1 /** @file
2 * @brief mbed TLS initialization
3 *
4 * Initialize the mbed TLS library like setup the heap etc.
5 */
6
7 /*
8 * Copyright (c) 2017 Intel Corporation
9 *
10 * SPDX-License-Identifier: Apache-2.0
11 */
12
13 #include <zephyr/init.h>
14 #include <zephyr/app_memory/app_memdomain.h>
15 #include <zephyr/drivers/entropy.h>
16 #include <zephyr/random/random.h>
17 #include <mbedtls/entropy.h>
18 #include <mbedtls/platform_time.h>
19
20
21 #include <mbedtls/debug.h>
22
23 #if defined(CONFIG_MBEDTLS)
24 #if !defined(CONFIG_MBEDTLS_CFG_FILE)
25 #include "mbedtls/config.h"
26 #else
27 #include CONFIG_MBEDTLS_CFG_FILE
28 #endif /* CONFIG_MBEDTLS_CFG_FILE */
29 #endif
30
31 #if defined(CONFIG_MBEDTLS_ENABLE_HEAP) && \
32 defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
33 #include <mbedtls/memory_buffer_alloc.h>
34
35 #if !defined(CONFIG_MBEDTLS_HEAP_SIZE)
36 #error "Please set heap size to be used. Set value to CONFIG_MBEDTLS_HEAP_SIZE \
37 option."
38 #endif
39
40 static unsigned char _mbedtls_heap[CONFIG_MBEDTLS_HEAP_SIZE];
41
init_heap(void)42 static void init_heap(void)
43 {
44 mbedtls_memory_buffer_alloc_init(_mbedtls_heap, sizeof(_mbedtls_heap));
45 }
46 #else
47 #define init_heap(...)
48 #endif /* CONFIG_MBEDTLS_ENABLE_HEAP && MBEDTLS_MEMORY_BUFFER_ALLOC_C */
49
50 #if defined(CONFIG_MBEDTLS_ZEPHYR_ENTROPY)
51 static const struct device *const entropy_dev =
52 DEVICE_DT_GET_OR_NULL(DT_CHOSEN(zephyr_entropy));
53
mbedtls_hardware_poll(void * data,unsigned char * output,size_t len,size_t * olen)54 int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
55 size_t *olen)
56 {
57 int ret;
58 uint16_t request_len = len > UINT16_MAX ? UINT16_MAX : len;
59
60 ARG_UNUSED(data);
61
62 if (output == NULL || olen == NULL || len == 0) {
63 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
64 }
65
66 if (!IS_ENABLED(CONFIG_ENTROPY_HAS_DRIVER)) {
67 sys_rand_get(output, len);
68 *olen = len;
69
70 return 0;
71 }
72
73 if (!device_is_ready(entropy_dev)) {
74 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
75 }
76
77 ret = entropy_get_entropy(entropy_dev, (uint8_t *)output, request_len);
78 if (ret < 0) {
79 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
80 }
81
82 *olen = request_len;
83
84 return 0;
85 }
86 #endif /* CONFIG_MBEDTLS_ZEPHYR_ENTROPY */
87
_mbedtls_init(void)88 static int _mbedtls_init(void)
89 {
90
91 init_heap();
92
93 #if defined(CONFIG_MBEDTLS_DEBUG_LEVEL)
94 mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
95 #endif
96
97 return 0;
98 }
99
100 #if defined(CONFIG_MBEDTLS_INIT)
101 SYS_INIT(_mbedtls_init, POST_KERNEL, 0);
102 #endif
103
104 /* if CONFIG_MBEDTLS_INIT is not defined then this function
105 * should be called by the platform before any mbedtls functionality
106 * is used
107 */
mbedtls_init(void)108 int mbedtls_init(void)
109 {
110 return _mbedtls_init();
111 }
112
113 /* TLS 1.3 ticket lifetime needs a timing interface */
mbedtls_ms_time(void)114 mbedtls_ms_time_t mbedtls_ms_time(void)
115 {
116 return (mbedtls_ms_time_t)k_uptime_get();
117 }
118
