espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-10 08:04:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/mbedtls-3.1' into 'master'

Browse Source 
Update to mbedtls-3.1

Closes IDF-3723

See merge request espressif/esp-idf!16656
This commit is contained in:
Mahavir Jain
2022-03-03 11:27:48 +08:00
parent cdc00140d0 72f12a0c8c
commit 035d7df1a0
93 changed files with 3200 additions and 1662 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
components/asio/port/mbedtls/include/mbedtls_engine.hpp
View File

@@ -1,5 +1,5 @@
//
// SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
// SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
//
// SPDX-License-Identifier: BSL-1.0
//
@@ -141,7 +141,7 @@ private:
int ret = 0;
mbedtls_ssl_set_bio(&impl_.ssl_, bio_.first.get(), bio_write, bio_read, nullptr);
while (impl_.ssl_.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
while (impl_.ssl_.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
ret = mbedtls_ssl_handshake_step(&impl_.ssl_);
if (ret != 0) {
@@ -189,7 +189,7 @@ private:
bool before_handshake() const
{
return ssl_.state == 0;
return ssl_.MBEDTLS_PRIVATE(state) == 0;
}
int write(const void *buffer, int len)
@@ -246,7 +246,7 @@ private:
return false;
}
ret = mbedtls_pk_parse_key(&pk_key_, ctx->data(container::PRIVKEY), ctx->size(container::PRIVKEY),
nullptr, 0);
nullptr, 0, mbedtls_ctr_drbg_random, &ctr_drbg_);
if (ret < 0) {
print_error("mbedtls_pk_parse_keyfile", ret);
return false;

6
components/bootloader_support/src/idf/bootloader_sha.c
View File

@@ -18,7 +18,7 @@ bootloader_sha256_handle_t bootloader_sha256_start(void)
return NULL;
}
mbedtls_sha256_init(ctx);
int ret = mbedtls_sha256_starts_ret(ctx, false);
int ret = mbedtls_sha256_starts(ctx, false);
if (ret != 0) {
return NULL;
}
@@ -29,7 +29,7 @@ void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data,
{
assert(handle != NULL);
mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle;
int ret = mbedtls_sha256_update_ret(ctx, data, data_len);
int ret = mbedtls_sha256_update(ctx, data, data_len);
assert(ret == 0);
(void)ret;
}
@@ -39,7 +39,7 @@ void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest
assert(handle != NULL);
mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle;
if (digest != NULL) {
int ret = mbedtls_sha256_finish_ret(ctx, digest);
int ret = mbedtls_sha256_finish(ctx, digest);
assert(ret == 0);
(void)ret;
}

12
components/bootloader_support/src/secure_boot_v1/secure_boot_signatures_app.c
View File

@@ -102,8 +102,8 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig
mbedtls_ecdsa_context ecdsa_context;
mbedtls_ecdsa_init(&ecdsa_context);
mbedtls_ecp_group_load(&ecdsa_context.grp, MBEDTLS_ECP_DP_SECP256R1);
size_t plen = mbedtls_mpi_size(&ecdsa_context.grp.P);
mbedtls_ecp_group_load(&ecdsa_context.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1);
size_t plen = mbedtls_mpi_size(&ecdsa_context.MBEDTLS_PRIVATE(grp).P);
if (keylen != 2 * plen) {
ESP_LOGE(TAG, "Incorrect ECDSA key length %d", keylen);
ret = ESP_FAIL;
@@ -111,11 +111,11 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig
}
/* Extract X and Y components from ECDSA public key */
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.Q.X, signature_verification_key_start, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.Q.Y, signature_verification_key_start + plen, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ecdsa_context.Q.Z, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), signature_verification_key_start, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), signature_verification_key_start + plen, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 1));
ret = mbedtls_ecdsa_verify(&ecdsa_context.grp, image_digest, ESP_SECURE_BOOT_DIGEST_LEN, &ecdsa_context.Q, &r, &s);
ret = mbedtls_ecdsa_verify(&ecdsa_context.MBEDTLS_PRIVATE(grp), image_digest, ESP_SECURE_BOOT_DIGEST_LEN, &ecdsa_context.MBEDTLS_PRIVATE(Q), &r, &s);
ESP_LOGD(TAG, "Verification result %d", ret);
cleanup:

18
components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
View File

@@ -222,15 +222,16 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
ESP_LOGI(TAG, "Verifying with RSA-PSS...");
const mbedtls_mpi N = { .s = 1,
.n = sizeof(trusted_block->key.n)/sizeof(mbedtls_mpi_uint),
.p = (void *)trusted_block->key.n,
const mbedtls_mpi N = { .MBEDTLS_PRIVATE(s) = 1,
.MBEDTLS_PRIVATE(n) = sizeof(trusted_block->key.n)/sizeof(mbedtls_mpi_uint),
.MBEDTLS_PRIVATE(p) = (void *)trusted_block->key.n,
};
const mbedtls_mpi e = { .s = 1,
.n = sizeof(trusted_block->key.e)/sizeof(mbedtls_mpi_uint), // 1
.p = (void *)&trusted_block->key.e,
const mbedtls_mpi e = { .MBEDTLS_PRIVATE(s) = 1,
.MBEDTLS_PRIVATE(n) = sizeof(trusted_block->key.e)/sizeof(mbedtls_mpi_uint), // 1
.MBEDTLS_PRIVATE(p) = (void *)&trusted_block->key.e,
};
mbedtls_rsa_init(&pk, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
mbedtls_rsa_init(&pk);
mbedtls_rsa_set_padding(&pk,MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
ret = mbedtls_rsa_import(&pk, &N, NULL, NULL, NULL, &e);
if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_import, err: %d", ret);
@@ -260,8 +261,7 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
goto exit_inner;
}
ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN,
image_digest, sig_be);
ret = mbedtls_rsa_rsassa_pss_verify( &pk, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN, image_digest, sig_be);
if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_rsassa_pss_verify, err: %d", ret);
} else {

1
components/bt/common/api/include/api/esp_blufi_api.h
View File

@@ -74,6 +74,7 @@ typedef enum {
ESP_BLUFI_READ_PARAM_ERROR,
ESP_BLUFI_MAKE_PUBLIC_ERROR,
ESP_BLUFI_DATA_FORMAT_ERROR,
ESP_BLUFI_CALC_MD5_ERROR,
} esp_blufi_error_state_t;
/**

2
components/bt/host/nimble/nimble

Submodule components/bt/host/nimble/nimble updated: 1dc1ec6e76...51f4b84aca

2
components/esp-tls/esp-tls-crypto/esp_tls_crypto.c
View File

@@ -25,7 +25,7 @@ static int esp_crypto_sha1_mbedtls( const unsigned char *input,
size_t ilen,
unsigned char output[20])
{
int ret = mbedtls_sha1_ret(input, ilen, output);
int ret = mbedtls_sha1(input, ilen, output);
if (ret != 0) {
ESP_LOGE(TAG, "Error in calculating sha1 sum , Returned 0x%02X", ret);
}

15
components/esp-tls/esp_tls_mbedtls.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -114,6 +114,14 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const
mbedtls_esp_enable_debug_log(&tls->conf, CONFIG_MBEDTLS_DEBUG_LEVEL);
#endif
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
// NOTE: Mbed TLS currently supports only client-side config with TLS 1.3
if (tls->role != ESP_TLS_SERVER) {
mbedtls_ssl_conf_min_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4);
mbedtls_ssl_conf_max_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4);
}
#endif
if ((ret = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%04X", -ret);
mbedtls_print_error_msg(ret);
@@ -365,7 +373,8 @@ static esp_err_t set_pki_context(esp_tls_t *tls, const esp_tls_pki_t *pki)
#endif
if (pki->privkey_pem_buf != NULL) {
ret = mbedtls_pk_parse_key(pki->pk_key, pki->privkey_pem_buf, pki->privkey_pem_bytes,
pki->privkey_password, pki->privkey_password_len);
pki->privkey_password, pki->privkey_password_len,
mbedtls_ctr_drbg_random, &tls->ctr_drbg);
} else {
return ESP_ERR_INVALID_ARG;
}
@@ -906,7 +915,7 @@ static esp_err_t esp_mbedtls_init_pk_ctx_for_ds(const void *pki)
int ret = -1;
/* initialize the mbedtls pk context with rsa context */
mbedtls_rsa_context rsakey;
mbedtls_rsa_init(&rsakey, MBEDTLS_RSA_PKCS_V15, 0);
mbedtls_rsa_init(&rsakey);
if ((ret = mbedtls_pk_setup_rsa_alt(((const esp_tls_pki_t*)pki)->pk_key, &rsakey, NULL, esp_ds_rsa_sign,
esp_ds_get_keylen )) != 0) {
ESP_LOGE(TAG, "Error in mbedtls_pk_setup_rsa_alt, returned -0x%04X", -ret);

2
components/esp_http_server/src/httpd_ws.c
View File

@@ -143,7 +143,7 @@ esp_err_t httpd_ws_respond_server_handshake(httpd_req_t *req, const char *suppor
/* Generate SHA-1 first and then encode to Base64 */
size_t key_len = strlen(server_raw_text);
mbedtls_sha1_ret((uint8_t *)server_raw_text, key_len, server_key_hash);
mbedtls_sha1((uint8_t *)server_raw_text, key_len, server_key_hash);
size_t encoded_len = 0;
mbedtls_base64_encode((uint8_t *)server_key_encoded, sizeof(server_key_encoded), &encoded_len,

25
components/espcoredump/src/core_dump_checksum.c
View File

@@ -1,17 +1,8 @@
// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @file
* @brief Checksum interface implemetation
@@ -74,7 +65,7 @@ void esp_core_dump_checksum_init(core_dump_checksum_ctx** out_ctx)
s_checksum_context.crc = 0;
#elif CONFIG_ESP_COREDUMP_CHECKSUM_SHA256
mbedtls_sha256_init(&s_checksum_context.ctx);
(void)mbedtls_sha256_starts_ret(&s_checksum_context.ctx, 0);
(void)mbedtls_sha256_starts(&s_checksum_context.ctx, 0);
#endif
s_checksum_context.total_bytes_checksum = 0;
@@ -95,7 +86,7 @@ void esp_core_dump_checksum_update(core_dump_checksum_ctx* cks_ctx, void* data,
// set software mode of SHA calculation
cks_ctx->ctx.mode = ESP_MBEDTLS_SHA256_SOFTWARE;
#endif
(void)mbedtls_sha256_update_ret(&cks_ctx->ctx, data, data_len);
(void)mbedtls_sha256_update(&cks_ctx->ctx, data, data_len);
#endif
// keep counter of cashed bytes
cks_ctx->total_bytes_checksum += data_len;
@@ -120,7 +111,7 @@ uint32_t esp_core_dump_checksum_finish(core_dump_checksum_ctx* cks_ctx, core_dum
#elif CONFIG_ESP_COREDUMP_CHECKSUM_SHA256
if (chs_ptr != NULL) {
(void)mbedtls_sha256_finish_ret(&cks_ctx->ctx, (uint8_t*)&cks_ctx->sha_output);
(void)mbedtls_sha256_finish(&cks_ctx->ctx, (uint8_t*)&cks_ctx->sha_output);
*chs_ptr = &cks_ctx->sha_output[0];
mbedtls_sha256_free(&cks_ctx->ctx);
}

6
components/mbedtls/CMakeLists.txt
View File

@@ -8,11 +8,12 @@ if(NOT BOOTLOADER_BUILD)
endif()
idf_component_register(SRCS "esp_crt_bundle/esp_crt_bundle.c"
INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include"
INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include" "./mbedtls/library"
REQUIRES lwip
PRIV_REQUIRES "${priv_requires}"
)
if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
set(bundle_name "x509_crt_bundle")
set(DEFAULT_CRT_DIR ${COMPONENT_DIR}/esp_crt_bundle)
@@ -88,7 +89,8 @@ endif()
set(mbedtls_targets mbedtls mbedcrypto mbedx509)
set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c"
"${COMPONENT_DIR}/port/net_sockets.c")
"${COMPONENT_DIR}/port/net_sockets.c"
"${COMPONENT_DIR}/port/certs.c")
if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
set(mbedtls_target_sources ${mbedtls_target_sources}

60
components/mbedtls/Kconfig
View File

@@ -114,13 +114,6 @@ menu "mbedTLS"
"MBEDTLS_SSL_IN_CONTENT_LEN", so to save more heap, users can set
the options to be an appropriate value.
config MBEDTLS_DYNAMIC_FREE_PEER_CERT
bool "Free SSL peer certificate after its usage"
default n
depends on MBEDTLS_DYNAMIC_BUFFER
help
Free peer certificate after its usage in handshake process.
config MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
bool "Free private key and DHM data after its usage"
default n
@@ -178,7 +171,18 @@ menu "mbedTLS"
default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG
default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE
menu "mbedTLS v2.28.x related"
menu "mbedTLS v3.x related"
config MBEDTLS_SSL_PROTO_TLS1_3
bool "Support TLS 1.3 protocol"
depends on MBEDTLS_TLS_ENABLED
select MBEDTLS_HKDF_C
default n
config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
bool "Enable TLS 1.3 middlebox compatibility mode"
depends on MBEDTLS_SSL_PROTO_TLS1_3
default y
config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
bool "Variable SSL buffer length"
@@ -189,7 +193,7 @@ menu "mbedTLS"
config MBEDTLS_ECDH_LEGACY_CONTEXT
bool "Use a backward compatible ECDH context (Experimental)"
default y
default n
depends on MBEDTLS_ECDH_C && MBEDTLS_ECP_RESTARTABLE
help
Use the legacy ECDH context format.
@@ -327,6 +331,7 @@ menu "mbedTLS"
config MBEDTLS_ECP_RESTARTABLE
bool "Enable mbedTLS ecp restartable"
select MBEDTLS_ECDH_LEGACY_CONTEXT
default n
help
Enable "non-blocking" ECC operations that can return early and be resumed.
@@ -629,24 +634,6 @@ menu "mbedTLS"
If you don't need renegotiation, disabling it will save code size and
reduce the possibility of abuse/vulnerability.
config MBEDTLS_SSL_PROTO_SSL3
bool "Legacy SSL 3.0 support"
depends on MBEDTLS_TLS_ENABLED
default n
help
Support the legacy SSL 3.0 protocol. Most servers will speak a newer
TLS protocol these days.
config MBEDTLS_SSL_PROTO_TLS1
bool "Support TLS 1.0 protocol"
depends on MBEDTLS_TLS_ENABLED
default y
config MBEDTLS_SSL_PROTO_TLS1_1
bool "Support TLS 1.1 protocol"
depends on MBEDTLS_TLS_ENABLED
default y
config MBEDTLS_SSL_PROTO_TLS1_2
bool "Support TLS 1.2 protocol"
depends on MBEDTLS_TLS_ENABLED
@@ -662,9 +649,8 @@ menu "mbedTLS"
config MBEDTLS_SSL_PROTO_DTLS
bool "Support DTLS protocol (all versions)"
default n
depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2
depends on MBEDTLS_SSL_PROTO_TLS1_2
help
Requires TLS 1.1 to be enabled for DTLS 1.0
Requires TLS 1.2 to be enabled for DTLS 1.2
config MBEDTLS_SSL_ALPN
@@ -682,22 +668,6 @@ menu "mbedTLS"
Client support for RFC 5077 session tickets. See mbedTLS documentation for more details.
Disabling this option will save some code size.
config MBEDTLS_X509_CHECK_KEY_USAGE
bool "Enable verification of the keyUsage extension"
default y
depends on MBEDTLS_TLS_ENABLED
help
Disabling this avoids problems with mis-issued and/or misused (intermediate) CA and leaf certificates.
Depending on your PKI use, disabling this can be a security risk.
config MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
bool "Enable verification of the extendedKeyUsage extension"
default y
depends on MBEDTLS_TLS_ENABLED
help
Disabling this avoids problems with mis-issued and/or misused certificates.
Depending on your PKI use, disabling this can be a security risk.
config MBEDTLS_SERVER_SSL_SESSION_TICKETS
bool "TLS: Server Support for RFC 5077 SSL session tickets"
default y

30
components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
View File

@@ -1,18 +1,8 @@
// Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <esp_system.h>
#include "esp_crt_bundle.h"
@@ -60,21 +50,21 @@ static int esp_crt_check_signature(mbedtls_x509_crt *child, const uint8_t *pub_k
// Fast check to avoid expensive computations when not necessary
if (!mbedtls_pk_can_do(&parent.pk, child->sig_pk)) {
if (!mbedtls_pk_can_do(&parent.pk, child->MBEDTLS_PRIVATE(sig_pk))) {
ESP_LOGE(TAG, "Simple compare failed");
ret = -1;
goto cleanup;
}
md_info = mbedtls_md_info_from_type(child->sig_md);
md_info = mbedtls_md_info_from_type(child->MBEDTLS_PRIVATE(sig_md));
if ( (ret = mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash )) != 0 ) {
ESP_LOGE(TAG, "Internal mbedTLS error %X", ret);
goto cleanup;
}
if ( (ret = mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent.pk,
child->sig_md, hash, mbedtls_md_get_size( md_info ),
child->sig.p, child->sig.len )) != 0 ) {
if ( (ret = mbedtls_pk_verify_ext( child->MBEDTLS_PRIVATE(sig_pk), child->MBEDTLS_PRIVATE(sig_opts), &parent.pk,
child->MBEDTLS_PRIVATE(sig_md), hash, mbedtls_md_get_size( md_info ),
child->MBEDTLS_PRIVATE(sig).p, child->MBEDTLS_PRIVATE(sig).len )) != 0 ) {
ESP_LOGE(TAG, "PK verify failed with error %X", ret);
goto cleanup;

15
components/mbedtls/esp_crt_bundle/gen_crt_bundle.py
View File

@@ -8,19 +8,8 @@
# The bundle will have the format: number of certificates; crt 1 subject name length; crt 1 public key length;
# crt 1 subject name; crt 1 public key; crt 2...
#
# Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Apache-2.0
from __future__ import with_statement

2
components/mbedtls/mbedtls

Submodule components/mbedtls/mbedtls updated: 8b0e35f2ad...9bb5effc32

23
components/mbedtls/port/aes/esp_aes_common.c
View File

@@ -1,23 +1,12 @@
/**
* \brief AES block cipher, ESP hardware accelerated version, common
/*
* AES block cipher, ESP hardware accelerated version, common
* Based on mbedTLS FIPS-197 compliant version.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@@ -25,12 +14,12 @@
* http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
#include "aes/esp_aes_internal.h"
#include "mbedtls/aes.h"
#include "hal/aes_hal.h"
#include "hal/aes_types.h"
#include "soc/soc_caps.h"
#include "mbedtls/error.h"
#include <string.h>
#include "mbedtls/platform.h"

