[NUC472/M487] Guard from re-entry into crypto H/W

features/mbedtls/targets/TARGET_NUVOTON/TARGET_M480/aes/aes_alt.c

@@ -143,6 +143,10 @@ static void __nvt_aes_crypt( mbedtls_aes_context *ctx,
         error("Buffer for AES alter. DMA requires to be word-aligned and located in 0x20000000-0x2FFFFFFF region.");
     }
 
+    /* TODO: Change busy-wait to other means to release CPU */
+    /* Acquire ownership of AES H/W */
+    while (! crypto_aes_acquire());
+    
     /* Init crypto module */
     crypto_init();
     /* Enable AES interrupt */
@@ -195,6 +199,9 @@ static void __nvt_aes_crypt( mbedtls_aes_context *ctx,
     AES_DISABLE_INT();
     /* Uninit crypto module */
     crypto_uninit();
+    
+    /* Release ownership of AES H/W */
+    crypto_aes_release();
 }
 
 /*

features/mbedtls/targets/TARGET_NUVOTON/TARGET_M480/crypto-misc.c

@@ -24,11 +24,19 @@
 #include "nu_bitutil.h"
 #include "crypto-misc.h"
 
-static int crypto_sha_avail = 1;
+/* Track if AES H/W is available */
+static uint16_t crypto_aes_avail = 1;
+/* Track if DES H/W is available */
+static uint16_t crypto_des_avail = 1;
+/* Track if SHA H/W is available */
+static uint16_t crypto_sha_avail = 1;
 
 /* Crypto (AES, DES, SHA, etc.) init counter. Crypto's keeps active as it is non-zero. */
 static uint16_t crypto_init_counter = 0U;
 
+static bool crypto_submodule_acquire(uint16_t *submodule_avail);
+static void crypto_submodule_release(uint16_t *submodule_avail);
+
 /* As crypto init counter changes from 0 to 1:
  *
  * 1. Enable crypto clock
@@ -84,20 +92,44 @@ void crypto_zeroize(void *v, size_t n)
     }
 }
 
-int crypto_sha_acquire(void)
+bool crypto_aes_acquire(void)
 {
-    if (crypto_sha_avail) {
+    return crypto_submodule_acquire(&crypto_aes_avail);
-        crypto_sha_avail = 0;
-        return 1;
-    } else {
-        return 0;
 }
 
+void crypto_aes_release(void)
+{
+    crypto_submodule_release(&crypto_aes_avail);
+}
+
+bool crypto_des_acquire(void)
+{
+    return crypto_submodule_acquire(&crypto_des_avail);
+}
+
+void crypto_des_release(void)
+{
+    crypto_submodule_release(&crypto_des_avail);
+}
+
+bool crypto_sha_acquire(void)
+{
+    return crypto_submodule_acquire(&crypto_sha_avail);
 }
 
 void crypto_sha_release(void)
 {
-    if (! crypto_sha_avail) {
+    crypto_submodule_release(&crypto_sha_avail);
-        crypto_sha_avail = 1;
 }
+
+static bool crypto_submodule_acquire(uint16_t *submodule_avail)
+{
+    uint16_t expectedCurrentValue = 1;
+    return core_util_atomic_cas_u16(submodule_avail, &expectedCurrentValue, 0);
+}
+
+static void crypto_submodule_release(uint16_t *submodule_avail)
+{
+    uint16_t expectedCurrentValue = 0;
+    while (! core_util_atomic_cas_u16(submodule_avail, &expectedCurrentValue, 1));
 }

features/mbedtls/targets/TARGET_NUVOTON/TARGET_M480/crypto-misc.h

@@ -17,14 +17,31 @@
 #ifndef MBED_CRYPTO_MISC_H
 #define MBED_CRYPTO_MISC_H
 
+#include <stdbool.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
+/* Init/Uninit crypto module */
 void crypto_init(void);
 void crypto_uninit(void);
+
 void crypto_zeroize(void *v, size_t n);
-int crypto_sha_acquire(void);
+
+/* Acquire/release ownership of AES H/W */
+/* NOTE: If "acquire" succeeds, "release" must be done to pair it. */
+bool crypto_aes_acquire(void);
+void crypto_aes_release(void);
+
+/* Acquire/release ownership of DES H/W */
+/* NOTE: If "acquire" succeeds, "release" must be done to pair it. */
+bool crypto_des_acquire(void);
+void crypto_des_release(void);
+
+/* Acquire/release ownership of SHA H/W */
+/* NOTE: If "acquire" succeeds, "release" must be done to pair it. */
+bool crypto_sha_acquire(void);
 void crypto_sha_release(void);
 
 #ifdef __cplusplus

features/mbedtls/targets/TARGET_NUVOTON/TARGET_M480/des/des_alt.c

@@ -327,6 +327,10 @@ static int mbedtls_des_docrypt(uint16_t keyopt, uint8_t key[3][MBEDTLS_DES_KEY_S
         error("Buffer for DES alter. DMA requires to be word-aligned and located in 0x20000000-0x2FFFFFFF region.");
     }
     
+    /* TODO: Change busy-wait to other means to release CPU */
+    /* Acquire ownership of DES H/W */
+    while (! crypto_des_acquire());
+    
     /* Init crypto module */
     crypto_init();
     
@@ -422,6 +426,9 @@ static int mbedtls_des_docrypt(uint16_t keyopt, uint8_t key[3][MBEDTLS_DES_KEY_S
     /* Uninit crypto module */
     crypto_uninit();
     
