Initialize platform in trng test

TESTS/mbed_hal/trng/main.cpp

@@ -43,6 +43,8 @@
 #include "base64b.h"
 #include "pithy.h"
 #include <stdio.h>
+#include "mbedtls/config.h"
+#include "mbedtls/platform.h"
 
 #if !DEVICE_TRNG
 #error [NOT_SUPPORTED] TRNG API not supported for this target
@@ -268,11 +270,17 @@ Specification specification(greentea_test_setup, cases, greentea_test_teardown_h
 
 int main()
 {
+    int ret = 0;
+#if defined(MBEDTLS_PLATFORM_C)
+    ret = mbedtls_platform_setup(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
 #if (defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
     inject_entropy_for_psa();
 #endif
-    bool ret = !Harness::run(specification);
-
+    ret = !Harness::run(specification);
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
     return ret;
 }
 

UNITTESTS/features/lorawan/loramaccrypto/unittest.cmake

@@ -35,6 +35,7 @@ set(unittest-test-sources
   stubs/cipher_stub.c
   stubs/aes_stub.c
   stubs/cmac_stub.c
+  ../features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.c
 
 )
 

UNITTESTS/stubs/LoRaMacCrypto_stub.cpp

@@ -30,6 +30,10 @@ LoRaMacCrypto::LoRaMacCrypto()
 {
 }
 
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+}
+
 int LoRaMacCrypto::compute_mic(const uint8_t *, uint16_t, const uint8_t *, uint32_t, uint32_t,
                                uint8_t dir, uint32_t, uint32_t *)
 {

features/device_key/source/DeviceKey.cpp

@@ -19,6 +19,7 @@
 #if DEVICEKEY_ENABLED
 #include "mbedtls/config.h"
 #include "mbedtls/cmac.h"
+#include "mbedtls/platform.h"
 #include "KVStore.h"
 #include "TDBStore.h"
 #include "KVMap.h"
@@ -59,15 +60,25 @@ namespace mbed {
 
 DeviceKey::DeviceKey()
 {
+
     int ret = kv_init_storage_config();
     if (ret != MBED_SUCCESS) {
         tr_error("DeviceKey: Fail to initialize KvStore configuration.");
     }
+#if defined(MBEDTLS_PLATFORM_C)
+    ret = mbedtls_platform_setup(NULL);
+    if (ret != MBED_SUCCESS) {
+        tr_error("DeviceKey: Fail in mbedtls_platform_setup.");
+    }
+#endif /* MBEDTLS_PLATFORM_C */
     return;
 }
 
 DeviceKey::~DeviceKey()
 {
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
     return;
 }
 

features/lorawan/lorastack/mac/LoRaMacCrypto.cpp

@@ -28,12 +28,26 @@
 
 #include "LoRaMacCrypto.h"
 #include "system/lorawan_data_structures.h"
+#include "mbedtls/platform.h"
 
 
 #if defined(MBEDTLS_CMAC_C) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_CIPHER_C)
 
 LoRaMacCrypto::LoRaMacCrypto()
 {
+#if defined(MBEDTLS_PLATFORM_C)
+    int ret = mbedtls_platform_setup(NULL);
+    if (ret != 0) {
+        MBED_ASSERT(0 && "LoRaMacCrypto: Fail in mbedtls_platform_setup.");
+    }
+#endif /* MBEDTLS_PLATFORM_C */
+}
+
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
 }
 
 int LoRaMacCrypto::compute_mic(const uint8_t *buffer, uint16_t size,
@@ -291,6 +305,10 @@ LoRaMacCrypto::LoRaMacCrypto()
     MBED_ASSERT(0 && "[LoRaCrypto] Must enable AES, CMAC & CIPHER from mbedTLS");
 }
 
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+}
+
 // If mbedTLS is not configured properly, these dummies will ensure that
 // user knows what is wrong and in addition to that these ensure that
 // Mbed-OS compiles properly under normal conditions where LoRaWAN in conjunction

features/lorawan/lorastack/mac/LoRaMacCrypto.h

@@ -30,6 +30,7 @@ SPDX-License-Identifier: BSD-3-Clause
 #ifndef MBED_LORAWAN_MAC_LORAMAC_CRYPTO_H__
 #define MBED_LORAWAN_MAC_LORAMAC_CRYPTO_H__
 
