating the mbed-tls. I already created some smaller demos regarding AES and RSA. I do so on a PC with cygwin and with Keil micro vision for a NXP S32K144.
>
> One demo is just validating some data with a signature and an existing public key. Here is the point that puzzles me a bit. As far as I understand this cybersecurity stuff entropy is not needed for the above use case. Some of my colleagues would agree with me.
>
> Once psa_crypto_init() is called on a target NXP S32K144 the function returns PSA_ERROR_INSUFFICIENT_ENTROPY.
>
> So far so good
>
https://os.mbed.com/docs/mbed-os/v6.15/porting/entropy-sources.html
> gives the hints on how to handle this in general but I did not find any information on how to disable the "request for entropy" in a save way once your use case does not need any new secrets.
>
> Can you give me a hint why psa_crypto_init() is implemented that way?
> It may also be that I still have a conceptual understanding problem!?
>
> Regards
> Heico