From 5f6a7194a293164b1b48f55801ef4a756a21b422 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= <frank.kvamtro@nordicsemi.no>
Date: Wed, 23 Oct 2024 17:36:11 +0200
Subject: [PATCH] crypto: cracen: Move mutex to Mbed TLS threading_alt.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

-This commit ensures that the check if we are calling from
 ISR and/or kernel is used for CRACEN (which doesn't allow
 mutex-interaction).
-This commit checks for failures to lock with asserts
-Change cracen to use mbedtls_mutex_lock/unlock
-Change cracen mutexs init to happen in threading_alt.c through
 the post-kernel SYS_INIT.

Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
---
 .../src/drivers/cracen/cracenpsa/src/cracen.c     | 15 +++++++++------
 .../src/drivers/cracen/cracenpsa/src/ctr_drbg.c   | 14 +++++++++-----
 .../drivers/cracen/cracenpsa/src/key_management.c | 12 ++++++++----
 .../src/drivers/cracen/cracenpsa/src/kmu.c        |  6 ++++--
 .../src/drivers/cracen/cracenpsa/src/prng_pool.c  | 10 +++++++---
 .../baremetal_ba414e_with_ik/pk_baremetal.c       |  9 ++++++---
 .../sxsymcrypt/src/platform/baremetal/cmdma_hw.c  |  9 +++++----
 subsys/nrf_security/src/threading/threading_alt.c | 15 +++++++++++++++
 8 files changed, 63 insertions(+), 27 deletions(-)

diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c
index 159cfbabc13c..cb6f136f52cc 100644
--- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c
+++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c
@@ -24,7 +24,7 @@
 
 static int users;
 
-NRF_SECURITY_MUTEX_DEFINE(cracen_mutex);
+extern mbedtls_threading_mutex_t cracen_mutex;
 
 LOG_MODULE_REGISTER(cracen, CONFIG_CRACEN_LOG_LEVEL);
 
@@ -51,7 +51,8 @@ static void cracen_load_microcode(void)
 
 void cracen_acquire(void)
 {
-	nrf_security_mutex_lock(&cracen_mutex);
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex) == 0,
+		"cracen_mutex not initialized (lock)");
 
 	if (users++ == 0) {
 		nrf_cracen_module_enable(NRF_CRACEN, CRACEN_ENABLE_CRYPTOMASTER_Msk |
@@ -61,13 +62,14 @@ void cracen_acquire(void)
 		LOG_DBG_MSG("Powered on CRACEN.");
 	}
 
-	nrf_security_mutex_unlock(&cracen_mutex);
+	__ASSERT(mbedtls_mutex_unlock(&cracen_mutex) == 0,
+		"cracen_mutex not initialized (unlock)");
 }
 
 void cracen_release(void)
 {
-	nrf_security_mutex_lock(&cracen_mutex);
-
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex) == 0,
+		"cracen_mutex not initialized (lock)");
 	if (--users == 0) {
 		/* Disable IRQs in the ARM NVIC as the first operation to be
 		 * sure no IRQs fire while we are turning CRACEN off.
@@ -102,7 +104,8 @@ void cracen_release(void)
 		LOG_DBG_MSG("Powered off CRACEN.");
 	}
 
-	nrf_security_mutex_unlock(&cracen_mutex);
+	__ASSERT(mbedtls_mutex_unlock(&cracen_mutex) == 0,
+		"cracen_mutex not initialized (unlock)");
 }
 
 #define CRACEN_NOT_INITIALIZED 0x207467
diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c
index 7f751fb51a18..763053dfc115 100644
--- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c
+++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c
@@ -39,7 +39,7 @@
  */
 static cracen_prng_context_t prng;
 
-NRF_SECURITY_MUTEX_DEFINE(cracen_prng_context_mutex);
+extern mbedtls_threading_mutex_t cracen_mutex_prng_context;
 
 /*
  * @brief Internal function to enable TRNG and get entropy for initial seed and
@@ -129,7 +129,8 @@ psa_status_t cracen_init_random(cracen_prng_context_t *context)
 		return PSA_SUCCESS;
 	}
 
-	nrf_security_mutex_lock(&cracen_prng_context_mutex);
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex_prng_context) == 0,
+		"cracen_mutex_prng_context not initialized (lock)");
 	safe_memset(&prng, sizeof(prng), 0, sizeof(prng));
 
 	/* Get the entropy used to seed the DRBG */
@@ -153,7 +154,8 @@ psa_status_t cracen_init_random(cracen_prng_context_t *context)
 	prng.initialized = CRACEN_PRNG_INITIALIZED;
 
 exit:
-	nrf_security_mutex_unlock(&cracen_prng_context_mutex);
+	__ASSERT(mbedtls_mutex_unlock(&cracen_mutex_prng_context) == 0,
+		"cracen_mutex_prng_context not initialized (unlock)");
 
 	return silex_statuscodes_to_psa(sx_err);
 }
@@ -173,7 +175,8 @@ psa_status_t cracen_get_random(cracen_prng_context_t *context, uint8_t *output,
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
-	nrf_security_mutex_lock(&cracen_prng_context_mutex);
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex_prng_context) == 0,
+		"cracen_mutex_prng_context not initialized (lock)");
 