+#include "mbedtls/config.h"
 #include "mbedtls/aes.h"
 #include "mbedtls/cmac.h"
 
@@ -41,6 +42,11 @@ class LoRaMacCrypto {
      */
     LoRaMacCrypto();
 
+    /**
+     * Destructor
+     */
+    ~LoRaMacCrypto();
+
     /**
      * Computes the LoRaMAC frame MIC field
      *

features/lwipstack/lwip/src/apps/snmp/lwip_snmpv3_mbedtls.c

@@ -47,6 +47,7 @@
 
 #include "mbedtls/md5.h"
 #include "mbedtls/sha1.h"
+#include "mbedtls/platform.h"
 
 err_t
 snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
@@ -59,19 +60,24 @@ snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
   struct snmp_pbuf_stream read_stream;
   snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
 
+#if defined(MBEDTLS_PLATFORM_C)
+    if (mbedtls_platform_setup(NULL) != 0) {
+        return ERR_ARG;
+    }
+#endif /* MBEDTLS_PLATFORM_C */
   if (algo == SNMP_V3_AUTH_ALGO_MD5) {
     md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
     key_len = SNMP_V3_MD5_LEN;
   } else if (algo == SNMP_V3_AUTH_ALGO_SHA) {
     md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
     key_len = SNMP_V3_SHA_LEN;
   } else {
-    return ERR_ARG;
+    goto platform_teardown;
   }
 
   mbedtls_md_init(&ctx);
   if(mbedtls_md_setup(&ctx, md_info, 1) != 0) {
-    return ERR_ARG;
+    goto platform_teardown;
   }
 
   if (mbedtls_md_hmac_starts(&ctx, key, key_len) != 0) {
@@ -95,10 +101,17 @@ snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
   }
 
   mbedtls_md_free(&ctx);
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
   return ERR_OK;
 
 free_md:
   mbedtls_md_free(&ctx);
+platform_teardown:
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
   return ERR_ARG;
 }
 
@@ -117,6 +130,11 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
   struct snmp_pbuf_stream write_stream;
   snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
   snmp_pbuf_stream_init(&write_stream, stream->pbuf, stream->offset, stream->length);
+#if defined(MBEDTLS_PLATFORM_C)
+  if (mbedtls_platform_setup(NULL) != 0) {
+    return ERR_ARG;
+  }
+#endif /* MBEDTLS_PLATFORM_C */
   mbedtls_cipher_init(&ctx);
 
   if (algo == SNMP_V3_PRIV_ALGO_DES) {
@@ -126,15 +144,15 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
 
     /* RFC 3414 mandates padding for DES */
     if ((length & 0x07) != 0) {
-      return ERR_ARG;
+      goto platform_teardown;
     }
 
     cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_CBC);
     if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
-      return ERR_ARG;
+      goto platform_teardown
     }
     if(mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE) != 0) {
-      return ERR_ARG;
+      goto platform_teardown;
     }
     if(mbedtls_cipher_setkey(&ctx, key, 8*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
       goto error;
@@ -174,7 +192,7 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
 
     cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128);
     if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
-      return ERR_ARG;
+      goto platform_teardown;
     }
     if(mbedtls_cipher_setkey(&ctx, key, 16*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
       goto error;
@@ -209,15 +227,19 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
       snmp_pbuf_stream_write(&write_stream, out_byte);
     }
   } else {
-    return ERR_ARG;
+    goto platform_teardown;
   }
 
   mbedtls_cipher_free(&ctx);
   return ERR_OK;
 
 error:
   mbedtls_cipher_free(&ctx);
-  return ERR_OK;
+platform_teardown:
+#if defined(MBEDTLS_PLATFORM_C)
+  mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
+  return ERR_ARG;
 }
 
 #endif /* LWIP_SNMP_V3_CRYPTO */
@@ -237,6 +259,11 @@ snmpv3_password_to_key_md5(
   u8_t i;
   u32_t count = 0;
 
+#if defined(MBEDTLS_PLATFORM_C)
+  if (mbedtls_platform_setup(NULL) != 0) {
+    goto end;
+  }
+#endif /* MBEDTLS_PLATFORM_C */
   mbedtls_md5_init(&MD); /* initialize MD5 */
   mbedtls_md5_starts(&MD);
 
