commit 430d3376c90aedaf9f2547964e0bcc5ca04d1445
author Janos Follath <janos.follath@arm.com> Thu Nov 03 14:25:37 2016 +0000
committer Simon Butcher <simon.butcher@arm.com> Thu May 11 22:42:14 2017 +0100
tree 7f6df723efd6962a674e809eaf8366cbe99a2b07
parent 552f6b6d17f4d9311ce1e58b41add584c56d2090

Add thread safety to ECP hardware acceleration

The intended use of the abstraction layer for Elliptic Curve Point
arithmetic is to enable using hardware cryptographic accelerators.
These devices are a shared resource and the driver code rarely provides
thread safety.

This commit adds mutexes to the abstraction layer to protect the device
in a multi-threaded environment.

library/ecp.c

diff --git a/library/ecp.c b/library/ecp.c
index 97fcd01..6d8c897 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -49,6 +49,7 @@
 #if defined(MBEDTLS_ECP_C)
 
 #include "mbedtls/ecp.h"
+#include "mbedtls/threading.h"
 
 #include <string.h>
 
@@ -1685,34 +1686,44 @@
         ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 )
         return( ret );
 
+#if defined(MBEDTLS_ECP_FUNCTION_ALT) && defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_lock( &mbedtls_threading_cryptohw_asym_mutex ) != 0 )
+        return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+#endif
 #if defined(MBEDTLS_ECP_INIT_ALT)
     if ( mbedtls_ecp_alt_grp_capable( grp )  )
     {
         MBEDTLS_MPI_CHK( mbedtls_ecp_alt_init( grp ) );
     }
-#endif
 
+#endif
 #if defined(ECP_MONTGOMERY)
     if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
         ret = ecp_mul_mxz( grp, R, m, P, f_rng, p_rng );
-#endif
 
+#endif
 #if defined(ECP_SHORTWEIERSTRASS)
     if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
         ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng );
-#endif
 
+#endif
 #if defined(MBEDTLS_ECP_INIT_ALT)
     cleanup:
-#endif
 
+#endif
 #if defined(MBEDTLS_ECP_DEINIT_ALT)
     if ( mbedtls_ecp_alt_grp_capable( grp ) )
     {
         mbedtls_ecp_alt_deinit( grp );
     }
-#endif
 
+#endif
+#if defined(MBEDTLS_ECP_FUNCTION_ALT) && defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &mbedtls_threading_cryptohw_asym_mutex ) != 0 )
+        return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+#endif
     return( ret );
 }
 
@@ -1815,11 +1826,17 @@
     MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) );
     MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R,   n, Q ) );
 
+#if defined(MBEDTLS_ECP_FUNCTION_ALT) && defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_lock( &mbedtls_threading_cryptohw_asym_mutex ) != 0 )
+        return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+#endif
 #if defined(MBEDTLS_ECP_INIT_ALT)
     if ( mbedtls_ecp_alt_grp_capable( grp )  )
     {
         MBEDTLS_MPI_CHK( mbedtls_ecp_alt_init( grp ) );
     }
+
 #endif
     MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) );
     MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
@@ -1831,8 +1848,13 @@
     {
         mbedtls_ecp_alt_deinit( grp );
     }
-#endif
 
+#endif
+#if defined(MBEDTLS_ECP_FUNCTION_ALT) && defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &mbedtls_threading_cryptohw_asym_mutex ) != 0 )
+        return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+#endif
     mbedtls_ecp_point_free( &mP );
 
     return( ret );