From 30be5f6eb5926e89a1b72988a1e3a6a1c1d3b517 Mon Sep 17 00:00:00 2001 From: liuhan Date: Fri, 5 Aug 2016 17:40:32 +0800 Subject: [PATCH 01/28] [t6001]: chip Use hardware acceleration of Encryption --- components/mbedtls/include/port/aes_alt.h | 260 +++ components/mbedtls/include/port/bignum_alt.h | 707 ++++++ components/mbedtls/include/port/sha1_alt.h | 93 + components/mbedtls/include/port/sha256_alt.h | 95 + components/mbedtls/include/port/sha512_alt.h | 92 + components/mbedtls/port/aes_alt.c | 306 +++ components/mbedtls/port/bignum_alt.c | 2100 ++++++++++++++++++ components/mbedtls/port/sha1_alt.c | 102 + components/mbedtls/port/sha256_alt.c | 107 + components/mbedtls/port/sha512_alt.c | 103 + 10 files changed, 3965 insertions(+) create mode 100644 components/mbedtls/include/port/aes_alt.h create mode 100644 components/mbedtls/include/port/bignum_alt.h create mode 100644 components/mbedtls/include/port/sha1_alt.h create mode 100644 components/mbedtls/include/port/sha256_alt.h create mode 100644 components/mbedtls/include/port/sha512_alt.h create mode 100644 components/mbedtls/port/aes_alt.c create mode 100644 components/mbedtls/port/bignum_alt.c create mode 100644 components/mbedtls/port/sha1_alt.c create mode 100644 components/mbedtls/port/sha256_alt.c create mode 100644 components/mbedtls/port/sha512_alt.c diff --git a/components/mbedtls/include/port/aes_alt.h b/components/mbedtls/include/port/aes_alt.h new file mode 100644 index 0000000000..d56c76ce47 --- /dev/null +++ b/components/mbedtls/include/port/aes_alt.h @@ -0,0 +1,260 @@ +/** + * \file aes_alt.h + * + * \brief AES block cipher + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + */ + +#ifndef AES_ALT_H +#define AES_ALT_H + +#include "c_types.h" +#include "rom/ets_sys.h" +#include "rom/aes.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define ESP_AES_C + +/* padlock.c and aesni.c rely on these values! */ +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 + +#define ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ +#define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ + +/** + * \brief AES context structure + * + * \note buf is able to hold 32 extra bytes, which can be used: + * - for alignment purposes if VIA padlock is used, and/or + * - to simplify key expansion in the 256-bit case by + * generating an extra round key + */ +typedef struct +{ + int nr; /*!< number of rounds */ + uint32_t *rk; /*!< AES round keys */ + uint32_t buf[68]; /*!< unaligned data */ +}aes_context; + +typedef aes_context AES_CTX; + +/** + * \brief Initialize AES context + * + * \param ctx AES context to be initialized + */ +void aes_init( AES_CTX *ctx ); + +/** + * \brief Clear AES context + * + * \param ctx AES context to be cleared + */ +void aes_free( AES_CTX *ctx ); + +/** + * \brief AES key schedule (encryption) + * + * \param ctx AES context to be initialized + * \param key encryption key + * \param keybits must be 128, 192 or 256 + * + * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH + */ +int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,unsigned int keybits ); + +/** + * \brief AES key schedule (decryption) + * + * \param ctx AES context to be initialized + * \param key decryption key + * \param keybits must be 128, 192 or 256 + * + * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH + */ +int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,unsigned int keybits ); + +/** + * \brief AES-ECB block encryption/decryption + * + * \param ctx AES context + * \param mode AES_ENCRYPT or AES_DECRYPT + * \param input 16-byte input block + * \param output 16-byte output block + * + * \return 0 if successful + */ +int aes_crypt_ecb( AES_CTX *ctx,int mode,const unsigned char input[16],unsigned char output[16] ); + +/** + * \brief AES-CBC buffer encryption/decryption + * Length should be a multiple of the block + * size (16 bytes) + * + * \note Upon exit, the content of the IV is updated so that you can + * call the function same function again on the following + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If on the other hand you need to retain the contents of the + * IV, you should either save it manually or use the cipher + * module instead. + * + * \param ctx AES context + * \param mode AES_ENCRYPT or AES_DECRYPT + * \param length length of the input data + * \param iv initialization vector (updated after use) + * \param input buffer holding the input data + * \param output buffer holding the output data + * + * \return 0 if successful, or ERR_AES_INVALID_INPUT_LENGTH + */ +int aes_crypt_cbc( AES_CTX *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); + + +/** + * \brief AES-CFB128 buffer encryption/decryption. + * + * Note: Due to the nature of CFB you should use the same key schedule for + * both encryption and decryption. So a context initialized with + * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. + * + * \note Upon exit, the content of the IV is updated so that you can + * call the function same function again on the following + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If on the other hand you need to retain the contents of the + * IV, you should either save it manually or use the cipher + * module instead. + * + * \param ctx AES context + * \param mode AES_ENCRYPT or AES_DECRYPT + * \param length length of the input data + * \param iv_off offset in IV (updated after use) + * \param iv initialization vector (updated after use) + * \param input buffer holding the input data + * \param output buffer holding the output data + * + * \return 0 if successful + */ +int aes_crypt_cfb128( AES_CTX *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); + +/** + * \brief AES-CFB8 buffer encryption/decryption. + * + * Note: Due to the nature of CFB you should use the same key schedule for + * both encryption and decryption. So a context initialized with + * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. + * + * \note Upon exit, the content of the IV is updated so that you can + * call the function same function again on the following + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If on the other hand you need to retain the contents of the + * IV, you should either save it manually or use the cipher + * module instead. + * + * \param ctx AES context + * \param mode AES_ENCRYPT or AES_DECRYPT + * \param length length of the input data + * \param iv initialization vector (updated after use) + * \param input buffer holding the input data + * \param output buffer holding the output data + * + * \return 0 if successful + */ +int aes_crypt_cfb8( AES_CTX *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); + +/** + * \brief AES-CTR buffer encryption/decryption + * + * Warning: You have to keep the maximum use of your counter in mind! + * + * Note: Due to the nature of CTR you should use the same key schedule for + * both encryption and decryption. So a context initialized with + * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. + * + * \param ctx AES context + * \param length The length of the data + * \param nc_off The offset in the current stream_block (for resuming + * within current cipher stream). The offset pointer to + * should be 0 at the start of a stream. + * \param nonce_counter The 128-bit nonce and counter. + * \param stream_block The saved stream-block for resuming. Is overwritten + * by the function. + * \param input The input data stream + * \param output The output data stream + * + * \return 0 if successful + */ +int aes_crypt_ctr( AES_CTX *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ); + + +/** + * \brief Internal AES block encryption function + * (Only exposed to allow overriding it, + * see AES_ENCRYPT_ALT) + * + * \param ctx AES context + * \param input Plaintext block + * \param output Output (ciphertext) block + */ +void aes_encrypt( AES_CTX *ctx, const unsigned char input[16],unsigned char output[16] ); + +/** + * \brief Internal AES block decryption function + * (Only exposed to allow overriding it, + * see AES_DECRYPT_ALT) + * + * \param ctx AES context + * \param input Ciphertext block + * \param output Output (plaintext) block + */ +void aes_decrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ); + +#ifdef __cplusplus +} +#endif + +#endif /* aes.h */ diff --git a/components/mbedtls/include/port/bignum_alt.h b/components/mbedtls/include/port/bignum_alt.h new file mode 100644 index 0000000000..64d492a989 --- /dev/null +++ b/components/mbedtls/include/port/bignum_alt.h @@ -0,0 +1,707 @@ +/** + * \file bignum_alt.h + * + * \brief Multi-precision integer library + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef BIGNUM_ALT_H +#define BIGNUM_ALT_H + +#include "c_types.h" +#include "rom/ets_sys.h" +#include "rom/bigint.h" + +#define ESP_BIGNUM_ALT +#define MPI_DEBUG_ALT +#if defined(ESP_BIGNUM_ALT) + +#define ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */ +#define ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */ +#define ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */ +#define ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write to. */ +#define ERR_MPI_NEGATIVE_VALUE -0x000A /**< The input arguments are negative or result in illegal output. */ +#define ERR_MPI_DIVISION_BY_ZERO -0x000C /**< The input argument for division is zero, which is not allowed. */ +#define ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */ +#define ERR_MPI_ALLOC_FAILED -0x0010 /**< Memory allocation failed. */ + +#define MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 ) +#if defined(MPI_DEBUG_ALT) +#define mpi_printf ets_printf +#else +#define mpi_printf +#endif +/* + * Maximum size MPIs are allowed to grow to in number of limbs. + */ +#define MPI_MAX_LIMBS 10000 + +#if !defined(MPI_WINDOW_SIZE) +/* + * Maximum window size used for modular exponentiation. Default: 6 + * Minimum value: 1. Maximum value: 6. + * + * Result is an array of ( 2 << MPI_WINDOW_SIZE ) MPIs used + * for the sliding window calculation. (So 64 by default) + * + * Reduction in size, reduces speed. + */ +#define MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ +#endif /* !MPI_WINDOW_SIZE */ + +#if !defined(MPI_MAX_SIZE) +/* + * Maximum size of MPIs allowed in bits and bytes for user-MPIs. + * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits ) + * + * Note: Calculations can results temporarily in larger MPIs. So the number + * of limbs required (MPI_MAX_LIMBS) is higher. + */ +#define MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ +#endif /* !MPI_MAX_SIZE */ + +#define MPI_MAX_BITS ( 8 * MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */ + +/* + * When reading from files with mpi_read_file() and writing to files with + * mpi_write_file() the buffer should have space + * for a (short) label, the MPI (in the provided radix), the newline + * characters and the '\0'. + * + * By default we assume at least a 10 char label, a minimum radix of 10 + * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars). + * Autosized at compile time for at least a 10 char label, a minimum radix + * of 10 (decimal) for a number of MPI_MAX_BITS size. + * + * This used to be statically sized to 1250 for a maximum of 4096 bit + * numbers (1234 decimal chars). + * + * Calculate using the formula: + * MPI_RW_BUFFER_SIZE = ceil(MPI_MAX_BITS / ln(10) * ln(2)) + + * LabelSize + 6 + */ +#define MPI_MAX_BITS_SCALE100 ( 100 * MPI_MAX_BITS ) +#define LN_2_DIV_LN_10_SCALE100 332 +#define MPI_RW_BUFFER_SIZE ( ((MPI_MAX_BITS_SCALE100 + LN_2_DIV_LN_10_SCALE100 - 1) / LN_2_DIV_LN_10_SCALE100) + 10 + 6 ) + +/* + * Define the base integer type, architecture-wise. + * + * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) + * by defining HAVE_INT32 and undefining HAVE_ASM + */ +#if ( ! defined(HAVE_INT32) && \ + defined(_MSC_VER) && defined(_M_AMD64) ) + #define HAVE_INT64 + typedef int64_t mpi_sint; + typedef uint64_t mpi_uint; +#else + #if ( ! defined(HAVE_INT32) && \ + defined(__GNUC__) && ( \ + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + (defined(__sparc__) && defined(__arch64__)) || \ + defined(__s390x__) || defined(__mips64) ) ) + #define HAVE_INT64 + typedef int64_t mpi_sint; + typedef uint64_t mpi_uint; + /* t_udbl defined as 128-bit unsigned int */ + typedef unsigned int t_udbl __attribute__((mode(TI))); + #define HAVE_UDBL + #else + #define HAVE_INT32 + typedef int32_t mpi_sint; + typedef uint32_t mpi_uint; + typedef uint64_t t_udbl; + #define HAVE_UDBL + #endif /* !HAVE_INT32 && __GNUC__ && 64-bit platform */ +#endif /* !HAVE_INT32 && _MSC_VER && _M_AMD64 */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief MPI structure + */ +typedef struct +{ + int s; /*!< integer sign */ + size_t n; /*!< total # of limbs */ + mpi_uint *p; /*!< pointer to limbs */ +} +mpi; + +/** + * \brief Initialize one MPI (make internal references valid) + * This just makes it ready to be set or freed, + * but does not define a value for the MPI. + * + * \param X One MPI to initialize. + */ +void mpi_init( mpi *X ); + +/** + * \brief Unallocate one MPI + * + * \param X One MPI to unallocate. + */ +void mpi_free( mpi *X ); + +/** + * \brief Enlarge to the specified number of limbs + * + * \param X MPI to grow + * \param nblimbs The target number of limbs + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_grow( mpi *X, size_t nblimbs ); + +/** + * \brief Resize down, keeping at least the specified number of limbs + * + * \param X MPI to shrink + * \param nblimbs The minimum number of limbs to keep + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_shrink( mpi *X, size_t nblimbs ); + +/** + * \brief Copy the contents of Y into X + * + * \param X Destination MPI + * \param Y Source MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_copy( mpi *X, const mpi *Y ); + +/** + * \brief Swap the contents of X and Y + * + * \param X First MPI value + * \param Y Second MPI value + */ +void mpi_swap( mpi *X, mpi *Y ); + +/** + * \brief Safe conditional assignement X = Y if assign is 1 + * + * \param X MPI to conditionally assign to + * \param Y Value to be assigned + * \param assign 1: perform the assignment, 0: keep X's original value + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * + * \note This function is equivalent to + * if( assign ) mpi_copy( X, Y ); + * except that it avoids leaking any information about whether + * the assignment was done or not (the above code may leak + * information through branch prediction and/or memory access + * patterns analysis). + */ +int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ); + +/** + * \brief Safe conditional swap X <-> Y if swap is 1 + * + * \param X First mpi value + * \param Y Second mpi value + * \param assign 1: perform the swap, 0: keep X and Y's original values + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * + * \note This function is equivalent to + * if( assign ) mpi_swap( X, Y ); + * except that it avoids leaking any information about whether + * the assignment was done or not (the above code may leak + * information through branch prediction and/or memory access + * patterns analysis). + */ +int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char assign ); + +/** + * \brief Set value from integer + * + * \param X MPI to set + * \param z Value to use + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_lset( mpi *X, mpi_sint z ); + +/** + * \brief Get a specific bit from X + * + * \param X MPI to use + * \param pos Zero-based index of the bit in X + * + * \return Either a 0 or a 1 + */ +int mpi_get_bit( const mpi *X, size_t pos ); + +/** + * \brief Set a bit of X to a specific value of 0 or 1 + * + * \note Will grow X if necessary to set a bit to 1 in a not yet + * existing limb. Will not grow if bit should be set to 0 + * + * \param X MPI to