crypto: nrf_cc3xx: Update mutex support for Mbed TLS 3.6.0

frkv · frkv · commit d826e248044f · 2024-09-10T07:38:34.000+02:00
-This adds support for the 3 new mutexes that is required when building
 with Mbed TLS 3.6.0 with PSA crypto:
 - mbedtls_threading_key_slot_mutex
 - mbedtls_threading_psa_globaldata_mutex
 - mbedtls_threading_psa_rngdata_mutex
-Fixed typo

Note: There is a counterpart to this for devices that doesn't enable
CC3XX_BACKEND (Legacy crypto features) present in nrf_security to
allow thread-safe PSA core in all types of build in NCS.

Signed-off-by: Frank Audun Kvamtrø &lt;frank.kvamtro@nordicsemi.no&gt;
diff --git a/crypto/nrf_cc310_platform/src/nrf_cc3xx_platform_mutex_zephyr.c b/crypto/nrf_cc310_platform/src/nrf_cc3xx_platform_mutex_zephyr.c
@@ -45,6 +45,14 @@ K_MUTEX_DEFINE(power_mutex_int);
  */
 K_MUTEX_DEFINE(heap_mutex_int);
 
+/** @brief Definition of mutex for PSA storage key slot operations
+ */
+K_MUTEX_DEFINE(key_slot_mutex_int);
+
+/** @brief Definition of mutex for PSA global access
+ */
+K_MUTEX_DEFINE(psa_globaldata_mutex_int);
+
 #elif CONFIG_CC3XX_ATOMIC_LOCK
 
 /** @brief Definition of mutex for symmetric cryptography
@@ -63,13 +71,23 @@ static atomic_t power_mutex_int;
  */
 static atomic_t heap_mutex_int;
 
+/** @brief Definition of mutex for PSA storage key slot operations
+ */
+static atomic_t key_slot_mutex_int;
+
+/** @brief Definition of mutex for PSA global access
+ */
+static atomic_t psa_globaldata_mutex_int;
+
 #elif defined(NRF5340_XXAA_APPLICATION) && NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_HW_MUTEX
 
 typedef enum {
     HW_MUTEX_SYM_CRYPTO = 15,
     HW_MUTEX_ASYM_CRYPTO = 14,
     HW_MUTEX_POWER_MODE = 13,
     HW_MUTEX_HEAP_ALLOC = 12,
+    HW_MUTEX_KEY_SLOT = 11,
+    HW_MUTEX_PSA_GLOBALDATA = 10,
 } hw_mutex_t;
 
 /** @brief Definition of mutex for symmetric cryptography
@@ -88,6 +106,14 @@ static hw_mutex_t power_mutex_int = HW_MUTEX_POWER_MODE;
  */
 static hw_mutex_t heap_mutex_int = HW_MUTEX_HEAP_ALLOC;
 
+/** @brief Definition of mutex for PSA storage key slot operations
+ */
+static hw_mutex_t key_slot_mutex_int = HW_MUTEX_KEY_SLOT;
+
+/** @brief Definition of mutex for PSA global access
+ */
+static hw_mutex_t psa_globaldata_mutex_int = HW_MUTEX_PSA_GLOBALDATA;
+
 #else
 #error "Improper configuration of the lock variant!"
 #endif
@@ -161,7 +187,7 @@ static nrf_cc3xx_platform_mutex_t power_mutex = {
  *  allocation is unneccesary
  *
  * @note This symbol can't be static as it is referenced in the replacement
- *       file mbemory_buffer_alloc.c inside the heap structure.
+ *       file memory_buffer_alloc.c inside the heap structure.
  */
 nrf_cc3xx_platform_mutex_t heap_mutex = {
     .mutex = &heap_mutex_int,
@@ -172,6 +198,53 @@ nrf_cc3xx_platform_mutex_t heap_mutex = {
                     NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID
 };
 
+/** @brief Definition of RTOS-independent key slot mutex
+ *  with NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID set to indicate that
+ *  allocation is unneccesary
+ *
+ * @note This symbol can't be static as it is referenced from Mbed TLS
+ */
+nrf_cc3xx_platform_mutex_t mbedtls_threading_key_slot_mutex = {
+    .mutex = &key_slot_mutex_int,
+    .flags = IS_ENABLED(CONFIG_CC3XX_ATOMIC_LOCK) ?
+                NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_ATOMIC :
+                IS_ENABLED(CONFIG_CC3XX_HW_MUTEX_LOCK) ?
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_HW_MUTEX :
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID
+};
+
+/** @brief Definition of RTOS-independent PSA global data mutex
+ *  with NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID set to indicate that
+ *  allocation is unneccesary
+ *
+ * @note This symbol can't be static as it is referenced from Mbed TLS
+ */
+nrf_cc3xx_platform_mutex_t mbedtls_threading_psa_globaldata_mutex = {
+    .mutex = &psa_globaldata_mutex_int,
+    .flags = IS_ENABLED(CONFIG_CC3XX_ATOMIC_LOCK) ?
+                NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_ATOMIC :
+                IS_ENABLED(CONFIG_CC3XX_HW_MUTEX_LOCK) ?
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_HW_MUTEX :
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID
+};
+
+/** @brief Definition of RTOS-independent psa global data mutex
+ *  with NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID set to indicate that
+ *  allocation is unneccesary
+ *
+ * @note This symbol can't be static as it is referenced from Mbed TLS
+ *
+ * @note Reusing the RNG mutex used for CryptoCell.
+ */
+nrf_cc3xx_platform_mutex_t mbedtls_threading_psa_rngdata_mutex = {
+    .mutex = &rng_mutex_int,
+    .flags = IS_ENABLED(CONFIG_CC3XX_ATOMIC_LOCK) ?
+                NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_ATOMIC :
+                IS_ENABLED(CONFIG_CC3XX_HW_MUTEX_LOCK) ?
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_HW_MUTEX :
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID
+};
+
 static bool mutex_flags_unknown(uint32_t flags){
     switch(flags){
         case (NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID | NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_INTERNAL_MUTEX):
diff --git a/crypto/nrf_cc312_platform/src/nrf_cc3xx_platform_mutex_zephyr.c b/crypto/nrf_cc312_platform/src/nrf_cc3xx_platform_mutex_zephyr.c
@@ -45,6 +45,14 @@ K_MUTEX_DEFINE(power_mutex_int);
  */
 K_MUTEX_DEFINE(heap_mutex_int);
 