103
components/mbedtls/port/aes/esp_aes_gcm.c
View File

@@ -1,23 +1,12 @@
/**
* \brief GCM block cipher, ESP DMA hardware accelerated version
/*
* GCM block cipher, ESP DMA hardware accelerated version
* Based on mbedTLS FIPS-197 compliant version.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@@ -25,7 +14,6 @@
* http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
#include "soc/soc_caps.h"
#if SOC_AES_SUPPORT_GCM
@@ -336,15 +324,12 @@ void esp_aes_gcm_free( esp_gcm_context *ctx)
int esp_aes_gcm_starts( esp_gcm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len,
const unsigned char *aad,
size_t aad_len )
size_t iv_len )
{
/* IV and AD are limited to 2^32 bits, so 2^29 bytes */
/* IV is limited to 2^32 bits, so 2^29 bytes */
/* IV is not allowed to be zero length */
if ( iv_len == 0 ||
( (uint32_t) iv_len ) >> 29 != 0 ||
( (uint32_t) aad_len ) >> 29 != 0 ) {
( (uint32_t) iv_len ) >> 29 != 0 ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
}
@@ -358,19 +343,12 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
return -1;
}
if ( (aad_len > 0) && !aad) {
ESP_LOGE(TAG, "No aad supplied");
return -1;
}
/* Initialize AES-GCM context */
memset(ctx->ghash, 0, sizeof(ctx->ghash));
ctx->data_len = 0;
ctx->iv = iv;
ctx->iv_len = iv_len;
ctx->aad = aad;
ctx->aad_len = aad_len;
ctx->mode = mode;
/* H and the lookup table are only generated once per ctx */
@@ -389,6 +367,40 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
ctx->gcm_state = ESP_AES_GCM_STATE_START;
return ( 0 );
}
int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
const unsigned char *aad,
size_t aad_len )
{
/* AD are limited to 2^32 bits, so 2^29 bytes */
if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
}
if (!ctx) {
ESP_LOGE(TAG, "No AES context supplied");
return -1;
}
if ( (aad_len > 0) && !aad) {
ESP_LOGE(TAG, "No aad supplied");
return -1;
}
/* Initialize AES-GCM context */
memset(ctx->ghash, 0, sizeof(ctx->ghash));
ctx->data_len = 0;
ctx->aad = aad;
ctx->aad_len = aad_len;
if (ctx->gcm_state != ESP_AES_GCM_STATE_START) {
ESP_LOGE(TAG, "AES context in invalid state!");
return -1;
}
/* Once H is obtained we need to derive J0 (Initial Counter Block) */
esp_gcm_derive_J0(ctx);
@@ -405,9 +417,9 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
/* Perform AES-GCM operation */
int esp_aes_gcm_update( esp_gcm_context *ctx,
size_t length,
const unsigned char *input,
unsigned char *output )
const unsigned char *input, size_t input_length,
unsigned char *output, size_t output_size,
size_t *output_length )
{
size_t nc_off = 0;
uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
@@ -426,7 +438,7 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
return -1;
}
if ( output > input && (size_t) ( output - input ) < length ) {
if ( output > input && (size_t) ( output - input ) < input_length ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
}
/* If this is the first time esp_gcm_update is getting called
@@ -444,21 +456,21 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
/* Perform intermediate GHASH on "encrypted" data during decryption */
if (ctx->mode == ESP_AES_DECRYPT) {
esp_gcm_ghash(ctx, input, length, ctx->ghash);
esp_gcm_ghash(ctx, input, input_length, ctx->ghash);
}
/* Output = GCTR(J0, Input): Encrypt/Decrypt the input */
esp_aes_crypt_ctr(&ctx->aes_ctx, length, &nc_off, nonce_counter, stream, input, output);
esp_aes_crypt_ctr(&ctx->aes_ctx, input_length, &nc_off, nonce_counter, stream, input, output);
/* ICB gets auto incremented after GCTR operation here so update the context */
memcpy(ctx->J0, nonce_counter, AES_BLOCK_BYTES);
/* Keep updating the length counter for final tag calculation */
ctx->data_len += length;
ctx->data_len += input_length;
/* Perform intermediate GHASH on "encrypted" data during encryption*/
if (ctx->mode == ESP_AES_ENCRYPT) {
esp_gcm_ghash(ctx, output, length, ctx->ghash);
esp_gcm_ghash(ctx, output, input_length, ctx->ghash);
}
return 0;
@@ -466,8 +478,9 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
/* Function to read the tag value */
int esp_aes_gcm_finish( esp_gcm_context *ctx,
unsigned char *tag,
size_t tag_len )
unsigned char *output, size_t output_size,
size_t *output_length,
unsigned char *tag, size_t tag_len )
{
size_t nc_off = 0;
uint8_t len_block[AES_BLOCK_BYTES] = {0};
@@ -531,15 +544,19 @@ static int esp_aes_gcm_crypt_and_tag_partial_hw( esp_gcm_context *ctx,
{
int ret = 0;
if ( ( ret = esp_aes_gcm_starts( ctx, mode, iv, iv_len, aad, aad_len ) ) != 0 ) {
if ( ( ret = esp_aes_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 ) {
return ( ret );
}
if ( ( ret = esp_aes_gcm_update( ctx, length, input, output ) ) != 0 ) {
if ( ( ret = esp_aes_gcm_update_ad( ctx, aad, aad_len ) ) != 0 ) {
return ( ret );
}
if ( ( ret = esp_aes_gcm_finish( ctx, tag, tag_len ) ) != 0 ) {
if ( ( ret = esp_aes_gcm_update( ctx, input, length, output, 0, NULL ) ) != 0 ) {
return ( ret );
}
if ( ( ret = esp_aes_gcm_finish( ctx, output, 0, NULL, tag, tag_len ) ) != 0 ) {
return ( ret );
}

1743
components/mbedtls/port/certs.c Normal file
View File

File diff suppressed because it is too large Load Diff

206
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
View File

@@ -44,8 +44,8 @@ static void esp_mbedtls_init_ssl_buf(struct esp_mbedtls_ssl_buf *buf, unsigned i
static void esp_mbedtls_parse_record_header(mbedtls_ssl_context *ssl)
{
ssl->in_msgtype = ssl->in_hdr[0];
ssl->in_msglen = (ssl->in_len[0] << 8) | ssl->in_len[1];
ssl->MBEDTLS_PRIVATE(in_msgtype) = ssl->MBEDTLS_PRIVATE(in_hdr)[0];
ssl->MBEDTLS_PRIVATE(in_msglen) = (ssl->MBEDTLS_PRIVATE(in_len)[0] << 8) | ssl->MBEDTLS_PRIVATE(in_len)[1];
}
static int tx_buffer_len(mbedtls_ssl_context *ssl, int len)
@@ -56,92 +56,92 @@ static int tx_buffer_len(mbedtls_ssl_context *ssl, int len)
return MBEDTLS_SSL_OUT_BUFFER_LEN;
} else {
return len + MBEDTLS_SSL_HEADER_LEN
+ MBEDTLS_SSL_COMPRESSION_ADD
+ MBEDTLS_MAX_IV_LENGTH
+ MBEDTLS_SSL_MAC_ADD
+ MBEDTLS_SSL_PADDING_ADD;
+ MBEDTLS_SSL_PADDING_ADD
+ MBEDTLS_SSL_MAX_CID_EXPANSION;
}
}
static void init_tx_buffer(mbedtls_ssl_context *ssl, unsigned char *buf)
{
/**
* In mbedtls, ssl->out_msg = ssl->out_buf + offset;
* In mbedtls, ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + offset;
*/
if (!buf) {
int out_msg_off = (int)ssl->out_msg - (int)ssl->out_buf;
int out_msg_off = (int)ssl->MBEDTLS_PRIVATE(out_msg) - (int)ssl->MBEDTLS_PRIVATE(out_buf);
if (!out_msg_off) {
out_msg_off = MBEDTLS_SSL_HEADER_LEN;
}
ssl->out_buf = NULL;
ssl->out_ctr = NULL;
ssl->out_hdr = NULL;
ssl->out_len = NULL;
ssl->out_iv = NULL;
ssl->out_msg = (unsigned char *)out_msg_off;
ssl->MBEDTLS_PRIVATE(out_buf) = NULL;
ssl->MBEDTLS_PRIVATE(out_ctr) = NULL;
ssl->MBEDTLS_PRIVATE(out_hdr) = NULL;
ssl->MBEDTLS_PRIVATE(out_len) = NULL;
ssl->MBEDTLS_PRIVATE(out_iv) = NULL;
ssl->MBEDTLS_PRIVATE(out_msg) = (unsigned char *)out_msg_off;
} else {
int out_msg_off = (int)ssl->out_msg;
int out_msg_off = (int)ssl->MBEDTLS_PRIVATE(out_msg);
ssl->out_buf = buf;
ssl->out_ctr = ssl->out_buf;
ssl->out_hdr = ssl->out_buf + 8;
ssl->out_len = ssl->out_buf + 11;
ssl->out_iv = ssl->out_buf + MBEDTLS_SSL_HEADER_LEN;
ssl->out_msg = ssl->out_buf + out_msg_off;
ssl->MBEDTLS_PRIVATE(out_buf) = buf;
ssl->MBEDTLS_PRIVATE(out_ctr) = ssl->MBEDTLS_PRIVATE(out_buf);
ssl->MBEDTLS_PRIVATE(out_hdr) = ssl->MBEDTLS_PRIVATE(out_buf) + 8;
ssl->MBEDTLS_PRIVATE(out_len) = ssl->MBEDTLS_PRIVATE(out_buf) + 11;
ssl->MBEDTLS_PRIVATE(out_iv) = ssl->MBEDTLS_PRIVATE(out_buf) + MBEDTLS_SSL_HEADER_LEN;
ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + out_msg_off;
ESP_LOGV(TAG, "out msg offset is %d", out_msg_off);
}
ssl->out_msgtype = 0;
ssl->out_msglen = 0;
ssl->out_left = 0;
ssl->MBEDTLS_PRIVATE(out_msgtype) = 0;
ssl->MBEDTLS_PRIVATE(out_msglen) = 0;
ssl->MBEDTLS_PRIVATE(out_left) = 0;
}
static void init_rx_buffer(mbedtls_ssl_context *ssl, unsigned char *buf)
{
/**
* In mbedtls, ssl->in_msg = ssl->in_buf + offset;
* In mbedtls, ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + offset;
*/
if (!buf) {
int in_msg_off = (int)ssl->in_msg - (int)ssl->in_buf;
int in_msg_off = (int)ssl->MBEDTLS_PRIVATE(in_msg) - (int)ssl->MBEDTLS_PRIVATE(in_buf);
if (!in_msg_off) {
in_msg_off = MBEDTLS_SSL_HEADER_LEN;
}
ssl->in_buf = NULL;
ssl->in_ctr = NULL;
ssl->in_hdr = NULL;
ssl->in_len = NULL;
ssl->in_iv = NULL;
ssl->in_msg = (unsigned char *)in_msg_off;
ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
ssl->MBEDTLS_PRIVATE(in_ctr) = NULL;
ssl->MBEDTLS_PRIVATE(in_hdr) = NULL;
ssl->MBEDTLS_PRIVATE(in_len) = NULL;
ssl->MBEDTLS_PRIVATE(in_iv) = NULL;
ssl->MBEDTLS_PRIVATE(in_msg) = (unsigned char *)in_msg_off;
} else {
int in_msg_off = (int)ssl->in_msg;
int in_msg_off = (int)ssl->MBEDTLS_PRIVATE(in_msg);
ssl->in_buf = buf;
ssl->in_ctr = ssl->in_buf;
ssl->in_hdr = ssl->in_buf + 8;
ssl->in_len = ssl->in_buf + 11;
ssl->in_iv = ssl->in_buf + MBEDTLS_SSL_HEADER_LEN;
ssl->in_msg = ssl->in_buf + in_msg_off;
ssl->MBEDTLS_PRIVATE(in_buf) = buf;
ssl->MBEDTLS_PRIVATE(in_ctr) = ssl->MBEDTLS_PRIVATE(in_buf);
ssl->MBEDTLS_PRIVATE(in_hdr) = ssl->MBEDTLS_PRIVATE(in_buf) + 8;
ssl->MBEDTLS_PRIVATE(in_len) = ssl->MBEDTLS_PRIVATE(in_buf) + 11;
ssl->MBEDTLS_PRIVATE(in_iv) = ssl->MBEDTLS_PRIVATE(in_buf) + MBEDTLS_SSL_HEADER_LEN;
ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + in_msg_off;
ESP_LOGV(TAG, "in msg offset is %d", in_msg_off);
}
ssl->in_msgtype = 0;
ssl->in_msglen = 0;
ssl->in_left = 0;
ssl->MBEDTLS_PRIVATE(in_msgtype) = 0;
ssl->MBEDTLS_PRIVATE(in_msglen) = 0;
ssl->MBEDTLS_PRIVATE(in_left) = 0;
}
static int esp_mbedtls_alloc_tx_buf(mbedtls_ssl_context *ssl, int len)
{
struct esp_mbedtls_ssl_buf *esp_buf;
if (ssl->out_buf) {
esp_mbedtls_free_buf(ssl->out_buf);
ssl->out_buf = NULL;
if (ssl->MBEDTLS_PRIVATE(out_buf)) {
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
ssl->MBEDTLS_PRIVATE(out_buf) = NULL;
}
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + len);
@@ -154,11 +154,11 @@ static int esp_mbedtls_alloc_tx_buf(mbedtls_ssl_context *ssl, int len)
esp_mbedtls_init_ssl_buf(esp_buf, len);
/**
* Mark the out_msg offset from ssl->out_buf.
* Mark the out_msg offset from ssl->MBEDTLS_PRIVATE(out_buf).
*
* In mbedtls, ssl->out_msg = ssl->out_buf + offset;
* In mbedtls, ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + offset;
*/
ssl->out_msg = (unsigned char *)MBEDTLS_SSL_HEADER_LEN;
ssl->MBEDTLS_PRIVATE(out_msg) = (unsigned char *)MBEDTLS_SSL_HEADER_LEN;
init_tx_buffer(ssl, esp_buf->buf);
@@ -170,14 +170,14 @@ int esp_mbedtls_setup_tx_buffer(mbedtls_ssl_context *ssl)
CHECK_OK(esp_mbedtls_alloc_tx_buf(ssl, TX_IDLE_BUFFER_SIZE));
/* mark the out buffer has no data cached */
esp_mbedtls_set_buf_state(ssl->out_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED);
esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(out_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED);
return 0;
}
void esp_mbedtls_setup_rx_buffer(mbedtls_ssl_context *ssl)
{
ssl->in_msg = ssl->in_buf = NULL;
ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
init_rx_buffer(ssl, NULL);
}
@@ -188,7 +188,7 @@ int esp_mbedtls_reset_add_tx_buffer(mbedtls_ssl_context *ssl)
int esp_mbedtls_reset_free_tx_buffer(mbedtls_ssl_context *ssl)
{
esp_mbedtls_free_buf(ssl->out_buf);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
init_tx_buffer(ssl, NULL);
CHECK_OK(esp_mbedtls_setup_tx_buffer(ssl));
@@ -200,9 +200,9 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl)
{
struct esp_mbedtls_ssl_buf *esp_buf;
if (ssl->in_buf) {
esp_mbedtls_free_buf(ssl->in_buf);
ssl->in_buf = NULL;
if (ssl->MBEDTLS_PRIVATE(in_buf)) {
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
}
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + MBEDTLS_SSL_IN_BUFFER_LEN);
@@ -215,11 +215,11 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl)
esp_mbedtls_init_ssl_buf(esp_buf, MBEDTLS_SSL_IN_BUFFER_LEN);
/**
* Mark the in_msg offset from ssl->in_buf.
* Mark the in_msg offset from ssl->MBEDTLS_PRIVATE(in_buf).
*
* In mbedtls, ssl->in_msg = ssl->in_buf + offset;
* In mbedtls, ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + offset;
*/
ssl->in_msg = (unsigned char *)MBEDTLS_SSL_HEADER_LEN;
ssl->MBEDTLS_PRIVATE(in_msg) = (unsigned char *)MBEDTLS_SSL_HEADER_LEN;
init_rx_buffer(ssl, esp_buf->buf);
@@ -228,7 +228,7 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl)
void esp_mbedtls_reset_free_rx_buffer(mbedtls_ssl_context *ssl)
{
esp_mbedtls_free_buf(ssl->in_buf);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
init_rx_buffer(ssl, NULL);
}
@@ -241,14 +241,14 @@ int esp_mbedtls_add_tx_buffer(mbedtls_ssl_context *ssl, size_t buffer_len)
ESP_LOGV(TAG, "--> add out");
if (ssl->out_buf) {
if (esp_mbedtls_get_buf_state(ssl->out_buf) == ESP_MBEDTLS_SSL_BUF_CACHED) {
if (ssl->MBEDTLS_PRIVATE(out_buf)) {
if (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(out_buf)) == ESP_MBEDTLS_SSL_BUF_CACHED) {
ESP_LOGV(TAG, "out buffer is not empty");
ret = 0;
goto exit;
} else {
memcpy(cache_buf, ssl->out_buf, CACHE_BUFFER_SIZE);
esp_mbedtls_free_buf(ssl->out_buf);
memcpy(cache_buf, ssl->MBEDTLS_PRIVATE(out_buf), CACHE_BUFFER_SIZE);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
init_tx_buffer(ssl, NULL);
cached = 1;
}
@@ -269,11 +269,11 @@ int esp_mbedtls_add_tx_buffer(mbedtls_ssl_context *ssl, size_t buffer_len)
init_tx_buffer(ssl, esp_buf->buf);
if (cached) {
memcpy(ssl->out_ctr, cache_buf, COUNTER_SIZE);
memcpy(ssl->out_iv, cache_buf + COUNTER_SIZE, CACHE_IV_SIZE);
memcpy(ssl->MBEDTLS_PRIVATE(out_ctr), cache_buf, COUNTER_SIZE);
memcpy(ssl->MBEDTLS_PRIVATE(out_iv), cache_buf + COUNTER_SIZE, CACHE_IV_SIZE);
}
ESP_LOGV(TAG, "ssl->out_buf=%p ssl->out_msg=%p", ssl->out_buf, ssl->out_msg);
ESP_LOGV(TAG, "ssl->MBEDTLS_PRIVATE(out_buf)=%p ssl->MBEDTLS_PRIVATE(out_msg)=%p", ssl->MBEDTLS_PRIVATE(out_buf), ssl->MBEDTLS_PRIVATE(out_msg));
exit:
ESP_LOGV(TAG, "<-- add out");
@@ -290,15 +290,15 @@ int esp_mbedtls_free_tx_buffer(mbedtls_ssl_context *ssl)
ESP_LOGV(TAG, "--> free out");
if (!ssl->out_buf || (ssl->out_buf && (esp_mbedtls_get_buf_state(ssl->out_buf) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) {
if (!ssl->MBEDTLS_PRIVATE(out_buf) || (ssl->MBEDTLS_PRIVATE(out_buf) && (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(out_buf)) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) {
ret = 0;
goto exit;
}
memcpy(buf, ssl->out_ctr, COUNTER_SIZE);
memcpy(buf + COUNTER_SIZE, ssl->out_iv, CACHE_IV_SIZE);
memcpy(buf, ssl->MBEDTLS_PRIVATE(out_ctr), COUNTER_SIZE);
memcpy(buf + COUNTER_SIZE, ssl->MBEDTLS_PRIVATE(out_iv), CACHE_IV_SIZE);
esp_mbedtls_free_buf(ssl->out_buf);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
init_tx_buffer(ssl, NULL);
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + TX_IDLE_BUFFER_SIZE);
@@ -310,7 +310,7 @@ int esp_mbedtls_free_tx_buffer(mbedtls_ssl_context *ssl)
esp_mbedtls_init_ssl_buf(esp_buf, TX_IDLE_BUFFER_SIZE);
memcpy(esp_buf->buf, buf, CACHE_BUFFER_SIZE);
init_tx_buffer(ssl, esp_buf->buf);
esp_mbedtls_set_buf_state(ssl->out_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED);
esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(out_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED);
exit:
ESP_LOGV(TAG, "<-- free out");
@@ -329,8 +329,8 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
ESP_LOGV(TAG, "--> add rx");
if (ssl->in_buf) {
if (esp_mbedtls_get_buf_state(ssl->in_buf) == ESP_MBEDTLS_SSL_BUF_CACHED) {
if (ssl->MBEDTLS_PRIVATE(in_buf)) {
if (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(in_buf)) == ESP_MBEDTLS_SSL_BUF_CACHED) {
ESP_LOGV(TAG, "in buffer is not empty");
ret = 0;
goto exit;
@@ -339,8 +339,8 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
}
}
ssl->in_hdr = msg_head;
ssl->in_len = msg_head + 3;
ssl->MBEDTLS_PRIVATE(in_hdr) = msg_head;
ssl->MBEDTLS_PRIVATE(in_len) = msg_head + 3;
if ((ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl))) != 0) {
if (ret == MBEDTLS_ERR_SSL_TIMEOUT) {
@@ -356,16 +356,16 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
esp_mbedtls_parse_record_header(ssl);
in_left = ssl->in_left;
in_msglen = ssl->in_msglen;
in_left = ssl->MBEDTLS_PRIVATE(in_left);
in_msglen = ssl->MBEDTLS_PRIVATE(in_msglen);
buffer_len = tx_buffer_len(ssl, in_msglen);
ESP_LOGV(TAG, "message length is %d RX buffer length should be %d left is %d",
(int)in_msglen, (int)buffer_len, (int)ssl->in_left);
(int)in_msglen, (int)buffer_len, (int)ssl->MBEDTLS_PRIVATE(in_left));
if (cached) {
memcpy(cache_buf, ssl->in_buf, 16);
esp_mbedtls_free_buf(ssl->in_buf);
memcpy(cache_buf, ssl->MBEDTLS_PRIVATE(in_buf), 16);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
init_rx_buffer(ssl, NULL);
}
@@ -382,13 +382,13 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
init_rx_buffer(ssl, esp_buf->buf);
if (cached) {
memcpy(ssl->in_ctr, cache_buf, 8);
memcpy(ssl->in_iv, cache_buf + 8, 8);
memcpy(ssl->MBEDTLS_PRIVATE(in_ctr), cache_buf, 8);
memcpy(ssl->MBEDTLS_PRIVATE(in_iv), cache_buf + 8, 8);
}
memcpy(ssl->in_hdr, msg_head, in_left);
ssl->in_left = in_left;
ssl->in_msglen = 0;
memcpy(ssl->MBEDTLS_PRIVATE(in_hdr), msg_head, in_left);
ssl->MBEDTLS_PRIVATE(in_left) = in_left;
ssl->MBEDTLS_PRIVATE(in_msglen) = 0;
exit:
ESP_LOGV(TAG, "<-- add rx");
@@ -407,23 +407,23 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl)
/**
* When have read multi messages once, can't free the input buffer directly.
*/
if (!ssl->in_buf || (ssl->in_hslen && (ssl->in_hslen < ssl->in_msglen)) ||
(ssl->in_buf && (esp_mbedtls_get_buf_state(ssl->in_buf) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) {
if (!ssl->MBEDTLS_PRIVATE(in_buf) || (ssl->MBEDTLS_PRIVATE(in_hslen) && (ssl->MBEDTLS_PRIVATE(in_hslen) < ssl->MBEDTLS_PRIVATE(in_msglen))) ||
(ssl->MBEDTLS_PRIVATE(in_buf) && (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(in_buf)) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) {
ret = 0;
goto exit;
}
/**
* The previous processing is just skipped, so "ssl->in_msglen = 0"
* The previous processing is just skipped, so "ssl->MBEDTLS_PRIVATE(in_msglen) = 0"
*/
if (!ssl->in_msgtype) {
if (!ssl->MBEDTLS_PRIVATE(in_msgtype)) {
goto exit;
}
memcpy(buf, ssl->in_ctr, 8);
memcpy(buf + 8, ssl->in_iv, 8);
memcpy(buf, ssl->MBEDTLS_PRIVATE(in_ctr), 8);
memcpy(buf + 8, ssl->MBEDTLS_PRIVATE(in_iv), 8);
esp_mbedtls_free_buf(ssl->in_buf);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
init_rx_buffer(ssl, NULL);
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + 16);
@@ -436,7 +436,7 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl)
esp_mbedtls_init_ssl_buf(esp_buf, 16);
memcpy(esp_buf->buf, buf, 16);
init_rx_buffer(ssl, esp_buf->buf);
esp_mbedtls_set_buf_state(ssl->in_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED);
esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(in_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED);
exit:
ESP_LOGV(TAG, "<-- free rx");
@@ -449,10 +449,10 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num)
size_t bytes = 0;
while (cert) {
bytes += cert->raw.len;
bytes += cert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len);
n++;
cert = cert->next;
cert = cert->MBEDTLS_PRIVATE(next);
}
*num = n;
@@ -464,15 +464,15 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num)
void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl)
{
#ifdef CONFIG_MBEDTLS_DHM_C
mbedtls_mpi_free((mbedtls_mpi *)&ssl->conf->dhm_P);
mbedtls_mpi_free((mbedtls_mpi *)&ssl->conf->dhm_G);
mbedtls_mpi_free((mbedtls_mpi *)&ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(dhm_P));
mbedtls_mpi_free((mbedtls_mpi *)&ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(dhm_G));
#endif /* CONFIG_MBEDTLS_DHM_C */
}
void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->conf;
mbedtls_ssl_key_cert *keycert = conf->key_cert, *next;
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->MBEDTLS_PRIVATE(conf);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert), *next;
while (keycert) {
next = keycert->next;
@@ -484,12 +484,12 @@ void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
keycert = next;
}
conf->key_cert = NULL;
conf->MBEDTLS_PRIVATE(key_cert) = NULL;
}
void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *keycert = ssl->conf->key_cert;
mbedtls_ssl_key_cert *keycert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
while (keycert) {
if (keycert->key) {
@@ -502,7 +502,7 @@ void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *keycert = ssl->conf->key_cert;
mbedtls_ssl_key_cert *keycert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
while (keycert) {
if (keycert->cert) {
@@ -517,11 +517,11 @@ void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl)
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT
void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
{
if (ssl->conf->ca_chain) {
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->conf;
if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) {
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->MBEDTLS_PRIVATE(conf);
mbedtls_x509_crt_free(conf->ca_chain);
conf->ca_chain = NULL;
mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
conf->MBEDTLS_PRIVATE(ca_chain) = NULL;
}
}
#endif /* CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT */

