From e2f776790ec49546935f7b61897524f12c678a8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Wed, 23 Oct 2024 17:36:11 +0200 Subject: [PATCH 1/4] crypto: cracen: Move mutex to Mbed TLS threading_alt.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This commit ensures that the check if we are calling from ISR and/or kernel is used for CRACEN (which doesn't allow mutex-interaction). -This commit checks for failures to lock with asserts -Change cracen to use mbedtls_mutex_lock/unlock -Change cracen mutexs init to happen in threading_alt.c through the post-kernel SYS_INIT. Signed-off-by: Frank Audun Kvamtrø --- .../src/drivers/cracen/cracenpsa/src/cracen.c | 15 +++++++++------ .../src/drivers/cracen/cracenpsa/src/ctr_drbg.c | 14 +++++++++----- .../drivers/cracen/cracenpsa/src/key_management.c | 12 ++++++++---- .../src/drivers/cracen/cracenpsa/src/kmu.c | 6 ++++-- .../src/drivers/cracen/cracenpsa/src/prng_pool.c | 10 +++++++--- .../baremetal_ba414e_with_ik/pk_baremetal.c | 9 ++++++--- .../sxsymcrypt/src/platform/baremetal/cmdma_hw.c | 9 +++++---- subsys/nrf_security/src/threading/threading_alt.c | 15 +++++++++++++++ 8 files changed, 63 insertions(+), 27 deletions(-) diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c index 159cfbabc13c..cb6f136f52cc 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c @@ -24,7 +24,7 @@ static int users; -NRF_SECURITY_MUTEX_DEFINE(cracen_mutex); +extern mbedtls_threading_mutex_t cracen_mutex; LOG_MODULE_REGISTER(cracen, CONFIG_CRACEN_LOG_LEVEL); @@ -51,7 +51,8 @@ static void cracen_load_microcode(void) void cracen_acquire(void) { - nrf_security_mutex_lock(&cracen_mutex); + __ASSERT(mbedtls_mutex_lock(&cracen_mutex) == 0, + "cracen_mutex not initialized (lock)"); if (users++ == 0) { nrf_cracen_module_enable(NRF_CRACEN, CRACEN_ENABLE_CRYPTOMASTER_Msk | @@ -61,13 +62,14 @@ void cracen_acquire(void) LOG_DBG_MSG("Powered on CRACEN."); } - nrf_security_mutex_unlock(&cracen_mutex); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex) == 0, + "cracen_mutex not initialized (unlock)"); } void cracen_release(void) { - nrf_security_mutex_lock(&cracen_mutex); - + __ASSERT(mbedtls_mutex_lock(&cracen_mutex) == 0, + "cracen_mutex not initialized (lock)"); if (--users == 0) { /* Disable IRQs in the ARM NVIC as the first operation to be * sure no IRQs fire while we are turning CRACEN off. @@ -102,7 +104,8 @@ void cracen_release(void) LOG_DBG_MSG("Powered off CRACEN."); } - nrf_security_mutex_unlock(&cracen_mutex); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex) == 0, + "cracen_mutex not initialized (unlock)"); } #define CRACEN_NOT_INITIALIZED 0x207467 diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c index 7f751fb51a18..763053dfc115 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c @@ -39,7 +39,7 @@ */ static cracen_prng_context_t prng; -NRF_SECURITY_MUTEX_DEFINE(cracen_prng_context_mutex); +extern mbedtls_threading_mutex_t cracen_mutex_prng_context; /* * @brief Internal function to enable TRNG and get entropy for initial seed and @@ -129,7 +129,8 @@ psa_status_t cracen_init_random(cracen_prng_context_t *context) return PSA_SUCCESS; } - nrf_security_mutex_lock(&cracen_prng_context_mutex); + __ASSERT(mbedtls_mutex_lock(&cracen_mutex_prng_context) == 0, + "cracen_mutex_prng_context not initialized (lock)"); safe_memset(&prng, sizeof(prng), 0, sizeof(prng)); /* Get the entropy used to seed the DRBG */ @@ -153,7 +154,8 @@ psa_status_t cracen_init_random(cracen_prng_context_t *context) prng.initialized = CRACEN_PRNG_INITIALIZED; exit: - nrf_security_mutex_unlock(&cracen_prng_context_mutex); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex_prng_context) == 0, + "cracen_mutex_prng_context not initialized (unlock)"); return silex_statuscodes_to_psa(sx_err); } @@ -173,7 +175,8 @@ psa_status_t cracen_get_random(cracen_prng_context_t *context, uint8_t *output, return PSA_ERROR_INVALID_ARGUMENT; } - nrf_security_mutex_lock(&cracen_prng_context_mutex); + __ASSERT(mbedtls_mutex_lock(&cracen_mutex_prng_context) == 0, + "cracen_mutex_prng_context not initialized (lock)"); if (prng.reseed_counter == 0) { status = cracen_init_random(context); @@ -238,7 +241,8 @@ psa_status_t cracen_get_random(cracen_prng_context_t *context, uint8_t *output, prng.reseed_counter += 1; exit: - nrf_security_mutex_unlock(&cracen_prng_context_mutex); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex_prng_context) == 0, + "cracen_mutex_prng_context not initialized (unlock)"); return status; } diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c index 2ed3c7c5607a..c73bc288f0b0 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c @@ -1341,7 +1341,8 @@ psa_status_t cracen_export_key(const psa_key_attributes_t *attributes, const uin * use case. Here the decision was to avoid defining another mutex to handle the * push buffer for the rest of the use cases. */ - nrf_security_mutex_lock(&cracen_mutex_symmetric); + __ASSERT(mbedtls_mutex_lock(&cracen_mutex_symmetric) == 0, + "cracen_mutex_symmetric not initialized (lock)"); status = cracen_kmu_prepare_key(key_buffer); if (status == SX_OK) { memcpy(data, kmu_push_area, key_out_size); @@ -1349,7 +1350,8 @@ psa_status_t cracen_export_key(const psa_key_attributes_t *attributes, const uin } (void)cracen_kmu_clean_key(key_buffer); - nrf_security_mutex_unlock(&cracen_mutex_symmetric); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex_symmetric) == 0, + "cracen_mutex_symmetric not initialized (unlock)"); return silex_statuscodes_to_psa(status); } @@ -1385,7 +1387,8 @@ psa_status_t cracen_copy_key(psa_key_attributes_t *attributes, const uint8_t *so psa_status_t psa_status; size_t key_size = PSA_BITS_TO_BYTES(psa_get_key_bits(attributes)); - nrf_security_mutex_lock(&cracen_mutex_symmetric); + __ASSERT(mbedtls_mutex_lock(&cracen_mutex_symmetric) == 0, + "cracen_mutex_symmetric not initialized (lock)"); status = cracen_kmu_prepare_key(source_key); if (status == SX_OK) { @@ -1397,7 +1400,8 @@ psa_status_t cracen_copy_key(psa_key_attributes_t *attributes, const uint8_t *so } (void)cracen_kmu_clean_key(source_key); - nrf_security_mutex_unlock(&cracen_mutex_symmetric); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex_symmetric) == 0, + "cracen_mutex_symmetric not initialized (unlock)"); if (status != SX_OK) { return silex_statuscodes_to_psa(status); diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c index b9624f5d0dd1..e96ba58f3322 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c @@ -844,13 +844,15 @@ static psa_status_t push_kmu_key_to_ram(uint8_t *key_buffer, size_t key_buffer_s * Here the decision was to avoid defining another mutex to handle the push buffer for the * rest of the use cases. */ - nrf_security_mutex_lock(&cracen_mutex_symmetric); + __ASSERT(mbedtls_mutex_lock(&cracen_mutex_symmetric) == 0, + "cracen_mutex_symmetric not initialized (lock)"); status = silex_statuscodes_to_psa(cracen_kmu_prepare_key(key_buffer)); if (status == PSA_SUCCESS) { memcpy(key_buffer, kmu_push_area, key_buffer_size); safe_memzero(kmu_push_area, sizeof(kmu_push_area)); } - nrf_security_mutex_unlock(&cracen_mutex_symmetric); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex_symmetric) == 