use + * \param pos Zero-based index of the bit in X + * \param val The value to set the bit to (0 or 1) + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1 + */ +int mpi_set_bit( mpi *X, size_t pos, unsigned char val ); + +/** + * \brief Return the number of zero-bits before the least significant + * '1' bit + * + * Note: Thus also the zero-based index of the least significant '1' bit + * + * \param X MPI to use + */ +size_t mpi_lsb( const mpi *X ); + +/** + * \brief Return the number of bits up to and including the most + * significant '1' bit' + * + * Note: Thus also the one-based index of the most significant '1' bit + * + * \param X MPI to use + */ +size_t mpi_bitlen( const mpi *X ); + +/** + * \brief Return the total size in bytes + * + * \param X MPI to use + */ +size_t mpi_size( const mpi *X ); + +/** + * \brief Import from an ASCII string + * + * \param X Destination MPI + * \param radix Input numeric base + * \param s Null-terminated string buffer + * + * \return 0 if successful, or a ERR_MPI_XXX error code + */ +int mpi_read_string( mpi *X, int radix, const char *s ); + +/** + * \brief Export into an ASCII string + * + * \param X Source MPI + * \param radix Output numeric base + * \param buf Buffer to write the string to + * \param buflen Length of buf + * \param olen Length of the string written, including final NUL byte + * + * \return 0 if successful, or a ERR_MPI_XXX error code. + * *olen is always updated to reflect the amount + * of data that has (or would have) been written. + * + * \note Call this function with buflen = 0 to obtain the + * minimum required buffer size in *olen. + */ +int mpi_write_string( const mpi *X, int radix, + char *buf, size_t buflen, size_t *olen ); + +#if defined(FS_IO) +/** + * \brief Read X from an opened file + * + * \param X Destination MPI + * \param radix Input numeric base + * \param fin Input file handle + * + * \return 0 if successful, ERR_MPI_BUFFER_TOO_SMALL if + * the file read buffer is too small or a + * ERR_MPI_XXX error code + */ +int mpi_read_file( mpi *X, int radix, FILE *fin ); + +/** + * \brief Write X into an opened file, or stdout if fout is NULL + * + * \param p Prefix, can be NULL + * \param X Source MPI + * \param radix Output numeric base + * \param fout Output file handle (can be NULL) + * + * \return 0 if successful, or a ERR_MPI_XXX error code + * + * \note Set fout == NULL to print X on the console. + */ +int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout ); +#endif /* FS_IO */ + +/** + * \brief Import X from unsigned binary data, big endian + * + * \param X Destination MPI + * \param buf Input buffer + * \param buflen Input buffer size + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ); + +/** + * \brief Export X into unsigned binary data, big endian. + * Always fills the whole buffer, which will start with zeros + * if the number is smaller. + * + * \param X Source MPI + * \param buf Output buffer + * \param buflen Output buffer size + * + * \return 0 if successful, + * ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough + */ +int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ); + +/** + * \brief Left-shift: X <<= count + * + * \param X MPI to shift + * \param count Amount to shift + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_shift_l( mpi *X, size_t count ); + +/** + * \brief Right-shift: X >>= count + * + * \param X MPI to shift + * \param count Amount to shift + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_shift_r( mpi *X, size_t count ); + +/** + * \brief Compare unsigned values + * + * \param X Left-hand MPI + * \param Y Right-hand MPI + * + * \return 1 if |X| is greater than |Y|, + * -1 if |X| is lesser than |Y| or + * 0 if |X| is equal to |Y| + */ +int mpi_cmp_abs( const mpi *X, const mpi *Y ); + +/** + * \brief Compare signed values + * + * \param X Left-hand MPI + * \param Y Right-hand MPI + * + * \return 1 if X is greater than Y, + * -1 if X is lesser than Y or + * 0 if X is equal to Y + */ +int mpi_cmp_mpi( const mpi *X, const mpi *Y ); + +/** + * \brief Compare signed values + * + * \param X Left-hand MPI + * \param z The integer value to compare to + * + * \return 1 if X is greater than z, + * -1 if X is lesser than z or + * 0 if X is equal to z + */ +int mpi_cmp_int( const mpi *X, mpi_sint z ); + +/** + * \brief Unsigned addition: X = |A| + |B| + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ); + +/** + * \brief Unsigned subtraction: X = |A| - |B| + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_NEGATIVE_VALUE if B is greater than A + */ +int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ); + +/** + * \brief Signed addition: X = A + B + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ); + +/** + * \brief Signed subtraction: X = A - B + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ); + +/** + * \brief Signed addition: X = A + b + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The integer value to add + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_add_int( mpi *X, const mpi *A, mpi_sint b ); + +/** + * \brief Signed subtraction: X = A - b + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The integer value to subtract + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_sub_int( mpi *X, const mpi *A, mpi_sint b ); + +/** + * \brief Baseline multiplication: X = A * B + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ); + +/** + * \brief Baseline multiplication: X = A * b + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The unsigned integer value to multiply with + * + * \note b is unsigned + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_mul_int( mpi *X, const mpi *A, mpi_uint b ); + +/** + * \brief Division by mpi: A = Q * B + R + * + * \param Q Destination MPI for the quotient + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param B Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_DIVISION_BY_ZERO if B == 0 + * + * \note Either Q or R can be NULL. + */ +int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ); + +/** + * \brief Division by int: A = Q * b + R + * + * \param Q Destination MPI for the quotient + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param b Integer to divide by + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_DIVISION_BY_ZERO if b == 0 + * + * \note Either Q or R can be NULL. + */ +int mpi_div_int( mpi *Q, mpi *R, const mpi *A, mpi_sint b ); + +/** + * \brief Modulo: R = A mod B + * + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param B Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_DIVISION_BY_ZERO if B == 0, + * ERR_MPI_NEGATIVE_VALUE if B < 0 + */ +int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ); + +/** + * \brief Modulo: r = A mod b + * + * \param r Destination mpi_uint + * \param A Left-hand MPI + * \param b Integer to divide by + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_DIVISION_BY_ZERO if b == 0, + * ERR_MPI_NEGATIVE_VALUE if b < 0 + */ +int mpi_mod_int( mpi_uint *r, const mpi *A, mpi_sint b ); + +/** + * \brief Sliding-window exponentiation: X = A^E mod N + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param E Exponent MPI + * \param N Modular MPI + * \param _RR Speed-up MPI used for recalculations + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_BAD_INPUT_DATA if N is negative or even or + * if E is negative + * + * \note _RR is used to avoid re-computing R*R mod N across + * multiple calls, which speeds up things a bit. It can + * be set to NULL if the extra performance is unneeded. + */ +int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ); + +/** + * \brief Fill an MPI X with size bytes of random + * + * \param X Destination MPI + * \param size Size in bytes + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_fill_random( mpi *X, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief Greatest common divisor: G = gcd(A, B) + * + * \param G Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed + */ +int mpi_gcd( mpi *G, const mpi *A, const mpi *B ); + +/** + * \brief Modular inverse: X = A^-1 mod N + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param N Right-hand MPI + * + * \return 0 if successful, + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_BAD_INPUT_DATA if N is negative or nil + ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N + */ +int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ); + +/** + * \brief Miller-Rabin primality test + * + * \param X MPI to check + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful (probably prime), + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_NOT_ACCEPTABLE if X is not prime + */ +int mpi_is_prime( const mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief Prime number generation + * + * \param X Destination MPI + * \param nbits Required size of X in bits + * ( 3 <= nbits <= MPI_MAX_BITS ) + * \param dh_flag If 1, then (X-1)/2 will be prime too + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful (probably prime), + * ERR_MPI_ALLOC_FAILED if memory allocation failed, + * ERR_MPI_BAD_INPUT_DATA if nbits is < 3 + */ +int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); +#endif + +#endif + diff --git a/components/mbedtls/include/port/sha1_alt.h b/components/mbedtls/include/port/sha1_alt.h new file mode 100644 index 0000000000..9187986277 --- /dev/null +++ b/components/mbedtls/include/port/sha1_alt.h @@ -0,0 +1,93 @@ +/* + * copyright (c) 2010 - 2012 Espressif System + * + * esf Link List Descriptor + */ +#ifndef _SHA1_H_ +#define _SHA1_H_ + +#include "c_types.h" +#include "rom/ets_sys.h" +#include "rom/sha.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define ESP_SHA1_C + +#define SHA1 0 + +/** + * \brief SHA-1 context structure + */ +typedef struct{ + SHA_CTX context; + int context_type; +} sha1_context; + +typedef sha1_context SHA1_CTX; + +/** + * \brief Initialize SHA-1 context + * + * \param ctx SHA-1 context to be initialized + */ +void sha1_init( SHA1_CTX *ctx ); + +/** + * \brief Clear SHA-1 context + * + * \param ctx SHA-1 context to be cleared + */ +void sha1_free( SHA1_CTX *ctx ); + +/** + * \brief Clone (the state of) a SHA-1 context + * + * \param dst The destination context + * \param src The context to be cloned + */ +void sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ); + +void sha1_process(SHA1_CTX *ctx, const unsigned char data[64]); + +/** + * \brief SHA-1 context setup + * + * \param ctx context to be initialized + */ +void sha1_starts( SHA1_CTX *ctx ); + +/** + * \brief SHA-1 process buffer + * + * \param ctx SHA-1 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief SHA-1 final digest + * + * \param ctx SHA-1 context + * \param output SHA-1 checksum result + */ +void sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ); + +/** + * \brief Output = SHA-1( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-1 checksum result + */ +void sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/components/mbedtls/include/port/sha256_alt.h b/components/mbedtls/include/port/sha256_alt.h new file mode 100644 index 0000000000..bc661d3932 --- /dev/null +++ b/components/mbedtls/include/port/sha256_alt.h @@ -0,0 +1,95 @@ +/* + * copyright (c) 2010 - 2012 Espressif System + * + * esf Link List Descriptor + */ + +#ifndef _SHA256_H_ +#define _SHA256_H_ + +#include "c_types.h" +#include "rom/ets_sys.h" +#include "rom/sha.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define ESP_SHA256_C + +#define SHA256 SHA2_256 +#define SHA224 4 + +/** + * \brief SHA-256 context structure + */ +typedef struct{ + SHA_CTX context; + int context_type; +}sha256_context; + +typedef sha256_context SHA256_CTX; + +/** + * \brief Initialize SHA-256 context + * + * \param ctx SHA-256 context to be initialized + */ +void sha256_init( SHA256_CTX *ctx ); + +/** + * \brief Clear SHA-256 context + * + * \param ctx SHA-256 context to be cleared + */ +void sha256_free( SHA256_CTX *ctx ); +void sha256_process(SHA256_CTX *ctx, const unsigned char data[64]); + +/** + * \brief Clone (the state of) a SHA-256 context + * + * \param dst The destination context + * \param src The context to be cloned + */ +void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ); + +/** + * \brief SHA-256 context setup + * + * \param ctx context to be initialized + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void sha256_starts( SHA256_CTX *ctx, int is224 ); + +/** + * \brief SHA-256 process buffer + * + * \param ctx SHA-256 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief SHA-256 final digest + * + * \param ctx SHA-256 context + * \param output SHA-224/256 checksum result + */ +void sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ); + +/** + * \brief Output = SHA-256( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-224/256 checksum result + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void sha256_output( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ); + +#ifdef __cplusplus +} +#endif + +#endif /* sha256.h */ diff --git a/components/mbedtls/include/port/sha512_alt.h b/components/mbedtls/include/port/sha512_alt.h new file mode 100644 index 0000000000..a3e1c50c64 --- /dev/null +++ b/components/mbedtls/include/port/sha512_alt.h @@ -0,0 +1,92 @@ +/* + * copyright (c) 2010 - 2012 Espressif System + * + * esf Link List Descriptor + */ + +#ifndef _SHA512_H_ +#define _SHA512_H_ + +#include "c_types.h" +#include "rom/ets_sys.h" +#include "rom/sha.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define ESP_SHA512_C + +/** + * \brief SHA-512 context structure + */ +typedef struct{ + SHA_CTX context; + int context_type; +}sha512_context; + +typedef sha512_context SHA512_CTX; + +/** + * \brief Initialize SHA-512 context + * + * \param ctx SHA-512 context to be initialized + */ +void sha512_init( SHA512_CTX *ctx ); + +/** + * \brief Clear SHA-512 context + * + * \param ctx SHA-512 context to be cleared + */ +void sha512_free( SHA512_CTX *ctx ); + +/** + * \brief Clone (the state of) a SHA-512 context + * + * \param dst The destination context + * \param src The context to be cloned + */ +void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ); + +/** + * \brief SHA-512 context setup + * + * \param ctx context to be initialized + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +void sha512_starts( SHA512_CTX *ctx, int is384 ); + +/** + * \brief SHA-512 process buffer + * + * \param ctx SHA-512 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief SHA-512 final digest + * + * \param ctx SHA-512 context + * \param output SHA-384/512 checksum result + */ +void sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ); + +/** + * \brief Output = SHA-512( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-384/512 checksum result + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +void sha512_output( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ); + + +#ifdef __cplusplus +} +#endif + +#endif /* sha512.h */ diff --git a/components/mbedtls/port/aes_alt.c b/components/mbedtls/port/aes_alt.c new file mode 100644 index 0000000000..26699d82fb --- /dev/null +++ b/components/mbedtls/port/aes_alt.c @@ -0,0 +1,306 @@ + +/* + * FIPS-197 compliant AES implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +/* + * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. + * + * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf + * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf + */ + +#include "port/aes_alt.h" + +#if defined(ESP_AES_C) + +#include + +/* Implementation that should never be optimized out by the compiler */ +static void aes_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +void aes_init( AES_CTX *ctx ) +{ + memset( ctx, 0, sizeof( AES_CTX ) ); + ets_aes_enable(); +} + +void aes_free( AES_CTX *ctx ) +{ + if( ctx == NULL ) + return; + + aes_zeroize( ctx, sizeof( AES_CTX ) ); + ets_aes_disable(); +} + +/* + * AES key schedule (encryption) + */ +int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, + unsigned int keybits ) +{ + enum AES_BITS keybit; + switch (keybits){ + case 128: + keybit = AES128; + break; + case 192: + keybit = AES192; + break; + case 256: + keybit = AES256; + break; + default : return( ERR_AES_INVALID_KEY_LENGTH ); + } + ets_aes_setkey_enc(key, keybit); + return 0; +} + +/* + * AES key schedule (decryption) + */ +int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, + unsigned int keybits ) +{ + enum AES_BITS keybit; + switch (keybits){ + case 128: + keybit = AES128; + break; + case 192: + keybit = AES192; + break; + case 256: + keybit = AES256; + break; + default : return( ERR_AES_INVALID_KEY_LENGTH ); + } + ets_aes_setkey_dec(key, keybit); + return 0; + +} + +/* + * AES-ECB block encryption + */ + +void aes_encrypt( AES_CTX *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + ets_aes_crypt(input, output); + return ; +} + + +/* + * AES-ECB block decryption + */ + +void aes_decrypt( AES_CTX *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + ets_aes_crypt(input, output); + return ; +} + + +/* + * AES-ECB block encryption/decryption + */ +int aes_crypt_ecb( AES_CTX *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16] ) +{ + if( mode == AES_ENCRYPT ) + aes_encrypt( ctx, input, output ); + else + aes_decrypt( ctx, input, output ); + return 0; +} + + +/* + * AES-CBC buffer encryption/decryption + */ +int aes_crypt_cbc( AES_CTX *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + int i; + unsigned char temp[16]; + + if( length % 16 ) + return( ERR_AES_INVALID_INPUT_LENGTH ); + + if( mode == AES_DECRYPT ) + { + while( length > 0 ) + { + memcpy( temp, input, 16 ); + aes_crypt_ecb( ctx, mode, input, output ); + + for( i = 0; i < 16; i++ ) + output[i] = (unsigned char)( output[i] ^ iv[i] ); + + memcpy( iv, temp, 16 ); + + input += 16; + output += 16; + length -= 16; + } + } + else + { + while( length > 0 ) + { + for( i = 0; i < 16; i++ ) + output[i] = (unsigned char)( input[i] ^ iv[i] ); + + aes_crypt_ecb( ctx, mode, output, output ); + memcpy( iv, output, 16 ); + + input += 16; + output += 16; + length -= 16; + } + } + return 0; +} + +/* + * AES-CFB128 buffer encryption/decryption + */ +int aes_crypt_cfb128( AES_CTX *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + int c; + size_t n = *iv_off; + + if( mode == AES_DECRYPT ) + { + while( length-- ) + { + if( n == 0 ) + aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + + c = *input++; + *output++ = (unsigned char)( c ^ iv[n] ); + iv[n] = (unsigned char) c; + + n = ( n + 1 ) & 0x0F; + } + } + else + { + while( length-- ) + { + if( n == 0 ) + aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + + iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + + n = ( n + 1 ) & 0x0F; + } + } + + *iv_off = n; + + return 0; +} + +/* + * AES-CFB8 buffer encryption/decryption + */ +int aes_crypt_cfb8( AES_CTX *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + unsigned char c; + unsigned char ov[17]; + + while( length-- ) + { + memcpy( ov, iv, 16 ); + aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + + if( mode == AES_DECRYPT ) + ov[16] = *input; + + c = *output++ = (unsigned char)( iv[0] ^ *input++ ); + + if( mode == AES_ENCRYPT ) + ov[16] = c; + + memcpy( iv, ov + 1, 16 ); + } + + return 0; +} + +/* + * AES-CTR buffer encryption/decryption + */ +int aes_crypt_ctr( AES_CTX *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ) +{ + int c, i; + size_t n = *nc_off; + + while( length-- ) + { + if( n == 0 ) { + aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); + + for( i = 16; i > 0; i-- ) + if( ++nonce_counter[i - 1] != 0 ) + break; + } + c = *input++; + *output++ = (unsigned char)( c ^ stream_block[n] ); + + n = ( n + 1 ) & 0x0F; + } + + *nc_off = n; + return 0; +} + +#endif /* AES_ALT_C */ + diff --git a/components/mbedtls/port/bignum_alt.c b/components/mbedtls/port/bignum_alt.c new file mode 100644 index 0000000000..88901671c8 --- /dev/null +++ b/components/mbedtls/port/bignum_alt.c @@ -0,0 +1,2100 @@ +/* + * Multi-precision integer library + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +/* + * The following sources were referenced in the design of this Multi-precision + * Integer library: + * + * [1] Handbook of Applied Cryptography - 1997 + * Menezes, van Oorschot and Vanstone + * + * [2] Multi-Precision Math + * Tom St Denis + * https://github.com/libtom/libtommath/blob/develop/tommath.pdf + * + * [3] GNU Multi-Precision Arithmetic Library + * https://gmplib.org/manual/index.html + * + */ +#include "port/bignum_alt.h" + +#if defined(ESP_BIGNUM_ALT) +#include +#include + +/* Implementation that should never be optimized out by the compiler */ +static void mpi_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +#define ciL (sizeof(mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + +#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ + +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) + +/* + * Initialize one MPI + */ +void mpi_init( mpi *X ) +{ + if( X == NULL ) + return; + + X->s = 1; + X->n = 0; + X->p = NULL; + ets_bigint_enable(); +} + +/* + * Unallocate one MPI + */ +void mpi_free( mpi *X ) +{ + if( X == NULL ) + return; + + if( X->p != NULL ) + { + mpi_zeroize( X->p, X->n * ciL ); + free( X->p ); + } + + X->s = 1; + X->n = 0; + X->p = NULL; + ets_bigint_disable(); +} + +/* + * Enlarge to the specified number of limbs + */ +int mpi_grow( mpi *X, size_t nblimbs ) +{ + mpi_uint *p; + + if( nblimbs > MPI_MAX_LIMBS ) + return( ERR_MPI_ALLOC_FAILED ); + + if( X->n < nblimbs ) + { + if( ( p = calloc( nblimbs, ciL ) ) == NULL ) + return( ERR_MPI_ALLOC_FAILED ); + + if( X->p != NULL ) + { + memcpy( p, X->p, X->n * ciL ); + mpi_zeroize( X->p, X->n * ciL ); + free( X->p ); + } + + X->n = nblimbs; + X->p = p; + } + + return( 0 ); +} + +/* + * Resize down as much as possible, + * while keeping at least the specified number of limbs + */ +int mpi_shrink( mpi *X, size_t nblimbs ) +{ + mpi_uint *p; + size_t i; + + /* Actually resize up in this case */ + if( X->n <= nblimbs ) + return( mpi_grow( X, nblimbs ) ); + + for( i = X->n - 1; i > 0; i-- ) + if( X->p[i] != 0 ) + break; + i++; + + if( i < nblimbs ) + i = nblimbs; + + if( ( p = calloc( i, ciL ) ) == NULL ) + return( ERR_MPI_ALLOC_FAILED ); + + if( X->p != NULL ) + { + memcpy( p, X->p, i * ciL ); + mpi_zeroize( X->p, X->n * ciL ); + free( X->p ); + } + + X->n = i; + X->p = p; + + return( 0 ); +} + +/* + * Copy the contents of Y into X + */ +int mpi_copy( mpi *X, const mpi *Y ) +{ + int ret; + size_t i; + + if( X == Y ) + return( 0 ); + + if( Y->p == NULL ) + { + mpi_free( X ); + return( 0 ); + } + + for( i = Y->n - 1; i > 0; i-- ) + if( Y->p[i] != 0 ) + break; + i++; + + X->s = Y->s; + + MPI_CHK( mpi_grow( X, i ) ); + + memset( X->p, 0, X->n * ciL ); + memcpy( X->p, Y->p, i * ciL ); + +cleanup: + + return( ret ); +} + +/* + * Swap the contents of X and Y + */ +void mpi_swap( mpi *X, mpi *Y ) +{ + mpi T; + + memcpy( &T, X, sizeof( mpi ) ); + memcpy( X, Y, sizeof( mpi ) ); + memcpy( Y, &T, sizeof( mpi ) ); +} + +/* + * Conditionally assign X = Y, without leaking information + * about whether the assignment was made or not. + * (Leaking information about the respective sizes of X and Y is ok however.) + */ +int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ) +{ + int ret = 0; + size_t i; + + /* make sure assign is 0 or 1 in a time-constant manner */ + assign = (assign | (unsigned char)-assign) >> 7; + + MPI_CHK( mpi_grow( X, Y->n ) ); + + X->s = X->s * ( 1 - assign ) + Y->s * assign; + + for( i = 0; i < Y->n; i++ ) + X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign; + + for( ; i < X->n; i++ ) + X->p[i] *= ( 1 - assign ); + +cleanup: + return( ret ); +} + +/* + * Conditionally swap X and Y, without leaking information + * about whether the swap was made or not. + * Here it is not ok to simply swap the pointers, which whould lead to + * different memory access patterns when X and Y are used afterwards. + */ +int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char swap ) +{ + int ret, s; + size_t i; + mpi_uint tmp; + + if( X == Y ) + return( 0 ); + + /* make sure swap is 0 or 1 in a time-constant manner */ + swap = (swap | (unsigned char)-swap) >> 7; + + MPI_CHK( mpi_grow( X, Y->n ) ); + MPI_CHK( mpi_grow( Y, X->n ) ); + + s = X->s; + X->s = X->s * ( 1 - swap ) + Y->s * swap; + Y->s = Y->s * ( 1 - swap ) + s * swap; + + + for( i = 0; i < X->n; i++ ) + { + tmp = X->p[i]; + X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap; + Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap; + } + +cleanup: + return( ret ); +} + +/* + * Set value from integer + */ +int mpi_lset( mpi *X, mpi_sint z ) +{ + int ret; + + MPI_CHK( mpi_grow( X, 1 ) ); + memset( X->p, 0, X->n * ciL ); + + X->p[0] = ( z < 0 ) ? -z : z; + X->s = ( z < 0 ) ? -1 : 1; + +cleanup: + + return( ret ); +} + +/* + * Get a specific bit + */ +int mpi_get_bit( const mpi *X, size_t pos ) +{ + if( X->n * biL <= pos ) + return( 0 ); + + return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 ); +} + +/* + * Set a bit to a specific value of 0 or 1 + */ +int mpi_set_bit( mpi *X, size_t pos, unsigned char val ) +{ + int ret = 0; + size_t off = pos / biL; + size_t idx = pos % biL; + + if( val != 0 && val != 1 ) + return( ERR_MPI_BAD_INPUT_DATA ); + + if( X->n * biL <= pos ) + { + if( val == 0 ) + return( 0 ); + + MPI_CHK( mpi_grow( X, off + 1 ) ); + } + + X->p[off] &= ~( (mpi_uint) 0x01 << idx ); + X->p[off] |= (mpi_uint) val << idx; + +cleanup: + + return( ret ); +} + +/* + * Return the number of less significant zero-bits + */ +size_t mpi_lsb( const mpi *X ) +{ + size_t i, j, count = 0; + + for( i = 0; i < X->n; i++ ) + for( j = 0; j < biL; j++, count++ ) + if( ( ( X->p[i] >> j ) & 1 ) != 0 ) + return( count ); + + return( 0 ); +} + +/* + * Count leading zero bits in a given integer + */ +static size_t clz( const mpi_uint x ) +{ + size_t j; + mpi_uint mask = (mpi_uint) 1 << (biL - 1); + + for( j = 0; j < biL; j++ ) + { + if( x & mask ) break; + + mask >>= 1; + } + + return j; +} + +/* + * Return the number of bits + */ +size_t mpi_bitlen( const mpi *X ) +{ + size_t i, j; + + if( X->n == 0 ) + return( 0 ); + + for( i = X->n - 1; i > 0; i-- ) + if( X->p[i] != 0 ) + break; + + j = biL - clz( X->p[i] ); + + return( ( i * biL ) + j ); +} + +/* + * Return the total size in bytes + */ +size_t mpi_size( const mpi *X ) +{ + return( ( mpi_bitlen( X ) + 7 ) >> 3 ); +} + +/* + * Convert an ASCII character to digit value + */ +static int mpi_get_digit( mpi_uint *d, int radix, char c ) +{ + *d = 255; + + if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30; + if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37; + if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57; + + if( *d >= (mpi_uint) radix ) + return( ERR_MPI_INVALID_CHARACTER ); + + return( 0 ); +} + +/* + * Import from an ASCII string + */ +int mpi_read_string( mpi *X, int radix, const char *s ) +{ + int ret; + size_t i, j, slen, n; + mpi_uint d; + mpi T; + + if( radix < 2 || radix > 16 ) + return( ERR_MPI_BAD_INPUT_DATA ); + + mpi_init( &T ); + + slen = strlen( s ); + + if( radix == 16 ) + { + if( slen > MPI_SIZE_T_MAX >> 2 ) + return( ERR_MPI_BAD_INPUT_DATA ); + + n = BITS_TO_LIMBS( slen << 2 ); + + MPI_CHK( mpi_grow( X, n ) ); + MPI_CHK( mpi_lset( X, 0 ) ); + + for( i = slen, j = 0; i > 0; i--, j++ ) + { + if( i == 1 && s[i - 1] == '-' ) + { + X->s = -1; + break; + } + + MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) ); + X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 ); + } + } + else + { + MPI_CHK( mpi_lset( X, 0 ) ); + + for( i = 0; i < slen; i++ ) + { + if( i == 0 && s[i] == '-' ) + { + X->s = -1; + continue; + } + + MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); + MPI_CHK( mpi_mul_int( &T, X, radix ) ); + + if( X->s == 1 ) + { + MPI_CHK( mpi_add_int( X, &T, d ) ); + } + else + { + MPI_CHK( mpi_sub_int( X, &T, d ) ); + } + } + } + +cleanup: + + mpi_free( &T ); + + return( ret ); +} + +/* + * Helper to write the digits high-order first + */ +static int mpi_write_hlp( mpi *X, int radix, char **p ) +{ + int ret; + mpi_uint r; + + if( radix < 2 || radix > 16 ) + return( ERR_MPI_BAD_INPUT_DATA ); + + MPI_CHK( mpi_mod_int( &r, X, radix ) ); + MPI_CHK( mpi_div_int( X, NULL, X, radix ) ); + + if( mpi_cmp_int( X, 0 ) != 0 ) + MPI_CHK( mpi_write_hlp( X, radix, p ) ); + + if( r < 10 ) + *(*p)++ = (char)( r + 0x30 ); + else + *(*p)++ = (char)( r + 0x37 ); + +cleanup: + + return( ret ); +} + +/* + * Export into an ASCII string + */ +int mpi_write_string( const mpi *X, int radix, + char *buf, size_t buflen, size_t *olen ) +{ + int ret = 0; + size_t n; + char *p; + mpi T; + + if( radix < 2 || radix > 16 ) + return( ERR_MPI_BAD_INPUT_DATA ); + + n = mpi_bitlen( X ); + if( radix >= 4 ) n >>= 1; + if( radix >= 16 ) n >>= 1; + n += 3; + + if( buflen < n ) + { + *olen = n; + return( ERR_MPI_BUFFER_TOO_SMALL ); + } + + p = buf; + mpi_init( &T ); + + if( X->s == -1 ) + *p++ = '-'; + + if( radix == 16 ) + { + int c; + size_t i, j, k; + + for( i = X->n, k = 0; i > 0; i-- ) + { + for( j = ciL; j > 0; j-- ) + { + c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF; + + if( c == 0 && k == 0 && ( i + j ) != 2 ) + continue; + + *(p++) = "0123456789ABCDEF" [c / 16]; + *(p++) = "0123456789ABCDEF" [c % 16]; + k = 1; + } + } + } + else + { + MPI_CHK( mpi_copy( &T, X ) ); + + if( T.s == -1 ) + T.s = 1; + + MPI_CHK( mpi_write_hlp( &T, radix, &p ) ); + } + + *p++ = '\0'; + *olen = p - buf; + +cleanup: + + mpi_free( &T ); + + return( ret ); +} + +/* + * Import X from unsigned binary data, big endian + */ +int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ) +{ + int ret; + size_t i, j, n; + + for( n = 0; n < buflen; n++ ) + if( buf[n] != 0 ) + break; + + MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) ); + MPI_CHK( mpi_lset( X, 0 ) ); + + for( i = buflen, j = 0; i > n; i--, j++ ) + X->p[j / ciL] |= ((mpi_uint) buf[i - 1]) << ((j % ciL) << 3); + +cleanup: + + return( ret ); +} + +/* + * Export X into unsigned binary data, big endian + */ +int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ) +{ + size_t i, j, n; + + n = mpi_size( X ); + + if( buflen < n ) + return( ERR_MPI_BUFFER_TOO_SMALL ); + + memset( buf, 0, buflen ); + + for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- ) + buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) ); + + return( 0 ); +} + +/* + * Left-shift: X <<= count + */ +int mpi_shift_l( mpi *X, size_t count ) +{ + int ret; + size_t i, v0, t1; + mpi_uint r0 = 0, r1; + + v0 = count / (biL ); + t1 = count & (biL - 1); + + i = mpi_bitlen( X ) + count; + + if( X->n * biL < i ) + MPI_CHK( mpi_grow( X, BITS_TO_LIMBS( i ) ) ); + + ret = 0; + + /* + * shift by count / limb_size + */ + if( v0 > 0 ) + { + for( i = X->n; i > v0; i-- ) + X->p[i - 1] = X->p[i - v0 - 1]; + + for( ; i > 0; i-- ) + X->p[i - 1] = 0; + } + + /* + * shift by count % limb_size + */ + if( t1 > 0 ) + { + for( i = v0; i < X->n; i++ ) + { + r1 = X->p[i] >> (biL - t1); + X->p[i] <<= t1; + X->p[i] |= r0; + r0 = r1; + } + } + +cleanup: + + return( ret ); +} + +/* + * Right-shift: X >>= count + */ +int mpi_shift_r( mpi *X, size_t count ) +{ + size_t i, v0, v1; + mpi_uint r0 = 0, r1; + + v0 = count / biL; + v1 = count & (biL - 1); + + if( v0 > X->n || ( v0 == X->n && v1 > 0 ) ) + return mpi_lset( X, 0 ); + + /* + * shift by count / limb_size + */ + if( v0 > 0 ) + { + for( i = 0; i < X->n - v0; i++ ) + X->p[i] = X->p[i + v0]; + + for( ; i < X->n; i++ ) + X->p[i] = 0; + } + + /* + * shift by count % limb_size + */ + if( v1 > 0 ) + { + for( i = X->n; i > 0; i-- ) + { + r1 = X->p[i - 1] << (biL - v1); + X->p[i - 1] >>= v1; + X->p[i - 1] |= r0; + r0 = r1; + } + } + + return( 0 ); +} + +/* + * Compare unsigned values + */ +int mpi_cmp_abs( const mpi *X, const mpi *Y ) +{ + size_t i, j; + + for( i = X->n; i > 0; i-- ) + if( X->p[i - 1] != 0 ) + break; + + for( j = Y->n; j > 0; j-- ) + if( Y->p[j - 1] != 0 ) + break; + + if( i == 0 && j == 0 ) + return( 0 ); + + if( i > j ) return( 1 ); + if( j > i ) return( -1 ); + + for( ; i > 0; i-- ) + { + if( X->p[i - 1] > Y->p[i - 1] ) return( 1 ); + if( X->p[i - 1] < Y->p[i - 1] ) return( -1 ); + } + + return( 0 ); +} + +/* + * Compare signed values + */ +int mpi_cmp_mpi( const mpi *X, const mpi *Y ) +{ + size_t i, j; + + for( i = X->n; i > 0; i-- ) + if( X->p[i - 1] != 0 ) + break; + + for( j = Y->n; j > 0; j-- ) + if( Y->p[j - 1] != 0 ) + break; + + if( i == 0 && j == 0 ) + return( 0 ); + + if( i > j ) return( X->s ); + if( j > i ) return( -Y->s ); + + if( X->s > 0 && Y->s < 0 ) return( 1 ); + if( Y->s > 0 && X->s < 0 ) return( -1 ); + + for( ; i > 0; i-- ) + { + if( X->p[i - 1] > Y->p[i - 1] ) return( X->s ); + if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s ); + } + + return( 0 ); +} + +/* + * Compare signed values + */ +int mpi_cmp_int( const mpi *X, mpi_sint z ) +{ + mpi Y; + mpi_uint p[1]; + + *p = ( z < 0 ) ? -z : z; + Y.s = ( z < 0 ) ? -1 : 1; + Y.n = 1; + Y.p = p; + + return( mpi_cmp_mpi( X, &Y ) ); +} + +/* + * Unsigned addition: X = |A| + |B| (HAC 14.7) + */ +int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) +{ + int ret; + size_t i, j; + mpi_uint *o, *p, c; + + if( X == B ) + { + const mpi *T = A; A = X; B = T; + } + + if( X != A ) + MPI_CHK( mpi_copy( X, A ) ); + + /* + * X should always be positive as a result of unsigned additions. + */ + X->s = 1; + + for( j = B->n; j > 0; j-- ) + if( B->p[j - 1] != 0 ) + break; + + MPI_CHK( mpi_grow( X, j ) ); + + o = B->p; p = X->p; c = 0; + + for( i = 0; i < j; i++, o++, p++ ) + { + *p += c; c = ( *p < c ); + *p += *o; c += ( *p < *o ); + } + + while( c != 0 ) + { + if( i >= X->n ) + { + MPI_CHK( mpi_grow( X, i + 1 ) ); + p = X->p + i; + } + + *p += c; c = ( *p < c ); i++; p++; + } + +cleanup: + + return( ret ); +} + +/* + * Helper for mpi subtraction + */ +static void mpi_sub_hlp( size_t n, mpi_uint *s, mpi_uint *d ) +{ + size_t i; + mpi_uint c, z; + + for( i = c = 0; i < n; i++, s++, d++ ) + { + z = ( *d < c ); *d -= c; + c = ( *d < *s ) + z; *d -= *s; + } + + while( c != 0 ) + { + z = ( *d < c ); *d -= c; + c = z; i++; d++; + } +} + +/* + * Unsigned subtraction: X = |A| - |B| (HAC 14.9) + */ +int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ) +{ + mpi TB; + int ret; + size_t n; + + if( mpi_cmp_abs( A, B ) < 0 ) + return( ERR_MPI_NEGATIVE_VALUE ); + + mpi_init( &TB ); + + if( X == B ) + { + MPI_CHK( mpi_copy( &TB, B ) ); + B = &TB; + } + + if( X != A ) + MPI_CHK( mpi_copy( X, A ) ); + + /* + * X should always be positive as a result of unsigned subtractions. + */ + X->s = 1; + + ret = 0; + + for( n = B->n; n > 0; n-- ) + if( B->p[n - 1] != 0 ) + break; + + mpi_sub_hlp( n, B->p, X->p ); + +cleanup: + + mpi_free( &TB ); + + return( ret ); +} + +/* + * Signed addition: X = A + B + */ +int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ) +{ + int ret, s = A->s; + + if( A->s * B->s < 0 ) + { + if( mpi_cmp_abs( A, B ) >= 0 ) + { + MPI_CHK( mpi_sub_abs( X, A, B ) ); + X->s = s; + } + else + { + MPI_CHK( mpi_sub_abs( X, B, A ) ); + X->s = -s; + } + } + else + { + MPI_CHK( mpi_add_abs( X, A, B ) ); + X->s = s; + } + +cleanup: + + return( ret ); +} + +/* + * Signed subtraction: X = A - B + */ +int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ) +{ + int ret, s = A->s; + + if( A->s * B->s > 0 ) + { + if( mpi_cmp_abs( A, B ) >= 0 ) + { + MPI_CHK( mpi_sub_abs( X, A, B ) ); + X->s = s; + } + else + { + MPI_CHK( mpi_sub_abs( X, B, A ) ); + X->s = -s; + } + } + else + { + MPI_CHK( mpi_add_abs( X, A, B ) ); + X->s = s; + } + +cleanup: + + return( ret ); +} + +/* + * Signed addition: X = A + b + */ +int mpi_add_int( mpi *X, const mpi *A, mpi_sint b ) +{ + mpi _B; + mpi_uint p[1]; + + p[0] = ( b < 0 ) ? -b : b; + _B.s = ( b < 0 ) ? -1 : 1; + _B.n = 1; + _B.p = p; + + return( mpi_add_mpi( X, A, &_B ) ); +} + +/* + * Signed subtraction: X = A - b + */ +int mpi_sub_int( mpi *X, const mpi *A, mpi_sint b ) +{ + mpi _B; + mpi_uint p[1]; + + p[0] = ( b < 0 ) ? -b : b; + _B.s = ( b < 0 ) ? -1 : 1; + _B.n = 1; + _B.p = p; + + return( mpi_sub_mpi( X, A, &_B ) ); +} + +/* + * Helper for mpi multiplication + */ +static void mpi_mul_hlp( size_t i, mpi_uint *s, mpi_uint *d, mpi_uint b ) +{ + +} + +/* + * Baseline multiplication: X = A * B (HAC 14.12) + */ +int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) +{ + int ret; + size_t i, j; + size_t n = 0; + + mpi TA, TB; + + mpi_init( &TA ); mpi_init( &TB ); + + if( X == A ) { MPI_CHK( mpi_copy( &TA, A ) ); A = &TA; } + if( X == B ) { MPI_CHK( mpi_copy( &TB, B ) ); B = &TB; } + + for( i = A->n; i > 0; i-- ) + if( A->p[i - 1] != 0 ) + break; + + for( j = B->n; j > 0; j-- ) + if( B->p[j - 1] != 0 ) + break; + + MPI_CHK( mpi_grow( X, i + j ) ); + MPI_CHK( mpi_lset( X, 0 ) ); + + n = j; +// for( i++; j > 0; j-- ) + mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); + + if (ets_bigint_mult_prepare(A->p, B->p, n)){ + ets_bigint_wait_finish(); + ets_bigint_mult_getz(X->p, n); + } else{ + mpi_printf("Baseline multiplication failed\n"); + } + + X->s = A->s * B->s; + +cleanup: + + mpi_free( &TB ); mpi_free( &TA ); + + return( ret ); +} + +/* + * Baseline multiplication: X = A * b + */ +int mpi_mul_int( mpi *X, const mpi *A, mpi_uint b ) +{ + mpi _B; + mpi_uint p[1]; + + _B.s = 1; + _B.n = 1; + _B.p = p; + p[0] = b; + + return( mpi_mul_mpi( X, A, &_B ) ); +} + +/* + * Unsigned integer divide - double mpi_uint dividend, u1/u0, and + * mpi_uint divisor, d + */ +static mpi_uint int_div_int( mpi_uint u1, + mpi_uint u0, mpi_uint d, mpi_uint *r ) +{ +#if defined(HAVE_UDBL) + t_udbl dividend, quotient; +#else + const mpi_uint radix = (mpi_uint) 1 << biH; + const mpi_uint uint_halfword_mask = ( (mpi_uint) 1 << biH ) - 1; + mpi_uint d0, d1, q0, q1, rAX, r0, quotient; + mpi_uint u0_msw, u0_lsw; + size_t s; +#endif + + /* + * Check for overflow + */ + if( 0 == d || u1 >= d ) + { + if (r != NULL) *r = ~0; + + return ( ~0 ); + } + +#if defined(HAVE_UDBL) + dividend = (t_udbl) u1 << biL; + dividend |= (t_udbl) u0; + quotient = dividend / d; + if( quotient > ( (t_udbl) 1 << biL ) - 1 ) + quotient = ( (t_udbl) 1 << biL ) - 1; + + if( r != NULL ) + *r = (mpi_uint)( dividend - (quotient * d ) ); + + return (mpi_uint) quotient; +#else + + /* + * Algorithm D, Section 4.3.1 - The Art of Computer Programming + * Vol. 2 - Seminumerical Algorithms, Knuth + */ + + /* + * Normalize the divisor, d, and dividend, u0, u1 + */ + s = clz( d ); + d = d << s; + + u1 = u1 << s; + u1 |= ( u0 >> ( biL - s ) ) & ( -(mpi_sint)s >> ( biL - 1 ) ); + u0 = u0 << s; + + d1 = d >> biH; + d0 = d & uint_halfword_mask; + + u0_msw = u0 >> biH; + u0_lsw = u0 & uint_halfword_mask; + + /* + * Find the first quotient and remainder + */ + q1 = u1 / d1; + r0 = u1 - d1 * q1; + + while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) ) + { + q1 -= 1; + r0 += d1; + + if ( r0 >= radix ) break; + } + + rAX = ( u1 * radix ) + ( u0_msw - q1 * d ); + q0 = rAX / d1; + r0 = rAX - q0 * d1; + + while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) ) + { + q0 -= 1; + r0 += d1; + + if ( r0 >= radix ) break; + } + + if (r != NULL) + *r = ( rAX * radix + u0_lsw - q0 * d ) >> s; + + quotient = q1 * radix + q0; + + return quotient; +#endif +} + +/* + * Division by mpi: A = Q * B + R (HAC 14.20) + */ +int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) +{ + int ret; + size_t i, n, t, k; + mpi X, Y, Z, T1, T2; + + if( mpi_cmp_int( B, 0 ) == 0 ) + return( ERR_MPI_DIVISION_BY_ZERO ); + + mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z ); + mpi_init( &T1 ); mpi_init( &T2 ); + + if( mpi_cmp_abs( A, B ) < 0 ) + { + if( Q != NULL ) MPI_CHK( mpi_lset( Q, 0 ) ); + if( R != NULL ) MPI_CHK( mpi_copy( R, A ) ); + return( 0 ); + } + + MPI_CHK( mpi_copy( &X, A ) ); + MPI_CHK( mpi_copy( &Y, B ) ); + X.s = Y.s = 1; + + MPI_CHK( mpi_grow( &Z, A->n + 2 ) ); + MPI_CHK( mpi_lset( &Z, 0 ) ); + MPI_CHK( mpi_grow( &T1, 2 ) ); + MPI_CHK( mpi_grow( &T2, 3 ) ); + + k = mpi_bitlen( &Y ) % biL; + if( k < biL - 1 ) + { + k = biL - 1 - k; + MPI_CHK( mpi_shift_l( &X, k ) ); + MPI_CHK( mpi_shift_l( &Y, k ) ); + } + else k = 0; + + n = X.n - 1; + t = Y.n - 1; + MPI_CHK( mpi_shift_l( &Y, biL * ( n - t ) ) ); + + while( mpi_cmp_mpi( &X, &Y ) >= 0 ) + { + Z.p[n - t]++; + MPI_CHK( mpi_sub_mpi( &X, &X, &Y ) ); + } + MPI_CHK( mpi_shift_r( &Y, biL * ( n - t ) ) ); + + for( i = n; i > t ; i-- ) + { + if( X.p[i] >= Y.p[t] ) + Z.p[i - t - 1] = ~0; + else + { + Z.p[i - t - 1] = int_div_int( X.p[i], X.p[i - 1], + Y.p[t], NULL); + } + + Z.p[i - t - 1]++; + do + { + Z.p[i - t - 1]--; + + MPI_CHK( mpi_lset( &T1, 0 ) ); + T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1]; + T1.p[1] = Y.p[t]; + MPI_CHK( mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) ); + + MPI_CHK( mpi_lset( &T2, 0 ) ); + T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2]; + T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1]; + T2.p[2] = X.p[i]; + } + while( mpi_cmp_mpi( &T1, &T2 ) > 0 ); + + MPI_CHK( mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) ); + MPI_CHK( mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); + MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); + + if( mpi_cmp_int( &X, 0 ) < 0 ) + { + MPI_CHK( mpi_copy( &T1, &Y ) ); + MPI_CHK( mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); + MPI_CHK( mpi_add_mpi( &X, &X, &T1 ) ); + Z.p[i - t - 1]--; + } + } + + if( Q != NULL ) + { + MPI_CHK( mpi_copy( Q, &Z ) ); + Q->s = A->s * B->s; + } + + if( R != NULL ) + { + MPI_CHK( mpi_shift_r( &X, k ) ); + X.s = A->s; + MPI_CHK( mpi_copy( R, &X ) ); + + if( mpi_cmp_int( R, 0 ) == 0 ) + R->s = 1; + } + +cleanup: + + mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z ); + mpi_free( &T1 ); mpi_free( &T2 ); + + return( ret ); +} + +/* + * Division by int: A = Q * b + R + */ +int mpi_div_int( mpi *Q, mpi *R, const mpi *A, mpi_sint b ) +{ + mpi _B; + mpi_uint p[1]; + + p[0] = ( b < 0 ) ? -b : b; + _B.s = ( b < 0 ) ? -1 : 1; + _B.n = 1; + _B.p = p; + + return( mpi_div_mpi( Q, R, A, &_B ) ); +} + +/* + * Modulo: R = A mod B + */ +int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ) +{ + int ret; + + if( mpi_cmp_int( B, 0 ) < 0 ) + return( ERR_MPI_NEGATIVE_VALUE ); + + MPI_CHK( mpi_div_mpi( NULL, R, A, B ) ); + + while( mpi_cmp_int( R, 0 ) < 0 ) + MPI_CHK( mpi_add_mpi( R, R, B ) ); + + while( mpi_cmp_mpi( R, B ) >= 0 ) + MPI_CHK( mpi_sub_mpi( R, R, B ) ); + +cleanup: + + return( ret ); +} + +/* + * Modulo: r = A mod b + */ +int mpi_mod_int( mpi_uint *r, const mpi *A, mpi_sint b ) +{ + size_t i; + mpi_uint x, y, z; + + if( b == 0 ) + return( ERR_MPI_DIVISION_BY_ZERO ); + + if( b < 0 ) + return( ERR_MPI_NEGATIVE_VALUE ); + + /* + * handle trivial cases + */ + if( b == 1 ) + { + *r = 0; + return( 0 ); + } + + if( b == 2 ) + { + *r = A->p[0] & 1; + return( 0 ); + } + + /* + * general case + */ + for( i = A->n, y = 0; i > 0; i-- ) + { + x = A->p[i - 1]; + y = ( y << biH ) | ( x >> biH ); + z = y / b; + y -= z * b; + + x <<= biH; + y = ( y << biH ) | ( x >> biH ); + z = y / b; + y -= z * b; + } + + /* + * If A is negative, then the current y represents a negative value. + * Flipping it to the positive side. + */ + if( A->s < 0 && y != 0 ) + y = b - y; + + *r = y; + + return( 0 ); +} + +/* + * Fast Montgomery initialization (thanks to Tom St Denis) + */ +static void mpi_montg_init( mpi_uint *mm, const mpi *N ) +{ + mpi_uint x, m0 = N->p[0]; + unsigned int i; + + x = m0; + x += ( ( m0 + 2 ) & 4 ) << 1; + + for( i = biL; i >= 8; i /= 2 ) + x *= ( 2 - ( m0 * x ) ); + + *mm = ~x + 1; +} + +/* + * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) + */ +static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm, + const mpi *T ) +{ + size_t n, m; + mpi_uint *d = NULL; + + memset( T->p, 0, T->n * ciL ); + + d = T->p; + n = N->n; + m = ( B->n < n ) ? B->n : n; + + if (ets_bigint_montgomery_mult_prepare(N->p, B->p, d, m, n, false)) { + ets_bigint_wait_finish(); + + ets_bigint_montgomery_mult_getz(A->p, n); + } else{ + mpi_printf("Montgomery multiplication failed\n"); + } + +} + +/* + * Montgomery reduction: A = A * R^-1 mod N + */ +static void mpi_montred( mpi *A, const mpi *N, mpi_uint mm, const mpi *T ) +{ + mpi_uint z = 1; + mpi U; + + U.n = U.s = (int) z; + U.p = &z; + + mpi_montmul( A, &U, N, mm, T ); +} + +/* + * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) + */ +int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) +{ + int ret; + size_t wbits, wsize, one = 1; + size_t i, j, nblimbs; + size_t bufsize, nbits; + mpi_uint ei, mm, state; + mpi RR, T, W[ 2 << MPI_WINDOW_SIZE ], Apos; + int neg; + + if( mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) + return( ERR_MPI_BAD_INPUT_DATA ); + + if( mpi_cmp_int( E, 0 ) < 0 ) + return( ERR_MPI_BAD_INPUT_DATA ); + + /* + * Init temps and window size + */ + mpi_montg_init( &mm, N ); + mpi_init( &RR ); mpi_init( &T ); + mpi_init( &Apos ); + memset( W, 0, sizeof( W ) ); + + i = mpi_bitlen( E ); + + wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : + ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; + + if( wsize > MPI_WINDOW_SIZE ) + wsize = MPI_WINDOW_SIZE; + + j = N->n + 1; + MPI_CHK( mpi_grow( X, j ) ); + MPI_CHK( mpi_grow( &W[1], j ) ); + MPI_CHK( mpi_grow( &T, j * 2 ) ); + + /* + * Compensate for negative A (and correct at the end) + */ + neg = ( A->s == -1 ); + if( neg ) + { + MPI_CHK( mpi_copy( &Apos, A ) ); + Apos.s = 1; + A = &Apos; + } + + /* + * If 1st call, pre-compute R^2 mod N + */ + if( _RR == NULL || _RR->p == NULL ) + { + MPI_CHK( mpi_lset( &RR, 1 ) ); + MPI_CHK( mpi_shift_l( &RR, N->n * 2 * biL ) ); + MPI_CHK( mpi_mod_mpi( &RR, &RR, N ) ); + + if( _RR != NULL ) + memcpy( _RR, &RR, sizeof( mpi ) ); + } + else + memcpy( &RR, _RR, sizeof( mpi ) ); + + /* + * W[1] = A * R^2 * R^-1 mod N = A * R mod N + */ + if( mpi_cmp_mpi( A, N ) >= 0 ) + MPI_CHK( mpi_mod_mpi( &W[1], A, N ) ); + else + MPI_CHK( mpi_copy( &W[1], A ) ); + + mpi_montmul( &W[1], &RR, N, mm, &T ); + + /* + * X = R^2 * R^-1 mod N = R mod N + */ + MPI_CHK( mpi_copy( X, &RR ) ); + mpi_montred( X, N, mm, &T ); + + if( wsize > 1 ) + { + /* + * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1) + */ + j = one << ( wsize - 1 ); + + MPI_CHK( mpi_grow( &W[j], N->n + 1 ) ); + MPI_CHK( mpi_copy( &W[j], &W[1] ) ); + + for( i = 0; i < wsize - 1; i++ ) + mpi_montmul( &W[j], &W[j], N, mm, &T ); + + /* + * W[i] = W[i - 1] * W[1] + */ + for( i = j + 1; i < ( one << wsize ); i++ ) + { + MPI_CHK( mpi_grow( &W[i], N->n + 1 ) ); + MPI_CHK( mpi_copy( &W[i], &W[i - 1] ) ); + + mpi_montmul( &W[i], &W[1], N, mm, &T ); + } + } + + nblimbs = E->n; + bufsize = 0; + nbits = 0; + wbits = 0; + state = 0; + + while( 1 ) + { + if( bufsize == 0 ) + { + if( nblimbs == 0 ) + break; + + nblimbs--; + + bufsize = sizeof( mpi_uint ) << 3; + } + + bufsize--; + + ei = (E->p[nblimbs] >> bufsize) & 1; + + /* + * skip leading 0s + */ + if( ei == 0 && state == 0 ) + continue; + + if( ei == 0 && state == 1 ) + { + /* + * out of window, square X + */ + mpi_montmul( X, X, N, mm, &T ); + continue; + } + + /* + * add ei to current window + */ + state = 2; + + nbits++; + wbits |= ( ei << ( wsize - nbits ) ); + + if( nbits == wsize ) + { + /* + * X = X^wsize R^-1 mod N + */ + for( i = 0; i < wsize; i++ ) + mpi_montmul( X, X, N, mm, &T ); + + /* + * X = X * W[wbits] R^-1 mod N + */ + mpi_montmul( X, &W[wbits], N, mm, &T ); + + state--; + nbits = 0; + wbits = 0; + } + } + + /* + * process the remaining bits + */ + for( i = 0; i < nbits; i++ ) + { + mpi_montmul( X, X, N, mm, &T ); + + wbits <<= 1; + + if( ( wbits & ( one << wsize ) ) != 0 ) + mpi_montmul( X, &W[1], N, mm, &T ); + } + + /* + * X = A^E * R * R^-1 mod N = A^E mod N + */ + mpi_montred( X, N, mm, &T ); + + if( neg ) + { + X->s = -1; + MPI_CHK( mpi_add_mpi( X, N, X ) ); + } + +cleanup: + + for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ ) + mpi_free( &W[i] ); + + mpi_free( &W[1] ); mpi_free( &T ); mpi_free( &Apos ); + + if( _RR == NULL || _RR->p == NULL ) + mpi_free( &RR ); + + return( ret ); +} + +/* + * Greatest common divisor: G = gcd(A, B) (HAC 14.54) + */ +int mpi_gcd( mpi *G, const mpi *A, const mpi *B ) +{ + int ret; + size_t lz, lzt; + mpi TG, TA, TB; + + mpi_init( &TG ); mpi_init( &TA ); mpi_init( &TB ); + + MPI_CHK( mpi_copy( &TA, A ) ); + MPI_CHK( mpi_copy( &TB, B ) ); + + lz = mpi_lsb( &TA ); + lzt = mpi_lsb( &TB ); + + if( lzt < lz ) + lz = lzt; + + MPI_CHK( mpi_shift_r( &TA, lz ) ); + MPI_CHK( mpi_shift_r( &TB, lz ) ); + + TA.s = TB.s = 1; + + while( mpi_cmp_int( &TA, 0 ) != 0 ) + { + MPI_CHK( mpi_shift_r( &TA, mpi_lsb( &TA ) ) ); + MPI_CHK( mpi_shift_r( &TB, mpi_lsb( &TB ) ) ); + + if( mpi_cmp_mpi( &TA, &TB ) >= 0 ) + { + MPI_CHK( mpi_sub_abs( &TA, &TA, &TB ) ); + MPI_CHK( mpi_shift_r( &TA, 1 ) ); + } + else + { + MPI_CHK( mpi_sub_abs( &TB, &TB, &TA ) ); + MPI_CHK( mpi_shift_r( &TB, 1 ) ); + } + } + + MPI_CHK( mpi_shift_l( &TB, lz ) ); + MPI_CHK( mpi_copy( G, &TB ) ); + +cleanup: + + mpi_free( &TG ); mpi_free( &TA ); mpi_free( &TB ); + + return( ret ); +} + +/* + * Fill X with size bytes of random. + * + * Use a temporary bytes representation to make sure the result is the same + * regardless of the platform endianness (useful when f_rng is actually + * deterministic, eg for tests). + */ +int mpi_fill_random( mpi *X, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret; + unsigned char buf[MPI_MAX_SIZE]; + + if( size > MPI_MAX_SIZE ) + return( ERR_MPI_BAD_INPUT_DATA ); + + MPI_CHK( f_rng( p_rng, buf, size ) ); + MPI_CHK( mpi_read_binary( X, buf, size ) ); + +cleanup: + return( ret ); +} + +/* + * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64) + */ +int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ) +{ + int ret; + mpi G, TA, TU, U1, U2, TB, TV, V1, V2; + + if( mpi_cmp_int( N, 0 ) <= 0 ) + return( ERR_MPI_BAD_INPUT_DATA ); + + mpi_init( &TA ); mpi_init( &TU ); mpi_init( &U1 ); mpi_init( &U2 ); + mpi_init( &G ); mpi_init( &TB ); mpi_init( &TV ); + mpi_init( &V1 ); mpi_init( &V2 ); + + MPI_CHK( mpi_gcd( &G, A, N ) ); + + if( mpi_cmp_int( &G, 1 ) != 0 ) + { + ret = ERR_MPI_NOT_ACCEPTABLE; + goto cleanup; + } + + MPI_CHK( mpi_mod_mpi( &TA, A, N ) ); + MPI_CHK( mpi_copy( &TU, &TA ) ); + MPI_CHK( mpi_copy( &TB, N ) ); + MPI_CHK( mpi_copy( &TV, N ) ); + + MPI_CHK( mpi_lset( &U1, 1 ) ); + MPI_CHK( mpi_lset( &U2, 0 ) ); + MPI_CHK( mpi_lset( &V1, 0 ) ); + MPI_CHK( mpi_lset( &V2, 1 ) ); + + do + { + while( ( TU.p[0] & 1 ) == 0 ) + { + MPI_CHK( mpi_shift_r( &TU, 1 ) ); + + if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 ) + { + MPI_CHK( mpi_add_mpi( &U1, &U1, &TB ) ); + MPI_CHK( mpi_sub_mpi( &U2, &U2, &TA ) ); + } + + MPI_CHK( mpi_shift_r( &U1, 1 ) ); + MPI_CHK( mpi_shift_r( &U2, 1 ) ); + } + + while( ( TV.p[0] & 1 ) == 0 ) + { + MPI_CHK( mpi_shift_r( &TV, 1 ) ); + + if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 ) + { + MPI_CHK( mpi_add_mpi( &V1, &V1, &TB ) ); + MPI_CHK( mpi_sub_mpi( &V2, &V2, &TA ) ); + } + + MPI_CHK( mpi_shift_r( &V1, 1 ) ); + MPI_CHK( mpi_shift_r( &V2, 1 ) ); + } + + if( mpi_cmp_mpi( &TU, &TV ) >= 0 ) + { + MPI_CHK( mpi_sub_mpi( &TU, &TU, &TV ) ); + MPI_CHK( mpi_sub_mpi( &U1, &U1, &V1 ) ); + MPI_CHK( mpi_sub_mpi( &U2, &U2, &V2 ) ); + } + else + { + MPI_CHK( mpi_sub_mpi( &TV, &TV, &TU ) ); + MPI_CHK( mpi_sub_mpi( &V1, &V1, &U1 ) ); + MPI_CHK( mpi_sub_mpi( &V2, &V2, &U2 ) ); + } + } + while( mpi_cmp_int( &TU, 0 ) != 0 ); + + while( mpi_cmp_int( &V1, 0 ) < 0 ) + MPI_CHK( mpi_add_mpi( &V1, &V1, N ) ); + + while( mpi_cmp_mpi( &V1, N ) >= 0 ) + MPI_CHK( mpi_sub_mpi( &V1, &V1, N ) ); + + MPI_CHK( mpi_copy( X, &V1 ) ); + +cleanup: + + mpi_free( &TA ); mpi_free( &TU ); mpi_free( &U1 ); mpi_free( &U2 ); + mpi_free( &G ); mpi_free( &TB ); mpi_free( &TV ); + mpi_free( &V1 ); mpi_free( &V2 ); + + return( ret ); +} + +static const int small_prime[] = +{ + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313, + 317, 331, 337, 347, 349, 353, 359, 367, + 373, 379, 383, 389, 397, 401, 409, 419, + 421, 431, 433, 439, 443, 449, 457, 461, + 463, 467, 479, 487, 491, 499, 503, 509, + 521, 523, 541, 547, 557, 563, 569, 571, + 577, 587, 593, 599, 601, 607, 613, 617, + 619, 631, 641, 643, 647, 653, 659, 661, + 673, 677, 683, 691, 701, 709, 719, 727, + 733, 739, 743, 751, 757, 761, 769, 773, + 787, 797, 809, 811, 821, 823, 827, 829, + 839, 853, 857, 859, 863, 877, 881, 883, + 887, 907, 911, 919, 929, 937, 941, 947, + 953, 967, 971, 977, 983, 991, 997, -103 +}; + +/* + * Small divisors test (X must be positive) + * + * Return values: + * 0: no small factor (possible prime, more tests needed) + * 1: certain prime + * ERR_MPI_NOT_ACCEPTABLE: certain non-prime + * other negative: error + */ +static int mpi_check_small_factors( const mpi *X ) +{ + int ret = 0; + size_t i; + mpi_uint r; + + if( ( X->p[0] & 1 ) == 0 ) + return( ERR_MPI_NOT_ACCEPTABLE ); + + for( i = 0; small_prime[i] > 0; i++ ) + { + if( mpi_cmp_int( X, small_prime[i] ) <= 0 ) + return( 1 ); + + MPI_CHK( mpi_mod_int( &r, X, small_prime[i] ) ); + + if( r == 0 ) + return( ERR_MPI_NOT_ACCEPTABLE ); + } + +cleanup: + return( ret ); +} + +/* + * Miller-Rabin pseudo-primality test (HAC 4.24) + */ +static int mpi_miller_rabin( const mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret, count; + size_t i, j, k, n, s; + mpi W, R, T, A, RR; + + mpi_init( &W ); mpi_init( &R ); mpi_init( &T ); mpi_init( &A ); + mpi_init( &RR ); + + /* + * W = |X| - 1 + * R = W >> lsb( W ) + */ + MPI_CHK( mpi_sub_int( &W, X, 1 ) ); + s = mpi_lsb( &W ); + MPI_CHK( mpi_copy( &R, &W ) ); + MPI_CHK( mpi_shift_r( &R, s ) ); + + i = mpi_bitlen( X ); + /* + * HAC, table 4.4 + */ + n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 : + ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 : + ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 ); + + for( i = 0; i < n; i++ ) + { + /* + * pick a random A, 1 < A < |X| - 1 + */ + MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); + + if( mpi_cmp_mpi( &A, &W ) >= 0 ) + { + j = mpi_bitlen( &A ) - mpi_bitlen( &W ); + MPI_CHK( mpi_shift_r( &A, j + 1 ) ); + } + A.p[0] |= 3; + + count = 0; + do { + MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); + + j = mpi_bitlen( &A ); + k = mpi_bitlen( &W ); + if (j > k) { + MPI_CHK( mpi_shift_r( &A, j - k ) ); + } + + if (count++ > 30) { + return ERR_MPI_NOT_ACCEPTABLE; + } + + } while ( mpi_cmp_mpi( &A, &W ) >= 0 || + mpi_cmp_int( &A, 1 ) <= 0 ); + + /* + * A = A^R mod |X| + */ + MPI_CHK( mpi_exp_mod( &A, &A, &R, X, &RR ) ); + + if( mpi_cmp_mpi( &A, &W ) == 0 || + mpi_cmp_int( &A, 1 ) == 0 ) + continue; + + j = 1; + while( j < s && mpi_cmp_mpi( &A, &W ) != 0 ) + { + /* + * A = A * A mod |X| + */ + MPI_CHK( mpi_mul_mpi( &T, &A, &A ) ); + MPI_CHK( mpi_mod_mpi( &A, &T, X ) ); + + if( mpi_cmp_int( &A, 1 ) == 0 ) + break; + + j++; + } + + /* + * not prime if A != |X| - 1 or A == 1 + */ + if( mpi_cmp_mpi( &A, &W ) != 0 || + mpi_cmp_int( &A, 1 ) == 0 ) + { + ret = ERR_MPI_NOT_ACCEPTABLE; + break; + } + } + +cleanup: + mpi_free( &W ); mpi_free( &R ); mpi_free( &T ); mpi_free( &A ); + mpi_free( &RR ); + + return( ret ); +} + +/* + * Pseudo-primality test: small factors, then Miller-Rabin + */ +int mpi_is_prime( const mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret; + mpi XX; + + XX.s = 1; + XX.n = X->n; + XX.p = X->p; + + if( mpi_cmp_int( &XX, 0 ) == 0 || + mpi_cmp_int( &XX, 1 ) == 0 ) + return( ERR_MPI_NOT_ACCEPTABLE ); + + if( mpi_cmp_int( &XX, 2 ) == 0 ) + return( 0 ); + + if( ( ret = mpi_check_small_factors( &XX ) ) != 0 ) + { + if( ret == 1 ) + return( 0 ); + + return( ret ); + } + + return( mpi_miller_rabin( &XX, f_rng, p_rng ) ); +} + +/* + * Prime number generation + */ +int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret; + size_t k, n; + mpi_uint r; + mpi Y; + + if( nbits < 3 || nbits > MPI_MAX_BITS ) + return( ERR_MPI_BAD_INPUT_DATA ); + + mpi_init( &Y ); + + n = BITS_TO_LIMBS( nbits ); + + MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); + + k = mpi_bitlen( X ); + if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits + 1 ) ); + + mpi_set_bit( X, nbits-1, 1 ); + + X->p[0] |= 1; + + if( dh_flag == 0 ) + { + while( ( ret = mpi_is_prime( X, f_rng, p_rng ) ) != 0 ) + { + if( ret != ERR_MPI_NOT_ACCEPTABLE ) + goto cleanup; + + MPI_CHK( mpi_add_int( X, X, 2 ) ); + } + } + else + { + /* + * An necessary condition for Y and X = 2Y + 1 to be prime + * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). + * Make sure it is satisfied, while keeping X = 3 mod 4 + */ + + X->p[0] |= 2; + + MPI_CHK( mpi_mod_int( &r, X, 3 ) ); + if( r == 0 ) + MPI_CHK( mpi_add_int( X, X, 8 ) ); + else if( r == 1 ) + MPI_CHK( mpi_add_int( X, X, 4 ) ); + + /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ + MPI_CHK( mpi_copy( &Y, X ) ); + MPI_CHK( mpi_shift_r( &Y, 1 ) ); + + while( 1 ) + { + /* + * First, check small factors for X and Y + * before doing Miller-Rabin on any of them + */ + if( ( ret = mpi_check_small_factors( X ) ) == 0 && + ( ret = mpi_check_small_factors( &Y ) ) == 0 && + ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && + ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) + { + break; + } + + if( ret != ERR_MPI_NOT_ACCEPTABLE ) + goto cleanup; + + /* + * Next candidates. We want to preserve Y = (X-1) / 2 and + * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) + * so up Y by 6 and X by 12. + */ + MPI_CHK( mpi_add_int( X, X, 12 ) ); + MPI_CHK( mpi_add_int( &Y, &Y, 6 ) ); + } + } + +cleanup: + + mpi_free( &Y ); + + return( ret ); +} + + +#endif /* ESP_BIGNUM_ALT */ + diff --git a/components/mbedtls/port/sha1_alt.c b/components/mbedtls/port/sha1_alt.c new file mode 100644 index 0000000000..32a970704c --- /dev/null +++ b/components/mbedtls/port/sha1_alt.c @@ -0,0 +1,102 @@ +/* + * FIPS-180-1 compliant SHA-1 implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +/* + * The SHA-1 standard was published by NIST in 1993. + * + * http://www.itl.nist.gov/fipspubs/fip180-1.htm + */ + +#include "port/sha1_alt.h" + +#if defined(ESP_SHA1_C) +#include + +/* Implementation that should never be optimized out by the compiler */ +static void sha1_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +void sha1_init( SHA1_CTX *ctx ) +{ + memset( ctx, 0, sizeof( SHA1_CTX ) ); + ets_sha_enable(); +} + +void sha1_free( SHA1_CTX *ctx ) +{ + if( ctx == NULL ) + return; + + sha1_zeroize( ctx, sizeof( SHA1_CTX ) ); + ets_sha_disable(); +} + +void sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) +{ + *dst = *src; +} + +void sha1_process(SHA1_CTX *ctx, const unsigned char data[64]) +{ + +} + +/* + * SHA-1 context setup + */ +void sha1_starts( SHA1_CTX *ctx ) +{ + ets_sha_init(&ctx->context); + ctx->context_type = SHA1; +} + +/* + * SHA-1 process buffer + */ +void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) +{ + ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); +} + +/* + * SHA-1 final digest + */ +void sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ) +{ + ets_sha_finish(&ctx->context, ctx->context_type, output); +} + +/* + * output = SHA-1( input buffer ) + */ +void sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ) +{ + SHA1_CTX ctx; + + sha1_init( &ctx ); + sha1_starts( &ctx ); + sha1_update( &ctx, input, ilen ); + sha1_finish( &ctx, output ); + sha1_free( &ctx ); +} + +#endif /* _SHA1_C */ + + diff --git a/components/mbedtls/port/sha256_alt.c b/components/mbedtls/port/sha256_alt.c new file mode 100644 index 0000000000..781cfa7a11 --- /dev/null +++ b/components/mbedtls/port/sha256_alt.c @@ -0,0 +1,107 @@ +/* + * FIPS-180-2 compliant SHA-256 implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +/* + * The SHA-256 Secure Hash Standard was published by NIST in 2002. + * + * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf + */ + +#include "port/sha256_alt.h" + +#if defined(ESP_SHA256_C) +#include + +/* Implementation that should never be optimized out by the compiler */ +static void sha256_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +void sha256_init( SHA256_CTX *ctx ) +{ + memset( ctx, 0, sizeof( SHA256_CTX ) ); + ets_sha_enable(); +} + +void sha256_process(SHA256_CTX *ctx, const unsigned char data[64]) +{ + +} + +void sha256_free( SHA256_CTX *ctx ) +{ + if( ctx == NULL ) + return; + + sha256_zeroize( ctx, sizeof( SHA256_CTX ) ); + ets_sha_disable(); +} + +void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) +{ + *dst = *src; +} + +/* + * SHA-256 context setup + */ +void sha256_starts( SHA256_CTX *ctx, int is224 ) +{ + ets_sha_init(&ctx->context); + if( is224 == 0 ) + { + /* SHA-256 */ + ctx->context_type = SHA256; + }else{ + /* SHA-224 */ + ctx->context_type = SHA224; + } +} + +/* + * SHA-256 process buffer + */ +void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) +{ + ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); +} + +/* + * SHA-256 final digest + */ +void sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) +{ + ets_sha_finish(&ctx->context, ctx->context_type, output); +} + +/* + * output = SHA-256( input buffer ) + */ +void sha256_output( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ) +{ + SHA256_CTX ctx; + + sha256_init( &ctx ); + sha256_starts( &ctx, is224 ); + sha256_update( &ctx, input, ilen ); + sha256_finish( &ctx, output ); + sha256_free( &ctx ); +} + +#endif /* SHA256_C */ diff --git a/components/mbedtls/port/sha512_alt.c b/components/mbedtls/port/sha512_alt.c new file mode 100644 index 0000000000..9884dd8d1e --- /dev/null +++ b/components/mbedtls/port/sha512_alt.c @@ -0,0 +1,103 @@ +/* + * FIPS-180-2 compliant SHA-384/512 implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +/* + * The SHA-512 Secure Hash Standard was published by NIST in 2002. + * + * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf + */ +#include "port/sha512_alt.h" + +#if defined(ESP_SHA512_C) +#include + +/* Implementation that should never be optimized out by the compiler */ +static void sha512_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +void sha512_init( SHA512_CTX *ctx ) +{ + memset( ctx, 0, sizeof( SHA512_CTX ) ); + ets_sha_enable(); +} + +void sha512_free( SHA512_CTX *ctx ) +{ + if( ctx == NULL ) + return; + + sha512_zeroize( ctx, sizeof( SHA512_CTX ) ); + ets_sha_disable(); +} + +void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) +{ + *dst = *src; +} + +/* + * SHA-512 context setup + */ +void sha512_starts( SHA512_CTX *ctx, int is384 ) +{ + ets_sha_init(&ctx->context); + if( is384 == 0 ) + { + /* SHA-512 */ + ctx->context_type = SHA2_512; + } + else + { + /* SHA-384 */ + ctx->context_type = SHA2_384; + } +} + +/* + * SHA-512 process buffer + */ +void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) +{ + ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); +} + +/* + * SHA-512 final digest + */ +void sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ) +{ + ets_sha_finish(&ctx->context, ctx->context_type, output); +} + +/* + * output = SHA-512( input buffer ) + */ +void sha512_output( const unsigned char *input, size_t ilen,unsigned char output[64], int is384 ) +{ + SHA512_CTX ctx; + + sha512_init( &ctx ); + sha512_starts( &ctx, is384 ); + sha512_update( &ctx, input, ilen ); + sha512_finish( &ctx, output ); + sha512_free( &ctx ); +} + +#endif /* SHA512_C */ From d9b660f6d405c9faf5e43489bb025e67418684b6 Mon Sep 17 00:00:00 