10
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
View File

@@ -3,14 +3,20 @@
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _DYNAMIC_IMPL_H_
#define _DYNAMIC_IMPL_H_
#include <stddef.h>
#include <string.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#include "ssl_misc.h" // located at mbedtls/library/ssl_misc.h
#include "mbedtls/platform.h"
#include "esp_log.h"

16
components/mbedtls/port/dynamic/esp_ssl_cli.c
View File

@@ -15,14 +15,14 @@ static const char *TAG = "SSL client";
static int manage_resource(mbedtls_ssl_context *ssl, bool add)
{
int state = add ? ssl->state : ssl->state - 1;
int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
return 0;
}
if (!add) {
if (!ssl->out_left) {
if (!ssl->MBEDTLS_PRIVATE(out_left)) {
CHECK_OK(esp_mbedtls_free_tx_buffer(ssl));
}
}
@@ -61,25 +61,25 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
if (add) {
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
} else {
if (!ssl->keep_current_message) {
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
}
}
break;
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
if (add) {
if (!ssl->keep_current_message) {
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
}
} else {
if (!ssl->keep_current_message) {
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
}
}
break;
case MBEDTLS_SSL_SERVER_HELLO_DONE:
if (add) {
if (!ssl->keep_current_message) {
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
}
} else {
@@ -91,7 +91,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
if (add) {
size_t buffer_len = 3;
mbedtls_ssl_key_cert *key_cert = ssl->conf->key_cert;
mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
while (key_cert && key_cert->cert) {
size_t num;

10
components/mbedtls/port/dynamic/esp_ssl_srv.c
View File

@@ -14,21 +14,21 @@ static const char *TAG = "SSL Server";
static int manage_resource(mbedtls_ssl_context *ssl, bool add)
{
int state = add ? ssl->state : ssl->state - 1;
int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
return 0;
}
if (!add) {
if (!ssl->out_left) {
if (!ssl->MBEDTLS_PRIVATE(out_left)) {
CHECK_OK(esp_mbedtls_free_tx_buffer(ssl));
}
}
switch (state) {
case MBEDTLS_SSL_HELLO_REQUEST:
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->MBEDTLS_PRIVATE(major_ver) = MBEDTLS_SSL_MAJOR_VERSION_3;
break;
case MBEDTLS_SSL_CLIENT_HELLO:
if (add) {
@@ -49,7 +49,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
case MBEDTLS_SSL_SERVER_CERTIFICATE:
if (add) {
size_t buffer_len = 3;
mbedtls_ssl_key_cert *key_cert = ssl->conf->key_cert;
mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
while (key_cert && key_cert->cert) {
size_t num;

42
components/mbedtls/port/dynamic/esp_ssl_tls.c
View File

@@ -3,7 +3,6 @@
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <sys/param.h>
#include "esp_mbedtls_dynamic_impl.h"
@@ -27,7 +26,7 @@ static const char *TAG = "SSL TLS";
static int tx_done(mbedtls_ssl_context *ssl)
{
if (!ssl->out_left)
if (!ssl->MBEDTLS_PRIVATE(out_left))
return 1;
return 0;
@@ -35,12 +34,11 @@ static int tx_done(mbedtls_ssl_context *ssl)
static int rx_done(mbedtls_ssl_context *ssl)
{
if (!ssl->in_msglen) {
if (!ssl->MBEDTLS_PRIVATE(in_msglen)) {
return 1;
}
ESP_LOGD(TAG, "RX left %zu bytes", ssl->in_msglen);
ESP_LOGD(TAG, "RX left %zu bytes", ssl->MBEDTLS_PRIVATE(in_msglen));
return 0;
}
@@ -49,15 +47,15 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
{
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
#endif
#if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
@@ -70,17 +68,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
defined(MBEDTLS_SSL_PROTO_TLS1_1)
mbedtls_md5_init( &handshake->fin_md5 );
mbedtls_sha1_init( &handshake->fin_sha1 );
mbedtls_md5_starts_ret( &handshake->fin_md5 );
mbedtls_sha1_starts_ret( &handshake->fin_sha1 );
mbedtls_md5_starts( &handshake->fin_md5 );
mbedtls_sha1_starts( &handshake->fin_sha1 );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_init( &handshake->fin_sha256 );
mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
#endif
#if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_init( &handshake->fin_sha512 );
mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 );
mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -179,10 +177,12 @@ int __wrap_mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config
ssl->conf = conf;
CHECK_OK(ssl_handshake_init(ssl));
ssl->out_buf = NULL;
mbedtls_free(ssl->MBEDTLS_PRIVATE(out_buf));
ssl->MBEDTLS_PRIVATE(out_buf) = NULL;
CHECK_OK(esp_mbedtls_setup_tx_buffer(ssl));
ssl->in_buf = NULL;
mbedtls_free(ssl->MBEDTLS_PRIVATE(in_buf));
ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
esp_mbedtls_setup_rx_buffer(ssl);
return 0;
@@ -229,14 +229,14 @@ int __wrap_mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t
void __wrap_mbedtls_ssl_free(mbedtls_ssl_context *ssl)
{
if (ssl->out_buf) {
esp_mbedtls_free_buf(ssl->out_buf);
ssl->out_buf = NULL;
if (ssl->MBEDTLS_PRIVATE(out_buf)) {
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
ssl->MBEDTLS_PRIVATE(out_buf) = NULL;
}
if (ssl->in_buf) {
esp_mbedtls_free_buf(ssl->in_buf);
ssl->in_buf = NULL;
if (ssl->MBEDTLS_PRIVATE(in_buf)) {
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
}
__real_mbedtls_ssl_free(ssl);

39
components/mbedtls/port/esp32/bignum.c
View File

@@ -1,26 +1,13 @@
/**
* \brief Multi-precision integer library, ESP-IDF hardware accelerated parts
/*
* Multi-precision integer library
* ESP32 hardware accelerated parts based on mbedTLS implementation
*
* based on mbedTLS implementation
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#include "soc/hwcrypto_periph.h"
#include "soc/dport_reg.h"
#include "esp_private/periph_ctrl.h"
@@ -83,11 +70,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t hw_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(hw_words, mpi->n);
uint32_t copy_words = MIN(hw_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (uint32_t i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p[i]);
}
/* Zero any remaining memory block data */
@@ -105,15 +92,15 @@ static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, s
*/
static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, size_t num_words)
{
assert(x->n >= num_words);
assert(x->MBEDTLS_PRIVATE(n) >= num_words);
/* Copy data from memory block registers */
esp_dport_access_read_buffer(x->p, mem_base, num_words);
esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words);
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p[i]) = 0;
}
}
@@ -215,7 +202,7 @@ int esp_mont_hw_op(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, c
mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Y, hw_words);
start_op(RSA_MULT_START_REG);
Z->s = 1; // The sign of Z will be = M->s (but M->s is always 1)
Z->MBEDTLS_PRIVATE(s) = 1; // The sign of Z will be = M->s (but M->s is always 1)
MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, hw_words) );
wait_op_complete();

34
components/mbedtls/port/esp32c3/bignum.c
View File

@@ -1,24 +1,12 @@
/**
* \brief Multi-precision integer library, ESP32 C3 hardware accelerated parts
/*
* Multi-precision integer library
* ESP32 C3 hardware accelerated parts based on mbedTLS implementation
*
* based on mbedTLS implementation
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#include <string.h>
#include <sys/param.h>
@@ -80,11 +68,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(num_words, mpi->n);
uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (int i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i];
}
/* Zero any remaining memory block data */
@@ -103,12 +91,12 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w
/* Copy data from memory block registers */
const size_t REG_WIDTH = sizeof(uint32_t);
for (size_t i = 0; i < num_words; i++) {
x->p[i] = REG_READ(mem_base + (i * REG_WIDTH));
x->MBEDTLS_PRIVATE(p)[i] = REG_READ(mem_base + (i * REG_WIDTH));
}
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p)[i] = 0;
}
}

34
components/mbedtls/port/esp32h2/bignum.c
View File

@@ -1,24 +1,12 @@
/**
* \brief Multi-precision integer library, ESP32 H2 hardware accelerated parts
/*
* Multi-precision integer library
* ESP32 H2 hardware accelerated parts based on mbedTLS implementation
*
* based on mbedTLS implementation
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#include <string.h>
#include <sys/param.h>
@@ -80,11 +68,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(num_words, mpi->n);
uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (int i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i];
}
/* Zero any remaining memory block data */
@@ -103,12 +91,12 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w
/* Copy data from memory block registers */
const size_t REG_WIDTH = sizeof(uint32_t);
for (size_t i = 0; i < num_words; i++) {
x->p[i] = REG_READ(mem_base + (i * REG_WIDTH));
x->MBEDTLS_PRIVATE(p)[i] = REG_READ(mem_base + (i * REG_WIDTH));
}
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p)[i] = 0;
}
}

34
components/mbedtls/port/esp32s2/bignum.c
View File

@@ -1,24 +1,12 @@
/**
* \brief Multi-precision integer library, ESP32 S2 hardware accelerated parts
/*
* Multi-precision integer library
* ESP32 S2 hardware accelerated parts based on mbedTLS implementation
*
* based on mbedTLS implementation
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#include "soc/hwcrypto_periph.h"
#include "esp_private/periph_ctrl.h"
@@ -78,11 +66,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(num_words, mpi->n);
uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (uint32_t i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i];
}
/* Zero any remaining memory block data */
@@ -99,11 +87,11 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w
{
/* Copy data from memory block registers */
esp_dport_access_read_buffer(x->p, mem_base, num_words);
esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words);
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p)[i] = 0;
}
}

34
components/mbedtls/port/esp32s3/bignum.c
View File

@@ -1,24 +1,12 @@
/**
* \brief Multi-precision integer library, ESP32 S3 hardware accelerated parts
/*
* Multi-precision integer library
* ESP32 S3 hardware accelerated parts based on mbedTLS implementation
*
* based on mbedTLS implementation
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#include "soc/hwcrypto_periph.h"
#include "esp_private/periph_ctrl.h"
@@ -75,11 +63,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(num_words, mpi->n);
uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (uint32_t i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i];
}
/* Zero any remaining memory block data */
@@ -96,11 +84,11 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w
{
/* Copy data from memory block registers */
esp_dport_access_read_buffer(x->p, mem_base, num_words);
esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words);
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p)[i] = 0;
}
}

76
components/mbedtls/port/esp_bignum.c
View File

@@ -1,24 +1,12 @@
/**
* \brief Multi-precision integer library, ESP32 hardware accelerated parts
/*
* Multi-precision integer library
* ESP-IDF hardware accelerated parts based on mbedTLS implementation
*
* based on mbedTLS implementation
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#include <stdio.h>
#include <string.h>
@@ -150,8 +138,8 @@ static inline size_t bits_to_words(size_t bits)
#if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
static size_t mpi_words(const mbedtls_mpi *mpi)
{
for (size_t i = mpi->n; i > 0; i--) {
if (mpi->p[i - 1] != 0) {
for (size_t i = mpi->MBEDTLS_PRIVATE(n); i > 0; i--) {
if (mpi->MBEDTLS_PRIVATE(p[i - 1]) != 0) {
return i;
}
}
@@ -174,7 +162,7 @@ static mbedtls_mpi_uint modular_inverse(const mbedtls_mpi *M)
uint64_t t = 1;
uint64_t two_2_i_minus_1 = 2; /* 2^(i-1) */
uint64_t two_2_i = 4; /* 2^i */
uint64_t N = M->p[0];
uint64_t N = M->MBEDTLS_PRIVATE(p[0]);
for (i = 2; i <= 32; i++) {
if ((mbedtls_mpi_uint) N * t % two_2_i >= two_2_i_minus_1) {
@@ -252,7 +240,7 @@ int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Z, z_words));
esp_mpi_read_result_hw_op(Z, z_words);
Z->s = X->s * Y->s;
Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s);
cleanup:
mbedtls_mpi_free(&Rinv);
@@ -270,11 +258,11 @@ cleanup:
static size_t mbedtls_mpi_msb( const mbedtls_mpi *X )
{
int i, j;
if (X != NULL && X->n != 0) {
for (i = X->n - 1; i >= 0; i--) {
if (X->p[i] != 0) {
if (X != NULL && X->MBEDTLS_PRIVATE(n) != 0) {
for (i = X->MBEDTLS_PRIVATE(n) - 1; i >= 0; i--) {
if (X->MBEDTLS_PRIVATE(p[i]) != 0) {
for (j = biL - 1; j >= 0; j--) {
if ((X->p[i] & (1 << j)) != 0) {
if ((X->MBEDTLS_PRIVATE(p[i]) & (1 << j)) != 0) {
return (i * biL) + j;
}
}
@@ -374,7 +362,7 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_
return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
}
if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) {
if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->MBEDTLS_PRIVATE(p[0]) & 1) == 0) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
@@ -394,7 +382,7 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_
} else {
Rinv = _Rinv;
}
if (Rinv->p == NULL) {
if (Rinv->MBEDTLS_PRIVATE(p) == NULL) {
MBEDTLS_MPI_CHK(calculate_rinv(Rinv, M, num_words));
}
@@ -435,11 +423,11 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_
#endif
// Compensate for negative X
if (X->s == -1 && (Y->p[0] & 1) != 0) {
Z->s = -1;
if (X->MBEDTLS_PRIVATE(s) == -1 && (Y->MBEDTLS_PRIVATE(p[0]) & 1) != 0) {
Z->MBEDTLS_PRIVATE(s) = -1;
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z));
} else {
Z->s = 1;
Z->MBEDTLS_PRIVATE(s) = 1;
}
cleanup:
@@ -504,12 +492,12 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
}
if (x_bits == 1) {
ret = mbedtls_mpi_copy(Z, Y);
Z->s *= X->s;
Z->MBEDTLS_PRIVATE(s) *= X->MBEDTLS_PRIVATE(s);
return ret;
}
if (y_bits == 1) {
ret = mbedtls_mpi_copy(Z, X);
Z->s *= Y->s;
Z->MBEDTLS_PRIVATE(s) *= Y->MBEDTLS_PRIVATE(s);
return ret;
}
@@ -548,7 +536,7 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
esp_mpi_disable_hardware_hw_op();
Z->s = X->s * Y->s;
Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s);
cleanup:
return ret;
@@ -559,9 +547,9 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint
mbedtls_mpi _B;
mbedtls_mpi_uint p[1];
_B.s = 1;
_B.n = 1;
_B.p = p;
_B.MBEDTLS_PRIVATE(s) = 1;
_B.MBEDTLS_PRIVATE(n) = 1;
_B.MBEDTLS_PRIVATE(p) = p;
p[0] = b;
return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
@@ -592,15 +580,15 @@ static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbe
const size_t words_slice = y_words / 2;
/* Yp holds lower bits of Y (declared to reuse Y's array contents to save on copying) */
const mbedtls_mpi Yp = {
.p = Y->p,
.n = words_slice,
.s = Y->s
.MBEDTLS_PRIVATE(p) = Y->MBEDTLS_PRIVATE(p),
.MBEDTLS_PRIVATE(n) = words_slice,
.MBEDTLS_PRIVATE(s) = Y->MBEDTLS_PRIVATE(s)
};
/* Ypp holds upper bits of Y, right shifted (also reuses Y's array contents) */
const mbedtls_mpi Ypp = {
.p = Y->p + words_slice,
.n = y_words - words_slice,
.s = Y->s
.MBEDTLS_PRIVATE(p) = Y->MBEDTLS_PRIVATE(p) + words_slice,
.MBEDTLS_PRIVATE(n) = y_words - words_slice,
.MBEDTLS_PRIVATE(s) = Y->MBEDTLS_PRIVATE(s)
};
mbedtls_mpi_init(&Ztemp);
@@ -651,7 +639,7 @@ static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X,
MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, hw_words) );
esp_mpi_read_result_hw_op(Z, hw_words);
Z->s = X->s * Y->s;
Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s);
cleanup:
esp_mpi_disable_hardware_hw_op();
return ret;

9
components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
View File

@@ -25,16 +25,11 @@
#include "esp_heap_caps.h"
#include "freertos/FreeRTOS.h"
#include "freertos/semphr.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
static const char *TAG = "ESP_RSA_SIGN_ALT";
#define SWAP_INT32(x) (((x) >> 24) | (((x) & 0x00FF0000) >> 8) | (((x) & 0x0000FF00) << 8) | ((x) << 24))
#include "mbedtls/rsa.h"
#include "mbedtls/rsa_internal.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@@ -209,7 +204,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
int esp_ds_rsa_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
esp_ds_context_t *esp_ds_ctx;

13
components/mbedtls/port/esp_hardware.c
View File

@@ -1,15 +1,16 @@
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
/*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <mbedtls/build_info.h>
#include <sys/types.h>
#include <stdlib.h>
#include <stdio.h>
#include <esp_system.h>
#include "mbedtls/entropy_poll.h"
#include <entropy_poll.h>
#ifndef MBEDTLS_ENTROPY_HARDWARE_ALT
#error "MBEDTLS_ENTROPY_HARDWARE_ALT should always be set in ESP-IDF"

18
components/mbedtls/port/esp_mem.c
View File

@@ -1,16 +1,8 @@
// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <esp_attr.h>
#include <esp_heap_caps.h>

40
components/mbedtls/port/esp_timing.c
View File

@@ -1,24 +1,12 @@
/*
* Portable interface to the CPU cycle counter
* Portable interface to the CPU cycle counter
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
* SPDX-License-Identifier: Apache-2.0
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* mbedtls_timing_get_timer()m mbedtls_timing_set_delay() and
* mbedtls_timing_set_delay only abstracted from mbedtls/library/timing.c
@@ -27,11 +15,7 @@
* which requires these 2 delay functions).
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
#if !defined(MBEDTLS_ESP_TIMING_C)
@@ -70,11 +54,11 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
{
mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
ctx->int_ms = int_ms;
ctx->fin_ms = fin_ms;
ctx->MBEDTLS_PRIVATE(int_ms) = int_ms;
ctx->MBEDTLS_PRIVATE(fin_ms) = fin_ms;
if( fin_ms != 0 )
(void) mbedtls_timing_get_timer( &ctx->timer, 1 );
(void) mbedtls_timing_get_timer( &ctx->MBEDTLS_PRIVATE(timer), 1 );
}
/*
@@ -85,15 +69,15 @@ int mbedtls_timing_get_delay( void *data )
mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
unsigned long elapsed_ms;
if( ctx->fin_ms == 0 )
if( ctx->MBEDTLS_PRIVATE(fin_ms) == 0 )
return( -1 );
elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 );
elapsed_ms = mbedtls_timing_get_timer( &ctx->MBEDTLS_PRIVATE(timer), 0 );
if( elapsed_ms >= ctx->fin_ms )
if( elapsed_ms >= ctx->MBEDTLS_PRIVATE(fin_ms) )
return( 2 );
if( elapsed_ms >= ctx->int_ms )
if( elapsed_ms >= ctx->MBEDTLS_PRIVATE(int_ms) )
return( 1 );
return( 0 );