0, + "cracen_mutex_symmetric not initialized (unlock)"); return status; } diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c index e1d974e7387a..50712e8e2137 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c @@ -24,13 +24,16 @@ static uint32_t prng_pool[PRNG_POOL_SIZE]; static uint32_t prng_pool_remaining; -NRF_SECURITY_MUTEX_DEFINE(cracen_prng_pool_mutex); +extern mbedtls_threading_mutex_t cracen_mutex_prng_pool; + + int cracen_prng_value_from_pool(uint32_t *prng_value) { int status = SX_OK; - nrf_security_mutex_lock(&cracen_prng_pool_mutex); + __ASSERT(mbedtls_mutex_lock(&cracen_mutex_prng_pool) == 0, + "cracen_mutex_prng_pool not initialized (lock)"); if (prng_pool_remaining == 0) { psa_status_t psa_status = @@ -47,6 +50,7 @@ int cracen_prng_value_from_pool(uint32_t *prng_value) prng_pool_remaining--; exit: - nrf_security_mutex_unlock(&cracen_prng_pool_mutex); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex_prng_pool) == 0, + "cracen_mutex_prng_pool not initialized (unlock)"); return status; } diff --git a/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c b/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c index ff80d2a13443..4d6475bfe28b 100644 --- a/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c +++ b/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c @@ -52,7 +52,7 @@ struct sx_pk_cnx { struct sx_pk_cnx silex_pk_engine; -NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_asymmetric); +extern mbedtls_threading_mutex_t cracen_mutex_asymmetric; bool ba414ep_is_busy(sx_pk_req *req) { @@ -183,7 +183,9 @@ struct sx_pk_acq_req sx_pk_acquire_req(const struct sx_pk_cmd_def *cmd) { struct sx_pk_acq_req req = {NULL, SX_OK}; - nrf_security_mutex_lock(&cracen_mutex_asymmetric); + __ASSERT(mbedtls_mutex_lock(&cracen_mutex_asymmetric) == 0, + "cracen_mutex_asymmetric not initialized (lock)"); + req.req = &silex_pk_engine.instance; req.req->cmd = cmd; req.req->cnx = &silex_pk_engine; @@ -220,7 +222,8 @@ void sx_pk_release_req(sx_pk_req *req) cracen_release(); req->cmd = NULL; req->userctxt = NULL; - nrf_security_mutex_unlock(&cracen_mutex_asymmetric); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex_asymmetric) == 0, + "cracen_mutex_asymmetric not initialized (unlock)"); } struct sx_regs *sx_pk_get_regs(void) diff --git a/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c b/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c index 4bc13e75b5e6..9092a3422b5f 100644 --- a/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c +++ b/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c @@ -24,13 +24,13 @@ */ #define CMDMA_INTMASK_EN ((1 << 2) | (1 << 5) | (1 << 4)) -NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_symmetric); +extern mbedtls_threading_mutex_t cracen_mutex_symmetric; void sx_hw_reserve(struct sx_dmactl *dma) { cracen_acquire(); - nrf_security_mutex_lock(&cracen_mutex_symmetric); - + __ASSERT(mbedtls_mutex_lock(&cracen_mutex_symmetric) == 0, + "cracen_mutex_symmetric not initialized (lock)"); if (dma) { dma->hw_acquired = true; } @@ -48,7 +48,8 @@ void sx_cmdma_release_hw(struct sx_dmactl *dma) { if (dma == NULL || dma->hw_acquired) { cracen_release(); - nrf_security_mutex_unlock(&cracen_mutex_symmetric); + __ASSERT(mbedtls_mutex_unlock(&cracen_mutex_symmetric) == 0, + "cracen_mutex_symmetric not initialized (unlock)"); if (dma) { dma->hw_acquired = false; } diff --git a/subsys/nrf_security/src/threading/threading_alt.c