Add mbedtls platform setup and teardown to modules

Add calls to `mbedtls_platform_setup()`
and `mbedtls_platform_teardown()` to all modules and tests using Mbed TLS.

UNITTESTS/features/lorawan/loramaccrypto/unittest.cmake

@@ -35,6 +35,7 @@ set(unittest-test-sources
   stubs/cipher_stub.c
   stubs/aes_stub.c
   stubs/cmac_stub.c
+  ../features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.c
 
 )
 

UNITTESTS/stubs/LoRaMacCrypto_stub.cpp

@@ -30,6 +30,10 @@ LoRaMacCrypto::LoRaMacCrypto()
 {
 }
 
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+}
+
 int LoRaMacCrypto::compute_mic(const uint8_t *, uint16_t, const uint8_t *, uint32_t, uint32_t,
                                uint8_t dir, uint32_t, uint32_t *)
 {

features/device_key/source/DeviceKey.cpp

@@ -19,6 +19,7 @@
 #if DEVICEKEY_ENABLED
 #include "mbedtls/config.h"
 #include "mbedtls/cmac.h"
+#include "mbedtls/platform.h"
 #include "KVStore.h"
 #include "TDBStore.h"
 #include "KVMap.h"
@@ -59,15 +60,25 @@ namespace mbed {
 
 DeviceKey::DeviceKey()
 {
+
     int ret = kv_init_storage_config();
     if (ret != MBED_SUCCESS) {
         tr_error("DeviceKey: Fail to initialize KvStore configuration.");
     }
+#if defined(MBEDTLS_PLATFORM_C)
+    ret = mbedtls_platform_setup(NULL);
+    if (ret != MBED_SUCCESS) {
+        tr_error("DeviceKey: Fail in mbedtls_platform_setup.");
+    }
+#endif /* MBEDTLS_PLATFORM_C */
     return;
 }
 
 DeviceKey::~DeviceKey()
 {
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
     return;
 }
 

features/lorawan/lorastack/mac/LoRaMacCrypto.cpp

@@ -28,12 +28,26 @@
 
 #include "LoRaMacCrypto.h"
 #include "system/lorawan_data_structures.h"
+#include "mbedtls/platform.h"
 
 
 #if defined(MBEDTLS_CMAC_C) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_CIPHER_C)
 
 LoRaMacCrypto::LoRaMacCrypto()
 {
+#if defined(MBEDTLS_PLATFORM_C)
+    int ret = mbedtls_platform_setup(NULL);
+    if (ret != 0) {
+        MBED_ASSERT(0 && "LoRaMacCrypto: Fail in mbedtls_platform_setup.");
+    }
+#endif /* MBEDTLS_PLATFORM_C */
+}
+
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
 }
 
 int LoRaMacCrypto::compute_mic(const uint8_t *buffer, uint16_t size,
@@ -291,6 +305,10 @@ LoRaMacCrypto::LoRaMacCrypto()
     MBED_ASSERT(0 && "[LoRaCrypto] Must enable AES, CMAC & CIPHER from mbedTLS");
 }
 
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+}
+
 // If mbedTLS is not configured properly, these dummies will ensure that
 // user knows what is wrong and in addition to that these ensure that
 // Mbed-OS compiles properly under normal conditions where LoRaWAN in conjunction

features/lorawan/lorastack/mac/LoRaMacCrypto.h

@@ -30,6 +30,7 @@ SPDX-License-Identifier: BSD-3-Clause
 #ifndef MBED_LORAWAN_MAC_LORAMAC_CRYPTO_H__
 #define MBED_LORAWAN_MAC_LORAMAC_CRYPTO_H__
 
+#include "mbedtls/config.h"
 #include "mbedtls/aes.h"
 #include "mbedtls/cmac.h"
 
@@ -41,6 +42,11 @@ public:
      */
     LoRaMacCrypto();
 
+    /**
+     * Destructor
+     */
+    ~LoRaMacCrypto();
+
     /**
      * Computes the LoRaMAC frame MIC field
      *

features/lwipstack/lwip/src/apps/snmp/lwip_snmpv3_mbedtls.c

@@ -47,6 +47,7 @@
 
 #include "mbedtls/md5.h"
 #include "mbedtls/sha1.h"
+#include "mbedtls/platform.h"
 
 err_t
 snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
@@ -59,6 +60,11 @@ snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
   struct snmp_pbuf_stream read_stream;
   snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
 
