Skip to content

Commit

Permalink
[crypto] enable PSA Crypto API by default
Browse files Browse the repository at this point in the history
  • Loading branch information
LuDuda committed Sep 21, 2024
1 parent 6ffc7c4 commit 1769c18
Show file tree
Hide file tree
Showing 11 changed files with 317 additions and 162 deletions.
2 changes: 1 addition & 1 deletion examples/platforms/simulation/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ set(OT_PLATFORM_DEFINES ${OT_PLATFORM_DEFINES} PARENT_SCOPE)
add_library(openthread-simulation
alarm.c
ble.c
crypto.c
diag.c
dns.c
dnssd.c
Expand Down Expand Up @@ -99,6 +98,7 @@ target_link_libraries(openthread-simulation PRIVATE
openthread-platform
ot-simulation-config
ot-config
mbedtls
)

target_compile_options(openthread-simulation PRIVATE
Expand Down
121 changes: 0 additions & 121 deletions examples/platforms/simulation/crypto.c

This file was deleted.

33 changes: 33 additions & 0 deletions examples/platforms/simulation/entropy.c
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@

#include <openthread/platform/entropy.h>

#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
#include <psa/crypto.h>
#endif

#include "utils/code_utils.h"

#ifndef __SANITIZE_ADDRESS__
Expand Down Expand Up @@ -134,3 +138,32 @@ otError otPlatEntropyGet(uint8_t *aOutput, uint16_t aOutputLength)

return error;
}

#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA) && \
defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/**
* When OpenThread is compiled with the PSA Crypto backend using Mbed TLS 3.x, there is no
* API to configure a dedicated non-default entropy source. It is documented that a future version of
* Mbed TLS (likely 4.x) will include a PSA interface for configuring entropy sources.
*
* For now, we need to define the external RNG. Since the implementation of `otPlatEntropyGet` already
* uses CSPRNG, we will call it here as well.
*/
psa_status_t mbedtls_psa_external_get_random(mbedtls_psa_external_random_context_t *aContext,
uint8_t *aOutput, size_t aOutputSize, size_t *aOutputLength)
{
OT_UNUSED_VARIABLE(aContext);

otError error;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;

error = otPlatEntropyGet(aOutput, (uint16_t)aOutputSize);
if (error == OT_ERROR_NONE)
{
*aOutputLength = aOutputSize;
status = PSA_SUCCESS;
}

return status;
}
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,14 @@
#define OPENTHREAD_RADIO 0
#endif

#ifndef OPENTHREAD_CONFIG_CRYPTO_LIB
#define OPENTHREAD_CONFIG_CRYPTO_LIB OPENTHREAD_CONFIG_CRYPTO_LIB_PSA
#endif

#ifndef OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
#define OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 1
#endif

#ifndef OPENTHREAD_CONFIG_PLATFORM_INFO
#define OPENTHREAD_CONFIG_PLATFORM_INFO "SIMULATION"
#endif
Expand Down
1 change: 1 addition & 0 deletions src/posix/platform/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@ target_link_libraries(openthread-posix
ot-config-ftd
ot-config
ot-posix-config
mbedtls
$<$<NOT:$<BOOL:${OT_ANDROID_NDK}>>:util>
$<$<STREQUAL:${CMAKE_SYSTEM_NAME},Linux>:rt>
)
Expand Down
33 changes: 33 additions & 0 deletions src/posix/platform/entropy.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@
#include <openthread/error.h>
#include <openthread/platform/entropy.h>

#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
#include <psa/crypto.h>
#endif

#include "common/code_utils.hpp"

