[nrf noup] Workaround for PSA P256Keypair Generate

ArekBalysNordic · ArekBalysNordic · commit f782e806232e · 2024-04-24T10:06:08.000+02:00
This is workaround to ensure thread-safety for P256Keypair
generation when both Matter and Openthread threads want to
generate keys.

This workaround can be removed once the PSA core supports
thread-safety.
diff --git a/src/crypto/PSAOperationalKeystore.cpp b/src/crypto/PSAOperationalKeystore.cpp
@@ -22,6 +22,8 @@
 
 #include <psa/crypto.h>
 
+#include <platform/CHIPDeviceLayer.h> // nogncheck
+
 namespace chip {
 namespace Crypto {
 
@@ -63,6 +65,10 @@ CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Generate()
 
     Destroy();
 
+#ifdef CONFIG_NET_L2_OPENTHREAD
+    chip::DeviceLayer::ThreadStackMgr().LockThreadStack();
+#endif
+
     // Type based on ECC with the elliptic curve SECP256r1 -> PSA_ECC_FAMILY_SECP_R1
     psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
     psa_set_key_bits(&attributes, kP256_PrivateKey_Length * 8);
@@ -79,6 +85,9 @@ CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Generate()
     VerifyOrExit(publicKeyLength == kP256_PublicKey_Length, error = CHIP_ERROR_INTERNAL);
 
 exit:
+#ifdef CONFIG_NET_L2_OPENTHREAD
+    chip::DeviceLayer::ThreadStackMgr().UnlockThreadStack();
+#endif
     psa_reset_key_attributes(&attributes);
 
     return error;