 	if (prng.reseed_counter == 0) {
 		status = cracen_init_random(context);
@@ -238,7 +241,8 @@ psa_status_t cracen_get_random(cracen_prng_context_t *context, uint8_t *output,
 	prng.reseed_counter += 1;
 
 exit:
-	nrf_security_mutex_unlock(&cracen_prng_context_mutex);
+	__ASSERT(mbedtls_mutex_unlock(&cracen_mutex_prng_context) == 0,
+		"cracen_mutex_prng_context not initialized (unlock)");
 	return status;
 }
 
diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c
index 2ed3c7c5607a..c73bc288f0b0 100644
--- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c
+++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c
@@ -1341,7 +1341,8 @@ psa_status_t cracen_export_key(const psa_key_attributes_t *attributes, const uin
 		 * use case. Here the decision was to avoid defining another mutex to handle the
 		 * push buffer for the rest of the use cases.
 		 */
-		nrf_security_mutex_lock(&cracen_mutex_symmetric);
+		__ASSERT(mbedtls_mutex_lock(&cracen_mutex_symmetric) == 0,
+			"cracen_mutex_symmetric not initialized (lock)");
 		status = cracen_kmu_prepare_key(key_buffer);
 		if (status == SX_OK) {
 			memcpy(data, kmu_push_area, key_out_size);
@@ -1349,7 +1350,8 @@ psa_status_t cracen_export_key(const psa_key_attributes_t *attributes, const uin
 		}
 
 		(void)cracen_kmu_clean_key(key_buffer);
-		nrf_security_mutex_unlock(&cracen_mutex_symmetric);
+		__ASSERT(mbedtls_mutex_unlock(&cracen_mutex_symmetric) == 0,
+			"cracen_mutex_symmetric not initialized (unlock)");
 
 		return silex_statuscodes_to_psa(status);
 	}
@@ -1385,7 +1387,8 @@ psa_status_t cracen_copy_key(psa_key_attributes_t *attributes, const uint8_t *so
 	psa_status_t psa_status;
 	size_t key_size = PSA_BITS_TO_BYTES(psa_get_key_bits(attributes));
 
-	nrf_security_mutex_lock(&cracen_mutex_symmetric);
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex_symmetric) == 0,
+		"cracen_mutex_symmetric not initialized (lock)");
 	status = cracen_kmu_prepare_key(source_key);
 
 	if (status == SX_OK) {
@@ -1397,7 +1400,8 @@ psa_status_t cracen_copy_key(psa_key_attributes_t *attributes, const uint8_t *so
 	}
 
 	(void)cracen_kmu_clean_key(source_key);
-	nrf_security_mutex_unlock(&cracen_mutex_symmetric);
+	__ASSERT(mbedtls_mutex_unlock(&cracen_mutex_symmetric) == 0,
+		"cracen_mutex_symmetric not initialized (unlock)");
 
 	if (status != SX_OK) {
 		return silex_statuscodes_to_psa(status);
diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c
index b9624f5d0dd1..e96ba58f3322 100644
--- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c
+++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c
@@ -844,13 +844,15 @@ static psa_status_t push_kmu_key_to_ram(uint8_t *key_buffer, size_t key_buffer_s
 	 * Here the decision was to avoid defining another mutex to handle the push buffer for the
 	 * rest of the use cases.
 	 */
-	nrf_security_mutex_lock(&cracen_mutex_symmetric);
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex_symmetric) == 0,
+			"cracen_mutex_symmetric not initialized (lock)");
 	status = silex_statuscodes_to_psa(cracen_kmu_prepare_key(key_buffer));
 	if (status == PSA_SUCCESS) {
 		memcpy(key_buffer, kmu_push_area, key_buffer_size);
 		safe_memzero(kmu_push_area, sizeof(kmu_push_area));
 	}
-	nrf_security_mutex_unlock(&cracen_mutex_symmetric);
+	__ASSERT(mbedtls_mutex_unlock(&cracen_mutex_symmetric) == 0,
+		"cracen_mutex_symmetric not initialized (unlock)");
 
 	return status;
 }
diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c
index e1d974e7387a..50712e8e2137 100644
--- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c
+++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c
@@ -24,13 +24,16 @@ static uint32_t prng_pool[PRNG_POOL_SIZE];
 static uint32_t prng_pool_remaining;
 
 
-NRF_SECURITY_MUTEX_DEFINE(cracen_prng_pool_mutex);
+extern mbedtls_threading_mutex_t cracen_mutex_prng_pool;
+
+
 
 int cracen_prng_value_from_pool(uint32_t *prng_value)
 {
 	int status = SX_OK;
 