#ifndef __SANITIZE_ADDRESS__
Expand Down Expand Up @@ -136,3 +140,32 @@ otError otPlatEntropyGet(uint8_t *aOutput, uint16_t aOutputLength)

return error;
}

#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA) && \
defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/**
* When OpenThread is compiled with the PSA Crypto backend using Mbed TLS 3.x, there is no
* API to configure a dedicated non-default entropy source. It is documented that a future version of
* Mbed TLS (likely 4.x) will include a PSA interface for configuring entropy sources.
*
* For now, we need to define the external RNG. Since the implementation of `otPlatEntropyGet` already
* uses CSPRNG, we will call it here as well.
*/
psa_status_t mbedtls_psa_external_get_random(mbedtls_psa_external_random_context_t *aContext,
uint8_t *aOutput, size_t aOutputSize, size_t *aOutputLength)
{
OT_UNUSED_VARIABLE(aContext);

otError error;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;

error = otPlatEntropyGet(reinterpret_cast<uint8_t *>(aOutput), static_cast<uint16_t>(aOutputSize));
if (error == OT_ERROR_NONE)
{
*aOutputLength = aOutputSize;
status = PSA_SUCCESS;
}

return status;
}
#endif
1 change: 1 addition & 0 deletions tests/unit/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ endif()
target_link_libraries(ot-test-platform-ftd
PRIVATE
ot-config
mbedtls
${OT_MBEDTLS}
)

Expand Down
33 changes: 33 additions & 0 deletions tests/unit/test_platform.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@
#include <openthread/platform/ble.h>
#endif

#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
#include <psa/crypto.h>
#endif

enum
{
FLASH_SWAP_SIZE = 2048,
Expand Down Expand Up @@ -228,6 +232,35 @@ OT_TOOL_WEAK otError otPlatEntropyGet(uint8_t *aOutput, uint16_t aOutputLength)
return error;
}

#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA) && \
defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/**
* When OpenThread is compiled with the PSA Crypto backend using Mbed TLS 3.x, there is no
* API to configure a dedicated non-default entropy source. It is documented that a future version of
* Mbed TLS (likely 4.x) will include a PSA interface for configuring entropy sources.
*
* For now, we need to define the external RNG. Since the implementation of `otPlatEntropyGet` already
* uses CSPRNG, we will call it here as well.
*/
psa_status_t mbedtls_psa_external_get_random(mbedtls_psa_external_random_context_t *aContext,
uint8_t *aOutput, size_t aOutputSize, size_t *aOutputLength)
{
OT_UNUSED_VARIABLE(aContext);

otError error;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;

error = otPlatEntropyGet(reinterpret_cast<uint8_t *>(aOutput), static_cast<uint16_t>(aOutputSize));
if (error == OT_ERROR_NONE)
{
*aOutputLength = aOutputSize;
status = PSA_SUCCESS;
}

return status;
}
#endif

static void DiagOutput(const char *aFormat, ...)
{
va_list args;
Expand Down
31 changes: 26 additions & 5 deletions third_party/mbedtls/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,10 @@
#

set(OT_MBEDTLS_DEFAULT_CONFIG_FILE \"openthread-mbedtls-config.h\")
set(OT_PSA_CRYPTO_DEFAULT_CONFIG_FILE \"openthread-psa-crypto-config.h\")

set(OT_MBEDTLS_CONFIG_FILE "" CACHE STRING "The mbedTLS config file")
set(OT_PSA_CRYPTO_CONFIG_FILE "" CACHE STRING "The PCA Crypto config file")

set(ENABLE_TESTING OFF CACHE BOOL "Disable mbedtls test" FORCE)
set(ENABLE_PROGRAMS OFF CACHE BOOL "Disable mbetls program" FORCE)
Expand All @@ -42,6 +44,8 @@ if(UNIFDEF_EXE)
endif()
find_program(SED_EXE sed)

set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-but-set-variable")

string(REPLACE "-Wconversion" "" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
string(REPLACE "-Wconversion" "" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")

Expand All @@ -63,15 +67,29 @@ if(UNIFDEFALL_EXE AND SED_EXE AND UNIFDEF_VERSION VERSION_GREATER_EQUAL 2.10)
COMMAND_EXPAND_LISTS
)

add_custom_command(OUTPUT openthread-psa-crypto-config.h
COMMAND ${UNIFDEFALL_EXE}
"'-D$<JOIN:$<TARGET_PROPERTY:ot-config,INTERFACE_COMPILE_DEFINITIONS>,';'-D>'"
"-I$<JOIN:$<TARGET_PROPERTY:ot-config,INTERFACE_INCLUDE_DIRECTORIES>,;-I>"
"-I$<JOIN:${OT_PUBLIC_INCLUDES},;-I>"
"-I${CMAKE_CURRENT_SOURCE_DIR}/repo/include"
"${CMAKE_CURRENT_SOURCE_DIR}/psa-crypto-config.h" |
${SED_EXE} '/openthread-core-config\.h/d' >
openthread-psa-crypto-config.h
MAIN_DEPENDENCY psa-crypto-config.h
COMMAND_EXPAND_LISTS
)

