Hi everyone,
The PSA Crypto Driver Interface describes entry points for collecting entropy from drivers:
|psa_status_t acme_get_entropy(uint32_t flags, size_t *estimate_bits, uint8_t *output, size_t output_size);|
Currently, MbedTLS does not have any kind of support for those PSA driver entry points. I'm currently looking at trying to add initial support for those in the code. The idea is to write a very simple solution to get the ball rolling and that can be extended and improved later on. Is there interest for a patch to add this?
There are different ways to integrate it into the current MbedTLS code. Do you already have plans or ideas on how it should be done? After multiple attempts locally, I've came up with an approach that can work well. Like for other PSA Crypto drivers, the entropy entry points would be listed in the generated "psa_crypto_driver_wrappers.c" file. Those entry points can then be used by a sub-function of mbedtls_entropy_gather(). What do you think of that approach?
Best regards,
François.