2001 From: liuhan Date: Mon, 8 Aug 2016 13:56:36 +0800 Subject: [PATCH 02/28] 1. add lock function for every function 2. modify some function for crypto --- components/mbedtls/include/mbedtls/aes.h | 22 ++- components/mbedtls/include/mbedtls/bignum.h | 50 ++++++ .../mbedtls/include/mbedtls/esp_config.h | 148 +++++++++--------- components/mbedtls/include/mbedtls/sha1.h | 12 +- components/mbedtls/include/mbedtls/sha256.h | 12 +- components/mbedtls/include/mbedtls/sha512.h | 12 +- components/mbedtls/include/port/aes_alt.h | 9 +- .../mbedtls/include/port/multi_thread.h | 63 ++++++++ components/mbedtls/library/bignum.c | 3 + components/mbedtls/port/aes_alt.c | 74 ++++++++- components/mbedtls/port/bignum_alt.c | 14 +- components/mbedtls/port/multi_thread.c | 53 +++++++ components/mbedtls/port/sha1_alt.c | 17 +- components/mbedtls/port/sha256_alt.c | 17 +- components/mbedtls/port/sha512_alt.c | 16 +- 15 files changed, 436 insertions(+), 86 deletions(-) create mode 100644 components/mbedtls/include/port/multi_thread.h create mode 100644 components/mbedtls/port/multi_thread.c diff --git a/components/mbedtls/include/mbedtls/aes.h b/components/mbedtls/include/mbedtls/aes.h index a36e825a2e..f5e1600b36 100644 --- a/components/mbedtls/include/mbedtls/aes.h +++ b/components/mbedtls/include/mbedtls/aes.h @@ -276,7 +276,27 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, #endif #else /* MBEDTLS_AES_ALT */ -#include "aes_alt.h" +#include "port/aes_alt.h" + +typedef AES_CTX mbedtls_aes_context; + +#define mbedtls_aes_init aes_init +#define mbedtls_aes_free aes_free +#define mbedtls_aes_setkey_enc aes_setkey_enc +#define mbedtls_aes_setkey_dec aes_setkey_dec +#define mbedtls_aes_crypt_ecb aes_crypt_ecb +#if defined(MBEDTLS_CIPHER_MODE_CBC) +#define mbedtls_aes_crypt_cbc aes_crypt_cbc +#endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) +#define mbedtls_aes_crypt_cfb128 aes_crypt_cfb128 +#define mbedtls_aes_crypt_cfb8 aes_crypt_cfb8 +#endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) +#define mbedtls_aes_crypt_ctr aes_crypt_ctr +#endif +#define mbedtls_aes_encrypt aes_encrypt +#define mbedtls_aes_decrypt aes_decrypt #endif /* MBEDTLS_AES_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/bignum.h b/components/mbedtls/include/mbedtls/bignum.h index aa51556a57..d062a75112 100644 --- a/components/mbedtls/include/mbedtls/bignum.h +++ b/components/mbedtls/include/mbedtls/bignum.h @@ -100,6 +100,8 @@ #define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332 #define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 ) +#if !defined(MBEDTLS_BIGNUM_ALT) + /* * Define the base integer type, architecture-wise. * @@ -702,6 +704,54 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#else /* MBEDTLS_BIGNUM_ALT */ +#include "port/bignum_alt.h" + +typedef mpi mbedtls_mpi; + +#define mbedtls_mpi_init mpi_init +#define mbedtls_mpi_free mpi_free +#define mbedtls_mpi_grow mpi_grow +#define mbedtls_mpi_shrink mpi_shrink +#define mbedtls_mpi_copy mpi_copy +#define mbedtls_mpi_swap mpi_swap +#define mbedtls_mpi_safe_cond_assign mpi_safe_cond_assign +#define mbedtls_mpi_safe_cond_swap mpi_safe_cond_swap +#define mbedtls_mpi_lset mpi_lset +#define mbedtls_mpi_get_bit mpi_get_bit +#define mbedtls_mpi_set_bit mpi_set_bit +#define mbedtls_mpi_lsb mpi_lsb +#define mbedtls_mpi_bitlen mpi_bitlen +#define mbedtls_mpi_size mpi_size +#define mbedtls_mpi_read_string mpi_read_string +#define mbedtls_mpi_write_string mpi_write_string +#define mbedtls_mpi_read_binary mpi_read_binary +#define mbedtls_mpi_write_binary mpi_write_binary +#define mbedtls_mpi_shift_l mpi_shift_l +#define mbedtls_mpi_shift_r mpi_shift_r +#define mbedtls_mpi_cmp_abs mpi_cmp_abs +#define mbedtls_mpi_cmp_mpi mpi_cmp_mpi +#define mbedtls_mpi_cmp_int mpi_cmp_int +#define mbedtls_mpi_add_abs mpi_add_abs +#define mbedtls_mpi_sub_abs mpi_sub_abs +#define mbedtls_mpi_add_mpi mpi_add_mpi +#define mbedtls_mpi_sub_mpi mpi_sub_mpi +#define mbedtls_mpi_add_int mpi_add_int +#define mbedtls_mpi_sub_int mpi_sub_int +#define mbedtls_mpi_mul_mpi mpi_mul_mpi +#define mbedtls_mpi_mul_int mpi_mul_int +#define mbedtls_mpi_div_mpi mpi_div_mpi +#define mbedtls_mpi_div_int mpi_div_int +#define mbedtls_mpi_mod_mpi mpi_mod_mpi +#define mbedtls_mpi_mod_int mpi_mod_int +#define mbedtls_mpi_exp_mod mpi_exp_mod +#define mbedtls_mpi_fill_random mpi_fill_random +#define mbedtls_mpi_gcd mpi_gcd +#define mbedtls_mpi_inv_mod mpi_inv_mod +#define mbedtls_mpi_is_prime mpi_is_prime +#define mbedtls_mpi_gen_prime mpi_gen_prime + +#endif /* MBEDTLS_BIGNUM_ALT */ /** * \brief Checkup routine diff --git a/components/mbedtls/include/mbedtls/esp_config.h b/components/mbedtls/include/mbedtls/esp_config.h index 50c3ee2af7..614e8018bb 100644 --- a/components/mbedtls/include/mbedtls/esp_config.h +++ b/components/mbedtls/include/mbedtls/esp_config.h @@ -225,7 +225,7 @@ * Uncomment a macro to enable alternate implementation of the corresponding * module. */ -//#define MBEDTLS_AES_ALT +#define MBEDTLS_AES_ALT //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT @@ -235,10 +235,11 @@ //#define MBEDTLS_MD4_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT +#define MBEDTLS_SHA1_ALT +#define MBEDTLS_SHA256_ALT +#define MBEDTLS_SHA512_ALT +#define MBEDTLS_BIGNUM_ALT /** * \def MBEDTLS_MD2_PROCESS_ALT * @@ -297,7 +298,7 @@ * * Uncomment this macro to store the AES tables in ROM. */ -//#define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_AES_ROM_TABLES /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY @@ -373,10 +374,10 @@ * * Enable padding modes in the cipher layer. */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS +//#define MBEDTLS_CIPHER_PADDING_PKCS7 +//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +//#define MBEDTLS_CIPHER_PADDING_ZEROS /** * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES @@ -414,18 +415,18 @@ * * Comment macros to disable the curve and functions for it */ -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +//#define MBEDTLS_ECP_DP_BP256R1_ENABLED +//#define MBEDTLS_ECP_DP_BP384R1_ENABLED +//#define MBEDTLS_ECP_DP_BP512R1_ENABLED +//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM @@ -436,7 +437,7 @@ * * Comment this macro to disable NIST curves optimisation. */ -#define MBEDTLS_ECP_NIST_OPTIM +//#define MBEDTLS_ECP_NIST_OPTIM /** * \def MBEDTLS_ECDSA_DETERMINISTIC @@ -450,7 +451,7 @@ * * Comment this macro to disable deterministic ECDSA. */ -#define MBEDTLS_ECDSA_DETERMINISTIC +//#define MBEDTLS_ECDSA_DETERMINISTIC /** * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED @@ -472,7 +473,7 @@ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -496,7 +497,7 @@ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -516,7 +517,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED @@ -595,7 +596,7 @@ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -620,7 +621,7 @@ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -644,7 +645,7 @@ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -668,7 +669,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -692,7 +693,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -945,7 +946,7 @@ * * Comment this macro to disable support for Encrypt-then-MAC */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * @@ -963,7 +964,7 @@ * * Comment this macro to disable support for Extended Master Secret. */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET /** * \def MBEDTLS_SSL_FALLBACK_SCSV @@ -980,7 +981,7 @@ * * Comment this macro to disable support for FALLBACK_SCSV */ -#define MBEDTLS_SSL_FALLBACK_SCSV +//#define MBEDTLS_SSL_FALLBACK_SCSV /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL @@ -1017,7 +1018,7 @@ * * Comment this to disable support for renegotiation. */ -#define MBEDTLS_SSL_RENEGOTIATION +//#define MBEDTLS_SSL_RENEGOTIATION /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO @@ -1046,7 +1047,7 @@ * * Comment this macro to disable support for the max_fragment_length extension */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH /** * \def MBEDTLS_SSL_PROTO_SSL3 @@ -1058,7 +1059,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -#define MBEDTLS_SSL_PROTO_SSL3 +//#define MBEDTLS_SSL_PROTO_SSL3 /** * \def MBEDTLS_SSL_PROTO_TLS1 @@ -1109,7 +1110,7 @@ * * Comment this macro to disable support for DTLS */ -#define MBEDTLS_SSL_PROTO_DTLS +//#define MBEDTLS_SSL_PROTO_DTLS /** * \def MBEDTLS_SSL_ALPN @@ -1118,7 +1119,7 @@ * * Comment this macro to disable support for ALPN. */ -#define MBEDTLS_SSL_ALPN +//#define MBEDTLS_SSL_ALPN /** * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY @@ -1133,7 +1134,7 @@ * * Comment this to disable anti-replay in DTLS. */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY @@ -1151,7 +1152,7 @@ * * Comment this to disable support for HelloVerifyRequest. */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE @@ -1167,7 +1168,7 @@ * * Comment this to disable support for clients reusing the source port. */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE /** * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT @@ -1178,7 +1179,7 @@ * * Requires: MBEDTLS_SSL_PROTO_DTLS */ -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT +//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT /** * \def MBEDTLS_SSL_SESSION_TICKETS @@ -1192,7 +1193,7 @@ * * Comment this macro to disable support for SSL session tickets */ -#define MBEDTLS_SSL_SESSION_TICKETS +//#define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_EXPORT_KEYS @@ -1202,7 +1203,7 @@ * * Comment this macro to disable support for key export */ -#define MBEDTLS_SSL_EXPORT_KEYS +//#define MBEDTLS_SSL_EXPORT_KEYS /** * \def MBEDTLS_SSL_SERVER_NAME_INDICATION @@ -1222,7 +1223,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ -#define MBEDTLS_SSL_TRUNCATED_HMAC +//#define MBEDTLS_SSL_TRUNCATED_HMAC /** * \def MBEDTLS_THREADING_ALT @@ -1257,7 +1258,7 @@ * * Comment this to disable run-time checking and save ROM space */ -#define MBEDTLS_VERSION_FEATURES +//#define MBEDTLS_VERSION_FEATURES /** * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 @@ -1293,7 +1294,7 @@ * * Comment to skip keyUsage checking for both CA and leaf certificates. */ -#define MBEDTLS_X509_CHECK_KEY_USAGE +//#define MBEDTLS_X509_CHECK_KEY_USAGE /** * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE @@ -1306,7 +1307,7 @@ * * Comment to skip extendedKeyUsage checking for certificates. */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1316,7 +1317,7 @@ * * Comment this macro to disallow using RSASSA-PSS in certificates. */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT /** * \def MBEDTLS_ZLIB_SUPPORT @@ -1458,7 +1459,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_ARC4_C +//#define MBEDTLS_ARC4_C /** * \def MBEDTLS_ASN1_PARSE_C @@ -1523,7 +1524,7 @@ * * Module: library/blowfish.c */ -#define MBEDTLS_BLOWFISH_C +//#define MBEDTLS_BLOWFISH_C /** * \def MBEDTLS_CAMELLIA_C @@ -1578,7 +1579,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_CAMELLIA_C +//#define MBEDTLS_CAMELLIA_C /** * \def MBEDTLS_CCM_C @@ -1592,7 +1593,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ -#define MBEDTLS_CCM_C +//#define MBEDTLS_CCM_C /** * \def MBEDTLS_CERTS_C @@ -1604,7 +1605,7 @@ * * This module is used for testing (ssl_client/server). */ -#define MBEDTLS_CERTS_C +//#define MBEDTLS_CERTS_C /** * \def MBEDTLS_CIPHER_C @@ -1644,7 +1645,7 @@ * * This module provides debugging functions. */ -#define MBEDTLS_DEBUG_C +//#define MBEDTLS_DEBUG_C /** * \def MBEDTLS_DES_C @@ -1670,7 +1671,7 @@ * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. */ -#define MBEDTLS_DES_C +//#define MBEDTLS_DES_C /** * \def MBEDTLS_DHM_C @@ -1684,7 +1685,7 @@ * This module is used by the following key exchanges: * DHE-RSA, DHE-PSK */ -#define MBEDTLS_DHM_C +//#define MBEDTLS_DHM_C /** * \def MBEDTLS_ECDH_C @@ -1700,7 +1701,7 @@ * * Requires: MBEDTLS_ECP_C */ -#define MBEDTLS_ECDH_C +//#define MBEDTLS_ECDH_C /** * \def MBEDTLS_ECDSA_C @@ -1715,7 +1716,7 @@ * * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C */ -#define MBEDTLS_ECDSA_C +//#define MBEDTLS_ECDSA_C /** * \def MBEDTLS_ECJPAKE_C @@ -1748,7 +1749,7 @@ * * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED */ -#define MBEDTLS_ECP_C +//#define MBEDTLS_ECP_C /** * \def MBEDTLS_ENTROPY_C @@ -1774,7 +1775,7 @@ * * This module enables mbedtls_strerror(). */ -#define MBEDTLS_ERROR_C +//#define MBEDTLS_ERROR_C /** * \def MBEDTLS_GCM_C @@ -1788,7 +1789,7 @@ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ -#define MBEDTLS_GCM_C +//#define MBEDTLS_GCM_C //764 Byte /** * \def MBEDTLS_HAVEGE_C @@ -1825,7 +1826,7 @@ * * Uncomment to enable the HMAC_DRBG random number geerator. */ -#define MBEDTLS_HMAC_DRBG_C +//#define MBEDTLS_HMAC_DRBG_C /** * \def MBEDTLS_MD_C @@ -1940,7 +1941,7 @@ * * This modules adds support for the VIA PadLock on x86. */ -#define MBEDTLS_PADLOCK_C +//#define MBEDTLS_PADLOCK_C /** * \def MBEDTLS_PEM_PARSE_C @@ -2032,7 +2033,7 @@ * * This module adds support for the PKCS#5 functions. */ -#define MBEDTLS_PKCS5_C +//#define MBEDTLS_PKCS5_C /** * \def MBEDTLS_PKCS11_C @@ -2063,7 +2064,7 @@ * * This module enables PKCS#12 functions. */ -#define MBEDTLS_PKCS12_C +//#define MBEDTLS_PKCS12_C /** * \def MBEDTLS_PLATFORM_C @@ -2083,7 +2084,7 @@ * * This module enables abstraction of common (libc) functions. */ -#define MBEDTLS_PLATFORM_C +//#define MBEDTLS_PLATFORM_C /** * \def MBEDTLS_RIPEMD160_C @@ -2094,7 +2095,7 @@ * Caller: library/mbedtls_md.c * */ -#define MBEDTLS_RIPEMD160_C +//#define MBEDTLS_RIPEMD160_C /** * \def MBEDTLS_RSA_C @@ -2172,7 +2173,7 @@ * * Requires: MBEDTLS_SSL_CACHE_C */ -#define MBEDTLS_SSL_CACHE_C +//#define MBEDTLS_SSL_CACHE_C /** * \def MBEDTLS_SSL_COOKIE_C @@ -2182,7 +2183,7 @@ * Module: library/ssl_cookie.c * Caller: */ -#define MBEDTLS_SSL_COOKIE_C +//#define MBEDTLS_SSL_COOKIE_C /** * \def MBEDTLS_SSL_TICKET_C @@ -2194,7 +2195,7 @@ * * Requires: MBEDTLS_CIPHER_C */ -#define MBEDTLS_SSL_TICKET_C +//#define MBEDTLS_SSL_TICKET_C /** * \def MBEDTLS_SSL_CLI_C @@ -2465,7 +2466,8 @@ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ /* SSL options */ -//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ +extern unsigned int max_content_len; +#define MBEDTLS_SSL_MAX_CONTENT_LEN max_content_len /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ diff --git a/components/mbedtls/include/mbedtls/sha1.h b/components/mbedtls/include/mbedtls/sha1.h index 7a67c6c1fb..2d85a59f78 100644 --- a/components/mbedtls/include/mbedtls/sha1.h +++ b/components/mbedtls/include/mbedtls/sha1.h @@ -106,7 +106,17 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6 #endif #else /* MBEDTLS_SHA1_ALT */ -#include "sha1_alt.h" +#include "port/sha1_alt.h" + +typedef SHA1_CTX mbedtls_sha1_context; + +#define mbedtls_sha1_init sha1_init +#define mbedtls_sha1_starts sha1_starts +#define mbedtls_sha1_clone sha1_clone +#define mbedtls_sha1_update sha1_update +#define mbedtls_sha1_finish sha1_finish +#define mbedtls_sha1_free sha1_free +#define mbedtls_sha1_process sha1_process #endif /* MBEDTLS_SHA1_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/sha256.h b/components/mbedtls/include/mbedtls/sha256.h index f8041adf08..4ab444e8d1 100644 --- a/components/mbedtls/include/mbedtls/sha256.h +++ b/components/mbedtls/include/mbedtls/sha256.h @@ -109,7 +109,17 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da #endif #else /* MBEDTLS_SHA256_ALT */ -#include "sha256_alt.h" +#include "port/sha256_alt.h" + +typedef SHA256_CTX mbedtls_sha256_context; + +#define mbedtls_sha256_init sha256_init +#define mbedtls_sha256_clone sha256_clone +#define mbedtls_sha256_starts sha256_starts +#define mbedtls_sha256_update sha256_update +#define mbedtls_sha256_finish sha256_finish +#define mbedtls_sha256_free sha256_free +#define mbedtls_sha256_process sha256_process #endif /* MBEDTLS_SHA256_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/sha512.h b/components/mbedtls/include/mbedtls/sha512.h index 627694f425..0ebc092f43 100644 --- a/components/mbedtls/include/mbedtls/sha512.h +++ b/components/mbedtls/include/mbedtls/sha512.h @@ -106,7 +106,17 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 #endif #else /* MBEDTLS_SHA512_ALT */ -#include "sha512_alt.h" +#include "port/sha512_alt.h" + +typedef SHA512_CTX mbedtls_sha512_context; + +#define mbedtls_sha512_init sha512_init +#define mbedtls_sha512_clone sha512_clone +#define mbedtls_sha512_starts sha512_starts +#define mbedtls_sha512_update sha512_update +#define mbedtls_sha512_finish sha512_finish +#define mbedtls_sha512_free sha512_free + #endif /* MBEDTLS_SHA512_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/port/aes_alt.h b/components/mbedtls/include/port/aes_alt.h index d56c76ce47..a02f32f299 100644 --- a/components/mbedtls/include/port/aes_alt.h +++ b/components/mbedtls/include/port/aes_alt.h @@ -41,6 +41,12 @@ extern "C" { #define ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ +typedef struct{ + bool flag; + uint16 keybites; + uint8 key[32]; +}key_context, KEY_CTX; + /** * \brief AES context structure * @@ -53,7 +59,8 @@ typedef struct { int nr; /*!