+#if defined(MBEDTLS_PLATFORM_C)
+    if (mbedtls_platform_setup(NULL) != 0) {
+        return ERR_ARG;
+    }
+#endif /* MBEDTLS_PLATFORM_C */
   if (algo == SNMP_V3_AUTH_ALGO_MD5) {
     md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
     key_len = SNMP_V3_MD5_LEN;
@@ -66,12 +72,12 @@ snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
     md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
     key_len = SNMP_V3_SHA_LEN;
   } else {
-    return ERR_ARG;
+    goto platform_teardown;
   }
 
   mbedtls_md_init(&ctx);
   if(mbedtls_md_setup(&ctx, md_info, 1) != 0) {
-    return ERR_ARG;
+    goto platform_teardown;
   }
           
   if (mbedtls_md_hmac_starts(&ctx, key, key_len) != 0) {
@@ -95,10 +101,17 @@ snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
   }
 
   mbedtls_md_free(&ctx);
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
   return ERR_OK;
   
 free_md:
   mbedtls_md_free(&ctx);
+platform_teardown:
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
   return ERR_ARG;
 }
 
@@ -117,6 +130,11 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
   struct snmp_pbuf_stream write_stream;
   snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
   snmp_pbuf_stream_init(&write_stream, stream->pbuf, stream->offset, stream->length);
+#if defined(MBEDTLS_PLATFORM_C)
+  if (mbedtls_platform_setup(NULL) != 0) {
+    return ERR_ARG;
+  }
+#endif /* MBEDTLS_PLATFORM_C */
   mbedtls_cipher_init(&ctx);
 
   if (algo == SNMP_V3_PRIV_ALGO_DES) {
@@ -126,15 +144,15 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
 
     /* RFC 3414 mandates padding for DES */
     if ((length & 0x07) != 0) {
-      return ERR_ARG;
+      goto platform_teardown;
     }
 
     cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_CBC);
     if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
-      return ERR_ARG;
+      goto platform_teardown
     }
     if(mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE) != 0) {
-      return ERR_ARG;
+      goto platform_teardown;
     }
     if(mbedtls_cipher_setkey(&ctx, key, 8*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
       goto error;
@@ -174,7 +192,7 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
 
     cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128);
     if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
-      return ERR_ARG;
+      goto platform_teardown;
     }
     if(mbedtls_cipher_setkey(&ctx, key, 16*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
       goto error;
@@ -209,7 +227,7 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
       snmp_pbuf_stream_write(&write_stream, out_byte);
     }
   } else {
-    return ERR_ARG;
+    goto platform_teardown;
   }
 
   mbedtls_cipher_free(&ctx);
@@ -217,7 +235,11 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
 
 error:
   mbedtls_cipher_free(&ctx);
-  return ERR_OK;
+platform_teardown:
+#if defined(MBEDTLS_PLATFORM_C)
+  mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
+  return ERR_ARG;
 }
 
 #endif /* LWIP_SNMP_V3_CRYPTO */
@@ -237,6 +259,11 @@ snmpv3_password_to_key_md5(
   u8_t i;
   u32_t count = 0;
 
+#if defined(MBEDTLS_PLATFORM_C)
+  if (mbedtls_platform_setup(NULL) != 0) {
+    goto end;
+  }
+#endif /* MBEDTLS_PLATFORM_C */
   mbedtls_md5_init(&MD); /* initialize MD5 */
   mbedtls_md5_starts(&MD);
 
@@ -272,6 +299,11 @@ snmpv3_password_to_key_md5(
   mbedtls_md5_finish(&MD, key);
 
   mbedtls_md5_free(&MD);
+
+end:
+#if defined(MBEDTLS_PLATFORM_C)
+  mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
   return;
 }
 
@@ -290,6 +322,11 @@ snmpv3_password_to_key_sha(
   u8_t i;
   u32_t count = 0;
 
+#if defined(MBEDTLS_PLATFORM_C)
+  if (mbedtls_platform_setup(NULL) != 0) {
+    goto end;
+  }
+#endif /* MBEDTLS_PLATFORM_C */
   mbedtls_sha1_init(&SH); /* initialize SHA */
   mbedtls_sha1_starts(&SH);
 
