From c2aa6b237ab6a0f41ee316868a36d4b65d9acd33 Mon Sep 17 00:00:00 2001 From: Arkadiusz Bokowy Date: Wed, 6 Sep 2023 15:17:47 +0200 Subject: [PATCH 1/3] Initialize CHIP stack before running app tests --- src/app/tests/AppTestContext.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/app/tests/AppTestContext.cpp b/src/app/tests/AppTestContext.cpp index ac81702d513aed..ffde9dd26021d4 100644 --- a/src/app/tests/AppTestContext.cpp +++ b/src/app/tests/AppTestContext.cpp @@ -41,6 +41,7 @@ namespace Test { CHIP_ERROR AppContext::Init() { ReturnErrorOnFailure(Super::Init()); + ReturnErrorOnFailure(chip::DeviceLayer::PlatformMgr().InitChipStack()); ReturnErrorOnFailure(chip::app::InteractionModelEngine::GetInstance()->Init(&GetExchangeManager(), &GetFabricTable(), app::reporting::GetDefaultReportScheduler())); @@ -57,6 +58,7 @@ void AppContext::Shutdown() Access::ResetAccessControlToDefault(); chip::app::InteractionModelEngine::GetInstance()->Shutdown(); + chip::DeviceLayer::PlatformMgr().Shutdown(); Super::Shutdown(); } From c2812f276625216b432dd7f614a5b048e83c70d2 Mon Sep 17 00:00:00 2001 From: Arkadiusz Bokowy Date: Fri, 29 Sep 2023 15:08:38 +0200 Subject: [PATCH 2/3] Patch add_entropy_source() to make it idempotent --- src/crypto/CHIPCryptoPALmbedTLS.cpp | 16 ++++++++++++++++ src/test_driver/nrfconnect/CMakeLists.txt | 5 +++++ 2 files changed, 21 insertions(+) diff --git a/src/crypto/CHIPCryptoPALmbedTLS.cpp b/src/crypto/CHIPCryptoPALmbedTLS.cpp index 0207e303bd9ba6..3cd203d53f6e2c 100644 --- a/src/crypto/CHIPCryptoPALmbedTLS.cpp +++ b/src/crypto/CHIPCryptoPALmbedTLS.cpp @@ -448,9 +448,25 @@ CHIP_ERROR add_entropy_source(entropy_source fn_source, void * p_source, size_t EntropyContext * const entropy_ctxt = get_entropy_context(); VerifyOrReturnError(entropy_ctxt != nullptr, CHIP_ERROR_INTERNAL); +#if (MBEDTLS_ALLOW_PRIVATE_ACCESS + 0) == 1 + // NOTE: This check is needed mostly for unit tests, where we might run + // init/shutdown multiple times, however, mbedTLS does not provide + // API to remove entropy source from the pool. + for (int i = 0; i < entropy_ctxt->mEntropy.source_count; i++) + { + const auto & source = entropy_ctxt->mEntropy.source[i]; + if (source.f_source == fn_source && source.p_source == p_source && source.threshold == threshold && + source.strong == MBEDTLS_ENTROPY_SOURCE_STRONG) + { + return CHIP_NO_ERROR; + } + } +#endif + const int result = mbedtls_entropy_add_source(&entropy_ctxt->mEntropy, fn_source, p_source, threshold, MBEDTLS_ENTROPY_SOURCE_STRONG); VerifyOrReturnError(result == 0, CHIP_ERROR_INTERNAL); + return CHIP_NO_ERROR; } diff --git a/src/test_driver/nrfconnect/CMakeLists.txt b/src/test_driver/nrfconnect/CMakeLists.txt index 750853ea25d214..a804a6e9924de8 100644 --- a/src/test_driver/nrfconnect/CMakeLists.txt +++ b/src/test_driver/nrfconnect/CMakeLists.txt @@ -44,6 +44,11 @@ set(CHIP_CFLAGS -I${CMAKE_CURRENT_SOURCE_DIR}/main/include ) +# Allow access to private members of mbedtls structures, which is needed by CHIP +# crypto PAL implementation to make the add_entropy_source() independent for the +# purpose of running unit tests. +set(CHIP_CFLAGS ${CHIP_CFLAGS} -DMBEDTLS_ALLOW_PRIVATE_ACCESS=1) + # Load NCS/Zephyr build system list(APPEND ZEPHYR_EXTRA_MODULES ${CHIP_ROOT}/config/nrfconnect/chip-module) find_package(Zephyr HINTS $ENV{ZEPHYR_BASE}) From 5711a1aa4f1c085f56bc58c73c8ed7f2c8999b41 Mon Sep 17 00:00:00 2001 From: Arkadiusz Bokowy Date: Mon, 2 Oct 2023 09:49:58 +0200 Subject: [PATCH 3/3] Do not add entropy source more than once --- src/crypto/CHIPCryptoPAL.h | 7 +++++++ src/crypto/CHIPCryptoPALmbedTLS.cpp | 16 ---------------- src/platform/Zephyr/PlatformManagerImpl.cpp | 11 ++++++++--- src/test_driver/nrfconnect/CMakeLists.txt | 5 ----- 4 files changed, 15 insertions(+), 24 deletions(-) diff --git a/src/crypto/CHIPCryptoPAL.h b/src/crypto/CHIPCryptoPAL.h index 6f6bc6edf1984c..60c88b5e399d49 100644 --- a/src/crypto/CHIPCryptoPAL.h +++ b/src/crypto/CHIPCryptoPAL.h @@ -967,6 +967,13 @@ CHIP_ERROR DRBG_get_bytes(uint8_t * out_buffer, size_t