b/subsys/nrf_security/src/threading/threading_alt.c index 681baa6182cd..7e263a9acffe 100644 --- a/subsys/nrf_security/src/threading/threading_alt.c +++ b/subsys/nrf_security/src/threading/threading_alt.c @@ -24,6 +24,14 @@ NRF_SECURITY_MUTEX_DEFINE(mbedtls_threading_key_slot_mutex); NRF_SECURITY_MUTEX_DEFINE(mbedtls_threading_psa_globaldata_mutex); NRF_SECURITY_MUTEX_DEFINE(mbedtls_threading_psa_rngdata_mutex); +#if defined(CONFIG_PSA_CRYPTO_DRIVER_CRACEN) +NRF_SECURITY_MUTEX_DEFINE(cracen_mutex); +NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_prng_context); +NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_prng_pool); +NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_asymmetric); +NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_symmetric); +#endif + static void mbedtls_mutex_init_fn(mbedtls_threading_mutex_t * mutex) { if(!k_is_pre_kernel() && !k_is_in_isr()) { @@ -66,6 +74,13 @@ static int post_kernel_init(void) mbedtls_mutex_init(&mbedtls_threading_key_slot_mutex); mbedtls_mutex_init(&mbedtls_threading_psa_globaldata_mutex); mbedtls_mutex_init(&mbedtls_threading_psa_rngdata_mutex); +#if defined(CONFIG_PSA_CRYPTO_DRIVER_CRACEN) + mbedtls_mutex_init(&cracen_mutex); + mbedtls_mutex_init(&cracen_mutex_prng_context); + mbedtls_mutex_init(&cracen_mutex_prng_pool); + mbedtls_mutex_init(&cracen_mutex_asymmetric); + mbedtls_mutex_init(&cracen_mutex_symmetric); +#endif return 0; } From 0bbe2752c7ab310ce13318fdcf016ecc0099e56d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Wed, 23 Oct 2024 17:41:59 +0200 Subject: [PATCH 2/4] crypto: cracen: Ensure that register reads/writes are flushed for PK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Add memory barrier wmb() and rmb() around writes and reads for pk module (IKG) for cracen. Signed-off-by: Frank Audun Kvamtrø --- .../silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c b/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c index 4d6475bfe28b..9f7d381bcfa0 100644 --- a/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c +++ b/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c @@ -8,6 +8,7 @@ #include +#include #include "../hw/ba414/regs_addr.h" #include #include "../hw/ba414/pkhardware_ba414e.h" @@ -111,7 +112,9 @@ void sx_pk_wrreg(struct sx_regs *regs, uint32_t addr, uint32_t v) printk("sx_pk_wrreg(addr=0x%x, sum=0x%x, val=0x%x);\r\n", addr, (uint32_t)p, v); #endif + wmb(); /* comment for compliance */ *p = v; + rmb(); /* comment for compliance */ } uint32_t sx_pk_rdreg(struct sx_regs *regs, uint32_t addr) @@ -119,7 +122,9 @@ uint32_t sx_pk_rdreg(struct sx_regs *regs, uint32_t addr) volatile uint32_t *p = (uint32_t *)(regs->base + addr); uint32_t v; + wmb(); /* comment for compliance */ v = *p; + rmb(); /* comment for compliance */ #ifdef INSTRUMENT_MMIO_WITH_PRINTFS printk("sx_pk_rdreg(addr=0x%x, sum=0x%x);\r\n", addr, (uint32_t)p); From 2ad617533b53e7e04ead7cbf22236b5690c9bb06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 24 Oct 2024 11:21:33 +0200 Subject: [PATCH 3/4] crypto: threading: Ensure mbedtls_mutex functions can be used in TF-M MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This commit moves checks to ensure we aren't in pre_kernel/ISR into its own function to ensure that this can be compiled in TF-M which will be the case for CRACEN enabled devices. -Adding static function is_pre_kernel_or_isr which is checks if TF-M and MultiThreading is enabled Signed-off-by: Frank Audun Kvamtrø --- .../nrf_security/src/threading/threading_alt.