< number of rounds */ uint32_t *rk; /*!< AES round keys */ - uint32_t buf[68]; /*!< unaligned data */ + KEY_CTX enc; + KEY_CTX dec; }aes_context; typedef aes_context AES_CTX; diff --git a/components/mbedtls/include/port/multi_thread.h b/components/mbedtls/include/port/multi_thread.h new file mode 100644 index 0000000000..6732eeddef --- /dev/null +++ b/components/mbedtls/include/port/multi_thread.h @@ -0,0 +1,63 @@ +#ifndef _MULTI_THREAD_H_ +#define _MULTI_THREAD_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +enum { + AES_MUTEX = 0, + BIGNUM_MUTEX, + SHA_MUTEX, + + MUTEX_MAX_NUM, +}; + +int multi_thread_init(void); + +void multi_thread_lock(unsigned int num); +void multi_thread_unlock(unsigned int num); + +void multi_thread_take(unsigned int num); +void multi_thread_give(unsigned int num); +bool multi_thread_is_used(num); + +#define MUTEX_LOCK(num) multi_thread_lock(num) +#define MUTEX_UNLOCK(num) multi_thread_unlock(num) + +#define SIG_TAKE(num) multi_thread_take(num) +#define SIG_GIVE(num) multi_thread_give(num) +#define SIG_IS_USED(num) multi_thread_is_used(num) + +#define AES_LOCK() MUTEX_LOCK(AES_MUTEX) +#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX) +#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX) +#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX) +#define SHA1_LOCK() MUTEX_LOCK(SHA_MUTEX) +#define SHA1_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) +#define SHA256_LOCK() MUTEX_LOCK(SHA_MUTEX) +#define SHA256_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) +#define SHA512_LOCK() MUTEX_LOCK(SHA_MUTEX) +#define SHA512_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) + +#define AES_TAKE() SIG_TAKE(AES_MUTEX) +#define AES_GIVE() SIG_GIVE(AES_MUTEX) +#define AES_IS_USED() SIG_IS_USED(AES_MUTEX) +#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX) +#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX) +#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX) +#define SHA1_TAKE() SIG_TAKE(SHA_MUTEX) +#define SHA1_GIVE() SIG_GIVE(SHA_MUTEX) +#define SHA1_IS_USED() SIG_IS_USED(SHA_MUTEX) +#define SHA256_TAKE() SIG_TAKE(SHA_MUTEX) +#define SHA256_GIVE() SIG_GIVE(SHA_MUTEX) +#define SHA256_IS_USED() SIG_IS_USED(SHA_MUTEX) +#define SHA512_TAKE() SIG_TAKE(SHA_MUTEX) +#define SHA512_GIVE() SIG_GIVE(SHA_MUTEX) +#define SHA512_IS_USED() SIG_IS_USED(SHA_MUTEX) + +#ifdef __cplusplus +} +#endif + +#endif /* multi_thread.h */ diff --git a/components/mbedtls/library/bignum.c b/components/mbedtls/library/bignum.c index 4c99e04d6f..e438fdddbf 100644 --- a/components/mbedtls/library/bignum.c +++ b/components/mbedtls/library/bignum.c @@ -58,6 +58,8 @@ #define mbedtls_free free #endif +#if !defined(MBEDTLS_BIGNUM_ALT) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; @@ -2264,6 +2266,7 @@ cleanup: } #endif /* MBEDTLS_GENPRIME */ +#endif /* MBEDTLS_BIGNUM_ALT */ #if defined(MBEDTLS_SELF_TEST) diff --git a/components/mbedtls/port/aes_alt.c b/components/mbedtls/port/aes_alt.c index 26699d82fb..504a2a7db8 100644 --- a/components/mbedtls/port/aes_alt.c +++ b/components/mbedtls/port/aes_alt.c @@ -30,6 +30,7 @@ #if defined(ESP_AES_C) #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void aes_zeroize( void *v, size_t n ) { @@ -39,7 +40,11 @@ static void aes_zeroize( void *v, size_t n ) { void aes_init( AES_CTX *ctx ) { memset( ctx, 0, sizeof( AES_CTX ) ); + + AES_LOCK(); + AES_TAKE(); ets_aes_enable(); + AES_UNLOCK(); } void aes_free( AES_CTX *ctx ) @@ -48,7 +53,12 @@ void aes_free( AES_CTX *ctx ) return; aes_zeroize( ctx, sizeof( AES_CTX ) ); - ets_aes_disable(); + + AES_LOCK(); + AES_GIVE(); + if (false == AES_IS_USED()) + ets_aes_disable(); + AES_UNLOCK(); } /* @@ -58,6 +68,7 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; + uint16 keybyte = keybits / 8; switch (keybits){ case 128: keybit = AES128; @@ -70,6 +81,12 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, break; default : return( ERR_AES_INVALID_KEY_LENGTH ); } + if (ctx->enc.flag == false){ + ctx->enc.flag = true; + ctx->enc.keybites = keybits; + memset(ctx->enc.key, 0, sizeof(ctx->enc.key)); + memcpy(ctx->enc.key, key, keybyte); + } ets_aes_setkey_enc(key, keybit); return 0; } @@ -81,6 +98,7 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; + uint16 keybyte = keybits / 8; switch (keybits){ case 128: keybit = AES128; @@ -93,11 +111,32 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, break; default : return( ERR_AES_INVALID_KEY_LENGTH ); } + if (ctx->dec.flag == false){ + ctx->dec.flag = true; + ctx->dec.keybites = keybits; + memset(ctx->dec.key, 0, sizeof(ctx->dec.key)); + memcpy(ctx->dec.key, key, keybyte); + } ets_aes_setkey_dec(key, keybit); return 0; } +static void aes_process_enable(AES_CTX *ctx, int mode) +{ + if( mode == AES_ENCRYPT ){ + aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybites); + }else{ + aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybites); + } + return; +} + +static void aes_process_disable(AES_CTX *ctx, int mode) +{ + +} + /* * AES-ECB block encryption */ @@ -155,7 +194,10 @@ int aes_crypt_cbc( AES_CTX *ctx, if( length % 16 ) return( ERR_AES_INVALID_INPUT_LENGTH ); - + + AES_LOCK(); + + aes_process_enable(ctx, mode); if( mode == AES_DECRYPT ) { while( length > 0 ) @@ -188,6 +230,10 @@ int aes_crypt_cbc( AES_CTX *ctx, length -= 16; } } + aes_process_disable(ctx, mode); + + AES_UNLOCK(); + return 0; } @@ -204,7 +250,10 @@ int aes_crypt_cfb128( AES_CTX *ctx, { int c; size_t n = *iv_off; - + + AES_LOCK(); + + aes_process_enable(ctx, mode); if( mode == AES_DECRYPT ) { while( length-- ) @@ -233,6 +282,9 @@ int aes_crypt_cfb128( AES_CTX *ctx, } *iv_off = n; + aes_process_disable(ctx, mode); + + AES_UNLOCK(); return 0; } @@ -249,7 +301,10 @@ int aes_crypt_cfb8( AES_CTX *ctx, { unsigned char c; unsigned char ov[17]; - + + AES_LOCK(); + + aes_process_enable(ctx, mode); while( length-- ) { memcpy( ov, iv, 16 ); @@ -265,6 +320,9 @@ int aes_crypt_cfb8( AES_CTX *ctx, memcpy( iv, ov + 1, 16 ); } + aes_process_disable(ctx, mode); + + AES_UNLOCK(); return 0; } @@ -283,6 +341,10 @@ int aes_crypt_ctr( AES_CTX *ctx, int c, i; size_t n = *nc_off; + AES_LOCK(); + + aes_process_enable(ctx, AES_ENCRYPT); + while( length-- ) { if( n == 0 ) { @@ -299,6 +361,10 @@ int aes_crypt_ctr( AES_CTX *ctx, } *nc_off = n; + aes_process_disable(ctx, AES_ENCRYPT); + + AES_UNLOCK(); + return 0; } diff --git a/components/mbedtls/port/bignum_alt.c b/components/mbedtls/port/bignum_alt.c index 88901671c8..2da6e71693 100644 --- a/components/mbedtls/port/bignum_alt.c +++ b/components/mbedtls/port/bignum_alt.c @@ -38,6 +38,7 @@ #if defined(ESP_BIGNUM_ALT) #include #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void mpi_zeroize( void *v, size_t n ) { @@ -68,7 +69,10 @@ void mpi_init( mpi *X ) X->s = 1; X->n = 0; X->p = NULL; + BIGNUM_LOCK(); + BIGNUM_TAKE(); ets_bigint_enable(); + BIGNUM_UNLOCK(); } /* @@ -88,7 +92,11 @@ void mpi_free( mpi *X ) X->s = 1; X->n = 0; X->p = NULL; - ets_bigint_disable(); + BIGNUM_LOCK(); + BIGNUM_GIVE(); + if (false == BIGNUM_IS_USED()) + ets_bigint_disable(); + BIGNUM_UNLOCK(); } /* @@ -1035,12 +1043,14 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) // for( i++; j > 0; j-- ) mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); + BIGNUM_LOCK(); if (ets_bigint_mult_prepare(A->p, B->p, n)){ ets_bigint_wait_finish(); ets_bigint_mult_getz(X->p, n); } else{ mpi_printf("Baseline multiplication failed\n"); } + BIGNUM_UNLOCK(); X->s = A->s * B->s; @@ -1406,6 +1416,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm, n = N->n; m = ( B->n < n ) ? B->n : n; + BIGNUM_LOCK(); if (ets_bigint_montgomery_mult_prepare(N->p, B->p, d, m, n, false)) { ets_bigint_wait_finish(); @@ -1413,6 +1424,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm, } else{ mpi_printf("Montgomery multiplication failed\n"); } + BIGNUM_UNLOCK(); } diff --git a/components/mbedtls/port/multi_thread.c b/components/mbedtls/port/multi_thread.c new file mode 100644 index 0000000000..31cf1ea6da --- /dev/null +++ b/components/mbedtls/port/multi_thread.c @@ -0,0 +1,53 @@ +#include "multi_thread.h" +#include "freertos/FreeRTOS.h" +#include "freertos/semphr.h" + +static xSemaphoreHandle multi_thread_mutex[MUTEX_MAX_NUM]; +static int multi_thread_sig[MUTEX_MAX_NUM]; + +int multi_thread_init(void) +{ + int i; + + for (i = 0; i < MUTEX_MAX_NUM; i++) { + multi_thread_mutex[i] = xSemaphoreCreateMutex(); + if (!multi_thread_mutex[i]) { + goto failed1; + } + multi_thread_sig[i] = 0; + } + + return 0; + +failed1: + for (i--; i >= 0; i--) + vQueueDelete(multi_thread_mutex[i]); + + return -1; +} + +void multi_thread_lock(unsigned int num) +{ + xSemaphoreTake(multi_thread_mutex[num], portMAX_DELAY); +} + +void multi_thread_unlock(unsigned int num) +{ + xSemaphoreGive(multi_thread_mutex[num]); +} + +void multi_thread_take(unsigned int num) +{ + multi_thread_sig[num]++; +} + +void multi_thread_give(unsigned int num) +{ + multi_thread_sig[num]--; +} + +bool multi_thread_is_used(num) +{ + return (multi_thread_sig[num] != 0) ? true : false; +} + diff --git a/components/mbedtls/port/sha1_alt.c b/components/mbedtls/port/sha1_alt.c index 32a970704c..b73d03ffa5 100644 --- a/components/mbedtls/port/sha1_alt.c +++ b/components/mbedtls/port/sha1_alt.c @@ -27,6 +27,7 @@ #if defined(ESP_SHA1_C) #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void sha1_zeroize( void *v, size_t n ) { @@ -36,7 +37,11 @@ static void sha1_zeroize( void *v, size_t n ) { void sha1_init( SHA1_CTX *ctx ) { memset( ctx, 0, sizeof( SHA1_CTX ) ); + + SHA1_LOCK(); + SHA1_TAKE(); ets_sha_enable(); + SHA1_UNLOCK(); } void sha1_free( SHA1_CTX *ctx ) @@ -45,7 +50,12 @@ void sha1_free( SHA1_CTX *ctx ) return; sha1_zeroize( ctx, sizeof( SHA1_CTX ) ); - ets_sha_disable(); + + SHA1_LOCK(); + SHA1_GIVE(); + if (false == SHA1_IS_USED()) + ets_sha_disable(); + SHA1_UNLOCK(); } void sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) @@ -63,7 +73,10 @@ void sha1_process(SHA1_CTX *ctx, const unsigned char data[64]) */ void sha1_starts( SHA1_CTX *ctx ) { + SHA1_LOCK(); ets_sha_init(&ctx->context); + SHA1_UNLOCK(); + ctx->context_type = SHA1; } @@ -72,6 +85,7 @@ void sha1_starts( SHA1_CTX *ctx ) */ void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) { + SHA1_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -81,6 +95,7 @@ void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) void sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA1_UNLOCK(); } /* diff --git a/components/mbedtls/port/sha256_alt.c b/components/mbedtls/port/sha256_alt.c index 781cfa7a11..fc8769d1ba 100644 --- a/components/mbedtls/port/sha256_alt.c +++ b/components/mbedtls/port/sha256_alt.c @@ -27,6 +27,7 @@ #if defined(ESP_SHA256_C) #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void sha256_zeroize( void *v, size_t n ) { @@ -36,7 +37,11 @@ static void sha256_zeroize( void *v, size_t n ) { void sha256_init( SHA256_CTX *ctx ) { memset( ctx, 0, sizeof( SHA256_CTX ) ); + + SHA256_LOCK(); + SHA256_TAKE(); ets_sha_enable(); + SHA256_UNLOCK(); } void sha256_process(SHA256_CTX *ctx, const unsigned char data[64]) @@ -50,7 +55,12 @@ void sha256_free( SHA256_CTX *ctx ) return; sha256_zeroize( ctx, sizeof( SHA256_CTX ) ); - ets_sha_disable(); + + SHA256_LOCK(); + SHA256_GIVE(); + if (false == SHA256_IS_USED()) + ets_sha_disable(); + SHA256_UNLOCK(); } void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) @@ -63,7 +73,10 @@ void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) */ void sha256_starts( SHA256_CTX *ctx, int is224 ) { + SHA256_LOCK(); ets_sha_init(&ctx->context); + SHA256_UNLOCK(); + if( is224 == 0 ) { /* SHA-256 */ @@ -79,6 +92,7 @@ void sha256_starts( SHA256_CTX *ctx, int is224 ) */ void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) { + SHA256_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -88,6 +102,7 @@ void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) void sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA256_UNLOCK(); } /* diff --git a/components/mbedtls/port/sha512_alt.c b/components/mbedtls/port/sha512_alt.c index 9884dd8d1e..02d315681e 100644 --- a/components/mbedtls/port/sha512_alt.c +++ b/components/mbedtls/port/sha512_alt.c @@ -26,6 +26,7 @@ #if defined(ESP_SHA512_C) #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void sha512_zeroize( void *v, size_t n ) { @@ -35,7 +36,11 @@ static void sha512_zeroize( void *v, size_t n ) { void sha512_init( SHA512_CTX *ctx ) { memset( ctx, 0, sizeof( SHA512_CTX ) ); + + SHA512_LOCK(); + SHA512_TAKE(); ets_sha_enable(); + SHA512_UNLOCK(); } void sha512_free( SHA512_CTX *ctx ) @@ -44,7 +49,12 @@ void sha512_free( SHA512_CTX *ctx ) return; sha512_zeroize( ctx, sizeof( SHA512_CTX ) ); - ets_sha_disable(); + + SHA512_LOCK(); + SHA512_GIVE(); + if (false == SHA512_IS_USED()) + ets_sha_disable(); + SHA512_UNLOCK(); } void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) @@ -57,7 +67,9 @@ void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) */ void sha512_starts( SHA512_CTX *ctx, int is384 ) { + SHA512_LOCK(); ets_sha_init(&ctx->context); + SHA512_UNLOCK(); if( is384 == 0 ) { /* SHA-512 */ @@ -75,6 +87,7 @@ void sha512_starts( SHA512_CTX *ctx, int is384 ) */ void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) { + SHA512_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -84,6 +97,7 @@ void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) void sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA512_UNLOCK(); } /* From 98021903a2f8864963aa501801a3f3ff5aa169e5 Mon Sep 17 00:00:00 2001 From: liuhan Date: Mon, 8 Aug 2016 17:29:28 +0800 Subject: [PATCH 03/28] recompile crypto and bignum function --- .../{mbedtls/port/aes_alt.c => esp32/aes.c} | 74 +- .../port/bignum_alt.c => esp32/bignum.c} | 704 +++++++++--------- components/esp32/esp_thread.c | 53 ++ .../port/aes_alt.h => esp32/include/aes.h} | 40 +- .../bignum_alt.h => esp32/include/bignum.h} | 121 ++- components/esp32/include/esp_thread.h | 56 ++ components/esp32/include/sha.h | 224 ++++++ components/esp32/sha.c | 285 +++++++ components/mbedtls/Makefile | 0 components/mbedtls/include/mbedtls/aes.h | 22 +- components/mbedtls/include/mbedtls/bignum.h | 47 +- .../mbedtls/include/mbedtls/esp_config.h | 3 +- components/mbedtls/include/mbedtls/sha1.h | 12 +- components/mbedtls/include/mbedtls/sha256.h | 12 +- components/mbedtls/include/mbedtls/sha512.h | 12 +- .../mbedtls/include/port/multi_thread.h | 63 -- components/mbedtls/include/port/sha1_alt.h | 