@@ -272,6 +299,11 @@ snmpv3_password_to_key_md5(
   mbedtls_md5_finish(&MD, key);
 
   mbedtls_md5_free(&MD);
+
+end:
+#if defined(MBEDTLS_PLATFORM_C)
+  mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
   return;
 }
 
@@ -290,6 +322,11 @@ snmpv3_password_to_key_sha(
   u8_t i;
   u32_t count = 0;
 
+#if defined(MBEDTLS_PLATFORM_C)
+  if (mbedtls_platform_setup(NULL) != 0) {
+    goto end;
+  }
+#endif /* MBEDTLS_PLATFORM_C */
   mbedtls_sha1_init(&SH); /* initialize SHA */
   mbedtls_sha1_starts(&SH);
 
@@ -325,6 +362,11 @@ snmpv3_password_to_key_sha(
   mbedtls_sha1_finish(&SH, key);
 
   mbedtls_sha1_free(&SH);
+
+end:
+#if defined(MBEDTLS_PLATFORM_C)
+  mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
   return;
 }
 

features/mbedtls/platform/src/mbed_trng.cpp

@@ -17,17 +17,19 @@
 #if DEVICE_TRNG
 
 #include "hal/trng_api.h"
+#include "platform/SingletonPtr.h"
 #include "platform/PlatformMutex.h"
 
+SingletonPtr<PlatformMutex> mbedtls_mutex;
+
 extern "C"
 int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen ) {
-    static PlatformMutex trng_mutex;
     trng_t trng_obj;
-    trng_mutex.lock();
+    mbedtls_mutex->lock();
     trng_init(&trng_obj);
     int ret = trng_get_bytes(&trng_obj, output, len, olen);
     trng_free(&trng_obj);
-    trng_mutex.unlock();
+    mbedtls_mutex->unlock();
     return ret;
 }
 

features/mbedtls/platform/src/platform_alt.c → features/mbedtls/platform/src/platform_alt.cpp

@@ -20,33 +20,38 @@
 
 #include "mbedtls/platform.h"
 #if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-#include "mbed_critical.h"
+#include "platform/SingletonPtr.h"
+#include "platform/PlatformMutex.h"
 
 mbedtls_platform_context plat_ctx = { { 0 } };
+extern SingletonPtr<PlatformMutex> mbedtls_mutex;
 
 int mbedtls_platform_setup( mbedtls_platform_context *unused_ctx )
 {
     int ret = 0;
-
-    core_util_atomic_incr_u32( ( volatile uint32_t * )&plat_ctx.reference_count, 1 );
+    mbedtls_mutex->lock();
+    ++plat_ctx.reference_count;
 
     if( plat_ctx.reference_count == 1 )
     {
         /* call platform specific code to setup crypto driver */
         ret = crypto_platform_setup( &plat_ctx.platform_impl_ctx );
     }
+    mbedtls_mutex->unlock();
     return ( ret );
 }
 
 void mbedtls_platform_teardown( mbedtls_platform_context *unused_ctx )
 {
-    core_util_atomic_decr_u32( ( volatile uint32_t * )&plat_ctx.reference_count, 1 );
+    mbedtls_mutex->lock();
+    --plat_ctx.reference_count;
     if( plat_ctx.reference_count < 1 )
     {
         /* call platform specific code to terminate crypto driver */
         crypto_platform_terminate( &plat_ctx.platform_impl_ctx );
         plat_ctx.reference_count = 0;
     }
+    mbedtls_mutex->unlock();
 }
 
 #endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT*/

features/nanostack/coap-service/source/coap_security_handler.c

@@ -102,6 +102,11 @@ static int coap_security_handler_init(coap_security_t *sec)
     const int entropy_source_type = MBEDTLS_ENTROPY_SOURCE_WEAK;
 #endif
 
+#if defined(MBEDTLS_PLATFORM_C)
+    if (mbedtls_platform_setup(NULL) != 0)
+        return -1;
+#endif /* MBEDTLS_PLATFORM_C */
+
     mbedtls_ssl_init(&sec->_ssl);
     mbedtls_ssl_config_init(&sec->_conf);
     mbedtls_ctr_drbg_init(&sec->_ctr_drbg);
@@ -153,6 +158,9 @@ static void coap_security_handler_reset(coap_security_t *sec)
     mbedtls_ctr_drbg_free(&sec->_ctr_drbg);
     mbedtls_ssl_config_free(&sec->_conf);
     mbedtls_ssl_free(&sec->_ssl);
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
 }