[crypto] PSA API: remove otPlatCryptoInit API

This commit removes otPlatCryptoInit API and moves responsibility of
initializing the Crypto subsystem to the platform.

Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>

Author: LuDuda

examples/apps/cli/main.c

@@ -56,8 +56,7 @@ extern void otAppCliInit(otInstance *aInstance);
 
 #if OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE
 OT_TOOL_WEAK void *otPlatCAlloc(size_t aNum, size_t aSize) { return calloc(aNum, aSize); }
-
-OT_TOOL_WEAK void otPlatFree(void *aPtr) { free(aPtr); }
+OT_TOOL_WEAK void  otPlatFree(void *aPtr) { free(aPtr); }
 #endif
 
 #if OPENTHREAD_POSIX && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)

examples/apps/ncp/main.c

@@ -62,8 +62,7 @@ extern void otAppNcpInitMulti(otInstance **aInstances, uint8_t count);
 
 #if OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE
 OT_TOOL_WEAK void *otPlatCAlloc(size_t aNum, size_t aSize) { return calloc(aNum, aSize); }
-
-OT_TOOL_WEAK void otPlatFree(void *aPtr) { free(aPtr); }
+OT_TOOL_WEAK void  otPlatFree(void *aPtr) { free(aPtr); }
 #endif
 
 int main(int argc, char *argv[])

examples/platforms/simulation/system.c

@@ -55,6 +55,10 @@
 #include <openthread/platform/radio.h>
 #include <openthread/platform/toolchain.h>
 
+#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+#include <psa/crypto.h>
+#endif
+
 #include "simul_utils.h"
 
 uint32_t gNodeId = 1;
@@ -201,10 +205,13 @@ void otSysInit(int aArgCount, char *aArgVector[])
     signal(SIGTERM, &handleSignal);
     signal(SIGHUP, &handleSignal);
 
-#if OPENTHREAD_PSA_CRYPTO_NATIVE_ITS_FILE && (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+    psa_crypto_init();
+#if OPENTHREAD_PSA_CRYPTO_NATIVE_ITS_FILE
     snprintf(sNativeItsFileNamePrefix, sizeof(sNativeItsFileNamePrefix), "%s/%s_%d_",
              OPENTHREAD_CONFIG_POSIX_SETTINGS_PATH, getenv("PORT_OFFSET") ? getenv("PORT_OFFSET") : "0", gNodeId);
     gItsFileNamePrefix = sNativeItsFileNamePrefix;
+#endif
 #endif
 
     platformLoggingInit(basename(aArgVector[0]));

examples/platforms/simulation/virtual_time/platform-sim.c

@@ -51,6 +51,10 @@
 #include <openthread/platform/alarm-milli.h>
 
 #include "../simul_utils.h"
+#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+#include <psa/crypto.h>
+#endif
+
 #include "lib/platform/exit_code.h"
 #include "utils/uart.h"
 
@@ -278,10 +282,13 @@ void otSysInit(int argc, char *argv[])
         DieNow(OT_EXIT_FAILURE);
     }
 
-#if OPENTHREAD_PSA_CRYPTO_NATIVE_ITS_FILE && (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+#if (OPENTHREAD_CONFIG_CRYPTO_LIB == OPENTHREAD_CONFIG_CRYPTO_LIB_PSA)
+    psa_crypto_init();
+#if OPENTHREAD_PSA_CRYPTO_NATIVE_ITS_FILE
     snprintf(sNativeItsFileNamePrefix, sizeof(sNativeItsFileNamePrefix), "%s/%s_%d_",
              OPENTHREAD_CONFIG_POSIX_SETTINGS_PATH, getenv("PORT_OFFSET") ? getenv("PORT_OFFSET") : "0", gNodeId);
     gItsFileNamePrefix = sNativeItsFileNamePrefix;
+#endif
 #endif
 
     socket_init();

include/openthread/instance.h

@@ -52,7 +52,7 @@ extern "C" {
  *
  * @note This number versions both OpenThread platform and user APIs.
  */
-#define OPENTHREAD_API_VERSION (561)
+#define OPENTHREAD_API_VERSION (563)
 
 /**
  * @addtogroup api-instance

include/openthread/platform/crypto.h

@@ -215,11 +215,6 @@ typedef struct otPlatCryptoEcdsaSignature otPlatCryptoEcdsaSignature;
  */
 #define OT_CRYPTO_PBDKF2_MAX_SALT_SIZE 30
 