154
components/mbedtls/port/include/aes/esp_aes_gcm.h
View File

@@ -1,26 +1,13 @@
/**
* \brief AES GCM block cipher, ESP hardware accelerated version
/*
* GCM block cipher, ESP DMA hardware accelerated version
* Based on mbedTLS FIPS-197 compliant version.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2019-2020, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#pragma once
#include "aes/esp_aes.h"
@@ -93,50 +80,99 @@ int esp_aes_gcm_setkey( esp_gcm_context *ctx,
* \brief This function starts a GCM encryption or decryption
* operation.
*
* \param ctx The GCM context.
* \param ctx The GCM context. This must be initialized.
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
* #MBEDTLS_GCM_DECRYPT.
* \param iv The initialization vector.
* \param iv The initialization vector. This must be a readable buffer of
* at least \p iv_len Bytes.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data, or NULL
* if \p aad_len is 0.
* \param aad_len The length of the additional data. If 0,
* \p add is NULL.
*
* \return \c 0 on success.
*/
int esp_aes_gcm_starts( esp_gcm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len,
const unsigned char *aad,
size_t aad_len );
size_t iv_len );
/**
* \brief This function feeds an input buffer as associated data
* (authenticated but not encrypted data) in a GCM
* encryption or decryption operation.
*
* Call this function after mbedtls_gcm_starts() to pass
* the associated data. If the associated data is empty,
* you do not need to call this function. You may not
* call this function after calling mbedtls_cipher_update().
*
* \param ctx The GCM context. This must have been started with
* mbedtls_gcm_starts() and must not have yet received
* any input with mbedtls_gcm_update().
* \param aad The buffer holding the additional data, or \c NULL
* if \p aad_len is \c 0.
* \param aad_len The length of the additional data. If \c 0,
* \p add may be \c NULL.
*
* \return \c 0 on success.
*/
int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
const unsigned char *aad,
size_t aad_len );
/**
* \brief This function feeds an input buffer into an ongoing GCM
* encryption or decryption operation.
*
* ` The function expects input to be a multiple of 16
* Bytes. Only the last call before calling
* mbedtls_gcm_finish() can be less than 16 Bytes.
* You may call this function zero, one or more times
* to pass successive parts of the input: the plaintext to
* encrypt, or the ciphertext (not including the tag) to
* decrypt. After the last part of the input, call
* mbedtls_gcm_finish().
*
* This function may produce output in one of the following
* ways:
* - Immediate output: the output length is always equal
* to the input length.
* - Buffered output: the output consists of a whole number
* of 16-byte blocks. If the total input length so far
* (not including associated data) is 16 \* *B* + *A*
* with *A* < 16 then the total output length is 16 \* *B*.
*
* In particular:
* - It is always correct to call this function with
* \p output_size >= \p input_length + 15.
* - If \p input_length is a multiple of 16 for all the calls
* to this function during an operation, then it is
* correct to use \p output_size = \p input_length.
*
* \note For decryption, the output buffer cannot be the same as
* input buffer. If the buffers overlap, the output buffer
* must trail at least 8 Bytes behind the input buffer.
*
* \param ctx The GCM context.
* \param length The length of the input data. This must be a multiple of
* 16 except in the last call before mbedtls_gcm_finish().
* \param input The buffer holding the input data.
* \param output The buffer for holding the output data.
* \param ctx The GCM context. This must be initialized.
* \param input The buffer holding the input data. If \p input_length
* is greater than zero, this must be a readable buffer
* of at least \p input_length bytes.
* \param input_length The length of the input data in bytes.
* \param output The buffer for the output data. If \p output_size
* is greater than zero, this must be a writable buffer of
* of at least \p output_size bytes.
* \param output_size The size of the output buffer in bytes.
* See the function description regarding the output size.
* \param output_length On success, \p *output_length contains the actual
* length of the output written in \p output.
* On failure, the content of \p *output_length is
* unspecified.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
* total input length too long,
* unsupported input/output buffer overlap detected,
* or \p output_size too small.
*/
int esp_aes_gcm_update( esp_gcm_context *ctx,
size_t length,
const unsigned char *input,
unsigned char *output );
const unsigned char *input, size_t input_length,
unsigned char *output, size_t output_size,
size_t *output_length );
/**
* \brief This function finishes the GCM operation and generates
@@ -145,16 +181,36 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
* It wraps up the GCM stream, and generates the
* tag. The tag can have a maximum length of 16 Bytes.
*
* \param ctx The GCM context.
* \param tag The buffer for holding the tag.
* \param tag_len The length of the tag to generate. Must be at least four.
* \param ctx The GCM context. This must be initialized.
* \param tag The buffer for holding the tag. This must be a writable
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to generate. This must be at least
* four.
* \param output The buffer for the final output.
* If \p output_size is nonzero, this must be a writable
* buffer of at least \p output_size bytes.
* \param output_size The size of the \p output buffer in bytes.
* This must be large enough for the output that
* mbedtls_gcm_update() has not produced. In particular:
* - If mbedtls_gcm_update() produces immediate output,
* or if the total input size is a multiple of \c 16,
* then mbedtls_gcm_finish() never produces any output,
* so \p output_size can be \c 0.
* - \p output_size never needs to be more than \c 15.
* \param output_length On success, \p *output_length contains the actual
* length of the output written in \p output.
* On failure, the content of \p *output_length is
* unspecified.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
* invalid value of \p tag_len,
* or \p output_size too small.
*/
int esp_aes_gcm_finish( esp_gcm_context *ctx,
unsigned char *tag,
size_t tag_len );
unsigned char *output, size_t output_size,
size_t *output_length,
unsigned char *tag, size_t tag_len );
/**
* \brief This function clears a GCM context
@@ -178,7 +234,7 @@ void esp_aes_gcm_free( esp_gcm_context *ctx);
* 16 except in the last call before mbedtls_gcm_finish().
* \param iv The initialization vector.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data.
* \param aad The buffer holding the additional data.
* \param aad_len The length of the additional data.
* \param input The buffer holding the input data.
* \param output The buffer for holding the output data.
@@ -192,7 +248,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
const unsigned char *aad,
size_t aad_len,
const unsigned char *input,
unsigned char *output,
@@ -213,7 +269,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
* of 16 except in the last call before mbedtls_gcm_finish().
* \param iv The initialization vector.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data.
* \param aad The buffer holding the additional data.
* \param aad_len The length of the additional data.
* \param tag The buffer holding the tag.
* \param tag_len The length of the tag.
@@ -227,7 +283,7 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
const unsigned char *aad,
size_t aad_len,
const unsigned char *tag,
size_t tag_len,

28
components/mbedtls/port/include/entropy_poll.h Normal file
View File

@@ -0,0 +1,28 @@
/**
* Mbedtls entropy_poll.h file
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef MBEDTLS_ENTROPY_POLL_H
#define MBEDTLS_ENTROPY_POLL_H
#include "mbedtls/build_info.h"
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Entropy poll callback for a hardware source
*
*
* \note This must accept NULL as its first argument.
*/
int mbedtls_hardware_poll( void *data,
unsigned char *output, size_t len, size_t *olen );
#ifdef __cplusplus
}
#endif
#endif /* entropy_poll.h */

18
components/mbedtls/port/include/esp_crypto_shared_gdma.h
View File

@@ -1,16 +1,8 @@
// Copyright 2021 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once

20
components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h
View File

@@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
@@ -65,7 +57,7 @@ void esp_ds_release_ds_lock(void);
*/
int esp_ds_rsa_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
/*

18
components/mbedtls/port/include/esp_mem.h
View File

@@ -1,16 +1,8 @@
// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once

24
components/mbedtls/port/include/gcm_alt.h
View File

@@ -1,24 +1,11 @@
/**
* \file gcm_alt.h
/*
* gcm_alt.h: AES block cipher
*
* \brief AES block cipher
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#ifndef GCM_ALT_H
#define GCM_ALT_H
@@ -41,6 +28,7 @@ typedef esp_gcm_context mbedtls_gcm_context;
#define mbedtls_gcm_free esp_aes_gcm_free
#define mbedtls_gcm_setkey esp_aes_gcm_setkey
#define mbedtls_gcm_starts esp_aes_gcm_starts
#define mbedtls_gcm_update_ad esp_aes_gcm_update_ad
#define mbedtls_gcm_update esp_aes_gcm_update
#define mbedtls_gcm_finish esp_aes_gcm_finish
#define mbedtls_gcm_auth_decrypt esp_aes_gcm_auth_decrypt

239
components/mbedtls/port/include/mbedtls/certs.h Normal file
View File

@@ -0,0 +1,239 @@
/*
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
/**
* \file certs.h
*
*/
#ifndef MBEDTLS_CERTS_H
#define MBEDTLS_CERTS_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls_config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/* List of all PEM-encoded CA certificates, terminated by NULL;
* PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded
* otherwise. */
extern const char * mbedtls_test_cas[];
extern const size_t mbedtls_test_cas_len[];
/* List of all DER-encoded CA certificates, terminated by NULL */
extern const unsigned char * mbedtls_test_cas_der[];
extern const size_t mbedtls_test_cas_der_len[];
#if defined(MBEDTLS_PEM_PARSE_C)
/* Concatenation of all CA certificates in PEM format if available */
extern const char mbedtls_test_cas_pem[];
extern const size_t mbedtls_test_cas_pem_len;
#endif /* MBEDTLS_PEM_PARSE_C */
/*
* CA test certificates
*/
extern const char mbedtls_test_ca_crt_ec_pem[];
extern const char mbedtls_test_ca_key_ec_pem[];
extern const char mbedtls_test_ca_pwd_ec_pem[];
extern const char mbedtls_test_ca_key_rsa_pem[];
extern const char mbedtls_test_ca_pwd_rsa_pem[];
extern const char mbedtls_test_ca_crt_rsa_sha1_pem[];
extern const char mbedtls_test_ca_crt_rsa_sha256_pem[];
extern const unsigned char mbedtls_test_ca_crt_ec_der[];
extern const unsigned char mbedtls_test_ca_key_ec_der[];
extern const unsigned char mbedtls_test_ca_key_rsa_der[];
extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[];
extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[];
extern const size_t mbedtls_test_ca_crt_ec_pem_len;
extern const size_t mbedtls_test_ca_key_ec_pem_len;
extern const size_t mbedtls_test_ca_pwd_ec_pem_len;
extern const size_t mbedtls_test_ca_key_rsa_pem_len;
extern const size_t mbedtls_test_ca_pwd_rsa_pem_len;
extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len;
extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len;
extern const size_t mbedtls_test_ca_crt_ec_der_len;
extern const size_t mbedtls_test_ca_key_ec_der_len;
extern const size_t mbedtls_test_ca_pwd_ec_der_len;
extern const size_t mbedtls_test_ca_key_rsa_der_len;
extern const size_t mbedtls_test_ca_pwd_rsa_der_len;
extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len;
extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len;
/* Config-dependent dispatch between PEM and DER encoding
* (PEM if enabled, otherwise DER) */
extern const char mbedtls_test_ca_crt_ec[];
extern const char mbedtls_test_ca_key_ec[];
extern const char mbedtls_test_ca_pwd_ec[];
extern const char mbedtls_test_ca_key_rsa[];
extern const char mbedtls_test_ca_pwd_rsa[];
extern const char mbedtls_test_ca_crt_rsa_sha1[];
extern const char mbedtls_test_ca_crt_rsa_sha256[];
extern const size_t mbedtls_test_ca_crt_ec_len;
extern const size_t mbedtls_test_ca_key_ec_len;
extern const size_t mbedtls_test_ca_pwd_ec_len;
extern const size_t mbedtls_test_ca_key_rsa_len;
extern const size_t mbedtls_test_ca_pwd_rsa_len;
extern const size_t mbedtls_test_ca_crt_rsa_sha1_len;
extern const size_t mbedtls_test_ca_crt_rsa_sha256_len;
/* Config-dependent dispatch between SHA-1 and SHA-256
* (SHA-256 if enabled, otherwise SHA-1) */
extern const char mbedtls_test_ca_crt_rsa[];
extern const size_t mbedtls_test_ca_crt_rsa_len;
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
extern const char * mbedtls_test_ca_crt;
extern const char * mbedtls_test_ca_key;
extern const char * mbedtls_test_ca_pwd;
extern const size_t mbedtls_test_ca_crt_len;
extern const size_t mbedtls_test_ca_key_len;
extern const size_t mbedtls_test_ca_pwd_len;
/*
* Server test certificates
*/
extern const char mbedtls_test_srv_crt_ec_pem[];
extern const char mbedtls_test_srv_key_ec_pem[];
extern const char mbedtls_test_srv_pwd_ec_pem[];
extern const char mbedtls_test_srv_key_rsa_pem[];
extern const char mbedtls_test_srv_pwd_rsa_pem[];
extern const char mbedtls_test_srv_crt_rsa_sha1_pem[];
extern const char mbedtls_test_srv_crt_rsa_sha256_pem[];
extern const unsigned char mbedtls_test_srv_crt_ec_der[];
extern const unsigned char mbedtls_test_srv_key_ec_der[];
extern const unsigned char mbedtls_test_srv_key_rsa_der[];
extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[];
extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[];
extern const size_t mbedtls_test_srv_crt_ec_pem_len;
extern const size_t mbedtls_test_srv_key_ec_pem_len;
extern const size_t mbedtls_test_srv_pwd_ec_pem_len;
extern const size_t mbedtls_test_srv_key_rsa_pem_len;
extern const size_t mbedtls_test_srv_pwd_rsa_pem_len;
extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len;
extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len;
extern const size_t mbedtls_test_srv_crt_ec_der_len;
extern const size_t mbedtls_test_srv_key_ec_der_len;
extern const size_t mbedtls_test_srv_pwd_ec_der_len;
extern const size_t mbedtls_test_srv_key_rsa_der_len;
extern const size_t mbedtls_test_srv_pwd_rsa_der_len;
extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len;
extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len;
/* Config-dependent dispatch between PEM and DER encoding
* (PEM if enabled, otherwise DER) */
extern const char mbedtls_test_srv_crt_ec[];
extern const char mbedtls_test_srv_key_ec[];
extern const char mbedtls_test_srv_pwd_ec[];
extern const char mbedtls_test_srv_key_rsa[];
extern const char mbedtls_test_srv_pwd_rsa[];
extern const char mbedtls_test_srv_crt_rsa_sha1[];
extern const char mbedtls_test_srv_crt_rsa_sha256[];
extern const size_t mbedtls_test_srv_crt_ec_len;
extern const size_t mbedtls_test_srv_key_ec_len;
extern const size_t mbedtls_test_srv_pwd_ec_len;
extern const size_t mbedtls_test_srv_key_rsa_len;
extern const size_t mbedtls_test_srv_pwd_rsa_len;
extern const size_t mbedtls_test_srv_crt_rsa_sha1_len;
extern const size_t mbedtls_test_srv_crt_rsa_sha256_len;
/* Config-dependent dispatch between SHA-1 and SHA-256
* (SHA-256 if enabled, otherwise SHA-1) */
extern const char mbedtls_test_srv_crt_rsa[];
extern const size_t mbedtls_test_srv_crt_rsa_len;
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
extern const char * mbedtls_test_srv_crt;
extern const char * mbedtls_test_srv_key;
extern const char * mbedtls_test_srv_pwd;
extern const size_t mbedtls_test_srv_crt_len;
extern const size_t mbedtls_test_srv_key_len;
extern const size_t mbedtls_test_srv_pwd_len;
/*
* Client test certificates
*/
extern const char mbedtls_test_cli_crt_ec_pem[];
extern const char mbedtls_test_cli_key_ec_pem[];
extern const char mbedtls_test_cli_pwd_ec_pem[];
extern const char mbedtls_test_cli_key_rsa_pem[];
extern const char mbedtls_test_cli_pwd_rsa_pem[];
extern const char mbedtls_test_cli_crt_rsa_pem[];
extern const unsigned char mbedtls_test_cli_crt_ec_der[];
extern const unsigned char mbedtls_test_cli_key_ec_der[];
extern const unsigned char mbedtls_test_cli_key_rsa_der[];
extern const unsigned char mbedtls_test_cli_crt_rsa_der[];
extern const size_t mbedtls_test_cli_crt_ec_pem_len;
extern const size_t mbedtls_test_cli_key_ec_pem_len;
extern const size_t mbedtls_test_cli_pwd_ec_pem_len;
extern const size_t mbedtls_test_cli_key_rsa_pem_len;
extern const size_t mbedtls_test_cli_pwd_rsa_pem_len;
extern const size_t mbedtls_test_cli_crt_rsa_pem_len;
extern const size_t mbedtls_test_cli_crt_ec_der_len;
extern const size_t mbedtls_test_cli_key_ec_der_len;
extern const size_t mbedtls_test_cli_key_rsa_der_len;
extern const size_t mbedtls_test_cli_crt_rsa_der_len;
/* Config-dependent dispatch between PEM and DER encoding
* (PEM if enabled, otherwise DER) */
extern const char mbedtls_test_cli_crt_ec[];
extern const char mbedtls_test_cli_key_ec[];
extern const char mbedtls_test_cli_pwd_ec[];
extern const char mbedtls_test_cli_key_rsa[];
extern const char mbedtls_test_cli_pwd_rsa[];
extern const char mbedtls_test_cli_crt_rsa[];
extern const size_t mbedtls_test_cli_crt_ec_len;
extern const size_t mbedtls_test_cli_key_ec_len;
extern const size_t mbedtls_test_cli_pwd_ec_len;
extern const size_t mbedtls_test_cli_key_rsa_len;
extern const size_t mbedtls_test_cli_pwd_rsa_len;
extern const size_t mbedtls_test_cli_crt_rsa_len;
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
extern const char * mbedtls_test_cli_crt;
extern const char * mbedtls_test_cli_key;
extern const char * mbedtls_test_cli_pwd;
extern const size_t mbedtls_test_cli_crt_len;
extern const size_t mbedtls_test_cli_key_len;
extern const size_t mbedtls_test_cli_pwd_len;
#ifdef __cplusplus
}
#endif
#endif /* certs.h */

159
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@@ -10,11 +10,11 @@
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
* This set of compile-time options may be used to enable
* or disable features selectively, and reduce the global
* memory footprint.
*
* http://www.apache.org/licenses/LICENSE-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
@@ -22,12 +22,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef ESP_CONFIG_H
#define ESP_CONFIG_H
#include "sdkconfig.h"
#include "mbedtls/config.h"
#include "mbedtls/mbedtls_config.h"
#include "soc/soc_caps.h"
/**
@@ -959,9 +958,7 @@
*
* This only affects CBC ciphersuites, and is useless if none is defined.
*
* Requires: MBEDTLS_SSL_PROTO_TLS1 or
* MBEDTLS_SSL_PROTO_TLS1_1 or
* MBEDTLS_SSL_PROTO_TLS1_2
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for Encrypt-then-MAC
*/
@@ -981,9 +978,7 @@
* renegotiation), since it actually fixes a more fundamental issue in the
* original SSL/TLS design, and has implications beyond Triple Handshake.
*
* Requires: MBEDTLS_SSL_PROTO_TLS1 or
* MBEDTLS_SSL_PROTO_TLS1_1 or
* MBEDTLS_SSL_PROTO_TLS1_2
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for Extended Master Secret.
*/
@@ -1091,7 +1086,7 @@
/**
* \def MBEDTLS_SSL_RENEGOTIATION
*
* Disable support for TLS renegotiation.
* Enable support for TLS renegotiation.
*
* The two main uses of renegotiation are (1) refresh keys on long-lived
* connections and (2) client authentication after the initial handshake.
@@ -1100,6 +1095,13 @@
* misuse/misunderstand.
*
* Comment this to disable support for renegotiation.
*
* \note Even if this option is disabled, both client and server are aware
* of the Renegotiation Indication Extension (RFC 5746) used to
* prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
* (See \c mbedtls_ssl_conf_legacy_renegotiation for the
* configuration of this extension).
*
*/
#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
#define MBEDTLS_SSL_RENEGOTIATION
@@ -1116,21 +1118,6 @@
*/
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
/**
* \def MBEDTLS_SSL_PROTO_TLS1_1
*
* Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
*
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1
#define MBEDTLS_SSL_PROTO_TLS1_1
#else
#undef MBEDTLS_SSL_PROTO_TLS1_1
#endif
/**
* \def MBEDTLS_SSL_PROTO_TLS1_2
@@ -1148,16 +1135,59 @@
#undef MBEDTLS_SSL_PROTO_TLS1_2
#endif
/**
* \def MBEDTLS_SSL_PROTO_TLS1_3
*
* Enable support for TLS 1.3.
*
* \note The support for TLS 1.3 is not comprehensive yet, in particular
* pre-shared keys are not supported.
* See docs/architecture/tls13-support.md for a description of the TLS
* 1.3 support that this option enables.
*
* Uncomment this macro to enable the support for TLS 1.3.
*
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
#define MBEDTLS_SSL_PROTO_TLS1_3
#else
#undef MBEDTLS_SSL_PROTO_TLS1_3
#endif
/**
* \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
*
* Enable TLS 1.3 middlebox compatibility mode.
*
* As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
* mode to make a TLS 1.3 connection more likely to pass through middle boxes
* expecting TLS 1.2 traffic.
*
* Turning on the compatibility mode comes at the cost of a few added bytes
* on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
* that don't use it. Therefore, unless transmission bandwidth is critical and
* you know that middlebox compatibility issues won't occur, it is therefore
* recommended to set this option.
*
* Comment to disable compatibility mode for TLS 1.3. If
* MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
* effect on the build.
*
*/
#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
#else
#undef MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
#endif
/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
*
* Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
* and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
* Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
*
* Requires: MBEDTLS_SSL_PROTO_TLS1_1
* or MBEDTLS_SSL_PROTO_TLS1_2
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for DTLS
*/
@@ -1276,21 +1306,6 @@
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
#endif
/**
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
*
* Enable support for a limit of records with bad MAC.
*
* See mbedtls_ssl_conf_dtls_badmac_limit().
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
#else
#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT
#endif
/**
* \def MBEDTLS_SSL_SESSION_TICKETS
*
@@ -1330,14 +1345,6 @@
*/
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
/**
* \def MBEDTLS_SSL_TRUNCATED_HMAC
*
* Enable support for RFC 6066 truncated HMAC in SSL.
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
@@ -1367,40 +1374,6 @@
*/
#define MBEDTLS_VERSION_FEATURES
/**
* \def MBEDTLS_X509_CHECK_KEY_USAGE
*
* Enable verification of the keyUsage extension (CA and leaf certificates).
*
* Disabling this avoids problems with mis-issued and/or misused
* (intermediate) CA and leaf certificates.
*
* \warning Depending on your PKI use, disabling this can be a security risk!
*
* Comment to skip keyUsage checking for both CA and leaf certificates.
*/
#ifdef CONFIG_MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_KEY_USAGE
#else
#undef MBEDTLS_X509_CHECK_KEY_USAGE
#endif
/**
* \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
*
* Enable verification of the extendedKeyUsage extension (leaf certificates).
*
* Disabling this avoids problems with mis-issued and/or misused certificates.
*
* \warning Depending on your PKI use, disabling this can be a security risk!
*
* Comment to skip extendedKeyUsage checking for certificates.
*/
#ifdef CONFIG_MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#else
#undef MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#endif
/**
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
@@ -2259,8 +2232,10 @@
* This module adds support for SHA-384 and SHA-512.
*/
#ifdef CONFIG_MBEDTLS_SHA512_C
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
#else
#undef MBEDTLS_SHA384_C
#undef MBEDTLS_SHA512_C
#endif
@@ -2766,6 +2741,8 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
#include "mbedtls/check_config.h"
/* This flag makes sure that we are not using
* any functino that is deprecated by mbedtls */
#define MBEDTLS_DEPRECATED_REMOVED
#endif /* MBEDTLS_CONFIG_H */
#endif /* ESP_CONFIG_H */

