espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-03 20:54:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/aes_dma_completion_v4.3' into 'release/v4.3'

Browse Source 
mbedtls: Fix AES dma completion race condition (v4.3)

See merge request espressif/esp-idf!12903
This commit is contained in:
Jiang Jiang Jian
2021-04-01 02:15:30 +00:00
parent e5437afa7f 9c4c377f2d
commit 7e75d7f748
2 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
components/mbedtls/port/aes/dma/esp_aes.c
View File

@@ -291,7 +291,8 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
{ {
lldesc_t stream_in_desc, stream_out_desc; lldesc_t stream_in_desc, stream_out_desc;
lldesc_t *in_desc_head = NULL, *out_desc_head = NULL; lldesc_t *in_desc_head = NULL, *out_desc_head = NULL;
lldesc_t *block_desc = NULL, *block_in_desc, *block_out_desc; lldesc_t *out_desc_tail = NULL; /* pointer to the final output descriptor */
lldesc_t *block_desc = NULL, *block_in_desc = NULL, *block_out_desc = NULL;
size_t lldesc_num; size_t lldesc_num;
uint8_t stream_in[16] = {}; uint8_t stream_in[16] = {};
unsigned stream_bytes = len % AES_BLOCK_BYTES; // bytes which aren't in a full block unsigned stream_bytes = len % AES_BLOCK_BYTES; // bytes which aren't in a full block
@@ -357,8 +358,10 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
block_in_desc = block_desc; block_in_desc = block_desc;
block_out_desc = block_desc + lldesc_num; block_out_desc = block_desc + lldesc_num;
lldesc_setup_link(block_desc, input, block_bytes, 0); lldesc_setup_link(block_in_desc, input, block_bytes, 0);
lldesc_setup_link(block_desc + lldesc_num, output, block_bytes, 0); lldesc_setup_link(block_out_desc, output, block_bytes, 0);
out_desc_tail = &block_out_desc[lldesc_num - 1];
} }
/* Any leftover bytes which are appended as an additional DMA list */ /* Any leftover bytes which are appended as an additional DMA list */
@@ -373,6 +376,8 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
block_in_desc[lldesc_num - 1].empty = (uint32_t)&stream_in_desc; block_in_desc[lldesc_num - 1].empty = (uint32_t)&stream_in_desc;
block_out_desc[lldesc_num - 1].empty = (uint32_t)&stream_out_desc; block_out_desc[lldesc_num - 1].empty = (uint32_t)&stream_out_desc;
} }
out_desc_tail = &stream_out_desc;
} }
// block buffers are sent to DMA first, unless there aren't any // block buffers are sent to DMA first, unless there aren't any
@@ -401,7 +406,7 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
} }
aes_hal_transform_dma_start(blocks); aes_hal_transform_dma_start(blocks);
esp_aes_dma_wait_complete(use_intr, out_desc_head); esp_aes_dma_wait_complete(use_intr, out_desc_tail);
#if (CONFIG_SPIRAM_USE_CAPS_ALLOC || CONFIG_SPIRAM_USE_MALLOC) #if (CONFIG_SPIRAM_USE_CAPS_ALLOC || CONFIG_SPIRAM_USE_MALLOC)
if (block_bytes > 0) { if (block_bytes > 0) {

10
components/mbedtls/test/test_aes.c
View File

@@ -8,6 +8,7 @@
#include "mbedtls/gcm.h" #include "mbedtls/gcm.h"
#include "unity.h" #include "unity.h"
#include "sdkconfig.h" #include "sdkconfig.h"
#include "esp_log.h"
#include "esp_timer.h" #include "esp_timer.h"
#include "esp_heap_caps.h" #include "esp_heap_caps.h"
#include "test_utils.h" #include "test_utils.h"
@@ -356,7 +357,7 @@ TEST_CASE("mbedtls CTR stream test", "[aes]")
no matter how many bytes we encrypt each call no matter how many bytes we encrypt each call
*/ */
for (int bytes_to_process = 1; bytes_to_process < SZ; bytes_to_process++) { for (int bytes_to_process = 1; bytes_to_process < SZ; bytes_to_process++) {
ESP_LOGD("test", "bytes_to_process %d", bytes_to_process);
memset(nonce, 0xEE, 16); memset(nonce, 0xEE, 16);
memset(chipertext, 0x0, SZ); memset(chipertext, 0x0, SZ);
memset(decryptedtext, 0x0, SZ); memset(decryptedtext, 0x0, SZ);
@@ -370,10 +371,14 @@ TEST_CASE("mbedtls CTR stream test", "[aes]")
mbedtls_aes_crypt_ctr(&ctx, length, &offset, nonce, mbedtls_aes_crypt_ctr(&ctx, length, &offset, nonce,
stream_block, plaintext + idx, chipertext + idx ); stream_block, plaintext + idx, chipertext + idx );
} }
ESP_LOG_BUFFER_HEXDUMP("expected", expected_cipher, SZ, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("actual ", chipertext, SZ, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher, chipertext, SZ); TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher, chipertext, SZ);
// Decrypt // Decrypt
memset(nonce, 0xEE, 16); memset(nonce, 0xEE, 16);
memset(decryptedtext, 0x22, SZ);
offset = 0; offset = 0;
for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) { for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
// Limit length of last call to avoid exceeding buffer size // Limit length of last call to avoid exceeding buffer size
@@ -381,6 +386,7 @@ TEST_CASE("mbedtls CTR stream test", "[aes]")
mbedtls_aes_crypt_ctr(&ctx, length, &offset, nonce, mbedtls_aes_crypt_ctr(&ctx, length, &offset, nonce,
stream_block, chipertext + idx, decryptedtext + idx ); stream_block, chipertext + idx, decryptedtext + idx );
} }
ESP_LOG_BUFFER_HEXDUMP("decrypted", decryptedtext, SZ, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ); TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
} }
@@ -451,6 +457,7 @@ TEST_CASE("mbedtls OFB stream test", "[aes]")
*/ */
for (int bytes_to_process = 1; bytes_to_process < SZ; bytes_to_process++) { for (int bytes_to_process = 1; bytes_to_process < SZ; bytes_to_process++) {
ESP_LOGD("test", "bytes_to_process %d", bytes_to_process);
// Encrypt // Encrypt
memset(iv, 0xEE, 16); memset(iv, 0xEE, 16);
size_t offset = 0; size_t offset = 0;
@@ -464,6 +471,7 @@ TEST_CASE("mbedtls OFB stream test", "[aes]")
// Decrypt // Decrypt
memset(iv, 0xEE, 16); memset(iv, 0xEE, 16);
memset(decryptedtext, 0x22, SZ);
offset = 0; offset = 0;
for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) { for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
// Limit length of last call to avoid exceeding buffer size // Limit length of last call to avoid exceeding buffer size