PSA: support HMAC_DRBG

Support using HMAC_DRBG instead of CTR_DRBG in the PSA subsystem. Use HMAC_DRBG if CTR_DRBG is available. Choose between SHA-256 and SHA-512 based on availability. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-01 10:06:53 +03:00 · 2020-11-13 21:31:17 +01:00
parent 4fc21fdeb6
commit 82e57d1611
6 changed files with 91 additions and 13 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -573,7 +573,7 @@
 #endif

 #if defined(MBEDTLS_PSA_CRYPTO_C) &&                                    \
-    !( ( defined(MBEDTLS_CTR_DRBG_C) &&                                 \
+    !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \
         defined(MBEDTLS_ENTROPY_C) ) ||                                \
       defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) )
 #error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -3146,6 +3146,7 @@
 * Module:  library/psa_crypto.c
 *
 * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
+ *           or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
 *           or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
 *
 */