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/subsys/nrf_security/src/threading/threading_alt.c b/subsys/nrf_security/src/threading/threading_alt.c index 7e263a9acffe..baa736094713 100644 --- a/subsys/nrf_security/src/threading/threading_alt.c +++ b/subsys/nrf_security/src/threading/threading_alt.c @@ -32,23 +32,32 @@ NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_asymmetric); NRF_SECURITY_MUTEX_DEFINE(cracen_mutex_symmetric); #endif +static bool inline is_pre_kernel_or_isr(void) +{ +#if defined(CONFIG_MULTITHREADING) && !defined(__NRF_TFM__) + return k_is_pre_kernel() || k_is_in_isr(); +#else + return 0; +#endif +} + static void mbedtls_mutex_init_fn(mbedtls_threading_mutex_t * mutex) { - if(!k_is_pre_kernel() && !k_is_in_isr()) { + if(!is_pre_kernel_or_isr()) { nrf_security_mutex_init(mutex); } } static void mbedtls_mutex_free_fn(mbedtls_threading_mutex_t * mutex) { - if(!k_is_pre_kernel() && !k_is_in_isr()) { + if(!is_pre_kernel_or_isr()) { nrf_security_mutex_free(mutex); } } static int mbedtls_mutex_lock_fn(mbedtls_threading_mutex_t * mutex) { - if(!k_is_pre_kernel() && !k_is_in_isr()) { + if(!is_pre_kernel_or_isr()) { return nrf_security_mutex_lock(mutex); } else { return 0; @@ -57,7 +66,7 @@ static int mbedtls_mutex_lock_fn(mbedtls_threading_mutex_t * mutex) static int mbedtls_mutex_unlock_fn(mbedtls_threading_mutex_t * mutex) { - if(!k_is_pre_kernel() && !k_is_in_isr()) { + if(!is_pre_kernel_or_isr()) { return nrf_security_mutex_unlock(mutex); } else { return 0; From 71dd95feb7450e89892ad688e90c3ff4a8d10400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 24 Oct 2024 11:19:22 +0200 Subject: [PATCH 4/4] manifest: crypto: Adding a way to disable thread-safety for PSA core MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This commit adds PSA_CRYPTO_THREAD_SAFE as a configuration that filters thread-safety enablement for PSA crypto APIs (front-end). -This commit adds a version of oberon-psa-crypto which supports PSA_CRYPTO_THREAD_SAFE (by updating the manifest) -This commit adds the Kconfig MBEDTLS_PSA_CRYPTO_DISABLE_THREAD_SAFETY which is used to ensure PSA_CRYPTO_THREAD_SAFE can be disabled if there is a wish to not enable thread-safety for the PSA crypto front-end APIs (separated from thread-safety for legacy Mbed TLS APIs and HW accelerated drivers. -This update includes a manifest-update to ensure that this change is bisectable. -Enable Mbed TLS threading APIs in nrf_security regardless if MBEDTLS_THREADING_C is enabled so they can be shared with cracen. -Add external prototypes for mbedtls_mutex_xxxx APIs that is used regardless if threading is actually enabled Note: This commit is done to try to resolve an ABI compliance issue with pre-compiled OpenThread libraries. Signed-off-by: Frank Audun Kvamtrø --- subsys/nrf_security/Kconfig.psa | 11 +++++++++++ .../nrf_security/cmake/psa_crypto_want_config.cmake | 6 ++++++ .../nrf_security/configs/psa_crypto_config.h.template | 1 + .../configs/psa_crypto_want_config.h.template | 3 +++ .../src/drivers/cracen/cracenpsa/src/cracen.c | 2 +- .../src/drivers/cracen/cracenpsa/src/ctr_drbg.c | 2 +- .../src/drivers/cracen/cracenpsa/src/key_management.c | 2 +- .../src/drivers/cracen/cracenpsa/src/kmu.c | 2 +- .../src/drivers/cracen/cracenpsa/src/prng_pool.c | 2 +- .../target/baremetal_ba414e_with_ik/pk_baremetal.c | 2 +- .../sxsymcrypt/src/platform/baremetal/cmdma_hw.c | 2 +- .../src/threading/include/threading_alt.h | 6 ++++++ subsys/nrf_security/src/threading/threading.cmake | 2 +- west.yml | 2 +- 14 files changed, 