Merge pull request #1249 from gilles-peskine-arm/psa-drbg-no-hmac-document

Document that MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not force HMAC
This commit is contained in:
Gilles Peskine 2024-07-31 16:47:27 +02:00 committed by GitHub
commit 726e57f6f0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 20 additions and 18 deletions

View File

@ -0,0 +1,4 @@
Security
* Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.

View File

@ -4000,11 +4000,18 @@
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
* PSA crypto subsystem.
*
* If this option is unset:
* - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
* - Otherwise, the PSA subsystem uses HMAC_DRBG with either
* #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
* on unspecified heuristics.
* If this option is unset, the library chooses a hash (currently between
* #MBEDTLS_MD_SHA512 and #MBEDTLS_MD_SHA256) based on availability and
* unspecified heuristics.
*
* \note The PSA crypto subsystem uses the first available mechanism amongst
* the following:
* - #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if enabled;
* - Entropy from #MBEDTLS_ENTROPY_C plus CTR_DRBG with AES
* if #MBEDTLS_CTR_DRBG_C is enabled;
* - Entropy from #MBEDTLS_ENTROPY_C plus HMAC_DRBG.
*
* A future version may reevaluate the prioritization of DRBG mechanisms.
*/
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256

View File

@ -21,13 +21,10 @@ typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
#include "mbedtls/entropy.h"
/* Choose a DRBG based on configuration and availability */
#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
#include "mbedtls/hmac_drbg.h"
#elif defined(MBEDTLS_CTR_DRBG_C)
#if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
#undef MBEDTLS_PSA_HMAC_DRBG_MD_TYPE
#elif defined(MBEDTLS_HMAC_DRBG_C)
@ -49,17 +46,11 @@ typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
#error "No hash algorithm available for HMAC_DBRG."
#endif
#else /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
#else /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
#error "No DRBG module available for the psa_crypto module."
#endif /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
#if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
#elif defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */
#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
/* The maximum number of bytes that mbedtls_psa_get_random() is expected to return. */
#if defined(MBEDTLS_CTR_DRBG_C)