add_custom_target(openthread-mbedtls-config
DEPENDS openthread-mbedtls-config.h)
DEPENDS openthread-mbedtls-config.h openthread-psa-crypto-config.h)

add_dependencies(ot-config openthread-mbedtls-config)
add_dependencies(mbedtls openthread-mbedtls-config)
add_dependencies(mbedx509 openthread-mbedtls-config)
add_dependencies(mbedcrypto openthread-mbedtls-config)
add_dependencies(ot-config openthread-mbedtls-config openthread-psa-crypto-config)
add_dependencies(mbedtls openthread-mbedtls-config openthread-psa-crypto-config)
add_dependencies(mbedx509 openthread-mbedtls-config openthread-psa-crypto-config)
add_dependencies(mbedcrypto openthread-mbedtls-config openthread-psa-crypto-config)
else()
configure_file(mbedtls-config.h openthread-mbedtls-config.h COPYONLY)
configure_file(psa-crypto-config.h openthread-psa-crypto-config.h COPYONLY)
endif()

target_include_directories(ot-config SYSTEM
Expand All @@ -82,6 +100,7 @@ target_include_directories(ot-config SYSTEM
target_compile_definitions(mbedtls
PUBLIC
"MBEDTLS_CONFIG_FILE=$<IF:$<BOOL:${OT_MBEDTLS_CONFIG_FILE}>,${OT_MBEDTLS_CONFIG_FILE},${OT_MBEDTLS_DEFAULT_CONFIG_FILE}>"
"MBEDTLS_PSA_CRYPTO_CONFIG_FILE=$<IF:$<BOOL:${OT_PSA_CRYPTO_CONFIG_FILE}>,${OT_PSA_CRYPTO_CONFIG_FILE},${OT_PSA_CRYPTO_DEFAULT_CONFIG_FILE}>"
PRIVATE
$<TARGET_PROPERTY:ot-config,INTERFACE_COMPILE_DEFINITIONS>
)
Expand All @@ -96,6 +115,7 @@ target_include_directories(mbedtls
target_compile_definitions(mbedx509
PUBLIC
"MBEDTLS_CONFIG_FILE=$<IF:$<BOOL:${OT_MBEDTLS_CONFIG_FILE}>,${OT_MBEDTLS_CONFIG_FILE},${OT_MBEDTLS_DEFAULT_CONFIG_FILE}>"
"MBEDTLS_PSA_CRYPTO_CONFIG_FILE=$<IF:$<BOOL:${OT_PSA_CRYPTO_CONFIG_FILE}>,${OT_PSA_CRYPTO_CONFIG_FILE},${OT_PSA_CRYPTO_DEFAULT_CONFIG_FILE}>"
PRIVATE
$<TARGET_PROPERTY:ot-config,INTERFACE_COMPILE_DEFINITIONS>
)
Expand All @@ -110,6 +130,7 @@ target_include_directories(mbedx509
target_compile_definitions(mbedcrypto
PUBLIC
"MBEDTLS_CONFIG_FILE=$<IF:$<BOOL:${OT_MBEDTLS_CONFIG_FILE}>,${OT_MBEDTLS_CONFIG_FILE},${OT_MBEDTLS_DEFAULT_CONFIG_FILE}>"
"MBEDTLS_PSA_CRYPTO_CONFIG_FILE=$<IF:$<BOOL:${OT_PSA_CRYPTO_CONFIG_FILE}>,${OT_PSA_CRYPTO_CONFIG_FILE},${OT_PSA_CRYPTO_DEFAULT_CONFIG_FILE}>"
PRIVATE
$<TARGET_PROPERTY:ot-config,INTERFACE_COMPILE_DEFINITIONS>
)
Expand Down
Loading

0 comments on commit 1769c18

Please sign in to comment.