out_length); typedef int (*entropy_source)(void * data, uint8_t * output, size_t len, size_t * olen); /** @brief A function to add entropy sources to crypto library + * + * This function can be called multiple times to add multiple entropy sources. However, + * once the entropy source is added, it cannot be removed. Please make sure that the + * entropy source is valid for the lifetime of the application. Also, make sure that the + * same entropy source is not added multiple times, e.g.: by calling this function + * in class constructor or initialization function. + * * @param fn_source Function pointer to the entropy source * @param p_source Data that should be provided when fn_source is called * @param threshold Minimum required from source before entropy is released diff --git a/src/crypto/CHIPCryptoPALmbedTLS.cpp b/src/crypto/CHIPCryptoPALmbedTLS.cpp index 3cd203d53f6e2c..0207e303bd9ba6 100644 --- a/src/crypto/CHIPCryptoPALmbedTLS.cpp +++ b/src/crypto/CHIPCryptoPALmbedTLS.cpp @@ -448,25 +448,9 @@ CHIP_ERROR add_entropy_source(entropy_source fn_source, void * p_source, size_t EntropyContext * const entropy_ctxt = get_entropy_context(); VerifyOrReturnError(entropy_ctxt != nullptr, CHIP_ERROR_INTERNAL); -#if (MBEDTLS_ALLOW_PRIVATE_ACCESS + 0) == 1 - // NOTE: This check is needed mostly for unit tests, where we might run - // init/shutdown multiple times, however, mbedTLS does not provide - // API to remove entropy source from the pool. - for (int i = 0; i < entropy_ctxt->mEntropy.source_count; i++) - { - const auto & source = entropy_ctxt->mEntropy.source[i]; - if (source.f_source == fn_source && source.p_source == p_source && source.threshold == threshold && - source.strong == MBEDTLS_ENTROPY_SOURCE_STRONG) - { - return CHIP_NO_ERROR; - } - } -#endif - const int result = mbedtls_entropy_add_source(&entropy_ctxt->mEntropy, fn_source, p_source, threshold, MBEDTLS_ENTROPY_SOURCE_STRONG); VerifyOrReturnError(result == 0, CHIP_ERROR_INTERNAL); - return CHIP_NO_ERROR; } diff --git a/src/platform/Zephyr/PlatformManagerImpl.cpp b/src/platform/Zephyr/PlatformManagerImpl.cpp index 0e5aac4bda8dda..1e3fc7f80ef703 100644 --- a/src/platform/Zephyr/PlatformManagerImpl.cpp +++ b/src/platform/Zephyr/PlatformManagerImpl.cpp @@ -46,6 +46,7 @@ PlatformManagerImpl PlatformManagerImpl::sInstance{ sChipThreadStack }; static k_timer sOperationalHoursSavingTimer; #if !CONFIG_NORDIC_SECURITY_BACKEND +static bool sChipStackEntropySourceAdded = false; static int app_entropy_source(void * data, unsigned char * output, size_t len, size_t * olen) { const struct device * entropy = DEVICE_DT_GET(DT_CHOSEN(zephyr_entropy)); @@ -118,9 +119,13 @@ CHIP_ERROR PlatformManagerImpl::_InitChipStack(void) SuccessOrExit(err); #if !CONFIG_NORDIC_SECURITY_BACKEND - // Add entropy source based on Zephyr entropy driver - err = chip::Crypto::add_entropy_source(app_entropy_source, NULL, kThreshold); - SuccessOrExit(err); + if (!sChipStackEntropySourceAdded) + { + // Add entropy source based on Zephyr entropy driver + err = chip::Crypto::add_entropy_source(app_entropy_source, NULL, kThreshold); + SuccessOrExit(err); + sChipStackEntropySourceAdded = true; + } #endif // !CONFIG_NORDIC_SECURITY_BACKEND // Call _InitChipStack() on the generic implementation base class to finish the initialization process. diff --git a/src/test_driver/nrfconnect/CMakeLists.txt b/src/test_driver/nrfconnect/CMakeLists.txt index a804a6e9924de8..750853ea25d214 100644 --- a/src/test_driver/nrfconnect/CMakeLists.txt +++ b/src/test_driver/nrfconnect/CMakeLists.txt @@ -44,11 +44,6 @@ set(CHIP_CFLAGS -I${CMAKE_CURRENT_SOURCE_DIR}/main/include ) -# Allow access to private members of mbedtls structures, which is needed by CHIP -# crypto PAL implementation to make the add_entropy_source() independent for the -# purpose of running unit tests. -set(CHIP_CFLAGS ${CHIP_CFLAGS} -DMBEDTLS_ALLOW_PRIVATE_ACCESS=1) - # Load NCS/Zephyr build system list(APPEND ZEPHYR_EXTRA_MODULES ${CHIP_ROOT}/config/nrfconnect/chip-module) find_package(Zephyr HINTS $ENV{ZEPHYR_BASE})