+    /* Release ownership of DES H/W */
+    crypto_des_release();
+    
     return 0;
 }
 

features/mbedtls/targets/TARGET_NUVOTON/TARGET_NUC472/aes/aes_alt.c

@@ -143,6 +143,10 @@ static void __nvt_aes_crypt( mbedtls_aes_context *ctx,
         error("Buffer for AES alter. DMA requires to be word-aligned and located in 0x20000000-0x2FFFFFFF region.");
     }
 
+    /* TODO: Change busy-wait to other means to release CPU */
+    /* Acquire ownership of AES H/W */
+    while (! crypto_aes_acquire());
+    
     /* Init crypto module */
     crypto_init();
     /* Enable AES interrupt */
@@ -195,6 +199,9 @@ static void __nvt_aes_crypt( mbedtls_aes_context *ctx,
     AES_DISABLE_INT();
     /* Uninit crypto module */
     crypto_uninit();
+    
+    /* Release ownership of AES H/W */
+    crypto_aes_release();
 }
 
 /*

features/mbedtls/targets/TARGET_NUVOTON/TARGET_NUC472/crypto-misc.c

@@ -24,11 +24,19 @@
 #include "nu_bitutil.h"
 #include "crypto-misc.h"
 
-static int crypto_sha_avail = 1;
+/* Track if AES H/W is available */
+static uint16_t crypto_aes_avail = 1;
+/* Track if DES H/W is available */
+static uint16_t crypto_des_avail = 1;
+/* Track if SHA H/W is available */
+static uint16_t crypto_sha_avail = 1;
 
 /* Crypto (AES, DES, SHA, etc.) init counter. Crypto's keeps active as it is non-zero. */
 static uint16_t crypto_init_counter = 0U;
 
+static bool crypto_submodule_acquire(uint16_t *submodule_avail);
+static void crypto_submodule_release(uint16_t *submodule_avail);
+
 /* As crypto init counter changes from 0 to 1:
  *
  * 1. Enable crypto clock
@@ -84,20 +92,44 @@ void crypto_zeroize(void *v, size_t n)
     }
 }
 
-int crypto_sha_acquire(void)
+bool crypto_aes_acquire(void)
 {
-    if (crypto_sha_avail) {
+    return crypto_submodule_acquire(&crypto_aes_avail);
-        crypto_sha_avail = 0;
-        return 1;
-    } else {
-        return 0;
 }
 
+void crypto_aes_release(void)
+{
+    crypto_submodule_release(&crypto_aes_avail);
+}
+
+bool crypto_des_acquire(void)
+{
+    return crypto_submodule_acquire(&crypto_des_avail);
+}
+
+void crypto_des_release(void)
+{
+    crypto_submodule_release(&crypto_des_avail);
+}
+
+bool crypto_sha_acquire(void)
+{
+    return crypto_submodule_acquire(&crypto_sha_avail);
 }
 
 void crypto_sha_release(void)
 {
-    if (! crypto_sha_avail) {
+    crypto_submodule_release(&crypto_sha_avail);
-        crypto_sha_avail = 1;
 }
+
+static bool crypto_submodule_acquire(uint16_t *submodule_avail)
+{
+    uint16_t expectedCurrentValue = 1;
+    return core_util_atomic_cas_u16(submodule_avail, &expectedCurrentValue, 0);
+}
+
+static void crypto_submodule_release(uint16_t *submodule_avail)
+{
+    uint16_t expectedCurrentValue = 0;
+    while (! core_util_atomic_cas_u16(submodule_avail, &expectedCurrentValue, 1));
 }

features/mbedtls/targets/TARGET_NUVOTON/TARGET_NUC472/crypto-misc.h

@@ -17,14 +17,31 @@
 #ifndef MBED_CRYPTO_MISC_H
 #define MBED_CRYPTO_MISC_H
 
+#include <stdbool.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
+/* Init/Uninit crypto module */
 void crypto_init(void);
 void crypto_uninit(void);
+
 void crypto_zeroize(void *v, size_t n);
-int crypto_sha_acquire(void);
+
+/* Acquire/release ownership of AES H/W */
+/* NOTE: If "acquire" succeeds, "release" must be done to pair it. */
+bool crypto_aes_acquire(void);
+void crypto_aes_release(void);
+
+/* Acquire/release ownership of DES H/W */
+/* NOTE: If "acquire" succeeds, "release" must be done to pair it. */
+bool crypto_des_acquire(void);
+void crypto_des_release(void);
+
+/* Acquire/release ownership of SHA H/W */
+/* NOTE: If "acquire" succeeds, "release" must be done to pair it. */
+bool crypto_sha_acquire(void);
 void crypto_sha_release(void);
 
 #ifdef __cplusplus

features/mbedtls/targets/TARGET_NUVOTON/TARGET_NUC472/des/des_alt.c

@@ -327,6 +327,10 @@ static int mbedtls_des_docrypt(uint16_t keyopt, uint8_t key[3][MBEDTLS_DES_KEY_S
         error("Buffer for DES alter. DMA requires to be word-aligned and located in 0x20000000-0x2FFFFFFF region.");
     }
     
+    /* TODO: Change busy-wait to other means to release CPU */
+    /* Acquire ownership of DES H/W */
+    while (! crypto_des_acquire());
+    
     /* Init crypto module */
     crypto_init();
     
@@ -422,6 +426,9 @@ static int mbedtls_des_docrypt(uint16_t keyopt, uint8_t key[3][MBEDTLS_DES_KEY_S
     /* Uninit crypto module */
     crypto_uninit();
     
+    /* Release ownership of DES H/W */
+    crypto_des_release();
+    
     return 0;
 }