36 insertions(+), 9 deletions(-) diff --git a/subsys/nrf_security/Kconfig.psa b/subsys/nrf_security/Kconfig.psa index 264f5fd08f01..31ef7d6c249c 100644 --- a/subsys/nrf_security/Kconfig.psa +++ b/subsys/nrf_security/Kconfig.psa @@ -12,6 +12,17 @@ config MBEDTLS_PSA_CRYPTO_C Enable the Platform Security Architecture cryptography API. Corresponds to setting in mbed TLS config file. +config MBEDTLS_PSA_CRYPTO_DISABLE_THREAD_SAFETY + bool + prompt "Disable PSA crypto thread safety" + help + Setting this configuration disables thread-safety for front-end PSA crypto APIs. + This disables the three mutexes that was added in Mbed TLS 3.6.0 that is built + into the PSA core without disabling mutexes used by the legacy Mbed TLS APIs or + in HW accelerators. + The addition of mutexes for legacy APIs and HW accelerators is still controlled + by enabling the Kconfig MBEDTLS_TREADING_C in the build. + if MBEDTLS_PSA_CRYPTO_C config MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER diff --git a/subsys/nrf_security/cmake/psa_crypto_want_config.cmake b/subsys/nrf_security/cmake/psa_crypto_want_config.cmake index 6a4439db0b9c..4f5ab5a93d4a 100644 --- a/subsys/nrf_security/cmake/psa_crypto_want_config.cmake +++ b/subsys/nrf_security/cmake/psa_crypto_want_config.cmake @@ -139,6 +139,12 @@ kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SP800_108_COUNTER_HMAC) kconfig_check_and_set_base_int(PSA_MAX_RSA_KEY_BITS) +# Enable PSA crypto (core) thread safety based on checking that MBEDTLS_THREADING_C +# is set but not MBEDTLS_PSA_CRYPTO_DISABLE_THREAD_SAFETY +if(CONFIG_MBEDTLS_THREADING_C AND NOT CONFIG_MBEDTLS_PSA_CRYPTO_DISABLE_THREAD_SAFETY) + set(PSA_CRYPTO_THREAD_SAFE True) +endif() + # Create the Mbed TLS PSA crypto config file (Contains all the PSA_WANT definitions) configure_file(${NRF_SECURITY_ROOT}/configs/psa_crypto_want_config.h.template ${generated_include_path}/${CONFIG_MBEDTLS_PSA_CRYPTO_CONFIG_FILE} diff --git a/subsys/nrf_security/configs/psa_crypto_config.h.template b/subsys/nrf_security/configs/psa_crypto_config.h.template index 91866f9958dc..6a6fe7cb791d 100644 --- a/subsys/nrf_security/configs/psa_crypto_config.h.template +++ b/subsys/nrf_security/configs/psa_crypto_config.h.template @@ -446,6 +446,7 @@ #cmakedefine MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG #cmakedefine MBEDTLS_PSA_KEY_SLOT_COUNT @MBEDTLS_PSA_KEY_SLOT_COUNT@ + #include #include diff --git a/subsys/nrf_security/configs/psa_crypto_want_config.h.template b/subsys/nrf_security/configs/psa_crypto_want_config.h.template index e4c74944ec89..eb749a782bd5 100644 --- a/subsys/nrf_security/configs/psa_crypto_want_config.h.template +++ b/subsys/nrf_security/configs/psa_crypto_want_config.h.template @@ -145,4 +145,7 @@ /* The Adjusting is done in this file */ #define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H +/* Configuration for PSA crypto front-end APIs being thread safe */ +#cmakedefine PSA_CRYPTO_THREAD_SAFE + #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c index cb6f136f52cc..bc716e498f2f 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/cracen.c @@ -14,7 +14,7 @@ #include "common.h" #include "microcode_binary.h" -#include +#include #if !defined(CONFIG_BUILD_WITH_TFM) #define LOG_ERR_MSG(msg) LOG_ERR(msg) diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c index 763053dfc115..fc0ab0fa637d 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ctr_drbg.c @@ -22,7 +22,7 @@ #include #include -#include +#include #define MAX_BITS_PER_REQUEST (1 << 19) /* NIST.SP.800-90Ar1:Table 