Commit graph

17 commits

Author SHA1 Message Date
Emil Lindqvist
ca41413038 mbedtls: add ability to use custom memory section for mbedtls heap
This commit introduces the option to place the mbed TLS heap in a custom
memory section. The heap might be quite large depending on concurrent
TLS connections, thus it might be needed to place this manually

Signed-off-by: Emil Lindqvist <emil@lindq.gr>
2024-09-13 09:18:11 +02:00
Valerio Setti
e26f00fc5f mbedtls: move entropy polling functions to a dedicated file
This commit just moves some code around. For sake of cleanliness
a new file is added to hold the entropy parsing functions
for Mbed TLS.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-08-24 07:16:51 -04:00
Valerio Setti
5ef44fdd8c mbedtls: add new kconfig for non-CSPRNG sources in psa_generate_random()
This is meant to be used only for tests on platforms where CSPRNG
sources are not available. It should not be used in production.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-08-24 07:16:51 -04:00
Valerio Setti
98ddf107fa mbedtls: rename CONFIG_MBEDTLS_ZEPHYR_ENTROPY and move it
- Slightly improve the name of this kconfig adding the suffix
  _POLL in order to highlight that this adds a callback
  function used to poll data.

- Description was also updated to point out that this symbols
  might not only use the (secure) entropy driver, but also
  generic number generators, some of which are not really
  secure.

- The symbol was move from Kconfig to Kconfig.tls-generic because
  this is where MBEDTLS_ENTROPY_C is located and since
  MBEDTLS_ENTROPY_HARDWARE_ALT depends on the former (it only
  makes sense if the entropy module is also enabled), we add
  also the "depends on".

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-08-24 07:16:51 -04:00
Maochen Wang
b7ed82c060 modules: mbedtls: Fix init hang issue
In device init phase, it will call _mbedtls_init before malloc_prepare
as mbedtls has higher priority defined in SYS_INIT..
_mbedtls_init() will call psa_crypto_init() and malloc buffer,
but z_malloc_heap is not initialized, which will cause device hang.
Should call malloc_prepare() before _mbedtls_init to fix this issue,
so decrease the priority of mbedtls to default 40.

Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
2024-06-26 13:07:02 -04:00
Valerio Setti
69fa93bb79 mbedtls: add psa_crypto_init() when Mbed TLS acts a PSA crypto client
Ensure psa_crypto_init() is called during initialization when
Mbed TLS acts as a PSA crypto client. This will setup the PSA
crypto server for further calls.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-06-12 01:53:58 -07:00
Valerio Setti
a364fc8a41 mbedtls: add option to use CSPRNG as random source for PSA_CRYPTO_C
Add a choice to select between legacy modules
(i.e. ENTROPY + CTR_DRBG/HMAC_DRBG) and CSPRNG as random generators
for PSA_CRYPTO_C.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-05-09 10:27:30 +02:00
Markus Swarowsky
dc7613865d modules: mbedtls: Add a mbedtls_ms_time implementation
MbedTLS 3.5.0 requires a implementation of mbedtls_ms_time giving a
time in ms for TLS 1.3
Therefor adding an alternative implementation using zephyrs
k_uptime_get

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
2024-01-17 16:52:52 +01:00
Flavio Ceolin
e7bd10ae71 random: Rename random header
rand32.h does not make much sense, since the random subsystem
provides more APIs than just getting a random 32 bits value.

Rename it to random.h and get consistently with other
subsystems.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2023-10-10 14:23:50 +03:00
Marcin Niestroj
630555d9f6 mbedtls: fix _mbedtls_init() invocation
SYS_INIT() requires pointer to function that takes `void` now, instead of
pointer to device structure. Since the commit was developed before that
switch, it still invoked it with NULL. Fix that now.

Fixes:

  zephyr/modules/mbedtls/zephyr_init.c: In function 'mbedtls_init':
  zephyr/modules/mbedtls/zephyr_init.c:108:16: error: too many arguments \
                                              to function '_mbedtls_init'
    108 |         return _mbedtls_init(NULL);
        |                ^~~~~~~~~~~~~
  zephyr/modules/mbedtls/zephyr_init.c:86:12: note: declared here
     86 | static int _mbedtls_init(void)
        |

Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
2023-07-06 07:10:23 -04:00
Eugene Cohen
3e294acf31 mbedtls: add CONFIG_MBEDTLS_INIT
Add a config flag to enable conditional mbebtls
initialization at startup, defaulting to enabled.