83
components/mbedtls/port/include/md/esp_md.h
View File

@@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include "esp_rom_md5.h"
@@ -35,7 +27,7 @@ typedef struct MD5Context mbedtls_md5_context;
* stronger message digests instead.
*
*/
int esp_md5_init_ret( mbedtls_md5_context *ctx );
void esp_md5_init( mbedtls_md5_context *ctx );
/**
* \brief Clear MD5 context
@@ -62,6 +54,20 @@ void esp_md5_free( mbedtls_md5_context *ctx );
*/
void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src );
/**
* \brief MD5 context setup
*
* \param ctx context to be initialized
*
* \return 0 if successful
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
int mbedtls_md5_starts( mbedtls_md5_context *ctx );
/**
* \brief MD5 process buffer
*
@@ -76,7 +82,7 @@ void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src );
* stronger message digests instead.
*
*/
int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
int esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief MD5 final digest
@@ -91,7 +97,7 @@ int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, si
* stronger message digests instead.
*
*/
int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] );
int esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
/**
* \brief MD5 process data block (internal use only)
@@ -108,51 +114,6 @@ int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] );
*/
int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
/**
* \brief MD5 context setup
*
* \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0
*
* \param ctx context to be initialized
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_init( mbedtls_md5_context *ctx );
/**
* \brief MD5 process buffer
*
* \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0
*
* \param ctx MD5 context
* \param input buffer holding the data
* \param ilen length of the input data
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief MD5 final digest
*
* \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0
*
* \param ctx MD5 context
* \param output MD5 checksum result
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
#ifdef __cplusplus
}
#endif

27
components/mbedtls/port/include/md5_alt.h
View File

@@ -1,24 +1,11 @@
/**
* \file md5_alt.h
/*
* md5_alt.h: MD5 block cipher
*
* \brief MD5 block cipher
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
#ifndef MD5_ALT_H
#define MD5_ALT_H
@@ -33,9 +20,7 @@ extern "C" {
#define mbedtls_md5_init esp_md5_init
#define mbedtls_md5_update esp_md5_update
#define mbedtls_md5_finish esp_md5_finish
#define mbedtls_md5_starts_ret esp_md5_init_ret
#define mbedtls_md5_update_ret esp_md5_update_ret
#define mbedtls_md5_finish_ret esp_md5_finish_ret
#define mbedtls_md5_starts esp_md5_starts
#define mbedtls_md5_free esp_md5_free
#define mbedtls_md5_clone esp_md5_clone

18
components/mbedtls/port/include/rsa_sign_alt.h
View File

@@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once

18
components/mbedtls/port/mbedtls_debug.c
View File

@@ -1,16 +1,8 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <strings.h>

32
components/mbedtls/port/md/esp_md.c
View File

@@ -11,7 +11,7 @@
#if defined(MBEDTLS_MD5_ALT)
#include "md/esp_md.h"
int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] )
int esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
{
esp_rom_md5_final(output, ctx);
@@ -19,7 +19,7 @@ int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] )
return 0;
}
int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
int esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
{
esp_rom_md5_update(ctx, input, ilen);
@@ -27,27 +27,15 @@ int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, si
return 0;
}
int esp_md5_init_ret( mbedtls_md5_context *ctx )
{
esp_rom_md5_init(ctx);
return 0;
}
void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
{
esp_md5_finish_ret(ctx, output);
}
void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
{
esp_md5_update_ret(ctx, input, ilen);
}
void esp_md5_init( mbedtls_md5_context *ctx )
{
esp_md5_init_ret(ctx);
esp_rom_md5_init(ctx);
}
int esp_md5_starts( mbedtls_md5_context *ctx )
{
esp_md5_init(ctx);
return 0;
}
void esp_md5_free( mbedtls_md5_context *ctx )
@@ -61,7 +49,7 @@ void esp_md5_free( mbedtls_md5_context *ctx )
int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] )
{
esp_md5_update_ret(ctx, data, 64);
esp_md5_update(ctx, data, 64);
return 0;
}

34
components/mbedtls/port/net_sockets.c
View File

@@ -1,31 +1,15 @@
/*
* TCP/IP or UDP/IP networking functions
* modified for LWIP support on ESP32
* TCP/IP or UDP/IP networking functions
* modified for LWIP support on ESP32
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2015 Angus Gratton
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
* SPDX-License-Identifier: Apache-2.0
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* SPDX-FileContributor: 2015 Angus Gratton
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
#ifdef CONFIG_ESP_NETIF_TCPIP_LWIP
@@ -432,12 +416,12 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
*/
void mbedtls_net_free( mbedtls_net_context *ctx )
{
if ( ctx->fd == -1 ) {
if ( ctx->fd == -1) {
return;
}
shutdown( ctx->fd, 2 );
close( ctx->fd );
shutdown( ctx->fd, 2);
close(ctx->fd);
ctx->fd = -1;
}

66
components/mbedtls/port/sha/dma/esp_sha1.c
View File

@@ -1,22 +1,11 @@
/*
* SHA-1 implementation with hardware ESP support added.
* SHA-1 implementation with hardware ESP support added.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* The SHA-1 standard was published by NIST in 1993.
@@ -24,11 +13,7 @@
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
@@ -92,7 +77,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
/*
* SHA-1 context setup
*/
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -103,12 +88,6 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
mbedtls_sha1_starts_ret( ctx );
}
#endif
static int esp_internal_sha1_dma_process(mbedtls_sha1_context *ctx,
const uint8_t *data, size_t len,
@@ -126,15 +105,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned cha
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] )
{
mbedtls_internal_sha1_process( ctx, data );
}
#endif
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
{
int ret;
size_t fill;
@@ -195,15 +166,6 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *inp
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input,
size_t ilen )
{
mbedtls_sha1_update_ret( ctx, input, ilen );
}
#endif
static const unsigned char sha1_padding[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -214,7 +176,7 @@ static const unsigned char sha1_padding[64] = {
/*
* SHA-1 final digest
*/
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] )
int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
{
int ret;
uint32_t last, padn;
@@ -232,10 +194,10 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20]
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) {
if ( ( ret = mbedtls_sha1_update( ctx, sha1_padding, padn ) ) != 0 ) {
return ret;
}
if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) {
if ( ( ret = mbedtls_sha1_update( ctx, msglen, 8 ) ) != 0 ) {
return ret;
}
@@ -244,12 +206,4 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20]
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] )
{
mbedtls_sha1_finish_ret( ctx, output );
}
#endif
#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */

70
components/mbedtls/port/sha/dma/esp_sha256.c
View File

@@ -1,35 +1,19 @@
/*
* SHA-256 implementation with hardware ESP support added.
* SHA-256 implementation with hardware ESP support added.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* The SHA-256 Secure Hash Standard was published by NIST in 2002.
*
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT)
@@ -103,7 +87,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
/*
* SHA-256 context setup
*/
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
@@ -116,15 +100,6 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 )
{
mbedtls_sha256_starts_ret( ctx, is224 );
}
#endif
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
{
int ret;
@@ -135,18 +110,10 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] )
{
mbedtls_internal_sha256_process( ctx, data );
}
#endif
/*
* SHA-256 process buffer
*/
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input,
int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
size_t ilen )
{
int ret = 0;
@@ -208,15 +175,6 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
const unsigned char *input,
size_t ilen )
{
mbedtls_sha256_update_ret( ctx, input, ilen );
}
#endif
static const unsigned char sha256_padding[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -227,7 +185,7 @@ static const unsigned char sha256_padding[64] = {
/*
* SHA-256 final digest
*/
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] )
int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
{
int ret;
uint32_t last, padn;
@@ -244,11 +202,11 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) {
if ( ( ret = mbedtls_sha256_update( ctx, sha256_padding, padn ) ) != 0 ) {
return ret;
}
if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) {
if ( ( ret = mbedtls_sha256_update( ctx, msglen, 8 ) ) != 0 ) {
return ret;
}
@@ -257,12 +215,4 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char output[32] )
{
mbedtls_sha256_finish_ret( ctx, output );
}
#endif
#endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */

70
components/mbedtls/port/sha/dma/esp_sha512.c
View File

@@ -1,35 +1,19 @@
/*
* SHA-512 implementation with hardware ESP support added.
* SHA-512 implementation with hardware ESP support added.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* The SHA-512 Secure Hash Standard was published by NIST in 2002.
*
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT)
@@ -125,7 +109,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
/*
* SHA-512 context setup
*/
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{
mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
@@ -138,14 +122,6 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 )
{
mbedtls_sha512_starts_ret( ctx, is384 );
}
#endif
static int esp_internal_sha512_dma_process(mbedtls_sha512_context *ctx,
const uint8_t *data, size_t len,
uint8_t *buf, size_t buf_len)
@@ -168,18 +144,10 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
const unsigned char data[128] )
{
mbedtls_internal_sha512_process( ctx, data );
}
#endif
/*
* SHA-512 process buffer
*/
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input,
int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
size_t ilen )
{
int ret;
@@ -249,16 +217,6 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input,
size_t ilen )
{
mbedtls_sha512_update_ret( ctx, input, ilen );
}
#endif
static const unsigned char sha512_padding[128] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -273,7 +231,7 @@ static const unsigned char sha512_padding[128] = {
/*
* SHA-512 final digest
*/
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] )
int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
{
int ret;
size_t last, padn;
@@ -290,11 +248,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output
last = (size_t)( ctx->total[0] & 0x7F );
padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) {
if ( ( ret = mbedtls_sha512_update( ctx, sha512_padding, padn ) ) != 0 ) {
return ret;
}
if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) {
if ( ( ret = mbedtls_sha512_update( ctx, msglen, 16 ) ) != 0 ) {
return ret;
}
@@ -307,12 +265,4 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
unsigned char output[64] )
{
mbedtls_sha512_finish_ret( ctx, output );
}
#endif
#endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */

18
components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c
View File

@@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "esp_sha_dma_priv.h"

18
components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c
View File

@@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "esp_sha_dma_priv.h"
#include "esp_crypto_shared_gdma.h"

24
components/mbedtls/port/sha/esp_sha.c
View File

@@ -43,10 +43,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
#if SOC_SHA_SUPPORT_SHA1
if (sha_type == SHA1) {
mbedtls_sha1_init(&ctx.sha1);
mbedtls_sha1_starts_ret(&ctx.sha1);
ret = mbedtls_sha1_update_ret(&ctx.sha1, input, ilen);
mbedtls_sha1_starts(&ctx.sha1);
ret = mbedtls_sha1_update(&ctx.sha1, input, ilen);
assert(ret == 0);
ret = mbedtls_sha1_finish_ret(&ctx.sha1, output);
ret = mbedtls_sha1_finish(&ctx.sha1, output);
assert(ret == 0);
mbedtls_sha1_free(&ctx.sha1);
return;
@@ -56,10 +56,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
#if SOC_SHA_SUPPORT_SHA256
if (sha_type == SHA2_256) {
mbedtls_sha256_init(&ctx.sha256);
mbedtls_sha256_starts_ret(&ctx.sha256, 0);
ret = mbedtls_sha256_update_ret(&ctx.sha256, input, ilen);
mbedtls_sha256_starts(&ctx.sha256, 0);
ret = mbedtls_sha256_update(&ctx.sha256, input, ilen);
assert(ret == 0);
ret = mbedtls_sha256_finish_ret(&ctx.sha256, output);
ret = mbedtls_sha256_finish(&ctx.sha256, output);
assert(ret == 0);
mbedtls_sha256_free(&ctx.sha256);
return;
@@ -69,10 +69,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
#if SOC_SHA_SUPPORT_SHA384
if (sha_type == SHA2_384) {
mbedtls_sha512_init(&ctx.sha512);
mbedtls_sha512_starts_ret(&ctx.sha512, 1);
ret = mbedtls_sha512_update_ret(&ctx.sha512, input, ilen);
mbedtls_sha512_starts(&ctx.sha512, 1);
ret = mbedtls_sha512_update(&ctx.sha512, input, ilen);
assert(ret == 0);
ret = mbedtls_sha512_finish_ret(&ctx.sha512, output);
ret = mbedtls_sha512_finish(&ctx.sha512, output);
assert(ret == 0);
mbedtls_sha512_free(&ctx.sha512);
return;
@@ -82,10 +82,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
#if SOC_SHA_SUPPORT_SHA512
if (sha_type == SHA2_512) {
mbedtls_sha512_init(&ctx.sha512);
mbedtls_sha512_starts_ret(&ctx.sha512, 0);
ret = mbedtls_sha512_update_ret(&ctx.sha512, input, ilen);
mbedtls_sha512_starts(&ctx.sha512, 0);
ret = mbedtls_sha512_update(&ctx.sha512, input, ilen);
assert(ret == 0);
ret = mbedtls_sha512_finish_ret(&ctx.sha512, output);
ret = mbedtls_sha512_finish(&ctx.sha512, output);
assert(ret == 0);
mbedtls_sha512_free(&ctx.sha512);
return;

65
components/mbedtls/port/sha/parallel_engine/esp_sha1.c
View File

@@ -3,22 +3,11 @@
* Uses mbedTLS software implementation for failover when concurrent
* SHA operations are in use.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* The SHA-1 standard was published by NIST in 1993.
@@ -26,11 +15,7 @@
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
@@ -116,7 +101,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
/*
* SHA-1 context setup
*/
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -135,12 +120,6 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
mbedtls_sha1_starts_ret( ctx );
}
#endif
static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
@@ -166,15 +145,6 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned cha
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] )
{
mbedtls_internal_sha1_process( ctx, data );
}
#endif
static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
{
uint32_t temp, W[16], A, B, C, D, E;
@@ -334,7 +304,7 @@ static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsi
/*
* SHA-1 process buffer
*/
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
{
int ret;
size_t fill;
@@ -382,15 +352,6 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *inp
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input,
size_t ilen )
{
mbedtls_sha1_update_ret( ctx, input, ilen );
}
#endif
static const unsigned char sha1_padding[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -401,7 +362,7 @@ static const unsigned char sha1_padding[64] = {
/*
* SHA-1 final digest
*/
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] )
int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
{
int ret;
uint32_t last, padn;
@@ -418,10 +379,10 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20]
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) {
if ( ( ret = mbedtls_sha1_update( ctx, sha1_padding, padn ) ) != 0 ) {
goto out;
}
if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) {
if ( ( ret = mbedtls_sha1_update( ctx, msglen, 8 ) ) != 0 ) {
goto out;
}
@@ -445,12 +406,4 @@ out:
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] )
{
mbedtls_sha1_finish_ret( ctx, output );
}
#endif
#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */

67
components/mbedtls/port/sha/parallel_engine/esp_sha256.c
View File

@@ -3,35 +3,19 @@
* Uses mbedTLS software implementation for failover when concurrent
* SHA operations are in use.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* The SHA-256 Secure Hash Standard was published by NIST in 2002.
*
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT)
@@ -116,7 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
/*
* SHA-256 context setup
*/
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -151,14 +135,6 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 )
{
mbedtls_sha256_starts_ret( ctx, is224 );
}
#endif
static const uint32_t K[] = {
0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
@@ -228,14 +204,6 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] )
{
mbedtls_internal_sha256_process( ctx, data );
}
#endif
static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
{
uint32_t temp1, temp2, W[64];
@@ -295,7 +263,7 @@ static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const
/*
* SHA-256 process buffer
*/
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input,
int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
size_t ilen )
{
int ret;
@@ -344,15 +312,6 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
const unsigned char *input,
size_t ilen )
{
mbedtls_sha256_update_ret( ctx, input, ilen );
}
#endif
static const unsigned char sha256_padding[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -363,7 +322,7 @@ static const unsigned char sha256_padding[64] = {
/*
* SHA-256 final digest
*/
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] )
int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
{
int ret;
uint32_t last, padn;
@@ -380,11 +339,11 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) {
if ( ( ret = mbedtls_sha256_update( ctx, sha256_padding, padn ) ) != 0 ) {
goto out;
}
if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) {
if ( ( ret = mbedtls_sha256_update( ctx, msglen, 8 ) ) != 0 ) {
goto out;
}
@@ -414,12 +373,4 @@ out:
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char output[32] )
{
mbedtls_sha256_finish_ret( ctx, output );
}
#endif
#endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */

69
components/mbedtls/port/sha/parallel_engine/esp_sha512.c
View File

@@ -3,35 +3,19 @@
* Uses mbedTLS software implementation for failover when concurrent
* SHA operations are in use.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
* SPDX-License-Identifier: Apache-2.0
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD
*/
/*
* The SHA-512 Secure Hash Standard was published by NIST in 2002.
*
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT)
@@ -140,7 +124,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
/*
* SHA-512 context setup
*/
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -176,14 +160,6 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 )
{
mbedtls_sha512_starts_ret( ctx, is384 );
}
#endif
/*
* Round constants
*/
@@ -255,15 +231,6 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
const unsigned char data[128] )
{
mbedtls_internal_sha512_process( ctx, data );
}
#endif
static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
{
int i;
@@ -332,7 +299,7 @@ static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const
/*
* SHA-512 process buffer
*/
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input,
int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
size_t ilen )
{
int ret;
@@ -379,16 +346,6 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input,
size_t ilen )
{
mbedtls_sha512_update_ret( ctx, input, ilen );
}
#endif
static const unsigned char sha512_padding[128] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -403,7 +360,7 @@ static const unsigned char sha512_padding[128] = {
/*
* SHA-512 final digest
*/
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] )
int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
{
int ret;
size_t last, padn;
@@ -420,11 +377,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output
last = (size_t)( ctx->total[0] & 0x7F );
padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) {
if ( ( ret = mbedtls_sha512_update( ctx, sha512_padding, padn ) ) != 0 ) {
goto out;
}
if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) {
if ( ( ret = mbedtls_sha512_update( ctx, msglen, 16 ) ) != 0 ) {
goto out;
}
@@ -454,12 +411,4 @@ out:
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
unsigned char output[64] )
{
mbedtls_sha512_finish_ret( ctx, output );
}
#endif
#endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */

60
components/mbedtls/test/test_aes_gcm.c
View File

@@ -1,6 +1,9 @@
/* mbedTLS GCM test
*/
*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
@@ -79,11 +82,11 @@ TEST_CASE("mbedtls GCM stream test", "[aes-gcm]")
memset(key, 0x56, 16);
// allocate internal memory
uint8_t *chipertext = heap_caps_malloc(SZ, MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL);
uint8_t *ciphertext = heap_caps_malloc(SZ, MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL);
uint8_t *plaintext = heap_caps_malloc(SZ, MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL);
uint8_t *decryptedtext = heap_caps_malloc(SZ, MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL);
TEST_ASSERT_NOT_NULL(chipertext);
TEST_ASSERT_NOT_NULL(ciphertext);
TEST_ASSERT_NOT_NULL(plaintext);
TEST_ASSERT_NOT_NULL(decryptedtext);
@@ -93,43 +96,47 @@ TEST_CASE("mbedtls GCM stream test", "[aes-gcm]")
*/
for (int bytes_to_process = 16; bytes_to_process < SZ; bytes_to_process = bytes_to_process + 16) {
memset(nonce, 0x89, 16);
memset(chipertext, 0x0, SZ);
memset(ciphertext, 0x0, SZ);
memset(decryptedtext, 0x0, SZ);
memset(tag, 0x0, 16);
mbedtls_gcm_init(&ctx);
mbedtls_gcm_setkey(&ctx, cipher, key, 128);
mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, nonce, sizeof(nonce), NULL, 0 );
mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, nonce, sizeof(nonce) );
mbedtls_gcm_update_ad( &ctx, NULL, 0 );
// Encrypt
for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
// Limit length of last call to avoid exceeding buffer size
size_t length = (idx + bytes_to_process > SZ) ? (SZ - idx) : bytes_to_process;
mbedtls_gcm_update(&ctx, length, plaintext + idx, chipertext + idx );
mbedtls_gcm_update(&ctx, plaintext + idx, length, ciphertext + idx, 0, NULL);
}
mbedtls_gcm_finish( &ctx, tag, sizeof(tag) );
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher, chipertext, SZ);
size_t olen;
mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag, sizeof(tag) );
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher, ciphertext, SZ);
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_tag, tag, sizeof(tag));
// Decrypt
memset(nonce, 0x89, 16);
mbedtls_gcm_free( &ctx );
mbedtls_gcm_init(&ctx);
mbedtls_gcm_setkey(&ctx, cipher, key, 128);
mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, nonce, sizeof(nonce), NULL, 0 );
mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, nonce, sizeof(nonce));
mbedtls_gcm_update_ad( &ctx, NULL, 0 );
for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
// Limit length of last call to avoid exceeding buffer size
size_t length = (idx + bytes_to_process > SZ) ? (SZ - idx) : bytes_to_process;
mbedtls_gcm_update(&ctx, length, chipertext + idx, decryptedtext + idx );
mbedtls_gcm_update(&ctx, ciphertext + idx, length, decryptedtext + idx, 0, NULL);
}
mbedtls_gcm_finish( &ctx, tag, sizeof(tag) );
mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag, sizeof(tag) );
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
mbedtls_gcm_free( &ctx );
}
free(plaintext);
free(chipertext);
free(ciphertext);
free(decryptedtext);
}
@@ -153,7 +160,7 @@ typedef struct {
typedef struct {
const uint8_t *expected_tag;
const uint8_t *ciphertext_last_block; // Last block of the chipertext
const uint8_t *ciphertext_last_block; // Last block of the ciphertext
} aes_gcm_test_expected_res_t;
@@ -185,14 +192,15 @@ static void aes_gcm_test(aes_gcm_test_cfg_t *cfg, aes_gcm_test_expected_res_t *r
mbedtls_gcm_init(&ctx);
mbedtls_gcm_setkey(&ctx, cipher, cfg->key, cfg->key_bits);
size_t olen;
/* Encrypt and tag */
if (aes_gcm_type == AES_GCM_TEST_CRYPT_N_TAG) {
mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_AES_ENCRYPT, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length, cfg->plaintext, ciphertext, cfg->tag_len, tag_buf_encrypt);
} else if (aes_gcm_type == AES_GCM_TEST_START_UPDATE_FINISH) {
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext_length, cfg->plaintext, ciphertext) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf_encrypt, cfg->tag_len) == 0 );
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv_buf, cfg->iv_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, cfg->add_buf, cfg->add_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext, cfg->plaintext_length, ciphertext, 0, NULL) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf_encrypt, cfg->tag_len) == 0 );
}
size_t offset = cfg->plaintext_length > 16 ? cfg->plaintext_length - 16 : 0;
/* Sanity check: make sure the last ciphertext block matches what we expect to see. */
@@ -204,9 +212,10 @@ static void aes_gcm_test(aes_gcm_test_cfg_t *cfg, aes_gcm_test_expected_res_t *r
if (aes_gcm_type == AES_GCM_TEST_CRYPT_N_TAG) {
TEST_ASSERT(mbedtls_gcm_auth_decrypt(&ctx, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length, res->expected_tag, cfg->tag_len, ciphertext, output) == 0);
} else if (aes_gcm_type == AES_GCM_TEST_START_UPDATE_FINISH) {
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext_length, ciphertext, output) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf_decrypt, cfg->tag_len) == 0 );
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, iv_buf, cfg->iv_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, cfg->add_buf, cfg->add_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, ciphertext, cfg->plaintext_length, output, 0, NULL) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf_decrypt, cfg->tag_len) == 0 );
/* mbedtls_gcm_auth_decrypt already checks tag so only needed for AES_GCM_TEST_START_UPDATE_FINISH */
TEST_ASSERT_EQUAL_HEX8_ARRAY(res->expected_tag, tag_buf_decrypt, cfg->tag_len);
@@ -412,7 +421,7 @@ TEST_CASE("mbedtls AES GCM performance, start, update, ret", "[aes-gcm]")
uint8_t iv[16];
uint8_t key[16];
uint8_t aad[16];
size_t olen;
memset(iv, 0xEE, 16);
memset(key, 0x44, 16);
memset(aad, 0x76, 16);
@@ -428,9 +437,10 @@ TEST_CASE("mbedtls AES GCM performance, start, update, ret", "[aes-gcm]")
memset(buf, 0xAA, CALL_SZ);
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv, sizeof(iv), aad, sizeof(aad) ) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, CALL_SZ, buf, buf ) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf, 16 ) == 0 );
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv, sizeof(iv) ) == 0 );
TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, aad, sizeof(aad)) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, buf, CALL_SZ, buf, 0, NULL) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf, 16 ) == 0 );
elapsed_usec = ccomp_timer_stop();

11
components/mbedtls/test/test_aes_sha_parallel.c
View File

@@ -1,3 +1,8 @@
/*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdbool.h>
#include <esp_system.h>
@@ -28,11 +33,11 @@ static void tskRunSHA256Test(void *pvParameters)
for (int i = 0; i < 1000; i++) {
mbedtls_sha256_init(&sha256_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
for (int j = 0; j < 10; j++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, (unsigned char *)one_hundred_bs, 100));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
mbedtls_sha256_free(&sha256_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation");
}

12
components/mbedtls/test/test_aes_sha_rsa.c
View File

@@ -82,21 +82,21 @@ static void mbedtls_sha256_task(void *pvParameters)
mbedtls_sha256_init(&sha256_ctx);
memset(output, 0, sizeof(output));
mbedtls_sha256_starts_ret(&sha256_ctx, false);
mbedtls_sha256_starts(&sha256_ctx, false);
for (int i = 0; i < 3; ++i) {
mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)input, 100);
mbedtls_sha256_update(&sha256_ctx, (unsigned char *)input, 100);
}
mbedtls_sha256_finish_ret(&sha256_ctx, output);
mbedtls_sha256_finish(&sha256_ctx, output);
memcpy(output_origin, output, sizeof(output));
while (exit_flag == false) {
mbedtls_sha256_init(&sha256_ctx);
memset(output, 0, sizeof(output));
mbedtls_sha256_starts_ret(&sha256_ctx, false);
mbedtls_sha256_starts(&sha256_ctx, false);
for (int i = 0; i < 3; ++i) {
mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)input, 100);
mbedtls_sha256_update(&sha256_ctx, (unsigned char *)input, 100);
}
mbedtls_sha256_finish_ret(&sha256_ctx, output);
mbedtls_sha256_finish(&sha256_ctx, output);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(output, output_origin, sizeof(output), "MBEDTLS SHA256 must match");
}

24
components/mbedtls/test/test_ecp.c
View File

@@ -1,14 +1,24 @@
/* mbedTLS Elliptic Curve functionality tests
Focus on testing functionality where we use ESP32 hardware
accelerated crypto features.
*/
*
* Focus on testing functionality where we use ESP32 hardware
* accelerated crypto features.
*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
#include <esp_system.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/ecdh.h>
@@ -33,9 +43,9 @@ TEST_CASE("mbedtls ECDH Generate Key", "[mbedtls]")
mbedtls_entropy_init(&entropy);
TEST_ASSERT_MBEDTLS_OK( mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.grp, MBEDTLS_ECP_DP_CURVE25519) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.grp, &ctx.d, &ctx.Q,
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.ctx.mbed_ecdh.grp, &ctx.ctx.mbed_ecdh.d, &ctx.ctx.mbed_ecdh.Q,
mbedtls_ctr_drbg_random, &ctr_drbg ) );
mbedtls_ecdh_free(&ctx);

26
components/mbedtls/test/test_esp_crt_bundle.c
View File

@@ -2,21 +2,11 @@
*
* Adapted from the ssl_server example in mbedtls.
*
* Original Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) Copyright 2019 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-FileContributor: 2019-2021 Espressif Systems (Shanghai) CO LTD
*/
#include "esp_err.h"
#include "esp_log.h"
@@ -27,9 +17,9 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "entropy_poll.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
@@ -91,6 +81,12 @@ static volatile bool exit_flag;
esp_err_t endpoint_teardown(mbedtls_endpoint_t *endpoint);
static int myrand(void *rng_state, unsigned char *output, size_t len)
{
size_t olen;
return mbedtls_hardware_poll(rng_state, output, len, &olen);
}
esp_err_t server_setup(mbedtls_endpoint_t *server)
{
int ret;
@@ -113,7 +109,7 @@ esp_err_t server_setup(mbedtls_endpoint_t *server)
}
ret = mbedtls_pk_parse_key( &server->pkey, (const unsigned char *)server_pk_start,
server_pk_end - server_pk_start, NULL, 0 );
server_pk_end - server_pk_start, NULL, 0, myrand, NULL );
if ( ret != 0 ) {
ESP_LOGE(TAG, "mbedtls_pk_parse_key returned %d", ret );
return ESP_FAIL;

8
components/mbedtls/test/test_mbedtls_mpi.c
View File

@@ -1,5 +1,9 @@
/* mbedTLS bignum (MPI) self-tests as unit tests
*/
*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
@@ -24,7 +28,7 @@ void mbedtls_mpi_printf(const char *name, const mbedtls_mpi *X)
memset(buf, 0, sizeof(buf));
mbedtls_mpi_write_string(X, 16, buf, sizeof(buf)-1, &n);
if(n) {
printf("%s = (s=%d) 0x%s\n", name, X->s, buf);
printf("%s = (s=%d) 0x%s\n", name, X->MBEDTLS_PRIVATE(s), buf);
} else {
printf("%s = TOOLONG\n", name);
}

93
components/mbedtls/test/test_mbedtls_sha.c
View File

@@ -7,7 +7,6 @@
/*
* mbedTLS SHA unit tests
*/
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
@@ -72,19 +71,19 @@ TEST_CASE("mbedtls SHA interleaving", "[mbedtls]")
mbedtls_sha256_init(&sha256_ctx);
mbedtls_sha512_init(&sha512_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts_ret(&sha1_ctx));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&sha512_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts(&sha1_ctx));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&sha512_ctx, false));
for (int i = 0; i < 10; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha1_update_ret(&sha1_ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&sha512_ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha1_update(&sha1_ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&sha512_ctx, one_hundred_bs, 100));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish_ret(&sha1_ctx, sha1));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&sha512_ctx, sha512));
TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish(&sha1_ctx, sha1));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&sha512_ctx, sha512));
mbedtls_sha1_free(&sha1_ctx);
mbedtls_sha256_free(&sha256_ctx);
@@ -103,11 +102,11 @@ static void tskRunSHA1Test(void *pvParameters)
for (int i = 0; i < 1000; i++) {
mbedtls_sha1_init(&sha1_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts_ret(&sha1_ctx));
TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts(&sha1_ctx));
for (int j = 0; j < 10; j++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha1_update_ret(&sha1_ctx, (unsigned char *)one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha1_update(&sha1_ctx, (unsigned char *)one_hundred_as, 100));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish_ret(&sha1_ctx, sha1));
TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish(&sha1_ctx, sha1));
mbedtls_sha1_free(&sha1_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_thousand_as, sha1, 20, "SHA1 calculation");
}
@@ -122,11 +121,11 @@ static void tskRunSHA256Test(void *pvParameters)
for (int i = 0; i < 1000; i++) {
mbedtls_sha256_init(&sha256_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
for (int j = 0; j < 10; j++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, (unsigned char *)one_hundred_bs, 100));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
mbedtls_sha256_free(&sha256_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation");
}
@@ -204,23 +203,23 @@ TEST_CASE("mbedtls SHA512 clone", "[mbedtls]")
unsigned char sha512[64];
mbedtls_sha512_init(&ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&ctx, false));
for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
}
mbedtls_sha512_init(&clone);
mbedtls_sha512_clone(&clone, &ctx);
for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&clone, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&clone, one_hundred_bs, 100));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&ctx, sha512));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&ctx, sha512));
mbedtls_sha512_free(&ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 original calculation");
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&clone, sha512));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&clone, sha512));
mbedtls_sha512_free(&clone);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 cloned calculation");
@@ -234,24 +233,24 @@ TEST_CASE("mbedtls SHA384 clone", "[mbedtls][")
unsigned char sha384[48];
mbedtls_sha512_init(&ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&ctx, true));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&ctx, true));
for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
}
mbedtls_sha512_init(&clone);
mbedtls_sha512_clone(&clone, &ctx);
for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&clone, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&clone, one_hundred_bs, 100));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&ctx, sha384));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&ctx, sha384));
mbedtls_sha512_free(&ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 original calculation");
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&clone, sha384));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&clone, sha384));
mbedtls_sha512_free(&clone);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 cloned calculation");
@@ -265,23 +264,23 @@ TEST_CASE("mbedtls SHA256 clone", "[mbedtls]")
unsigned char sha256[64];
mbedtls_sha256_init(&ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&ctx, false));
for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&ctx, one_hundred_as, 100));
}
mbedtls_sha256_init(&clone);
mbedtls_sha256_clone(&clone, &ctx);
for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&clone, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&clone, one_hundred_as, 100));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&ctx, sha256));
mbedtls_sha256_free(&ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 original calculation");
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&clone, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&clone, sha256));
mbedtls_sha256_free(&clone);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 cloned calculation");
@@ -299,10 +298,10 @@ static void tskFinaliseSha(void *v_param)
finalise_sha_param_t *param = (finalise_sha_param_t *)v_param;
for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&param->ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&param->ctx, one_hundred_as, 100));
}
param->ret = mbedtls_sha256_finish_ret(&param->ctx, param->result);
param->ret = mbedtls_sha256_finish(&param->ctx, param->result);
mbedtls_sha256_free(&param->ctx);
param->done = true;
@@ -315,9 +314,9 @@ TEST_CASE("mbedtls SHA session passed between tasks", "[mbedtls]")
finalise_sha_param_t param = { 0 };
mbedtls_sha256_init(&param.ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&param.ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&param.ctx, false));
for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&param.ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&param.ctx, one_hundred_as, 100));
}
// pass the SHA context off to a different task
@@ -387,9 +386,9 @@ TEST_CASE("mbedtls SHA, input in flash", "[mbedtls]")
mbedtls_sha256_init(&sha256_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, test_vector, sizeof(test_vector)));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, test_vector, sizeof(test_vector)));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
mbedtls_sha256_free(&sha256_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(test_vector_digest, sha256, 32, "SHA256 calculation");
@@ -467,14 +466,14 @@ TEST_CASE("mbedtls SHA512/t", "[mbedtls]")
for (int j = 0; j < 2; j++) {
k = i * 2 + j;
mbedtls_sha512_init(&sha512_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&sha512_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&sha512_ctx, false));
esp_sha512_set_mode(&sha512_ctx, sha512T_algo[i]);
if (i > 1) {
k = (i - 2) * 2 + j;
esp_sha512_set_t(&sha512_ctx, sha512T_t_len[i]);
}
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&sha512_ctx, sha512T_test_buf[j], sha512T_test_buflen[j]));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&sha512_ctx, sha512));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&sha512_ctx, sha512T_test_buf[j], sha512T_test_buflen[j]));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&sha512_ctx, sha512));
mbedtls_sha512_free(&sha512_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_test_sum[k], sha512, sha512T_t_len[i] / 8, "SHA512t calculation");
@@ -498,11 +497,11 @@ TEST_CASE("mbedtls SHA256 PSRAM DMA", "[mbedtls]")
memset(buf, 0x54, CALL_SZ);
mbedtls_sha256_init(&sha256_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
for (int c = 0; c < CALLS; c++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, buf, CALL_SZ));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, buf, CALL_SZ));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
free(buf);
mbedtls_sha256_free(&sha256_ctx);

2
components/mbedtls/test/test_mbedtls_utils.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/

2
components/mbedtls/test/test_mbedtls_utils.h
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/

32
components/mbedtls/test/test_rsa.c
View File

@@ -1,9 +1,12 @@
/* mbedTLS RSA functionality tests
Focus on testing functionality where we use ESP32 hardware
accelerated crypto features.
*/
*
* Focus on testing functionality where we use ESP32 hardware
* accelerated crypto features
*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdbool.h>
#include "esp_system.h"
@@ -11,9 +14,9 @@
#include "mbedtls/rsa.h"
#include "mbedtls/pk.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/entropy_poll.h"
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include "entropy_poll.h"
#include "freertos/FreeRTOS.h"
#include "unity.h"
#include "test_utils.h"
@@ -418,12 +421,15 @@ static void print_rsa_details(mbedtls_rsa_context *rsa)
}
#endif
// TODO: IDF-4708
#if !TEMPORARY_DISABLED_FOR_TARGETS(ESP32, ESP32S2, ESP32S3, ESP32C3)
TEST_CASE("test performance RSA key operations", "[bignum]")
{
for (int keysize = 2048; keysize <= SOC_RSA_MAX_BIT_LEN; keysize += 1024) {
rsa_key_operations(keysize, true, false, false);
}
}
#endif
TEST_CASE("test RSA-3072 calculations", "[bignum]")
{
@@ -461,20 +467,20 @@ static void rsa_key_operations(int keysize, bool check_performance, bool use_bli
memset(orig_buf, 0xAA, sizeof(orig_buf));
orig_buf[0] = 0; // Ensure that orig_buf is smaller than rsa.N
if (generate_new_rsa) {
mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PRIVATE, 0);
mbedtls_rsa_init(&rsa);
TEST_ASSERT_EQUAL(0, mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537));
} else {
mbedtls_pk_init(&clientkey);
switch(keysize) {
case 4096:
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_4096_buf, sizeof(privkey_4096_buf), NULL, 0);
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_4096_buf, sizeof(privkey_4096_buf), NULL, 0, myrand, NULL);
break;
case 3072:
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_3072_buf, sizeof(privkey_3072_buf), NULL, 0);
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_3072_buf, sizeof(privkey_3072_buf), NULL, 0, myrand, NULL);
break;
case 2048:
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_2048_buf, sizeof(privkey_2048_buf), NULL, 0);
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_2048_buf, sizeof(privkey_2048_buf), NULL, 0, myrand, NULL);
break;
default:
TEST_FAIL_MESSAGE("unsupported keysize, pass generate_new_rsa=true or update test");
@@ -489,8 +495,8 @@ static void rsa_key_operations(int keysize, bool check_performance, bool use_bli
print_rsa_details(&rsa);
#endif
TEST_ASSERT_EQUAL(keysize, (int)rsa.len * 8);
TEST_ASSERT_EQUAL(keysize, (int)rsa.D.n * sizeof(mbedtls_mpi_uint) * 8); // The private exponent
TEST_ASSERT_EQUAL(keysize, (int)rsa.MBEDTLS_PRIVATE(len) * 8);
TEST_ASSERT_EQUAL(keysize, (int)rsa.MBEDTLS_PRIVATE(D).MBEDTLS_PRIVATE(n) * sizeof(mbedtls_mpi_uint) * 8); // The private exponent
ccomp_timer_start();
res = mbedtls_rsa_public(&rsa, orig_buf, encrypted_buf);
@@ -539,7 +545,7 @@ TEST_CASE("mbedtls RSA Generate Key", "[mbedtls][timeout=60]")
esp_task_wdt_add(xTaskGetIdleTaskHandleForCPU(0));
#endif //CONFIG_MBEDTLS_MPI_USE_INTERRUPT
mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
mbedtls_rsa_init(&ctx);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);

8
components/mbedtls/test/test_sha.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -114,16 +114,16 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
/* Compare esp_sha() result to the mbedTLS result, should always be the same */
esp_sha(SHA1, ptr, LEN, sha1_espsha);
int r = mbedtls_sha1_ret(ptr, LEN, sha1_mbedtls);
int r = mbedtls_sha1(ptr, LEN, sha1_mbedtls);
TEST_ASSERT_EQUAL(0, r);
esp_sha(SHA2_256, ptr, LEN, sha256_espsha);
r = mbedtls_sha256_ret(ptr, LEN, sha256_mbedtls, 0);
r = mbedtls_sha256(ptr, LEN, sha256_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
#if SOC_SHA_SUPPORT_SHA512
esp_sha(SHA2_512, ptr, LEN, sha512_espsha);
r = mbedtls_sha512_ret(ptr, LEN, sha512_mbedtls, 0);
r = mbedtls_sha512(ptr, LEN, sha512_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
#endif

10
components/mbedtls/test/test_sha_perf.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -7,9 +7,9 @@
/*
* mbedTLS SHA performance test
*/
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
#include <string.h>
#include "mbedtls/sha256.h"
#include "unity.h"
#include "sdkconfig.h"
@@ -33,11 +33,11 @@ TEST_CASE("mbedtls SHA performance", "[aes]")
mbedtls_sha256_init(&sha256_ctx);
ccomp_timer_start();
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
for (int c = 0; c < CALLS; c++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, buf, CALL_SZ));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, buf, CALL_SZ));
}
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
elapsed_usec = ccomp_timer_stop();
free(buf);

