zephyr/modules/mbedtls/zephyr_init.c

147 lines
3.4 KiB
C

/** @file
* @brief mbed TLS initialization
*
* Initialize the mbed TLS library like setup the heap etc.
*/
/*
* Copyright (c) 2017 Intel Corporation
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr/init.h>
#include <zephyr/app_memory/app_memdomain.h>
#include <zephyr/drivers/entropy.h>
#include <zephyr/random/random.h>
#include <mbedtls/entropy.h>
#include <mbedtls/platform_time.h>
#include <mbedtls/debug.h>
#if defined(CONFIG_MBEDTLS)
#if !defined(CONFIG_MBEDTLS_CFG_FILE)
#include "mbedtls/config.h"
#else
#include CONFIG_MBEDTLS_CFG_FILE
#endif /* CONFIG_MBEDTLS_CFG_FILE */
#endif
#if defined(CONFIG_MBEDTLS_ENABLE_HEAP) && \
defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include <mbedtls/memory_buffer_alloc.h>
#if !defined(CONFIG_MBEDTLS_HEAP_SIZE)
#error "Please set heap size to be used. Set value to CONFIG_MBEDTLS_HEAP_SIZE \
option."
#endif
static unsigned char _mbedtls_heap[CONFIG_MBEDTLS_HEAP_SIZE];
static void init_heap(void)
{
mbedtls_memory_buffer_alloc_init(_mbedtls_heap, sizeof(_mbedtls_heap));
}
#else
#define init_heap(...)
#endif /* CONFIG_MBEDTLS_ENABLE_HEAP && MBEDTLS_MEMORY_BUFFER_ALLOC_C */
#if defined(CONFIG_MBEDTLS_ZEPHYR_ENTROPY)
static const struct device *const entropy_dev =
DEVICE_DT_GET_OR_NULL(DT_CHOSEN(zephyr_entropy));
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
size_t *olen)
{
int ret;
uint16_t request_len = len > UINT16_MAX ? UINT16_MAX : len;
ARG_UNUSED(data);
if (output == NULL || olen == NULL || len == 0) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
if (!IS_ENABLED(CONFIG_ENTROPY_HAS_DRIVER)) {
sys_rand_get(output, len);
*olen = len;
return 0;
}
if (!device_is_ready(entropy_dev)) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
ret = entropy_get_entropy(entropy_dev, (uint8_t *)output, request_len);
if (ret < 0) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
*olen = request_len;
return 0;
}
#endif /* CONFIG_MBEDTLS_ZEPHYR_ENTROPY */
static int _mbedtls_init(void)
{
init_heap();
#if defined(CONFIG_MBEDTLS_DEBUG_LEVEL)
mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
#endif
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
if (psa_crypto_init() != PSA_SUCCESS) {
return -EIO;
}
#endif
return 0;
}
#if defined(CONFIG_MBEDTLS_INIT)
SYS_INIT(_mbedtls_init, POST_KERNEL, CONFIG_KERNEL_INIT_PRIORITY_DEFAULT);
#endif
/* if CONFIG_MBEDTLS_INIT is not defined then this function
* should be called by the platform before any mbedtls functionality
* is used
*/
int mbedtls_init(void)
{
return _mbedtls_init();
}
/* TLS 1.3 ticket lifetime needs a timing interface */
mbedtls_ms_time_t mbedtls_ms_time(void)
{
return (mbedtls_ms_time_t)k_uptime_get();
}
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/* MBEDTLS_PSA_CRYPTO_C requires a random generator to work and this can
* be achieved through either legacy MbedTLS modules
* (ENTROPY + CTR_DRBG/HMAC_DRBG) or provided externally by enabling the
* CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. In the latter case the following
* callback functions needs to be defined.
*/
psa_status_t mbedtls_psa_external_get_random(
mbedtls_psa_external_random_context_t *context,
uint8_t *output, size_t output_size, size_t *output_length)
{
(void) context;
if (sys_csrand_get(output, output_size) != 0) {
return PSA_ERROR_GENERIC_ERROR;
}
*output_length = output_size;
return PSA_SUCCESS;
}
#endif