Certain implementations require more stack to operate.
Increase the stack size to avoid overflows.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Use dynamic allocation for key material for
better compatibility as a fully static key store is a new
feature that not all PSA Crypto implementations support.
Explicitly enable CONFIG_MBEDTLS_ENABLE_HEAP to ensure that Mbed TLS uses
heap for the PSA keys' data (instead of failing at runtime).
This will turn off CONFIG_MBEDTLS_PSA_STATIC_KEY_SLOTS, making the
implementation default to dynamic key slots.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Explicitly enable CONFIG_ENTROPY_GENERATOR instead of relying on the
build system's defaults.
This:
- Makes sure the filtering works properly between entropy_driver and
entropy_not_secure test scenarios for the samples.
- Helps with TF-M builds in certain scenarios where key generation (via
`psa_generate_key()`) would fail due to the RNG functionality being
disabled.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Explicitly set the TF-M profile to not rely on the build system defaults
which might differ.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Now that `SECURE_STORAGE` does not `select` dependencies, they need to
be enabled explicitly by the tests.
Signed-off-by: Jordan Yates <jordan@embeint.com>
We need to make sure that within Zephyr different users of the PSA APIs
don't interfere with each other because of using the same numerical IDs
for persistent assets.
This takes care of the PSA key IDs when using persistent keys through
the PSA Crypto API.
See the comments in `<zephyr/psa/key_ids.h>` for more information.
This removes the recently-introduced Kconfig options that allowed changing
the base IDs subsystems were using for their persistent keys.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG to the list of
test Kconfigs. Typical use case of this:
- the platform has "zephyr,entropy" defined in the devicetree which means
that CSPRNG_AVAILABLE is set;
- for some reason the board actually does not have any entropy driver
enabled (ex: ENTROPY_BT_HCI is disabled in nrf5340bsim when BT is _not_
enabled in the build);
- since TEST_RANDOM_GENERATOR is enabled then also TEST_CSPRNG_GENERATOR
would be;
- unfortunately the call to psa_generate_random() would fail in
get_random_data() (in modules/mbedtls/zephyr_entropy.c) because
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG is not set and it would
not reach "subsys/random/random_test_csprng.c".
This commit fixes this problem.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
As long as MBEDTLS_ENTROPY_C is enabled, Mbed TLS needs to
poll some entropy source to gather data that will then be
processed by CTR/HMAC-DRBG modules. This means that in most
of the cases, once MBEDTLS_ENTROPY_C is enabled then also
MBEDTLS_ENTROPY_POLL_ZEPHYR needs to be enabled. This was
done manually until now, as the long list of samples/tests
demonstrate.
This commit solves this dependency by defaulting
MBEDTLS_ENTROPY_POLL_ZEPHYR to on as soon as
MBEDTLS_ENTROPY_C is set. As a consequence, all manual
enablement of MBEDTLS_ENTROPY_POLL_ZEPHYR in samples/tests
are removed.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The main problem of MBEDTLS_PSA_CRYPTO_LEGACY_RNG is that it
brings in some legacy modules (entropy + ctr_drbg/hmac_drbg)
which means extra ROM/RAM footprint.
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG instead simply calls to the
CSPRNG which makes it definitely smaller.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add a sample to demonstrate use of persistent keys in the PSA Crypto API.
The implementation of the PSA ITS API that allows storage of persistent
keys is provided either by the just-introduced secure storage subsystem
or by TF-M.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