Also add a function, mbedtls_init(), that should be
called by platforms that wish to initialise mbedtls
at a time of their choosing.

Signed-off-by: Eugene Cohen <quic_egmc@quicinc.com>
Signed-off-by: Dave Aldridge <quic_daldridg@quicinc.com>
2023-07-06 11:45:08 +02:00
Gerard Marull-Paretas
a5fd0d184a init: remove the need for a dummy device pointer in SYS_INIT functions
The init infrastructure, found in `init.h`, is currently used by:

- `SYS_INIT`: to call functions before `main`
- `DEVICE_*`: to initialize devices

They are all sorted according to an initialization level + a priority.
`SYS_INIT` calls are really orthogonal to devices, however, the required
function signature requires a `const struct device *dev` as a first
argument. The only reason for that is because the same init machinery is
used by devices, so we have something like:

```c
struct init_entry {
	int (*init)(const struct device *dev);
	/* only set by DEVICE_*, otherwise NULL */
	const struct device *dev;
}
```

As a result, we end up with such weird/ugly pattern:

```c
static int my_init(const struct device *dev)
{
	/* always NULL! add ARG_UNUSED to avoid compiler warning */
	ARG_UNUSED(dev);
	...
}
```

This is really a result of poor internals isolation. This patch proposes
a to make init entries more flexible so that they can accept sytem
initialization calls like this:

```c
static int my_init(void)
{
	...
}
```

This is achieved using a union:

```c
union init_function {
	/* for SYS_INIT, used when init_entry.dev == NULL */
	int (*sys)(void);
	/* for DEVICE*, used when init_entry.dev != NULL */
	int (*dev)(const struct device *dev);
};

struct init_entry {
	/* stores init function (either for SYS_INIT or DEVICE*)
	union init_function init_fn;
	/* stores device pointer for DEVICE*, NULL for SYS_INIT. Allows
	 * to know which union entry to call.
	 */
	const struct device *dev;
}
```

This solution **does not increase ROM usage**, and allows to offer clean
public APIs for both SYS_INIT and DEVICE*. Note that however, init
machinery keeps a coupling with devices.

**NOTE**: This is a breaking change! All `SYS_INIT` functions will need
to be converted to the new signature. See the script offered in the
following commit.

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>

init: convert SYS_INIT functions to the new signature

Conversion scripted using scripts/utils/migrate_sys_init.py.

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>

manifest: update projects for SYS_INIT changes

Update modules with updated SYS_INIT calls:

- hal_ti
- lvgl
- sof
- TraceRecorderSource

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>

tests: devicetree: devices: adjust test

Adjust test according to the recently introduced SYS_INIT
infrastructure.

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>

tests: kernel: threads: adjust SYS_INIT call

Adjust to the new signature: int (*init_fn)(void);

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
2023-04-12 14:28:07 +00:00
Andrzej Głąbek
010730aff6 modules: mbedtls: Provide mbedtls_hardware_poll() conditionally
This is a follow-up to commit c7327f5f70.

Wrap implementation of the `mbedtls_hardware_poll()` function in
`#if defined(CONFIG_MBEDTLS_ZEPHYR_ENTROPY)` so that the function
is provided only when that option is activated.

Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
2022-11-22 13:17:43 +09:00
Marcin Niestroj
6653fd945f modules: mbedtls: set mbedTLS debug threshold during module initialization
mbedTLS library threshold initialization was done in native TLS socket
implementation (which tends to use mbedTLS now) and inside mbedTLS
benchmark test. Move that to mbedTLS module initialization, as this is a
global setting.

Update description of CONFIG_MBEDTLS_DEBUG_LEVEL to clarify when
mbedtls_debug_set_threshold() is called.

Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
2022-08-17 12:03:52 +02:00
Robert Lubos
c7327f5f70 modules: mbedtls: Add mbed TLS entropy source based on Zephyr entropy
Add entropy source for mbed TLS based on Zephyr entropy driver.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2022-08-12 16:17:59 +02:00
Gerard Marull-Paretas
5f5a905784 modules: migrate includes to <zephyr/...>
In order to bring consistency in-tree, migrate all modules code to the
new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
2022-05-06 19:57:47 +02:00
Ioannis Glaropoulos
c48c50db42 modules: mbedtls: move CMakeLists.txt. into the main tree
We move the Zephyr-specific CMakeLists.txt file into
the main Zephyr tree. We also move the zephyr_init.c
source file.

Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
2021-05-09 09:59:22 -05:00