Hello,
currently, I am evaluating the mbed-tls. I already created some smaller demos regarding AES and RSA. I do so on a PC with cygwin and with Keil micro vision for a NXP S32K144.
One demo is just validating some data with a signature and an existing public key. Here is the point that puzzles me a bit. As far as I understand this cybersecurity stuff entropy is not needed for the above use case. Some of my colleagues would agree with me.
Once psa_crypto_init() is called on a target NXP S32K144 the function returns PSA_ERROR_INSUFFICIENT_ENTROPY.
So far so good https://os.mbed.com/docs/mbed-os/v6.15/porting/entropy-sources.html gives the hints on how to handle this in general but I did not find any information on how to disable the "request for entropy" in a save way once your use case does not need any new secrets.
Can you give me a hint why psa_crypto_init() is implemented that way? It may also be that I still have a conceptual understanding problem!?
Regards Heico
Hi Heinrich,
The reason psa_crypto_init() initializes everything is for simplicity. Once psa_crypto_init() returns, you know that the whole cryptography subsystem is available. It avoids a common implementation error where an application needs randomness but ignores a rare situation where the RNG initialization failed and so can be coerced into operating with predictable values.
We are aware that there are scenarios where this is not flexible enough. The scenario you describe (verifying a signature before initializing the RNG — perhaps the signature of a separately-installed RNG driver!) is the most common use case.
A future version of the PSA API will add a more flexible alternative to psa_crypto_init(). I've just created public tasks so you can follow progress on that: https://github.com/Mbed-TLS/mbedtls/issues/6006, https://github.com/Mbed-TLS/mbedtls/issues/6008. Unfortunately at this time I can't give a date for when this will be done.
Best regards,
Hello Gilles,
Thank you for your answer! It helps me to understand the behavior of the Mbed Tls library.
Since I am just evaluating and doing some Demos, we do not need to overdo this here. But what would be your suggestion for a workaround for now?
I think I just follow the section in the documentation "How to test without entropy sources" and leave some comments in the Demo code.
Regards Heico
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
heinrich.mueller@g-ushin.com