ARMmbed · cmonr · Sep 3, 2018 · Jun 4, 2018 · Jun 4, 2018 · Aug 28, 2018
diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/Readme.md b/features/cryptocell/FEATURE_CRYPTOCELL310/Readme.md
@@ -16,6 +16,6 @@ To port your CC 310 driver to Mbed OS on your specific target, do the following:
 1. In `objects.h`, include `objects_cryptocell.h`. You can use the `FEATURE_CRYPTOCELL310` precompilation check as defined above.
 1. In `features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_<target name>`, add your platform-specific libraries for all toolchains in `TOOLCHAIN_ARM`, `TOOLCHAIN_GCC_ARM` and `TOOLCHAIN_IAR` respectively.
 1. Add your CC setup code:
-	* Implement `cc_platform_setup()` and `cc_platform_terminate()` to enable CC on your platform, in case you have board-specific setup functionality, required for CC setup. These functions can be empty.
-	* Define `cc_platform_ctx` in `cc_platform.h` in a way that suits your implementation.
+	* Implement `crypto_platform_setup()` and `crypto_platform_terminate()` to enable CC on your platform, in case you have board-specific setup functionality, required for CC setup. You MUST call 'SaSi_LibInit()` and 'SaSi_LibFini()' respectively in these functions.
+	* Define `crypto_platform_ctx` in `crypto_platform.h` in a way that suits your implementation.
 
diff --git a/...ARGET_MCU_NRF52840/cc_platform_nrf52840.c → ...310/TARGET_MCU_NRF52840/crypto_platform.c b/...ARGET_MCU_NRF52840/cc_platform_nrf52840.c → ...310/TARGET_MCU_NRF52840/crypto_platform.c
@@ -1,5 +1,5 @@
  /*
-  *  cc_platform_nrf52840.c
+  *  crypto_platform.c
   *
   *  Copyright (C) 2018, Arm Limited, All Rights Reserved
   *  SPDX-License-Identifier: Apache-2.0
@@ -20,14 +20,25 @@
 
 #include "platform_alt.h"
 #include "nrf52840.h"
+#include "sns_silib.h"
+#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
 
-int cc_platform_setup( cc_platform_ctx *ctx )
+static CRYS_RND_WorkBuff_t  rndWorkBuff = { { 0 } } ;
+
+int crypto_platform_setup( crypto_platform_ctx *ctx )
 {
     NRF_CRYPTOCELL->ENABLE = 1;
+
+    if( SaSi_LibInit( &ctx->rndState, &rndWorkBuff ) != 0 )
+          return ( MBEDTLS_PLATFORM_HW_FAILED );
+
     return ( 0 );
 }
 
-void cc_platform_terminate( cc_platform_ctx *ctx )
+void crypto_platform_terminate( crypto_platform_ctx *ctx )
 {
+    SaSi_LibFini( &ctx->rndState );
     NRF_CRYPTOCELL->ENABLE = 0;
 }
+
+#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
diff --git a/...CELL310/TARGET_MCU_NRF52840/cc_platform.h → ...310/TARGET_MCU_NRF52840/crypto_platform.h b/...CELL310/TARGET_MCU_NRF52840/cc_platform.h → ...310/TARGET_MCU_NRF52840/crypto_platform.h
@@ -1,5 +1,5 @@
 /*
-  *  cc_platform.h
+  *  crypto_platform.h
   *
   *  Copyright (C) 2018, Arm Limited, All Rights Reserved
   *  SPDX-License-Identifier: Apache-2.0
@@ -17,17 +17,19 @@
   *  limitations under the License.
   *
   */
-#ifndef __CC_PLATFORM_H_
-#define __CC_PLATFORM_H_
+#ifndef __CRYPTO_PLATFORM_H_
+#define __CRYPTO_PLATFORM_H_
+#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
+#include "crys_rnd.h"
 /**
  * \brief   The CC platform context structure.
  *
  * \note    This structure may be used to assist platform-specific
  *          setup or teardown operations.
  */
 typedef struct {
-    char dummy; /**< Placeholder member, as empty structs are not portable. */
+     CRYS_RND_State_t rndState;
 }
-cc_platform_ctx;
-
-#endif /* __CC_PLATFORM_H_ */
+crypto_platform_ctx;
+#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+#endif /* __CRYPTO_PLATFORM_H_ */
diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/trng.c b/features/cryptocell/FEATURE_CRYPTOCELL310/trng.c
@@ -22,9 +22,10 @@
 
 #include <string.h>
 #include "trng_api.h"
+#include "mbedtls/platform.h"
 
-extern CRYS_RND_State_t     rndState;
-extern CRYS_RND_WorkBuff_t  rndWorkBuff;
+extern mbedtls_platform_context  ctx;
+static CRYS_RND_WorkBuff_t  rndWorkBuff;
 
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
@@ -48,7 +49,7 @@ CRYSError_t LLF_RND_GetTrngSource(
 
 void trng_init(trng_t *obj)
 {
-    RNG_PLAT_SetUserRngParameters(&rndState, obj);
+    RNG_PLAT_SetUserRngParameters(&ctx.platform_impl_ctx.rndState, obj);
 }
 
 void trng_free(trng_t *obj)
@@ -66,7 +67,7 @@ int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *outputLe
     uint32_t actualLength;
 
     ret = LLF_RND_GetTrngSource(
-                &rndState ,    /*in/out*/
+                &ctx.platform_impl_ctx.rndState ,    /*in/out*/
                 obj,       /*in/out*/
                 0,       /*in*/
                 &entropySizeBits,  /*in/out*/

diff --git a/...cell/FEATURE_CRYPTOCELL310/platform_alt.h → features/mbedtls/platform/inc/platform_alt.h b/...cell/FEATURE_CRYPTOCELL310/platform_alt.h → features/mbedtls/platform/inc/platform_alt.h
@@ -20,50 +20,48 @@
 