-/**
- * Initialize the Crypto module.
- */
-void otPlatCryptoInit(void);
-
 /**
  * Import a key into PSA ITS.
  *
@@ -291,6 +286,33 @@ otError otPlatCryptoDestroyKey(otCryptoKeyRef aKeyRef);
  */
 bool otPlatCryptoHasKey(otCryptoKeyRef aKeyRef);
 
+/**
+ * Dynamically allocates new memory for Crypto subsystem. On platforms that support it, should just redirect to calloc.
+ * For those that don't support calloc, should support the same functionality:
+ *
+ *   "The calloc() function contiguously allocates enough space for count objects that are size bytes of
+ *   memory each and returns a pointer to the allocated memory. The allocated memory is filled with bytes
+ *   of value zero."
+ *
+ * Is required for OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE.
+ *
+ * @param[in] aNum   The number of blocks to allocate
+ * @param[in] aSize  The size of each block to allocate
+ *
+ * @retval void*  The pointer to the front of the memory allocated
+ * @retval NULL   Failed to allocate the memory requested.
+ */
+void *otPlatCryptoCAlloc(size_t aNum, size_t aSize);
+
+/**
+ * Frees memory that was dynamically allocated by otPlatCryptoCAlloc.
+ *
+ * Is required for OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE.
+ *
+ * @param[in] aPtr  A pointer the memory blocks to free. The pointer may be NULL.
+ */
+void otPlatCryptoFree(void *aPtr);
+
 /**
  * Initialize the HMAC operation.
  *

src/core/crypto/crypto_platform_mbedtls.cpp

@@ -47,6 +47,7 @@
 #include <openthread/instance.h>
 #include <openthread/platform/crypto.h>
 #include <openthread/platform/entropy.h>
+#include <openthread/platform/memory.h>
 #include <openthread/platform/time.h>
 
 #include "common/code_utils.hpp"
@@ -78,10 +79,10 @@ static constexpr uint16_t kEntropyMinThreshold = 16;
 #endif
 #endif
 
-OT_TOOL_WEAK void otPlatCryptoInit(void)
-{
-    // Intentionally empty.
-}
+#if OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE
+OT_TOOL_WEAK void *otPlatCryptoCAlloc(size_t aNum, size_t aSize) { return otPlatCAlloc(aNum, aSize); }
+OT_TOOL_WEAK void  otPlatCryptoFree(void *aPtr) { otPlatFree(aPtr); }
+#endif
 
 // AES  Implementation
 OT_TOOL_WEAK otError otPlatCryptoAesInit(otCryptoContext *aContext)

src/core/crypto/crypto_platform_psa.cpp

@@ -40,6 +40,7 @@
 #include <openthread/instance.h>
 #include <openthread/platform/crypto.h>
 #include <openthread/platform/entropy.h>
+#include <openthread/platform/memory.h>
 
 #include "common/code_utils.hpp"
 #include "common/debug.hpp"
@@ -200,7 +201,10 @@ static otError extractPrivateKeyInfo(const uint8_t *aAsn1KeyPair,
     return error;
 }
 
-OT_TOOL_WEAK void otPlatCryptoInit(void) { psa_crypto_init(); }
+#if OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE
+OT_TOOL_WEAK void *otPlatCryptoCAlloc(size_t aNum, size_t aSize) { return otPlatCAlloc(aNum, aSize); }
+OT_TOOL_WEAK void  otPlatCryptoFree(void *aPtr) { otPlatFree(aPtr); }
+#endif
 
 OT_TOOL_WEAK otError otPlatCryptoImportKey(otCryptoKeyRef      *aKeyRef,
                                            otCryptoKeyType      aKeyType,

src/core/crypto/mbedtls.cpp

@@ -57,9 +57,9 @@ MbedTls::MbedTls(void)
     // mbedTLS's debug level is almost the same as OpenThread's
     mbedtls_debug_set_threshold(OPENTHREAD_CONFIG_LOG_LEVEL);
 #endif
-#if OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT
+#if OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT && !OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE
     mbedtls_platform_set_calloc_free(Heap::CAlloc, Heap::Free);
-#endif // OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT
+#endif // OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT && !OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE
 }
 
 Error MbedTls::MapError(int aMbedTlsError)

src/core/thread/key_manager.cpp

@@ -176,8 +176,6 @@ KeyManager::KeyManager(Instance &aInstance)
     , mKekFrameCounter(0)
     , mIsPskcSet(false)
 {
-    otPlatCryptoInit();
-
 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
     {
         NetworkKey networkKey;