Autonomous random driver: declare the type and function
Define a sample type mbedtls_psa_external_random_context_t in
psa/crypto_platform.h and define the prototype of
mbedtls_psa_external_get_random() in a public header.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 02618fb..58d7807 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1342,9 +1342,10 @@
* Make the PSA Crypto module use an external random generator provided
* by a driver, instead of Mbed TLS's entropy and DRBG modules.
*
- * If you enable this option, you must supply a type called
- * \c mbedtls_psa_external_random_context_t and a function called
- * mbedtls_psa_external_get_random() with the following prototype:
+ * If you enable this option, you must supply configure the type
+ * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
+ * and define a function called mbedtls_psa_external_get_random()
+ * with the following prototype:
* ```
* psa_status_t mbedtls_psa_external_get_random(
* mbedtls_psa_external_random_context_t *context,
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index b25addc..218a6ba 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -649,6 +649,36 @@
/**@}*/
+/** \defgroup psa_external_rng External random generator
+ * @{
+ */
+
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+/** External random generator function, implemented by the platform.
+ *
+ * When the compile-time option #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled,
+ * this function replaces Mbed TLS's entropy and DRBG modules for all
+ * random generation triggered via PSA crypto interfaces.
+ *
+ * \param[in,out] context Pointer to the random generator context.
+ * This is all-bits-zero on the first call
+ * and preserved between successive calls.
+ * \param[out] output Output buffer. On success, this buffer
+ * contains random data with a uniform
+ * distribution.
+ * \param output_size The size of the \p output buffer in bytes.
+ * \param[out] output_length On success, set this value to \p output_size.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ */
+psa_status_t mbedtls_psa_external_get_random(
+ mbedtls_psa_external_random_context_t *context,
+ uint8_t *output, size_t output_size, size_t *output_length );
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+/**@}*/
+
#ifdef __cplusplus
}
#endif
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 567398d..a147a3e 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -81,4 +81,10 @@
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+typedef struct {
+ uint8_t opaque[32];
+} mbedtls_psa_external_random_context_t;
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
#endif /* PSA_CRYPTO_PLATFORM_H */