@@ -325,6 +362,11 @@ snmpv3_password_to_key_sha(
   mbedtls_sha1_finish(&SH, key);
   
   mbedtls_sha1_free(&SH);
+
+end:
+#if defined(MBEDTLS_PLATFORM_C)
+  mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
   return;
 }
 

features/nanostack/coap-service/source/coap_security_handler.c

@@ -102,6 +102,11 @@ static int coap_security_handler_init(coap_security_t *sec)
     const int entropy_source_type = MBEDTLS_ENTROPY_SOURCE_WEAK;
 #endif
 
+#if defined(MBEDTLS_PLATFORM_C)
+    if (mbedtls_platform_setup(NULL) != 0)
+        return -1;
+#endif /* MBEDTLS_PLATFORM_C */
+
     mbedtls_ssl_init(&sec->_ssl);
     mbedtls_ssl_config_init(&sec->_conf);
     mbedtls_ctr_drbg_init(&sec->_ctr_drbg);
@@ -153,6 +158,9 @@ static void coap_security_handler_reset(coap_security_t *sec)
     mbedtls_ctr_drbg_free(&sec->_ctr_drbg);
     mbedtls_ssl_config_free(&sec->_conf);
     mbedtls_ssl_free(&sec->_ssl);
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
 }
 
 

features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.c

@@ -386,3 +386,15 @@ int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
 
 void mbedtls_strerror( int ret, char *buf, size_t buflen ){
 }
+
+int mbedtls_platform_setup( mbedtls_platform_context *ctx )
+{
+    (void)ctx;
+
+    return( 0 );
+}
+
+void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
+{
+    (void)ctx;
+}

features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.h

@@ -28,7 +28,7 @@
 #include "mbedtls/sha256.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/pk.h"
-
+#include "mbedtls/platform.h"
 
 
 #define HANDSHAKE_FINISHED_VALUE 8888

features/nanostack/nanostack-hal-mbed-cmsis-rtos/arm_hal_random.c

@@ -26,9 +26,15 @@ uint32_t arm_random_seed_get(void)
 {
     uint32_t result = 0;
 #ifdef MBEDTLS_ENTROPY_HARDWARE_ALT
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_setup(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
     /* Grab a seed from a function we provide for mbedtls */
     size_t len;
     mbedtls_hardware_poll(NULL, (uint8_t *) &result, sizeof result, &len);
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
 #endif
     return result;
 }

features/netsocket/TLSSocketWrapper.cpp

@@ -23,6 +23,7 @@
 #define TRACE_GROUP "TLSW"
 #include "mbed-trace/mbed_trace.h"
 #include "mbedtls/debug.h"
+#include "mbedtls/platform.h"
 #include "mbed_error.h"
 #include "Kernel.h"
 
@@ -45,6 +46,12 @@ TLSSocketWrapper::TLSSocketWrapper(Socket *transport, const char *hostname, cont
     _clicert_allocated(false),
     _ssl_conf_allocated(false)
 {
+#if defined(MBEDTLS_PLATFORM_C)
+    int ret = mbedtls_platform_setup(NULL);
+    if (ret != 0) {
+        print_mbedtls_error("mbedtls_platform_setup()", ret);
+    }
+#endif /* MBEDTLS_PLATFORM_C */
     mbedtls_entropy_init(&_entropy);
     mbedtls_ctr_drbg_init(&_ctr_drbg);
     mbedtls_ssl_init(&_ssl);
@@ -71,6 +78,9 @@ TLSSocketWrapper::~TLSSocketWrapper()
     set_ca_chain(NULL);
 #endif
     set_ssl_config(NULL);
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
 }
 
 void TLSSocketWrapper::set_hostname(const char *hostname)

features/storage/kvstore/securestore/SecureStore.cpp

@@ -22,6 +22,7 @@
 
 #include "aes.h"
 #include "cmac.h"
+#include "mbedtls/platform.h"
 #include "entropy.h"
 #include "DeviceKey.h"
 #include "mbed_assert.h"
@@ -737,6 +738,12 @@ int SecureStore::init()
     MBED_ASSERT(!(scratch_buf_size % enc_block_size));
 
     _mutex.lock();
+#if defined(MBEDTLS_PLATFORM_C)
+    ret = mbedtls_platform_setup(NULL);
+    if (ret) {
+        goto fail;
+    }
+#endif /* MBEDTLS_PLATFORM_C */
 
     _entropy = new mbedtls_entropy_context;
     mbedtls_entropy_init(static_cast<mbedtls_entropy_context *>(_entropy));
@@ -775,6 +782,9 @@ int SecureStore::deinit()
     }
 
     _is_initialized = false;
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
     _mutex.unlock();
 
     return MBED_SUCCESS;