+/** @brief Definition of mutex for PSA storage key slot operations
+ */
+K_MUTEX_DEFINE(key_slot_mutex_int);
+
+/** @brief Definition of mutex for PSA global access
+ */
+K_MUTEX_DEFINE(psa_globaldata_mutex_int);
+
 #elif CONFIG_CC3XX_ATOMIC_LOCK
 
 /** @brief Definition of mutex for symmetric cryptography
@@ -63,13 +71,23 @@ static atomic_t power_mutex_int;
  */
 static atomic_t heap_mutex_int;
 
+/** @brief Definition of mutex for PSA storage key slot operations
+ */
+static atomic_t key_slot_mutex_int;
+
+/** @brief Definition of mutex for PSA global access
+ */
+static atomic_t psa_globaldata_mutex_int;
+
 #elif defined(NRF5340_XXAA_APPLICATION) && NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_HW_MUTEX
 
 typedef enum {
     HW_MUTEX_SYM_CRYPTO = 15,
     HW_MUTEX_ASYM_CRYPTO = 14,
     HW_MUTEX_POWER_MODE = 13,
     HW_MUTEX_HEAP_ALLOC = 12,
+    HW_MUTEX_KEY_SLOT = 11,
+    HW_MUTEX_PSA_GLOBALDATA = 10,
 } hw_mutex_t;
 
 /** @brief Definition of mutex for symmetric cryptography
@@ -88,6 +106,14 @@ static hw_mutex_t power_mutex_int = HW_MUTEX_POWER_MODE;
  */
 static hw_mutex_t heap_mutex_int = HW_MUTEX_HEAP_ALLOC;
 
+/** @brief Definition of mutex for PSA storage key slot operations
+ */
+static hw_mutex_t key_slot_mutex_int = HW_MUTEX_KEY_SLOT;
+
+/** @brief Definition of mutex for PSA global access
+ */
+static hw_mutex_t psa_globaldata_mutex_int = HW_MUTEX_PSA_GLOBALDATA;
+
 #else
 #error "Improper configuration of the lock variant!"
 #endif
@@ -161,7 +187,7 @@ static nrf_cc3xx_platform_mutex_t power_mutex = {
  *  allocation is unneccesary
  *
  * @note This symbol can't be static as it is referenced in the replacement
- *       file mbemory_buffer_alloc.c inside the heap structure.
+ *       file memory_buffer_alloc.c inside the heap structure.
  */
 nrf_cc3xx_platform_mutex_t heap_mutex = {
     .mutex = &heap_mutex_int,
@@ -172,6 +198,53 @@ nrf_cc3xx_platform_mutex_t heap_mutex = {
                     NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID
 };
 
+/** @brief Definition of RTOS-independent key slot mutex
+ *  with NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID set to indicate that
+ *  allocation is unneccesary
+ *
+ * @note This symbol can't be static as it is referenced from Mbed TLS
+ */
+nrf_cc3xx_platform_mutex_t mbedtls_threading_key_slot_mutex = {
+    .mutex = &key_slot_mutex_int,
+    .flags = IS_ENABLED(CONFIG_CC3XX_ATOMIC_LOCK) ?
+                NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_ATOMIC :
+                IS_ENABLED(CONFIG_CC3XX_HW_MUTEX_LOCK) ?
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_HW_MUTEX :
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID
+};
+
+/** @brief Definition of RTOS-independent PSA global data mutex
+ *  with NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID set to indicate that
+ *  allocation is unneccesary
+ *
+ * @note This symbol can't be static as it is referenced from Mbed TLS
+ */
+nrf_cc3xx_platform_mutex_t mbedtls_threading_psa_globaldata_mutex = {
+    .mutex = &psa_globaldata_mutex_int,
+    .flags = IS_ENABLED(CONFIG_CC3XX_ATOMIC_LOCK) ?
+                NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_ATOMIC :
+                IS_ENABLED(CONFIG_CC3XX_HW_MUTEX_LOCK) ?
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_HW_MUTEX :
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID
+};
+
+/** @brief Definition of RTOS-independent psa global data mutex
+ *  with NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID set to indicate that
+ *  allocation is unneccesary
+ *
+ * @note This symbol can't be static as it is referenced from Mbed TLS
+ *
+ * @note Reusing the RNG mutex used for CryptoCell.
+ */
+nrf_cc3xx_platform_mutex_t mbedtls_threading_psa_rngdata_mutex = {
+    .mutex = &rng_mutex_int,
+    .flags = IS_ENABLED(CONFIG_CC3XX_ATOMIC_LOCK) ?
+                NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_ATOMIC :
+                IS_ENABLED(CONFIG_CC3XX_HW_MUTEX_LOCK) ?
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_HW_MUTEX :
+                    NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID
+};
+
 static bool mutex_flags_unknown(uint32_t flags){
     switch(flags){
         case (NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_VALID | NRF_CC3XX_PLATFORM_MUTEX_MASK_IS_INTERNAL_MUTEX):
