espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2026-05-05 04:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls: Remove "unsafe" warning, enable AES by default & make SHA/MPI optional

Browse Source
This commit is contained in:
Angus Gratton
2017-08-17 14:19:03 +10:00
committed by Angus Gratton
parent afb6119504
commit 0ea4cd67dd
3 changed files with 45 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/mbedtls/Kconfig
+11 -17
View File
@@ -31,26 +31,18 @@ config MBEDTLS_DEBUG
at runtime in order to enable mbedTLS debug output via the ESP
log mechanism.
config MBEDTLS_UNSAFE_ACCELERATION
bool "Allow buggy hardware acceleration features"
depends on !FREERTOS_UNICORE
default n
help
A bug currently prevents dual cores & crypto hardware acceleration from being used together.
Enable this option to allow hardware acceleration anyhow (note that invalid results or crashes may occur.)
config MBEDTLS_HARDWARE_AES
bool "Enable hardware AES acceleration"
depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
default y
help
Enable hardware accelerated AES encryption & decryption.
Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
offer any speed boost over software AES.
config MBEDTLS_HARDWARE_MPI
bool "Enable hardware MPI (bignum) acceleration"
depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
default y
default n
help
Enable hardware accelerated multiple precision integer operations.
@@ -62,7 +54,7 @@ config MBEDTLS_HARDWARE_MPI
config MBEDTLS_MPI_USE_INTERRUPT
bool "Use interrupt for MPI operations"
depends on MBEDTLS_HARDWARE_MPI
default y
default n
help
Use an interrupt to coordinate MPI operations.
@@ -71,16 +63,18 @@ config MBEDTLS_MPI_USE_INTERRUPT
config MBEDTLS_HARDWARE_SHA
bool "Enable hardware SHA acceleration"
depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
default y
default n
help
Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
Due to a hardware limitation, hardware acceleration is only
guaranteed if SHA digests are calculated one at a time. If more
than one SHA digest is calculated at the same time, only will
than one SHA digest is calculated at the same time, one will
be calculated fully in hardware and the rest will be calculated
(at least partially calculated) in software.
(at least partially calculated) in software. This happens automatically.
SHA hardware acceleration is faster than software in some situations but
slower in others. You should benchmark to find the best setting for you.
config MBEDTLS_HAVE_TIME
bool "Enable mbedtls time"
components/mbedtls/test/test_mbedtls_sha.c
+10 -12
View File
@@ -119,13 +119,15 @@ static void tskRunSHA256Test(void *pvParameters)
vTaskDelete(NULL);
}
TEST_CASE("mbedtls SHA multithreading", "[mbedtls][ignore]")
#define SHA_TASK_STACK_SIZE (10*1024)
TEST_CASE("mbedtls SHA multithreading", "[mbedtls]")
{
done_sem = xSemaphoreCreateCounting(4, 0);
xTaskCreate(tskRunSHA1Test, "SHA1Task1", 8192, NULL, 3, NULL);
xTaskCreate(tskRunSHA1Test, "SHA1Task2", 8192, NULL, 3, NULL);
xTaskCreate(tskRunSHA256Test, "SHA256Task1", 8192, NULL, 3, NULL);
xTaskCreate(tskRunSHA256Test, "SHA256Task2", 8192, NULL, 3, NULL);
xTaskCreate(tskRunSHA1Test, "SHA1Task1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
xTaskCreate(tskRunSHA1Test, "SHA1Task2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
xTaskCreate(tskRunSHA256Test, "SHA256Task1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
xTaskCreate(tskRunSHA256Test, "SHA256Task2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
for(int i = 0; i < 4; i++) {
if(!xSemaphoreTake(done_sem, 10000/portTICK_PERIOD_MS)) {
@@ -165,14 +167,10 @@ void tskRunSHASelftests(void *param)
TEST_CASE("mbedtls SHA self-tests multithreaded", "[mbedtls]")
{
done_sem = xSemaphoreCreateCounting(2, 0);
xTaskCreate(tskRunSHASelftests, "SHASelftests1", 8192, NULL, 3, NULL);
xTaskCreate(tskRunSHASelftests, "SHASelftests2", 8192, NULL, 3, NULL);
xTaskCreate(tskRunSHASelftests, "SHASelftests1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
xTaskCreate(tskRunSHASelftests, "SHASelftests2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
#ifdef CONFIG_MBEDTLS_HARDWARE_SHA
const int TIMEOUT_MS = 12000;
#else
const int TIMEOUT_MS = 20000; // Soft-only SHA may need a little longer
#endif
const int TIMEOUT_MS = 20000;
for(int i = 0; i < 2; i++) {
if(!xSemaphoreTake(done_sem, TIMEOUT_MS/portTICK_PERIOD_MS)) {