2
components/openthread/openthread

Submodule components/openthread/openthread updated: e736d2488d...5eeea0993e

41
components/protocomm/src/security/security1.c
View File

@@ -10,13 +10,33 @@
#include <esp_err.h>
#include <esp_log.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
/* ToDo - Remove this once appropriate solution is available.
* Currently MBEDTLS_LEGACY_CONTEXT is enabled by default for MBEDTLS_ECP_RESTARTABLE
* This is a temporary workaround to allow that.
* The LEGACY option is soon going to be removed in future mbedtls
* once it is removed we can remove the workaround.
*/
#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
#define ACCESS_ECDH(S, var) S->var
#else
#define ACCESS_ECDH(S, var) S->ctx.mbed_ecdh.var
#endif
#include <mbedtls/aes.h>
#include <mbedtls/sha256.h>
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/ecdh.h>
#include <mbedtls/error.h>
#include <mbedtls/ssl_internal.h>
#include <mbedtls/constant_time.h>
#include <ssl_misc.h>
#include <mbedtls/constant_time.h>
#include <protocomm_security.h>
@@ -203,6 +223,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
}
mbedtls_ecdh_init(ctx_server);
mbedtls_ecdh_setup(ctx_server, MBEDTLS_ECP_DP_CURVE25519);
mbedtls_ctr_drbg_init(ctr_drbg);
mbedtls_entropy_init(entropy);
@@ -214,14 +235,14 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_ecp_group_load(&ctx_server->grp, MBEDTLS_ECP_DP_CURVE25519);
mbed_err = mbedtls_ecp_group_load(ACCESS_ECDH(&ctx_server, grp), MBEDTLS_ECP_DP_CURVE25519);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
goto exit_cmd0;
}
mbed_err = mbedtls_ecdh_gen_public(&ctx_server->grp, &ctx_server->d, &ctx_server->Q,
mbed_err = mbedtls_ecdh_gen_public(ACCESS_ECDH(&ctx_server, grp), ACCESS_ECDH(&ctx_server, d), ACCESS_ECDH(&ctx_server, Q),
mbedtls_ctr_drbg_random, ctr_drbg);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecdh_gen_public with error code : -0x%x", -mbed_err);
@@ -229,7 +250,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(&ctx_server->Q.X,
mbed_err = mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx_server, Q).X,
cur_session->device_pubkey,
PUBLIC_KEY_LEN);
if (mbed_err != 0) {
@@ -246,7 +267,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_lset(&ctx_server->Qp.Z, 1);
mbed_err = mbedtls_mpi_lset(ACCESS_ECDH(&ctx_server, Qp).Z, 1);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
@@ -254,7 +275,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
}
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(&ctx_server->Qp.X, cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(ACCESS_ECDH(&ctx_server, Qp).X, cli_pubkey, PUBLIC_KEY_LEN);
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : -0x%x", -mbed_err);
@@ -262,15 +283,15 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_ecdh_compute_shared(&ctx_server->grp, &ctx_server->z, &ctx_server->Qp,
&ctx_server->d, mbedtls_ctr_drbg_random, ctr_drbg);
mbed_err = mbedtls_ecdh_compute_shared(ACCESS_ECDH(&ctx_server, grp), ACCESS_ECDH(&ctx_server, z), ACCESS_ECDH(&ctx_server, Qp),
ACCESS_ECDH(&ctx_server, d), mbedtls_ctr_drbg_random, ctr_drbg);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecdh_compute_shared with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(&ctx_server->z, cur_session->sym_key, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx_server, z), cur_session->sym_key, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
@@ -282,7 +303,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
ESP_LOGD(TAG, "Adding proof of possession");
uint8_t sha_out[PUBLIC_KEY_LEN];
mbed_err = mbedtls_sha256_ret((const unsigned char *) pop->data, pop->len, sha_out, 0);
mbed_err = mbedtls_sha256((const unsigned char *) pop->data, pop->len, sha_out, 0);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_sha256_ret with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;

55
components/protocomm/test/test_protocomm.c
View File

@@ -1,16 +1,8 @@
// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <stdlib.h>
#include <string.h>
@@ -22,13 +14,19 @@
#include <unistd.h>
#include <unity.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE()` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <mbedtls/aes.h>
#include <mbedtls/sha256.h>
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/ecdh.h>
#include <mbedtls/error.h>
#include <mbedtls/ssl_internal.h>
#include <protocomm.h>
#include <protocomm_security.h>
@@ -156,24 +154,24 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_lset(&session->ctx_client.Qp.Z, 1);
ret = mbedtls_mpi_lset(&session->ctx_client.ctx.mbed_ecdh.Qp.Z, 1);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : %d", ret);
return ESP_FAIL;
}
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.Qp.X, dev_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.ctx.mbed_ecdh.Qp.X, dev_pubkey, PUBLIC_KEY_LEN);
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : %d", ret);
return ESP_FAIL;
}
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.grp,
&session->ctx_client.z,
&session->ctx_client.Qp,
&session->ctx_client.d,
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.ctx.mbed_ecdh.grp,
&session->ctx_client.ctx.mbed_ecdh.z,
&session->ctx_client.ctx.mbed_ecdh.Qp,
&session->ctx_client.ctx.mbed_ecdh.d,
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@@ -181,7 +179,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
return ESP_FAIL;
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.z, session->sym_key, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_write_binary(&session->ctx_client.ctx.mbed_ecdh.z, session->sym_key, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : %d", ret);
return ESP_FAIL;
@@ -193,7 +191,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
ESP_LOGD(TAG, "Adding proof of possession");
uint8_t sha_out[PUBLIC_KEY_LEN];
ret = mbedtls_sha256_ret((const unsigned char *) pop->data, pop->len, sha_out, 0);
ret = mbedtls_sha256((const unsigned char *) pop->data, pop->len, sha_out, 0);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_sha256_ret with error code : %d", ret);
return ESP_FAIL;
@@ -372,6 +370,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
uint8_t *outbuf = NULL;
mbedtls_ecdh_init(&session->ctx_client);
mbedtls_ecdh_setup(&session->ctx_client, MBEDTLS_ECP_DP_CURVE25519);
mbedtls_ctr_drbg_init(&session->ctr_drbg);
mbedtls_entropy_init(&session->entropy);
@@ -382,15 +381,15 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecp_group_load(&session->ctx_client.grp, MBEDTLS_ECP_DP_CURVE25519);
ret = mbedtls_ecp_group_load(&session->ctx_client.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : %d", ret);
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecdh_gen_public(&session->ctx_client.grp,
&session->ctx_client.d,
&session->ctx_client.Q,
ret = mbedtls_ecdh_gen_public(&session->ctx_client.ctx.mbed_ecdh.grp,
&session->ctx_client.ctx.mbed_ecdh.d,
&session->ctx_client.ctx.mbed_ecdh.Q,
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@@ -400,7 +399,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
if (session->weak) {
/* Read zero client public key */
ret = mbedtls_mpi_read_binary(&session->ctx_client.Q.X,
ret = mbedtls_mpi_read_binary(&session->ctx_client.ctx.mbed_ecdh.Q.X,
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {
@@ -408,7 +407,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.Q.X,
ret = mbedtls_mpi_write_binary(&session->ctx_client.ctx.mbed_ecdh.Q.X,
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {

75
components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c
View File

@@ -3,7 +3,6 @@
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifdef ESP_PLATFORM
#include "esp_system.h"
#include "mbedtls/bignum.h"
@@ -156,7 +155,7 @@ int crypto_ec_point_to_bin(struct crypto_ec *e,
int len = mbedtls_mpi_size(&e->group.P);
if (x) {
if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->X,
if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->MBEDTLS_PRIVATE(X),
x, len, len) < 0) {
return -1;
}
@@ -164,7 +163,7 @@ int crypto_ec_point_to_bin(struct crypto_ec *e,
}
if (y) {
if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->Y,
if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->MBEDTLS_PRIVATE(Y),
y, len, len) < 0) {
return -1;
}
@@ -179,17 +178,17 @@ int crypto_ec_get_affine_coordinates(struct crypto_ec *e, struct crypto_ec_point
int ret = -1;
mbedtls_ecp_point *point = (mbedtls_ecp_point *)pt;
if (!mbedtls_ecp_is_zero(point) && (mbedtls_mpi_cmp_int( &point->Z, 1 ) == 0 )) {
if (!mbedtls_ecp_is_zero(point) && (mbedtls_mpi_cmp_int( &point->MBEDTLS_PRIVATE(Z), 1 ) == 0 )) {
// Affine coordinates mean that z should be 1,
wpa_printf(MSG_ERROR, "Z coordinate is neither 0 or 1");
return -1;
}
if (x) {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) x, &((mbedtls_ecp_point* )point)->X));
MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) x, &((mbedtls_ecp_point* )point)->MBEDTLS_PRIVATE(X)));
}
if (y) {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) y, &((mbedtls_ecp_point* )point)->Y));
MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) y, &((mbedtls_ecp_point* )point)->MBEDTLS_PRIVATE(Y)));
}
return 0;
cleanup:
@@ -214,9 +213,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e,
}
mbedtls_ecp_point_init(pt);
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->Y, val + len, len));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset((&pt->Z), 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->MBEDTLS_PRIVATE(X), val, len));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->MBEDTLS_PRIVATE(Y), val + len, len));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset((&pt->MBEDTLS_PRIVATE(Z)), 1));
return (struct crypto_ec_point *) pt;
@@ -286,8 +285,8 @@ static int ecp_opp(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbe
}
/* In-place opposite */
if (mbedtls_mpi_cmp_int(&R->Y, 0) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->Y, &grp->P, &R->Y));
if (mbedtls_mpi_cmp_int(&R->MBEDTLS_PRIVATE(Y), 0) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->MBEDTLS_PRIVATE(Y), &grp->P, &R->MBEDTLS_PRIVATE(Y)));
}
cleanup:
@@ -308,7 +307,7 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
mbedtls_mpi_init(&temp);
int ret = 0;
y = &((mbedtls_ecp_point *)p)->Y;
y = &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y);
/* Faster way to find sqrt
* Works only with curves having prime p
@@ -332,8 +331,8 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
if (y_bit != mbedtls_mpi_get_bit(y, 0))
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(y, &e->group.P, y));
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->X, (const mbedtls_mpi*) x));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->Z, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->MBEDTLS_PRIVATE(X), (const mbedtls_mpi*) x));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z), 1));
} else {
ret = 1;
}
@@ -417,9 +416,9 @@ int crypto_ec_point_is_on_curve(struct crypto_ec *e,
/* Calculate y^2 mod P*/
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&two, 2));
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&y_sqr_lhs, &((const mbedtls_ecp_point *)p)->Y , &two, &e->group.P, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&y_sqr_lhs, &((const mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y) , &two, &e->group.P, NULL));
y_sqr_rhs = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, (const struct crypto_bignum *) & ((const mbedtls_ecp_point *)p)->X);
y_sqr_rhs = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, (const struct crypto_bignum *) & ((const mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X));
if (y_sqr_rhs && (mbedtls_mpi_cmp_mpi(y_sqr_rhs, &y_sqr_lhs) == 0)) {
on_curve = 1;
@@ -440,12 +439,26 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
return mbedtls_ecp_point_cmp((const mbedtls_ecp_point *) a,
(const mbedtls_ecp_point *) b);
}
int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2)
{
if (mbedtls_pk_check_pair((mbedtls_pk_context *)key1, (mbedtls_pk_context *)key2) < 0)
return 0;
int ret = 0;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
return 1;
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
MBEDTLS_MPI_CHK(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0));
if (mbedtls_pk_check_pair((mbedtls_pk_context *)key1, (mbedtls_pk_context *)key2, mbedtls_ctr_drbg_random, &ctr_drbg) < 0) {
goto cleanup;
}
ret = 1;
cleanup:
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
return ret;
}
void crypto_debug_print_point(const char *title, struct crypto_ec *e,
@@ -512,8 +525,8 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
if( ( ret = mbedtls_pk_setup( key,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 )
goto fail;
mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point);
mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1);
mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point);
mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1);
pkey = (struct crypto_key *)key;
crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
@@ -539,7 +552,7 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->Q;
return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(Q);
}
@@ -567,14 +580,14 @@ struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
return (struct crypto_ec_group *)&(mbedtls_pk_ec(*pkey)->grp);
return (struct crypto_ec_group *)&(mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(grp));
}
struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
return ((struct crypto_bignum *)&(mbedtls_pk_ec(*pkey)->d));
return ((struct crypto_bignum *)&(mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(d)));
}
int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
@@ -623,7 +636,7 @@ struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len)
wpa_printf(MSG_ERROR, "memory allocation failed\n");
return NULL;
}
ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0);
ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0, crypto_rng_wrapper, NULL);
if (ret < 0) {
//crypto_print_error_string(ret);
@@ -743,8 +756,8 @@ int crypto_ecdsa_get_sign(unsigned char *hash,
if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0) {
goto fail;
}
ret = mbedtls_ecdsa_sign(&ctx->grp, (mbedtls_mpi *)r, (mbedtls_mpi *)s,
&ctx->d, hash, SHA256_MAC_LEN, crypto_rng_wrapper, NULL);
ret = mbedtls_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), (mbedtls_mpi *)r, (mbedtls_mpi *)s,
&ctx->MBEDTLS_PRIVATE(d), hash, SHA256_MAC_LEN, crypto_rng_wrapper, NULL);
fail:
mbedtls_ecdsa_free(ctx);
@@ -769,8 +782,8 @@ int crypto_edcsa_sign_verify(const unsigned char *hash,
if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0)
return ret;
if((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
&ctx->Q, (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
if((ret = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
&ctx->MBEDTLS_PRIVATE(Q), (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
wpa_printf(MSG_ERROR, "ecdsa verification failed\n");
return ret;
}
@@ -857,7 +870,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start,
const char *oid;
size_t oid_len;
if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->MBEDTLS_PRIVATE(grp).id, &oid, &oid_len ) ) != 0 )
return( ret );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
@@ -872,7 +885,7 @@ static int pk_write_ec_pubkey_formatted( unsigned char **p, unsigned char *start
size_t len = 0;
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
if( ( ret = mbedtls_ecp_point_write_binary( &ec->MBEDTLS_PRIVATE(grp), &ec->MBEDTLS_PRIVATE(Q),
format,
&len, buf, sizeof( buf ) ) ) != 0 )
{

10
components/wpa_supplicant/src/crypto/crypto_mbedtls.c
View File

@@ -3,7 +3,6 @@
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifdef ESP_PLATFORM
#include "esp_system.h"
#endif
@@ -25,7 +24,6 @@
#include "mbedtls/nist_kw.h"
#include "mbedtls/des.h"
#include "mbedtls/ccm.h"
#include "mbedtls/arc4.h"
#include "common.h"
#include "utils/wpabuf.h"
@@ -37,6 +35,10 @@
#include "crypto.h"
#include "mbedtls/esp_config.h"
#ifdef MBEDTLS_ARC4_C
#include "mbedtls/arc4.h"
#endif
static int digest_vector(mbedtls_md_type_t md_type, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
@@ -400,12 +402,12 @@ static int crypto_init_cipher_ctx(mbedtls_cipher_context_t *ctx,
return -1;
}
if (mbedtls_cipher_setkey(ctx, key, cipher_info->key_bitlen,
if (mbedtls_cipher_setkey(ctx, key, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
operation) != 0) {
wpa_printf(MSG_ERROR, "mbedtls_cipher_setkey returned error");
return -1;
}
if (mbedtls_cipher_set_iv(ctx, iv, cipher_info->iv_size) != 0) {
if (mbedtls_cipher_set_iv(ctx, iv, cipher_info->MBEDTLS_PRIVATE(iv_size)) != 0) {
wpa_printf(MSG_ERROR, "mbedtls_cipher_set_iv returned error");
return -1;
}

74
components/wpa_supplicant/src/crypto/tls_mbedtls.c
View File

@@ -12,7 +12,15 @@
#include "crypto/md5.h"
#include "crypto/sha256.h"
#include "crypto/sha384.h"
#include "mbedtls/ssl_internal.h"
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "ssl_misc.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/entropy.h"
#include "mbedtls/debug.h"
@@ -27,6 +35,8 @@
#define TLS_MASTER_SECRET_LEN 48
#define MAX_CIPHERSUITE 32
/* Throw a compilation error if basic requirements in mbedtls are not enabled */
#if !defined(MBEDTLS_SSL_TLS_C)
#error "TLS not enabled in mbedtls config"
@@ -63,7 +73,9 @@ typedef struct tls_context {
struct tls_connection {
tls_context_t *tls;
struct tls_data tls_io_data;
unsigned char master_secret[TLS_MASTER_SECRET_LEN];
unsigned char randbytes[2 * TLS_RANDOM_LEN];
mbedtls_tls_prf_types tls_prf_type;
mbedtls_md_type_t mac;
};
@@ -151,7 +163,7 @@ static int set_pki_context(tls_context_t *tls, const struct tls_connection_param
ret = mbedtls_pk_parse_key(&tls->clientkey, cfg->private_key_blob, cfg->private_key_blob_len,
(const unsigned char *)cfg->private_key_passwd,
cfg->private_key_passwd ? os_strlen(cfg->private_key_passwd) : 0);
cfg->private_key_passwd ? os_strlen(cfg->private_key_passwd) : 0, mbedtls_ctr_drbg_random, &tls->ctr_drbg);
if (ret < 0) {
wpa_printf(MSG_ERROR, "mbedtls_pk_parse_keyfile returned -0x%x", -ret);
return ret;
@@ -515,7 +527,24 @@ static int set_client_config(const struct tls_connection_params *cfg, tls_contex
return 0;
}
static int tls_create_mbedtls_handle(const struct tls_connection_params *params,
static void tls_key_derivation(void *ctx,
mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[TLS_RANDOM_LEN],
const unsigned char server_random[TLS_RANDOM_LEN],
mbedtls_tls_prf_types tls_prf_type)
{
struct tls_connection *conn = (struct tls_connection *)ctx;
os_memcpy(conn->master_secret, secret, sizeof(conn->master_secret));
os_memcpy(conn->randbytes, client_random, TLS_RANDOM_LEN);
os_memcpy(conn->randbytes + 32, server_random, TLS_RANDOM_LEN);
conn->tls_prf_type = tls_prf_type;
}
static int tls_create_mbedtls_handle(struct tls_connection *conn,
const struct tls_connection_params *params,
tls_context_t *tls)
{
int ret;
@@ -548,6 +577,7 @@ static int tls_create_mbedtls_handle(const struct tls_connection_params *params,
wpa_printf(MSG_ERROR, "mbedtls_ssl_setup returned -0x%x", -ret);
goto exit;
}
mbedtls_ssl_set_export_keys_cb(&tls->ssl, tls_key_derivation, conn);
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
/* Disable BEAST attack countermeasures for Windows 2008 interoperability */
mbedtls_ssl_conf_cbc_record_splitting(&tls->conf, MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
@@ -609,7 +639,7 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
{
mbedtls_ssl_context *ssl = &conn->tls->ssl;
if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER) {
return 1;
}
@@ -646,11 +676,11 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
}
/* Multiple reads */
while (tls->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
while (tls->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
/* Read random data before session completes, not present after handshake */
if (tls->ssl.handshake) {
os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
TLS_RANDOM_LEN * 2);
conn->mac = tls->ssl.handshake->ciphersuite_info->mac;
}
@@ -753,8 +783,8 @@ cleanup:
int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
{
if (conn && conn->tls && conn->tls->ssl.handshake) {
return conn->tls->ssl.handshake->resume;
if (conn && conn->tls && conn->tls->ssl.MBEDTLS_PRIVATE(handshake)) {
return conn->tls->ssl.MBEDTLS_PRIVATE(handshake)->resume;
}
return 0;
@@ -852,7 +882,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
goto err;
}
ret = tls_create_mbedtls_handle(params, tls);
ret = tls_create_mbedtls_handle(conn, params, tls);
if (ret < 0) {
wpa_printf(MSG_ERROR, "failed to create ssl handle");
goto err;
@@ -890,12 +920,12 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
u8 seed[2 * TLS_RANDOM_LEN];
mbedtls_ssl_context *ssl = &conn->tls->ssl;
if (!ssl || !ssl->transform) {
if (!ssl) {
wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__);
return -1;
}
if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->state);
if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->MBEDTLS_PRIVATE(state));
return -1;
}
@@ -907,18 +937,10 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
}
wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN);
wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->session->master, TLS_MASTER_SECRET_LEN);
wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN);
if (conn->mac == MBEDTLS_MD_SHA384) {
ret = tls_prf_sha384(ssl->session->master, TLS_MASTER_SECRET_LEN,
ret = mbedtls_ssl_tls_prf(conn->tls_prf_type, conn->master_secret, TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
} else if (conn->mac == MBEDTLS_MD_SHA256) {
ret = tls_prf_sha256(ssl->session->master, TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
} else {
ret = tls_prf_sha1_md5(ssl->session->master, TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
}
if (ret < 0) {
wpa_printf(MSG_ERROR, "prf failed, ret=%d\n", ret);
@@ -969,14 +991,14 @@ int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
mbedtls_ssl_context *ssl = &conn->tls->ssl;
os_memset(data, 0, sizeof(*data));
if (ssl->state == MBEDTLS_SSL_CLIENT_HELLO) {
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_HELLO) {
return -1;
}
data->client_random = conn->randbytes;
data->client_random_len = TLS_RANDOM_LEN;
if (ssl->state != MBEDTLS_SSL_SERVER_HELLO) {
if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_SERVER_HELLO) {
data->server_random = conn->randbytes + TLS_RANDOM_LEN;
data->server_random_len = TLS_RANDOM_LEN;
}