 #ifndef __PLATFORM_ALT__
 #define __PLATFORM_ALT__
-#include "cc_platform.h"
-#include "crys_rnd.h"
-
+#include "platform_mbed.h"
+#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
+#include "crypto_platform.h"
 /**
  * \brief   The platform context structure.
  *
  * \note    This structure may be used to assist platform-specific
  *          setup or teardown operations.
  */
 typedef struct {
-    cc_platform_ctx platform_impl_ctx; /** A context holding all the partner's platform specific context */
-    /*
-     * Add CRYS_RND_State_t rndState; when https://github.com/ARMmbed/mbedtls/issues/1200 is supported
-     * */
+    crypto_platform_ctx platform_impl_ctx; /* A context holding all the platform specific context for cryptography. Should be defined in crypto_platform.h */
+    int reference_count;
 }
 mbedtls_platform_context;
 
 
+void mbedtls_platform_init( mbedtls_platform_context* ctx);
 /**
- * \brief   This function performs any partner platform initialization operations,
- *          needed top enable CryptoCell.
+ * \brief   This function performs any platform initialization operations,
+ *          needed for setting up cryptographic modules.
  *
  * \param   ctx     The platform specific context.
  *
  * \return          \c 0 on success.
  *
- * \note    This function is intended to allow platform-specific initialization for CryptoCell,
- *          and is called before initializing the CC library(SaSi_LibInit). Its
+ * \note    This function is intended to allow platform-specific initialization for Mbed TLS,
+ *          and is called before initializing the Mbed TLS functions. Its
  *          implementation is platform-specific, and its implementation MUST be provided.
  *
  */
-int cc_platform_setup( cc_platform_ctx *ctx );
+int crypto_platform_setup( crypto_platform_ctx *ctx );
 
 /**
- * \brief   This function performs any partner platform teardown operations, to disable CryptoCell.
+ * \brief   This function performs any  platform teardown operations, to disable cryptographic operations.
  *
  * \param   ctx     The platform specific context.
  *
- * \note    This function is called after terminating CC library(SaSi_LibFini)
- *          and intended to free any resource used for CryptoCell by the platform.
+ * \note    This function is intended to free any resource used Mbed TLS by the platform.
  *          Its implementation is platform-specific,and its implementation MUST be provided.
  *
  */
-void cc_platform_terminate( cc_platform_ctx *ctx );
-
+void crypto_platform_terminate( crypto_platform_ctx *ctx );
+#endif
 #endif /* __PLATFORM_ALT__ */
 
diff --git a/features/mbedtls/platform/inc/platform_mbed.h b/features/mbedtls/platform/inc/platform_mbed.h
@@ -24,3 +24,6 @@
 #if defined(MBEDTLS_CONFIG_HW_SUPPORT)
 #include "mbedtls_device.h"
 #endif
+
+#define MBEDTLS_PLATFORM_INVALID_DATA    -0x0080
+#define MBEDTLS_PLATFORM_HW_FAILED       -0x0082
diff --git a/...cell/FEATURE_CRYPTOCELL310/platform_alt.c → features/mbedtls/platform/src/platform_alt.c b/...cell/FEATURE_CRYPTOCELL310/platform_alt.c → features/mbedtls/platform/src/platform_alt.c
@@ -20,38 +20,33 @@
 
 #include "mbedtls/platform.h"
 #if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-#include "sns_silib.h"
+mbedtls_platform_context ctx = {0};
 
-/* once https://github.com/ARMmbed/mbedtls/issues/1200 will be supported,
- * rndState should be part of mbedtls_platform_context
- * Until then, we should keep it global and extern */
-
-CRYS_RND_State_t     rndState = { { 0 } } ;
-CRYS_RND_WorkBuff_t  rndWorkBuff = { { 0 } } ;
-
-
-int mbedtls_platform_setup( mbedtls_platform_context *ctx )
+int mbedtls_platform_setup( mbedtls_platform_context *obsolete_ctx )
 {
     int ret = 0;
-    if( ctx == NULL )
-        return ( -1 );
 
-    /* call platform specific code to setup CC driver*/
-    if( ( ret = cc_platform_setup( &ctx->platform_impl_ctx ) ) != 0 )
-        return ( ret );
+    ctx.reference_count++;
 
-    if( SaSi_LibInit( &rndState, &rndWorkBuff ) != 0 )
-        return ( -1 );
-    return ( 0 );
+    if( ctx.reference_count == 1 )
+    {
+        /* call platform specific code to setup crypto driver*/
+        ret = crypto_platform_setup( &ctx.platform_impl_ctx );
+    }
+    return ( ret );
 }
 
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
+void mbedtls_platform_teardown( mbedtls_platform_context *obsolete_ctx )
 {
-    if( ctx == NULL )
-        return;
 
-    SaSi_LibFini( &rndState );
-    cc_platform_terminate( &ctx->platform_impl_ctx );
+    ctx.reference_count--;
+
+    if( ctx.reference_count <= 0 )
+    {
+        /* call platform specific code to terminate crypto driver*/
+        crypto_platform_terminate( &ctx.platform_impl_ctx );
+        ctx.reference_count = 0;
+    }
 }
 
 #endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT*/