-	nrf_security_mutex_lock(&cracen_prng_pool_mutex);
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex_prng_pool) == 0,
+		"cracen_mutex_prng_pool not initialized (lock)");
 
 	if (prng_pool_remaining == 0) {
 		psa_status_t psa_status =
@@ -47,6 +50,7 @@ int cracen_prng_value_from_pool(uint32_t *prng_value)
 	prng_pool_remaining--;
 
 exit:
-	nrf_security_mutex_unlock(&cracen_prng_pool_mutex);
+	__ASSERT(mbedtls_mutex_unlock(&cracen_mutex_prng_pool) == 0,
+		"cracen_mutex_prng_pool not initialized (unlock)");
 	return status;
 }
diff --git a/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c b/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c
index ff80d2a13443..4d6475bfe28b 100644
--- a/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c
+++ b/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c
@@ -52,7 +52,7 @@ struct sx_pk_cnx {
 
 struct sx_pk_cnx silex_pk_engine;
 
-NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_asymmetric);
+extern mbedtls_threading_mutex_t cracen_mutex_asymmetric;
 
 bool ba414ep_is_busy(sx_pk_req *req)
 {
@@ -183,7 +183,9 @@ struct sx_pk_acq_req sx_pk_acquire_req(const struct sx_pk_cmd_def *cmd)
 {
 	struct sx_pk_acq_req req = {NULL, SX_OK};
 
-	nrf_security_mutex_lock(&cracen_mutex_asymmetric);
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex_asymmetric) == 0,
+		"cracen_mutex_asymmetric not initialized (lock)");
+
 	req.req = &silex_pk_engine.instance;
 	req.req->cmd = cmd;
 	req.req->cnx = &silex_pk_engine;
@@ -220,7 +222,8 @@ void sx_pk_release_req(sx_pk_req *req)
 	cracen_release();
 	req->cmd = NULL;
 	req->userctxt = NULL;
-	nrf_security_mutex_unlock(&cracen_mutex_asymmetric);
+	__ASSERT(mbedtls_mutex_unlock(&cracen_mutex_asymmetric) == 0,
+		"cracen_mutex_asymmetric not initialized (unlock)");
 }
 
 struct sx_regs *sx_pk_get_regs(void)
diff --git a/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c b/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c
index 4bc13e75b5e6..9092a3422b5f 100644
--- a/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c
+++ b/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c
@@ -24,13 +24,13 @@
  */
 #define CMDMA_INTMASK_EN ((1 << 2) | (1 << 5) | (1 << 4))
 
-NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_symmetric);
+extern mbedtls_threading_mutex_t cracen_mutex_symmetric;
 
 void sx_hw_reserve(struct sx_dmactl *dma)
 {
 	cracen_acquire();
-	nrf_security_mutex_lock(&cracen_mutex_symmetric);
-
+	__ASSERT(mbedtls_mutex_lock(&cracen_mutex_symmetric) == 0,
+		"cracen_mutex_symmetric not initialized (lock)");
 	if (dma) {
 		dma->hw_acquired = true;
 	}
@@ -48,7 +48,8 @@ void sx_cmdma_release_hw(struct sx_dmactl *dma)
 {
 	if (dma == NULL || dma->hw_acquired) {
 		cracen_release();
-		nrf_security_mutex_unlock(&cracen_mutex_symmetric);
+		__ASSERT(mbedtls_mutex_unlock(&cracen_mutex_symmetric) == 0,
+			"cracen_mutex_symmetric not initialized (unlock)");
 		if (dma) {
 			dma->hw_acquired = false;
 		}
diff --git a/subsys/nrf_security/src/threading/threading_alt.c b/subsys/nrf_security/src/threading/threading_alt.c
index 681baa6182cd..7e263a9acffe 100644
--- a/subsys/nrf_security/src/threading/threading_alt.c
+++ b/subsys/nrf_security/src/threading/threading_alt.c
@@ -24,6 +24,14 @@ NRF_SECURITY_MUTEX_DEFINE(mbedtls_threading_key_slot_mutex);
 NRF_SECURITY_MUTEX_DEFINE(mbedtls_threading_psa_globaldata_mutex);
 NRF_SECURITY_MUTEX_DEFINE(mbedtls_threading_psa_rngdata_mutex);
 
+#if defined(CONFIG_PSA_CRYPTO_DRIVER_CRACEN)
+NRF_SECURITY_MUTEX_DEFINE(cracen_mutex);
+NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_prng_context);
+NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_prng_pool);
+NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_asymmetric);
+NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_symmetric);
+#endif
+
 static void mbedtls_mutex_init_fn(mbedtls_threading_mutex_t * mutex)
 {
     if(!k_is_pre_kernel() && !k_is_in_isr()) {
@@ -66,6 +74,13 @@ static int post_kernel_init(void)
     mbedtls_mutex_init(&mbedtls_threading_key_slot_mutex);
     mbedtls_mutex_init(&mbedtls_threading_psa_globaldata_mutex);
     mbedtls_mutex_init(&mbedtls_threading_psa_rngdata_mutex);
+#if defined(CONFIG_PSA_CRYPTO_DRIVER_CRACEN)
+    mbedtls_mutex_init(&cracen_mutex);
+    mbedtls_mutex_init(&cracen_mutex_prng_context);
+    mbedtls_mutex_init(&cracen_mutex_prng_pool);
+    mbedtls_mutex_init(&cracen_mutex_asymmetric);
+    mbedtls_mutex_init(&cracen_mutex_symmetric);
+#endif
     return 0;
 }