62
components/wpa_supplicant/test/test_crypto.c
View File

@@ -1,16 +1,8 @@
// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
@@ -328,10 +320,10 @@ TEST_CASE("Test crypto lib bignum apis", "[wpa_crypto]")
*/
static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
{
X->s = 1;
X->n = len / sizeof( mbedtls_mpi_uint );
X->p = os_zalloc(len);
memcpy(X->p, (void *)p, len);
X->MBEDTLS_PRIVATE(s) = 1;
X->MBEDTLS_PRIVATE(n) = len / sizeof( mbedtls_mpi_uint );
X->MBEDTLS_PRIVATE(p) = os_zalloc(len);
memcpy(X->MBEDTLS_PRIVATE(p), (void *)p, len);
}
@@ -399,10 +391,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]")
mbedtls_mpi_init( &num );
mbedtls_mpi_lset( &num, 3 );
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1);
TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, q) == 0); //q = 3p
@@ -438,10 +430,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]")
mbedtls_mpi_init( &num );
mbedtls_mpi_lset( &num, 100 );
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1);
TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, q) == 0);
TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, r) == 0);
@@ -474,10 +466,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]")
mbedtls_mpi_init( &num );
mbedtls_mpi_lset( &num, 50 );
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1);
/* Generator should always be on the curve*/
TEST_ASSERT(crypto_ec_point_is_on_curve(e, p));
@@ -512,21 +504,21 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]")
mbedtls_mpi_init( &num );
mbedtls_mpi_lset( &num, 50 );
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1);
mbedtls_mpi_copy(&((mbedtls_ecp_point *)q)->X, &((mbedtls_ecp_point *)p)->X);
mbedtls_mpi_copy(&((mbedtls_ecp_point *)r)->X, &((mbedtls_ecp_point *)p)->X);
mbedtls_mpi_copy(&((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X));
mbedtls_mpi_copy(&((mbedtls_ecp_point *)r)->MBEDTLS_PRIVATE(X), &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)q)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)r)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(Z)), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)r)->MBEDTLS_PRIVATE(Z)), 1);
TEST_ASSERT(crypto_ec_point_solve_y_coord(e, q, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->X, 0) == 0);
TEST_ASSERT(crypto_ec_point_solve_y_coord(e, q, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), 0) == 0);
TEST_ASSERT(crypto_ec_point_is_on_curve(e, q));
TEST_ASSERT(crypto_ec_point_solve_y_coord(e, r, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->X, 1) == 0);
TEST_ASSERT(crypto_ec_point_solve_y_coord(e, r, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), 1) == 0);
TEST_ASSERT(crypto_ec_point_is_on_curve(e, r));
TEST_ASSERT((crypto_ec_point_cmp(e, p, q) == 0) || (crypto_ec_point_cmp(e, p, r) == 0));

2
docs/en/api-guides/performance/size.rst
View File

@@ -374,8 +374,6 @@ These include:
- :ref:`CONFIG_MBEDTLS_HAVE_TIME`
- :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC`
- :ref:`CONFIG_MBEDTLS_SHA512_C`
- :ref:`CONFIG_MBEDTLS_SSL_PROTO_TLS1`
- :ref:`CONFIG_MBEDTLS_SSL_PROTO_TLS1_1`
- :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`
- :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`
- :ref:`CONFIG_MBEDTLS_SSL_ALPN`

1
docs/en/migration-guides/index.rst
View File

@@ -10,6 +10,7 @@ ESP-IDF 5.0 Migration Guides
Ethernet <ethernet>
FreeRTOS <freertos>
Peripherals <peripherals>
Protocols <protocols>
Removed or deprecated components <removed-components>
Storage <storage>
System <system>

59
docs/en/migration-guides/protocols.rst Normal file
View File

@@ -0,0 +1,59 @@
Migration of Protocol Components to ESP-IDF 5.0
===============================================
Mbed TLS
--------
For ESP-IDF v5.0, `Mbed TLS <https://github.com/ARMmbed/mbedtls>`_ has been updated from v2.x to v3.1.0.
The official guide for Mbed TLS to migrate from version 2.x to version 3.0 or greater can be found `here <https://github.com/ARMmbed/mbedtls/blob/development/docs/3.0-migration-guide.md>`__.
Breaking Changes (Summary)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Most structure fields are now private
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Direct access to fields of structures (``struct`` types) declared in public headers is no longer supported.
- Appropriate accessor functions (getter/setter) must be used for the same. A temporary workaround would be to use ``MBEDTLS_PRIVATE`` macro (**not recommended**).
- For more details, refer to the official guide `here <https://github.com/ARMmbed/mbedtls/blob/development/docs/3.0-migration-guide.md#most-structure-fields-are-now-private>`__.
SSL
^^^
- Removed the support for TLS 1.0, 1.1 and DTLS 1.0
- Removed the support for SSL 3.0
Deprecated functions were removed from cryptography modules
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The functions ``mbedtls_*_ret()`` (related to MD, SHA, RIPEMD, RNG, HMAC modules) was renamed to replace the corresponding functions without ``_ret`` appended and updated return value.
- For more details, refer to the official guide `here <https://github.com/ARMmbed/mbedtls/blob/development/docs/3.0-migration-guide.md#deprecated-functions-were-removed-from-hashing-modules>`__.
Deprecated Config Options
^^^^^^^^^^^^^^^^^^^^^^^^^
Following are some of the important config options deprecated by this update. The configs related to and/or dependent on these have also been deprecated.
- ``MBEDTLS_SSL_PROTO_SSL3`` : Support for SSL 3.0
- ``MBEDTLS_SSL_PROTO_TLS1`` : Support for TLS 1.0
- ``MBEDTLS_SSL_PROTO_TLS1_1``: Support for TLS 1.1
- ``MBEDTLS_SSL_PROTO_DTLS`` : Support for DTLS 1.1 (Only DTLS 1.2 is supported now)
- ``MBEDTLS_DES_C`` : Support for 3DES ciphersuites
- ``MBEDTLS_RC4_MODE`` : Support for RC4-based ciphersuites
.. note:: This list includes only major options configurable through ``idf.py menuconfig``. For more details on deprecated options, refer to the official migration guide.
Miscellaneous
-------------
Disabled Diffie-Hellman Key Exchange modes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Diffie-Hellman Key Exchange modes have now been disabled by default due to security risks (see warning text `here <https://github.com/espressif/mbedtls/blob/HEAD/include/mbedtls/dhm.h>`__). Related configs are given below:
- ``MBEDTLS_DHM_C`` : Support for the Diffie-Hellman-Merkle module
- ``MBEDTLS_KEY_EXCHANGE_DHE_PSK`` : Support for Diffie-Hellman PSK (pre-shared-key) TLS authentication modes
- ``MBEDTLS_KEY_EXCHANGE_DHE_RSA`` : Support for cipher suites with the prefix ``TLS-DHE-RSA-WITH-``
.. note:: During the initial step of the handshake (i.e. ``client_hello``), the server selects a cipher from the list that the client publishes. As the DHE_PSK/DHE_RSA ciphers have now been disabled by the above change, the server would fall back to an alternative cipher; if in a rare case, it does not support any other cipher, the handshake would fail. To retrieve the list of ciphers supported by the server, one must attempt to connect with the server with a specific cipher from the client-side. Few utilities can help do this, e.g. ``sslscan``.

1
docs/zh_CN/migration-guides/index.rst
View File

@@ -12,5 +12,6 @@ ESP-IDF 5.0 迁移指南
FreeRTOS <freertos>
以太网 <ethernet>
Storage <storage>
Protocols <protocols>
Removed or deprecated components <removed-components>
Tools <tools>

1
docs/zh_CN/migration-guides/protocols.rst Normal file
View File

@@ -0,0 +1 @@
.. include:: ../../en/migration-guides/protocols.rst

14
examples/bluetooth/blufi/main/blufi_security.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
@@ -103,7 +103,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
}
free(blufi_sec->dh_param);
blufi_sec->dh_param = NULL;
ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.P ), blufi_sec->self_public_key, blufi_sec->dhm.len, myrand, NULL);
ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ), blufi_sec->self_public_key, mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ), myrand, NULL);
if (ret) {
BLUFI_ERROR("%s make public failed %d\n", __func__, ret);
btc_blufi_report_error(ESP_BLUFI_MAKE_PUBLIC_ERROR);
@@ -116,13 +116,19 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
&blufi_sec->share_len,
NULL, NULL);
mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
ret = mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
if (ret) {
BLUFI_ERROR("%s mbedtls_md5 failed %d\n", __func__, ret);
btc_blufi_report_error(ESP_BLUFI_CALC_MD5_ERROR);
return;
}
mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, 128);
/* alloc output data */
*output_data = &blufi_sec->self_public_key[0];
*output_len = blufi_sec->dhm.len;
*output_len = mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) );
*need_free = false;
}

4
examples/bluetooth/esp_ble_mesh/aligenie_demo/main/aligenie_demo.c
View File

@@ -1,7 +1,7 @@
/*
* AliGenie - Example
*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
@@ -1282,7 +1282,7 @@ void config_triples(void)
ESP_LOGI(TAG, "authvalue_string: %s", authvalue_string);
uint8_t sha256_out[32] = {0};
mbedtls_sha256_ret((const unsigned char *)authvalue_string, strlen(authvalue_string), sha256_out, 0);
mbedtls_sha256((const unsigned char *)authvalue_string, strlen(authvalue_string), sha256_out, 0);
memcpy(static_val, sha256_out, 16);
provision.static_val = static_val;

2
examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib

Submodule examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib updated: 077758db50...985ea960f8

22
examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c
View File

@@ -1,25 +1,15 @@
/**
/*
* atecc608a_ecdsa example
*
* Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
* Additions Copyright (C) Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
* SPDX-FileCopyrightText: 2006-2016 ARM Limited, All Rights Reserved
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD
*/
/* This is mbedtls boilerplate for library configuration */
#include "mbedtls/config.h"
#include "mbedtls/mbedtls_config.h"
/* System Includes*/
#include <stdio.h>
@@ -146,7 +136,7 @@ static int atca_ecdsa_test(void)
#endif
ESP_LOGI(TAG, " Generating ECDSA Signature...");
ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, MBEDTLS_MPI_MAX_SIZE, &olen,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
ESP_LOGI(TAG, " failed ! mbedtls_pk_sign returned -0x%04x", -ret);

17
examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c
View File

@@ -5,21 +5,11 @@
*
* Adapted from the ssl_client1 example in mbedtls.
*
* Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
* Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD
*/
#include <string.h>
#include <stdlib.h>
@@ -46,7 +36,6 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#include "esp_crt_bundle.h"

4
examples/protocols/https_server/simple/example_test.py
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python
#
# SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Apache-2.0
import http.client
@@ -121,7 +121,7 @@ def test_examples_protocol_https_server_simple(env, extra_data): # type: (tiny_
CLIENT_CERT_FILE = 'client_cert.pem'
CLIENT_KEY_FILE = 'client_key.pem'
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = False
ssl_context.load_verify_locations(cadata=server_cert_pem)

20
examples/protocols/smtp_client/main/smtp_client_example_main.c
View File

@@ -1,25 +1,14 @@
/**
/*
* SMTP email client
*
* Adapted from the `ssl_mail_client` example in mbedtls.
*
* Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
* Additions Copyright (C) Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
* SPDX-FileCopyrightText: The Mbed TLS Contributors
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD
*/
#include <string.h>
#include <stdlib.h>
#include "freertos/FreeRTOS.h"
@@ -37,7 +26,6 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#include <mbedtls/base64.h>
#include <sys/param.h>

19
examples/storage/spiffsgen/main/spiffsgen_example_main.c
View File

@@ -1,12 +1,9 @@
/* SPIFFS Image Generation on Build Example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense or CC0-1.0
*/
#include <stdio.h>
#include <string.h>
#include <sys/unistd.h>
@@ -57,16 +54,16 @@ static void compute_alice_txt_md5(void)
unsigned char digest[MD5_MAX_LEN];
mbedtls_md5_init(&ctx);
mbedtls_md5_starts_ret(&ctx);
mbedtls_md5_starts(&ctx);
size_t read;
do {
read = fread((void*) buf, 1, sizeof(buf), f);
mbedtls_md5_update_ret(&ctx, (unsigned const char*) buf, read);
mbedtls_md5_update(&ctx, (unsigned const char*) buf, read);
} while(read == sizeof(buf));
mbedtls_md5_finish_ret(&ctx, digest);
mbedtls_md5_finish(&ctx, digest);
// Create a string of the digest
char digest_str[MD5_MAX_LEN * 2];

1
tools/ci/check_build_warnings.py
View File

@@ -25,6 +25,7 @@ IGNORE_WARNS = [
r'library/error\.o',
r'/.*error\S*\.o',
r'.*error.*\.c\.obj',
r'.*error.*\.c',
r'.*error.*\.cpp\.obj',
r'.*error.*\.cxx\.obj',
r'.*error.*\.cc\.obj',

7
tools/ci/check_copyright_config.yaml
View File

@@ -75,6 +75,13 @@ lwip_component:
- BSD-3-Clause
license_for_new_files: Apache-2.0
asio_component:
include:
- 'components/asio/port/**'
allowed_licenses:
- Apache-2.0
- BSL-1.0
freertos_component:
include:
- 'components/freertos/**'

46
tools/ci/check_copyright_ignore.txt
View File

@@ -773,7 +773,6 @@ components/espcoredump/include_core_dump/esp_core_dump_types.h
components/espcoredump/include_core_dump/port/riscv/esp_core_dump_port_impl.h
components/espcoredump/include_core_dump/port/xtensa/esp_core_dump_port_impl.h
components/espcoredump/src/core_dump_binary.c
components/espcoredump/src/core_dump_checksum.c
components/espcoredump/src/core_dump_flash.c
components/espcoredump/src/core_dump_uart.c
components/espcoredump/src/port/riscv/core_dump_port.c
@@ -1084,8 +1083,6 @@ components/lwip/test_afl_host/test_dhcp_client.c
components/lwip/test_afl_host/test_dhcp_server.c
components/lwip/test_afl_host/test_dns.c
components/lwip/weekend_test/net_suite_test.py
components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
components/mbedtls/esp_crt_bundle/gen_crt_bundle.py
components/mbedtls/esp_crt_bundle/include/esp_crt_bundle.h
components/mbedtls/esp_crt_bundle/test_gen_crt_bundle/test_gen_crt_bundle.py
components/mbedtls/port/aes/block/esp_aes.c
@@ -1093,21 +1090,8 @@ components/mbedtls/port/aes/dma/esp_aes.c
components/mbedtls/port/aes/dma/esp_aes_crypto_dma_impl.c
components/mbedtls/port/aes/dma/esp_aes_gdma_impl.c
components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h
components/mbedtls/port/aes/esp_aes_common.c
components/mbedtls/port/aes/esp_aes_gcm.c
components/mbedtls/port/aes/esp_aes_xts.c
components/mbedtls/port/esp32/bignum.c
components/mbedtls/port/esp32c2/bignum.c
components/mbedtls/port/esp32c3/bignum.c
components/mbedtls/port/esp32h2/bignum.c
components/mbedtls/port/esp32s2/bignum.c
components/mbedtls/port/esp32s3/bignum.c
components/mbedtls/port/esp_bignum.c
components/mbedtls/port/esp_hardware.c
components/mbedtls/port/esp_mem.c
components/mbedtls/port/esp_timing.c
components/mbedtls/port/include/aes/esp_aes.h
components/mbedtls/port/include/aes/esp_aes_gcm.h
components/mbedtls/port/include/aes/esp_aes_internal.h
components/mbedtls/port/include/aes_alt.h
components/mbedtls/port/include/bignum_impl.h
@@ -1116,44 +1100,20 @@ components/mbedtls/port/include/esp32/sha.h
components/mbedtls/port/include/esp32s2/aes.h
components/mbedtls/port/include/esp32s2/gcm.h
components/mbedtls/port/include/esp32s2/sha.h
components/mbedtls/port/include/esp_crypto_shared_gdma.h
components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h
components/mbedtls/port/include/esp_mem.h
components/mbedtls/port/include/gcm_alt.h
components/mbedtls/port/include/mbedtls/esp_config.h
components/mbedtls/port/include/mbedtls/esp_debug.h
components/mbedtls/port/include/md/esp_md.h
components/mbedtls/port/include/md5_alt.h
components/mbedtls/port/include/rsa_sign_alt.h
components/mbedtls/port/include/sha/sha_dma.h
components/mbedtls/port/include/sha/sha_parallel_engine.h
components/mbedtls/port/include/sha1_alt.h
components/mbedtls/port/include/sha256_alt.h
components/mbedtls/port/include/sha512_alt.h
components/mbedtls/port/mbedtls_debug.c
components/mbedtls/port/net_sockets.c
components/mbedtls/port/sha/dma/esp_sha1.c
components/mbedtls/port/sha/dma/esp_sha256.c
components/mbedtls/port/sha/dma/esp_sha512.c
components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c
components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c
components/mbedtls/port/sha/dma/include/esp_sha_dma_priv.h
components/mbedtls/port/sha/dma/sha.c
components/mbedtls/port/sha/parallel_engine/esp_sha1.c
components/mbedtls/port/sha/parallel_engine/esp_sha256.c
components/mbedtls/port/sha/parallel_engine/esp_sha512.c
components/mbedtls/port/sha/parallel_engine/sha.c
components/mbedtls/test/test_aes.c
components/mbedtls/test/test_aes_gcm.c
components/mbedtls/test/test_aes_perf.c
components/mbedtls/test/test_aes_sha_parallel.c
components/mbedtls/test/test_apb_dport_access.c
components/mbedtls/test/test_apb_dport_access.h
components/mbedtls/test/test_ecp.c
components/mbedtls/test/test_esp_crt_bundle.c
components/mbedtls/test/test_mbedtls.c
components/mbedtls/test/test_mbedtls_mpi.c
components/mbedtls/test/test_rsa.c
components/mdns/host_test/components/esp_event_mock/esp_event_mock.c
components/mdns/host_test/components/esp_event_mock/include/esp_event.h
components/mdns/host_test/components/esp_event_mock/include/esp_event_base.h
@@ -1295,7 +1255,6 @@ components/protocomm/python/session_pb2.py
components/protocomm/src/common/protocomm.c
components/protocomm/src/common/protocomm_priv.h
components/protocomm/src/security/security0.c
components/protocomm/test/test_protocomm.c
components/pthread/pthread_cond_var.c
components/pthread/pthread_internal.h
components/pthread/pthread_local_storage.c
@@ -2048,7 +2007,6 @@ components/wpa_supplicant/src/wps/wps_enrollee.c
components/wpa_supplicant/src/wps/wps_i.h
components/wpa_supplicant/src/wps/wps_registrar.c
components/wpa_supplicant/src/wps/wps_validate.c
components/wpa_supplicant/test/test_crypto.c
components/wpa_supplicant/test/test_dpp.c
components/xtensa/eri.c
components/xtensa/esp32/include/xtensa/config/core-isa.h
@@ -2286,7 +2244,6 @@ examples/peripherals/rmt/musical_buzzer/main/musical_buzzer_example_main.c
examples/peripherals/sdio/host/main/app_main.c
examples/peripherals/sdio/sdio_test.py
examples/peripherals/sdio/slave/main/app_main.c
examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c
examples/peripherals/sigmadelta/main/sigmadelta_example_main.c
examples/peripherals/spi_master/hd_eeprom/components/eeprom/spi_eeprom.c
examples/peripherals/spi_master/hd_eeprom/components/eeprom/spi_eeprom.h
@@ -2373,9 +2330,7 @@ examples/protocols/http_server/restful_server/main/rest_server.c
examples/protocols/http_server/simple/http_server_simple_test.py
examples/protocols/http_server/simple/main/main.c
examples/protocols/http_server/ws_echo_server/main/ws_echo_server.c
examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c
examples/protocols/https_request/example_test.py
examples/protocols/https_request/main/https_request_example_main.c
examples/protocols/https_server/simple/main/main.c
examples/protocols/https_server/wss_server/main/keep_alive.c
examples/protocols/https_server/wss_server/main/keep_alive.h
@@ -2399,7 +2354,6 @@ examples/protocols/mqtt/wss/main/app_main.c
examples/protocols/mqtt/wss/mqtt_wss_example_test.py
examples/protocols/slip/slip_udp/components/slip_modem/include/slip_modem.h
examples/protocols/slip/slip_udp/main/slip_client_main.c
examples/protocols/smtp_client/main/smtp_client_example_main.c
examples/protocols/sntp/example_test.py
examples/protocols/sntp/main/sntp_example_main.c
examples/protocols/sockets/non_blocking/example_test.py

5
tools/ci/check_public_headers_exceptions.txt
View File

@@ -45,9 +45,10 @@ components/wpa_supplicant/include/
components/wpa_supplicant/port/
components/wpa_supplicant/esp_supplicant/include/
components/mbedtls/mbedtls/
components/mbedtls/port/include/
components/mbedtls/mbedtls/include/mbedtls/
components/mbedtls/mbedtls/include/psa/
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
components/mbedtls/test/
components/esp-tls/private_include/

3
tools/unit-test-app/components/test_utils/memory_checks.c
View File

@@ -8,6 +8,9 @@
#include "esp_heap_caps.h"
#include "unity.h"
#include "memory_checks.h"
#ifdef CONFIG_HEAP_TRACING
#include "esp_heap_trace.h"
#endif
static size_t before_free_8bit;
static size_t before_free_32bit;