Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DeviceKey: Fix random key doesn't generate with custom entropy source #11725

Merged
merged 1 commit into from Oct 24, 2019

Conversation

@ccli8
Copy link
Contributor

ccli8 commented Oct 22, 2019

Description

This PR tries to fix random key doesn't generate with custom entropy source in device_key. Originally, when DEVICE_TRNG is defined, MBEDTLS_ENTROPY_HARDWARE_ALT will also be defined accordingly to provide entropy source. This is fine for targets supporting TRNG. However, for targets without TRNG, it is also possible to provide non-TRNG entropy source solution via the define MBEDTLS_ENTROPY_HARDWARE_ALT. Related discussion can be found at #11680

Pull request type

[x] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change
…E_ALT

Originally, when DEVICE_TRNG is defined, MBEDTLS_ENTROPY_HARDWARE_ALT will also be defined
accordingly to provide entropy source. This is fine for targets supporting TRNG. However, for
targets without TRNG, it is also possible to provide non-TRNG entropy source solution via the
define MBEDTLS_ENTROPY_HARDWARE_ALT. Related discussion can be found at:

#11680
@ciarmcom ciarmcom requested review from ARMmbed/mbed-os-maintainers Oct 22, 2019
@ciarmcom

This comment has been minimized.

Copy link
Member

ciarmcom commented Oct 22, 2019

@ccli8, thank you for your changes.
@ARMmbed/mbed-os-storage @ARMmbed/mbed-os-maintainers please review.

@VeijoPesonen

This comment has been minimized.

Copy link
Contributor

VeijoPesonen commented Oct 22, 2019

@ARMmbed/mbed-os-crypto are you fine with this?

@yanesca

This comment has been minimized.

Copy link
Contributor

yanesca commented Oct 22, 2019

Yes, I think this should be fine:

  • MBEDTLS_ENTROPY_HARDWARE_ALT is the same mechanism we register TRNGs. The user can use the same mechanism to register something as an entropy source that is weaker than a TRNG. (This might or might not be a security issue depending on the user's threat model.) This was possible before and works without a functional problem in most of the cases. This is the only function that we know of that does not work with user defined MBEDTLS_ENTROPY_HARDWARE_ALT.

  • There is room for improvement regarding security, but I think that any such improvement is out of scope for this PR.

@0xc0170

This comment has been minimized.

Copy link
Member

0xc0170 commented Oct 23, 2019

@VeijoPesonen we should be good to proceed here?

Copy link
Contributor

VeijoPesonen left a comment

Approved securitywise by @yanesca. Looks also good to me.

@0xc0170

This comment has been minimized.

Copy link
Member

0xc0170 commented Oct 23, 2019

CI started

@mbed-ci

This comment has been minimized.

Copy link

mbed-ci commented Oct 23, 2019

Test run: SUCCESS

Summary: 11 of 11 test jobs passed
Build number : 1
Build artifacts

@0xc0170 0xc0170 added ready for merge and removed needs: CI labels Oct 24, 2019
@0xc0170 0xc0170 merged commit acf576a into ARMmbed:master Oct 24, 2019
25 checks passed
25 checks passed
continuous-integration/jenkins/pr-head This commit looks good
Details
jenkins-ci/build-ARM Success
Details
jenkins-ci/build-GCC_ARM Success
Details
jenkins-ci/build-IAR Success
Details
jenkins-ci/cloud-client-test Success
Details
jenkins-ci/dynamic-memory-usage RTOS ROM(+0 bytes) RAM(+0 bytes)
Details
jenkins-ci/exporter Success
Details
jenkins-ci/greentea-test Success
Details
jenkins-ci/mbed2-build-ARM Success
Details
jenkins-ci/mbed2-build-GCC_ARM Success
Details
jenkins-ci/mbed2-build-IAR Success
Details
jenkins-ci/unittests Success
Details
travis-ci/astyle Success!
Details
travis-ci/docs Success!
Details
travis-ci/doxy-spellcheck Success!
Details
travis-ci/events Success! Runtime is 8655 cycles.
Details
travis-ci/gitattributestest Success!
Details
travis-ci/include_check Success!
Details
travis-ci/licence_check Success!
Details
travis-ci/littlefs Success! Code size is 8464B.
Details
travis-ci/psa-autogen Success!
Details
travis-ci/tools-py2.7 Success!
Details
travis-ci/tools-py3.5 Success!
Details
travis-ci/tools-py3.6 Success!
Details
travis-ci/tools-py3.7 Success!
Details
@ccli8 ccli8 deleted the OpenNuvoton:nuvoton_devicekey_entropy_alt branch Oct 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.