[tf-psa-crypto] MBEDTLS_PLATFORM_GET_ENTROPY_ALT in 4.0

[valeriosetti]

Description

This helps resolving Mbed-TLS/mbedtls#9618

CI note

Due to dependencies with the main repo PR please evaluate the CI of 10090 as validation of this PR.

PR checklist

• changelog done
• framework PR
  • [framework] MBEDTLS_PLATFORM_GET_ENTROPY_ALT in 4.0 mbedtls-framework#151
  • [framework] MBEDTLS_PLATFORM_GET_ENTROPY_ALT in 4.0 mbedtls-framework#161
  • [framework] MBEDTLS_PLATFORM_GET_ENTROPY_ALT in 4.0 mbedtls-framework#165
• mbedtls development PR [development] MBEDTLS_PLATFORM_GET_ENTROPY_ALT in 4.0 mbedtls#10090
• mbedtls 3.6 PR not required: new feature
• tests TODO

[gilles-peskine-arm]

I just did a design review. I won't be able to do a full code review.

We just realized this morning that the issue description wasn't very clear, and several things were in Janos's mind and mine but we hadn't written them down. Sorry about this. I added a note to the issue and some comments here, hopefully that should clarify things.

[gilles-peskine-arm]

Non-blocker: since the function is now declared in platform.h, should we call it mbedtls_platform_xxx? Same question about the configuration option. Maybe MBEDTLS_PLATFORM_GET_ENTROPY_ALT and mbedtls_platform_get_entropy()?

[gilles-peskine-arm]

Please add the constraint that for the time being, the function must set entropy_content = 8 * *output_len on success. The library will be extended later to support partial entropy.

[gilles-peskine-arm]

We don't need to support callers that don't want the value. entropy_content is guaranteed to be non-null.

[gilles-peskine-arm]

I don't think “not provided by Mbed TLS” is a useful warning. Also, it's TF-PSA-Crypto now.

On the other hand, the function's documentation should state that this function is only used when MBEDTLS_ENTROPY_HARDWARE_POLL is defined. This is otherwise not visible when you read the Doxygen-rendered documentation.

[gilles-peskine-arm]

MBEDTLS_ENTROPY_HARDWARE_POLL_MIN should not be a configuration parameter, at least not in this form. The RNG needs a certain amount of entropy. This minimum is up to the system configuration (and in particular the required cryptographic strength for the system), not up to the hardware integration. The person writing the TRNG device driver doesn't get to choose this value.

I think we should just use the existing MBEDTLS_ENTROPY_MIN_PLATFORM here. The distinction between “platform source” and “hardware source” doesn't really make sense as it's currently described in entropy_poll.h. Actually the “platform source” is the operating system integrations that the library supports out of the box, and the “hardware source” is the one for other systems where the integrator needs to provide a driver.

[gilles-peskine-arm]

The changelog entries should probably mention the function names as well as the option names, for easier searching.

[gilles-peskine-arm]

The wrapper should check the entropy content and fail if it's less than full entropy, i.e. if entropy_output < 8 * *olen. Please add a unit test for that in test_suite_entropy.

Also the entropy collection should fail if *olen is too small and as a result there isn't enough entropy, collected from all sources. I believe this is covered by the existing tests in test_suite_entropy, but please double-check.

[valeriosetti]

The wrapper should check the entropy content and fail if it's less than full entropy, i.e. if entropy_output < 8 * *olen. Please add a unit test for that in test_suite_entropy.

While adding the check on the wrapper and testing it with the new component tf_psa_crypto_platform_get_entropy_alt I found that tests are already failing if the returned entropy content is not correct, so there seems to be no need for a new test step. As reference implementation I'm using the one proposed in the companion PR Mbed-TLS/mbedtls-framework#151.

[valeriosetti]

I think that CI failures in test_psasim and test_suite_with_psasim can be ignored in this PR as the same tests in the main PR are OK

[valeriosetti]

I just forced push the last commit following the merge of Mbed-TLS/mbedtls-framework#151. No other change was made

[valeriosetti]

I think that CI failures in test_psasim and test_suite_with_psasim can be ignored in this PR as the same tests in the main PR are OK

Thinking on this a bit more I think I can explain why psasim tests fail in this PR. The PR on the main repo modifies config.py (only in the main repo) so that the full config doesn't set MBEDTLS_PLATFORM_GET_ENTROPY_ALT.
The problem is that when Mbed-TLS/mbedtls#10090 is tested then it pick this PR as the tf-psa-crypto version. The opposite is not true: when this PR is tested on the CI, the main repo is checked out at development and there the full config enables MBEDTLS_PLATFORM_GET_ENTROPY_ALT.

[valeriosetti]

@gilles-peskine-arm @bjwtaylor I just updated the framework reference (since Mbed-TLS/mbedtls-framework#165 was merged) and rebased in top of development branch to solve CI issues with main repo.

[valeriosetti]

Remaining CI failures are:

[2025-04-29T14:35:20.193Z] test/selftest.c:229:14: error: implicit declaration of function 'mbedtls_platform_entropy_poll' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
[2025-04-29T14:35:20.193Z]     result = mbedtls_platform_entropy_poll(NULL,

which is reasonable since the main repo is tested on the development branch. We can rely on the CI of Mbed-TLS/mbedtls#10090 to validate this PR.

[gilles-peskine-arm]

It's problematic to merge something in the crypto repository that breaks the CI, since it means crypto will be broken on all branches that don't have this PR merged yet.

Can you please add a transition function mbedtls_platform_entropy_poll that's just good enough for how it's used in selftest.c, with a comment stating that it's going to be removed soon? And might as well make a PR that reverts that commit, to be merged in a few weeks.

[valeriosetti]

Can you please add a transition function mbedtls_platform_entropy_poll that's just good enough for how it's used in selftest.c, with a comment stating that it's going to be removed soon? And might as well make a PR that reverts that commit, to be merged in a few weeks.

@gilles-peskine-arm I just created #273 to track this

[valeriosetti]

@gilles-peskine-arm although I added the stub function for mbedtls_platform_entropy_poll there are remaining failures on the CI related to the fact that the main branch actually needs some more fixes on its codebase to make this PR in (configuration header files, config.py, etc - see Mbed-TLS/mbedtls#10090 for the full list).
I'm not sure I can make the CI fully happy in this PR.,,