3 */ #define RESEED_INTERVAL ((uint64_t)1 << 48) /* 2^48 as per NIST spec */ diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c index c73bc288f0b0..727538ce1552 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c @@ -9,7 +9,7 @@ #include #include "cracen_psa.h" #include "platform_keys/platform_keys.h" -#include +#include #include #include diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c index e96ba58f3322..b26efa496ab3 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/kmu.c @@ -7,7 +7,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c index 50712e8e2137..1f267a23cd46 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/prng_pool.c @@ -10,7 +10,7 @@ #include #include #include -#include +#include /* We want to avoid reserving excessive RAM and invoking * the PRNG too often. 32 was arbitrarily chosen here diff --git a/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c b/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c index 9f7d381bcfa0..3b5c6b960d03 100644 --- a/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c +++ b/subsys/nrf_security/src/drivers/cracen/silexpk/target/baremetal_ba414e_with_ik/pk_baremetal.c @@ -21,7 +21,7 @@ #include #include -#include +#include #ifndef ADDR_BA414EP_REGS_BASE #define ADDR_BA414EP_REGS_BASE CRACEN_ADDR_BA414EP_REGS_BASE diff --git a/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c b/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c index 9092a3422b5f..7f7d0c7bf289 100644 --- a/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c +++ b/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/cmdma_hw.c @@ -12,7 +12,7 @@ #include #include -#include +#include #include /* Enable interrupts showing that an operation finished or aborted. diff --git a/subsys/nrf_security/src/threading/include/threading_alt.h b/subsys/nrf_security/src/threading/include/threading_alt.h index 006db566af48..79c9bea4a27b 100644 --- a/subsys/nrf_security/src/threading/include/threading_alt.h +++ b/subsys/nrf_security/src/threading/include/threading_alt.h @@ -10,4 +10,10 @@ #include "mbedtls/build_info.h" #include "nrf_security_mutexes.h" +/* Give access to the threading function-pointer prototypes (always used) */ +extern void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *mutex); +extern void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *mutex); +extern int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *mutex); +extern int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *mutex); + #endif /* MBEDTLS_THREADING_ALT_H */ diff --git a/subsys/nrf_security/src/threading/threading.cmake b/subsys/nrf_security/src/threading/threading.cmake index 9bad488ad062..bbf0d34f05f6 100644 --- a/subsys/nrf_security/src/threading/threading.cmake +++ b/subsys/nrf_security/src/threading/threading.cmake @@ -7,7 +7,7 @@ # This file includes threading support required by the PSA crypto core # Which was added in Mbed TLS 3.6.0. -if(CONFIG_MBEDTLS_THREADING_C AND NOT (CONFIG_PSA_CRYPTO_DRIVER_CC3XX OR CONFIG_CC3XX_BACKEND)) +if(NOT (CONFIG_PSA_CRYPTO_DRIVER_CC3XX OR CONFIG_CC3XX_BACKEND)) append_with_prefix(src_crypto_base ${CMAKE_CURRENT_LIST_DIR} threading_alt.c diff --git a/west.yml b/west.yml index 999ce886f57e..40dcb5c7facd 100644 --- a/west.yml +++ b/west.yml @@ -145,7 +145,7 @@ manifest: - name: oberon-psa-crypto path: modules/crypto/oberon-psa-crypto repo-path: sdk-oberon-psa-crypto - revision: b41e899e7302462eb952b0b6a7c6903e368fb395 + revision: pull/16/head - name: nrfxlib repo-path: sdk-nrfxlib path: nrfxlib