93 --- components/mbedtls/include/port/sha256_alt.h | 95 --- components/mbedtls/include/port/sha512_alt.h | 92 --- components/mbedtls/port/include/aes_alt.h | 59 ++ components/mbedtls/port/include/bignum_alt.h | 77 ++ components/mbedtls/port/include/sha1_alt.h | 34 + components/mbedtls/port/include/sha256_alt.h | 34 + components/mbedtls/port/include/sha512_alt.h | 32 + components/mbedtls/port/multi_thread.c | 53 -- components/mbedtls/port/sha1_alt.c | 117 --- components/mbedtls/port/sha256_alt.c | 122 --- components/mbedtls/port/sha512_alt.c | 117 --- 28 files changed, 1325 insertions(+), 1328 deletions(-) rename components/{mbedtls/port/aes_alt.c => esp32/aes.c} (79%) rename components/{mbedtls/port/bignum_alt.c => esp32/bignum.c} (63%) create mode 100644 components/esp32/esp_thread.c rename components/{mbedtls/include/port/aes_alt.h => esp32/include/aes.h} (89%) rename components/{mbedtls/include/port/bignum_alt.h => esp32/include/bignum.h} (86%) create mode 100644 components/esp32/include/esp_thread.h create mode 100644 components/esp32/include/sha.h create mode 100644 components/esp32/sha.c mode change 100755 => 100644 components/mbedtls/Makefile delete mode 100644 components/mbedtls/include/port/multi_thread.h delete mode 100644 components/mbedtls/include/port/sha1_alt.h delete mode 100644 components/mbedtls/include/port/sha256_alt.h delete mode 100644 components/mbedtls/include/port/sha512_alt.h create mode 100644 components/mbedtls/port/include/aes_alt.h create mode 100644 components/mbedtls/port/include/bignum_alt.h create mode 100644 components/mbedtls/port/include/sha1_alt.h create mode 100644 components/mbedtls/port/include/sha256_alt.h create mode 100644 components/mbedtls/port/include/sha512_alt.h delete mode 100644 components/mbedtls/port/multi_thread.c delete mode 100644 components/mbedtls/port/sha1_alt.c delete mode 100644 components/mbedtls/port/sha256_alt.c delete mode 100644 components/mbedtls/port/sha512_alt.c diff --git a/components/mbedtls/port/aes_alt.c b/components/esp32/aes.c similarity index 79% rename from components/mbedtls/port/aes_alt.c rename to components/esp32/aes.c index 504a2a7db8..10a5025a56 100644 --- a/components/mbedtls/port/aes_alt.c +++ b/components/esp32/aes.c @@ -25,19 +25,17 @@ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ -#include "port/aes_alt.h" - -#if defined(ESP_AES_C) +#include "aes.h" #include -#include "multi_thread.h" +#include "esp_thread.h" /* Implementation that should never be optimized out by the compiler */ -static void aes_zeroize( void *v, size_t n ) { +static void esp_aes_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -void aes_init( AES_CTX *ctx ) +void esp_aes_init( AES_CTX *ctx ) { memset( ctx, 0, sizeof( AES_CTX ) ); @@ -47,12 +45,12 @@ void aes_init( AES_CTX *ctx ) AES_UNLOCK(); } -void aes_free( AES_CTX *ctx ) +void esp_aes_free( AES_CTX *ctx ) { if( ctx == NULL ) return; - aes_zeroize( ctx, sizeof( AES_CTX ) ); + esp_aes_zeroize( ctx, sizeof( AES_CTX ) ); AES_LOCK(); AES_GIVE(); @@ -64,7 +62,7 @@ void aes_free( AES_CTX *ctx ) /* * AES key schedule (encryption) */ -int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, +int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; @@ -94,7 +92,7 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, /* * AES key schedule (decryption) */ -int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, +int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; @@ -122,17 +120,17 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, } -static void aes_process_enable(AES_CTX *ctx, int mode) +static void esp_aes_process_enable(AES_CTX *ctx, int mode) { if( mode == AES_ENCRYPT ){ - aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybites); + esp_aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybites); }else{ - aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybites); + esp_aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybites); } return; } -static void aes_process_disable(AES_CTX *ctx, int mode) +static void esp_aes_process_disable(AES_CTX *ctx, int mode) { } @@ -141,7 +139,7 @@ static void aes_process_disable(AES_CTX *ctx, int mode) * AES-ECB block encryption */ -void aes_encrypt( AES_CTX *ctx, +void esp_aes_encrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ) { @@ -154,7 +152,7 @@ void aes_encrypt( AES_CTX *ctx, * AES-ECB block decryption */ -void aes_decrypt( AES_CTX *ctx, +void esp_aes_decrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ) { @@ -166,15 +164,15 @@ void aes_decrypt( AES_CTX *ctx, /* * AES-ECB block encryption/decryption */ -int aes_crypt_ecb( AES_CTX *ctx, +int esp_aes_crypt_ecb( AES_CTX *ctx, int mode, const unsigned char input[16], unsigned char output[16] ) { if( mode == AES_ENCRYPT ) - aes_encrypt( ctx, input, output ); + esp_aes_encrypt( ctx, input, output ); else - aes_decrypt( ctx, input, output ); + esp_aes_decrypt( ctx, input, output ); return 0; } @@ -182,7 +180,7 @@ int aes_crypt_ecb( AES_CTX *ctx, /* * AES-CBC buffer encryption/decryption */ -int aes_crypt_cbc( AES_CTX *ctx, +int esp_aes_crypt_cbc( AES_CTX *ctx, int mode, size_t length, unsigned char iv[16], @@ -197,13 +195,13 @@ int aes_crypt_cbc( AES_CTX *ctx, AES_LOCK(); - aes_process_enable(ctx, mode); + esp_aes_process_enable(ctx, mode); if( mode == AES_DECRYPT ) { while( length > 0 ) { memcpy( temp, input, 16 ); - aes_crypt_ecb( ctx, mode, input, output ); + esp_aes_crypt_ecb( ctx, mode, input, output ); for( i = 0; i < 16; i++ ) output[i] = (unsigned char)( output[i] ^ iv[i] ); @@ -222,7 +220,7 @@ int aes_crypt_cbc( AES_CTX *ctx, for( i = 0; i < 16; i++ ) output[i] = (unsigned char)( input[i] ^ iv[i] ); - aes_crypt_ecb( ctx, mode, output, output ); + esp_aes_crypt_ecb( ctx, mode, output, output ); memcpy( iv, output, 16 ); input += 16; @@ -230,7 +228,7 @@ int aes_crypt_cbc( AES_CTX *ctx, length -= 16; } } - aes_process_disable(ctx, mode); + esp_aes_process_disable(ctx, mode); AES_UNLOCK(); @@ -240,7 +238,7 @@ int aes_crypt_cbc( AES_CTX *ctx, /* * AES-CFB128 buffer encryption/decryption */ -int aes_crypt_cfb128( AES_CTX *ctx, +int esp_aes_crypt_cfb128( AES_CTX *ctx, int mode, size_t length, size_t *iv_off, @@ -253,13 +251,13 @@ int aes_crypt_cfb128( AES_CTX *ctx, AES_LOCK(); - aes_process_enable(ctx, mode); + esp_aes_process_enable(ctx, mode); if( mode == AES_DECRYPT ) { while( length-- ) { if( n == 0 ) - aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); c = *input++; *output++ = (unsigned char)( c ^ iv[n] ); @@ -273,7 +271,7 @@ int aes_crypt_cfb128( AES_CTX *ctx, while( length-- ) { if( n == 0 ) - aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); @@ -282,7 +280,7 @@ int aes_crypt_cfb128( AES_CTX *ctx, } *iv_off = n; - aes_process_disable(ctx, mode); + esp_aes_process_disable(ctx, mode); AES_UNLOCK(); @@ -292,7 +290,7 @@ int aes_crypt_cfb128( AES_CTX *ctx, /* * AES-CFB8 buffer encryption/decryption */ -int aes_crypt_cfb8( AES_CTX *ctx, +int esp_aes_crypt_cfb8( AES_CTX *ctx, int mode, size_t length, unsigned char iv[16], @@ -304,11 +302,11 @@ int aes_crypt_cfb8( AES_CTX *ctx, AES_LOCK(); - aes_process_enable(ctx, mode); + esp_aes_process_enable(ctx, mode); while( length-- ) { memcpy( ov, iv, 16 ); - aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); if( mode == AES_DECRYPT ) ov[16] = *input; @@ -320,7 +318,7 @@ int aes_crypt_cfb8( AES_CTX *ctx, memcpy( iv, ov + 1, 16 ); } - aes_process_disable(ctx, mode); + esp_aes_process_disable(ctx, mode); AES_UNLOCK(); @@ -330,7 +328,7 @@ int aes_crypt_cfb8( AES_CTX *ctx, /* * AES-CTR buffer encryption/decryption */ -int aes_crypt_ctr( AES_CTX *ctx, +int esp_aes_crypt_ctr( AES_CTX *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], @@ -343,12 +341,12 @@ int aes_crypt_ctr( AES_CTX *ctx, AES_LOCK(); - aes_process_enable(ctx, AES_ENCRYPT); + esp_aes_process_enable(ctx, AES_ENCRYPT); while( length-- ) { if( n == 0 ) { - aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); + esp_aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); for( i = 16; i > 0; i-- ) if( ++nonce_counter[i - 1] != 0 ) @@ -361,12 +359,10 @@ int aes_crypt_ctr( AES_CTX *ctx, } *nc_off = n; - aes_process_disable(ctx, AES_ENCRYPT); + esp_aes_process_disable(ctx, AES_ENCRYPT); AES_UNLOCK(); return 0; } -#endif /* AES_ALT_C */ - diff --git a/components/mbedtls/port/bignum_alt.c b/components/esp32/bignum.c similarity index 63% rename from components/mbedtls/port/bignum_alt.c rename to components/esp32/bignum.c index 2da6e71693..02d5a9c3d2 100644 --- a/components/mbedtls/port/bignum_alt.c +++ b/components/esp32/bignum.c @@ -33,19 +33,19 @@ * https://gmplib.org/manual/index.html * */ -#include "port/bignum_alt.h" +#include "bignum.h" #if defined(ESP_BIGNUM_ALT) #include #include -#include "multi_thread.h" +#include "esp_thread.h" /* Implementation that should never be optimized out by the compiler */ -static void mpi_zeroize( void *v, size_t n ) { +static void esp_mpi_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#define ciL (sizeof(mpi_uint)) /* chars in limb */ +#define ciL (sizeof(esp_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -61,7 +61,7 @@ static void mpi_zeroize( void *v, size_t n ) { /* * Initialize one MPI */ -void mpi_init( mpi *X ) +void esp_mpi_init( mpi *X ) { if( X == NULL ) return; @@ -78,14 +78,14 @@ void mpi_init( mpi *X ) /* * Unallocate one MPI */ -void mpi_free( mpi *X ) +void esp_mpi_free( mpi *X ) { if( X == NULL ) return; if( X->p != NULL ) { - mpi_zeroize( X->p, X->n * ciL ); + esp_mpi_zeroize( X->p, X->n * ciL ); free( X->p ); } @@ -102,9 +102,9 @@ void mpi_free( mpi *X ) /* * Enlarge to the specified number of limbs */ -int mpi_grow( mpi *X, size_t nblimbs ) +int esp_mpi_grow( mpi *X, size_t nblimbs ) { - mpi_uint *p; + esp_mpi_uint *p; if( nblimbs > MPI_MAX_LIMBS ) return( ERR_MPI_ALLOC_FAILED ); @@ -117,7 +117,7 @@ int mpi_grow( mpi *X, size_t nblimbs ) if( X->p != NULL ) { memcpy( p, X->p, X->n * ciL ); - mpi_zeroize( X->p, X->n * ciL ); + esp_mpi_zeroize( X->p, X->n * ciL ); free( X->p ); } @@ -132,14 +132,14 @@ int mpi_grow( mpi *X, size_t nblimbs ) * Resize down as much as possible, * while keeping at least the specified number of limbs */ -int mpi_shrink( mpi *X, size_t nblimbs ) +int esp_mpi_shrink( mpi *X, size_t nblimbs ) { - mpi_uint *p; + esp_mpi_uint *p; size_t i; /* Actually resize up in this case */ if( X->n <= nblimbs ) - return( mpi_grow( X, nblimbs ) ); + return( esp_mpi_grow( X, nblimbs ) ); for( i = X->n - 1; i > 0; i-- ) if( X->p[i] != 0 ) @@ -155,7 +155,7 @@ int mpi_shrink( mpi *X, size_t nblimbs ) if( X->p != NULL ) { memcpy( p, X->p, i * ciL ); - mpi_zeroize( X->p, X->n * ciL ); + esp_mpi_zeroize( X->p, X->n * ciL ); free( X->p ); } @@ -168,7 +168,7 @@ int mpi_shrink( mpi *X, size_t nblimbs ) /* * Copy the contents of Y into X */ -int mpi_copy( mpi *X, const mpi *Y ) +int esp_mpi_copy( mpi *X, const mpi *Y ) { int ret; size_t i; @@ -178,7 +178,7 @@ int mpi_copy( mpi *X, const mpi *Y ) if( Y->p == NULL ) { - mpi_free( X ); + esp_mpi_free( X ); return( 0 ); } @@ -189,7 +189,7 @@ int mpi_copy( mpi *X, const mpi *Y ) X->s = Y->s; - MPI_CHK( mpi_grow( X, i ) ); + MPI_CHK( esp_mpi_grow( X, i ) ); memset( X->p, 0, X->n * ciL ); memcpy( X->p, Y->p, i * ciL ); @@ -202,7 +202,7 @@ cleanup: /* * Swap the contents of X and Y */ -void mpi_swap( mpi *X, mpi *Y ) +void esp_mpi_swap( mpi *X, mpi *Y ) { mpi T; @@ -216,7 +216,7 @@ void mpi_swap( mpi *X, mpi *Y ) * about whether the assignment was made or not. * (Leaking information about the respective sizes of X and Y is ok however.) */ -int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ) +int esp_mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ) { int ret = 0; size_t i; @@ -224,7 +224,7 @@ int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ) /* make sure assign is 0 or 1 in a time-constant manner */ assign = (assign | (unsigned char)-assign) >> 7; - MPI_CHK( mpi_grow( X, Y->n ) ); + MPI_CHK( esp_mpi_grow( X, Y->n ) ); X->s = X->s * ( 1 - assign ) + Y->s * assign; @@ -244,11 +244,11 @@ cleanup: * Here it is not ok to simply swap the pointers, which whould lead to * different memory access patterns when X and Y are used afterwards. */ -int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char swap ) +int esp_mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char swap ) { int ret, s; size_t i; - mpi_uint tmp; + esp_mpi_uint tmp; if( X == Y ) return( 0 ); @@ -256,8 +256,8 @@ int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char swap ) /* make sure swap is 0 or 1 in a time-constant manner */ swap = (swap | (unsigned char)-swap) >> 7; - MPI_CHK( mpi_grow( X, Y->n ) ); - MPI_CHK( mpi_grow( Y, X->n ) ); + MPI_CHK( esp_mpi_grow( X, Y->n ) ); + MPI_CHK( esp_mpi_grow( Y, X->n ) ); s = X->s; X->s = X->s * ( 1 - swap ) + Y->s * swap; @@ -278,11 +278,11 @@ cleanup: /* * Set value from integer */ -int mpi_lset( mpi *X, mpi_sint z ) +int esp_mpi_lset( mpi *X, esp_mpi_sint z ) { int ret; - MPI_CHK( mpi_grow( X, 1 ) ); + MPI_CHK( esp_mpi_grow( X, 1 ) ); memset( X->p, 0, X->n * ciL ); X->p[0] = ( z < 0 ) ? -z : z; @@ -296,7 +296,7 @@ cleanup: /* * Get a specific bit */ -int mpi_get_bit( const mpi *X, size_t pos ) +int esp_mpi_get_bit( const mpi *X, size_t pos ) { if( X->n * biL <= pos ) return( 0 ); @@ -307,7 +307,7 @@ int mpi_get_bit( const mpi *X, size_t pos ) /* * Set a bit to a specific value of 0 or 1 */ -int mpi_set_bit( mpi *X, size_t pos, unsigned char val ) +int esp_mpi_set_bit( mpi *X, size_t pos, unsigned char val ) { int ret = 0; size_t off = pos / biL; @@ -321,11 +321,11 @@ int mpi_set_bit( mpi *X, size_t pos, unsigned char val ) if( val == 0 ) return( 0 ); - MPI_CHK( mpi_grow( X, off + 1 ) ); + MPI_CHK( esp_mpi_grow( X, off + 1 ) ); } - X->p[off] &= ~( (mpi_uint) 0x01 << idx ); - X->p[off] |= (mpi_uint) val << idx; + X->p[off] &= ~( (esp_mpi_uint) 0x01 << idx ); + X->p[off] |= (esp_mpi_uint) val << idx; cleanup: @@ -335,7 +335,7 @@ cleanup: /* * Return the number of less significant zero-bits */ -size_t mpi_lsb( const mpi *X ) +size_t esp_mpi_lsb( const mpi *X ) { size_t i, j, count = 0; @@ -350,10 +350,10 @@ size_t mpi_lsb( const mpi *X ) /* * Count leading zero bits in a given integer */ -static size_t clz( const mpi_uint x ) +static size_t clz( const esp_mpi_uint x ) { size_t j; - mpi_uint mask = (mpi_uint) 1 << (biL - 1); + esp_mpi_uint mask = (esp_mpi_uint) 1 << (biL - 1); for( j = 0; j < biL; j++ ) { @@ -368,7 +368,7 @@ static size_t clz( const mpi_uint x ) /* * Return the number of bits */ -size_t mpi_bitlen( const mpi *X ) +size_t esp_mpi_bitlen( const mpi *X ) { size_t i, j; @@ -387,15 +387,15 @@ size_t mpi_bitlen( const mpi *X ) /* * Return the total size in bytes */ -size_t mpi_size( const mpi *X ) +size_t esp_mpi_size( const mpi *X ) { - return( ( mpi_bitlen( X ) + 7 ) >> 3 ); + return( ( esp_mpi_bitlen( X ) + 7 ) >> 3 ); } /* * Convert an ASCII character to digit value */ -static int mpi_get_digit( mpi_uint *d, int radix, char c ) +static int esp_mpi_get_digit( esp_mpi_uint *d, int radix, char c ) { *d = 255; @@ -403,7 +403,7 @@ static int mpi_get_digit( mpi_uint *d, int radix, char c ) if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37; if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57; - if( *d >= (mpi_uint) radix ) + if( *d >= (esp_mpi_uint) radix ) return( ERR_MPI_INVALID_CHARACTER ); return( 0 ); @@ -412,17 +412,17 @@ static int mpi_get_digit( mpi_uint *d, int radix, char c ) /* * Import from an ASCII string */ -int mpi_read_string( mpi *X, int radix, const char *s ) +int esp_mpi_read_string( mpi *X, int radix, const char *s ) { int ret; size_t i, j, slen, n; - mpi_uint d; + esp_mpi_uint d; mpi T; if( radix < 2 || radix > 16 ) return( ERR_MPI_BAD_INPUT_DATA ); - mpi_init( &T ); + esp_mpi_init( &T ); slen = strlen( s ); @@ -433,8 +433,8 @@ int mpi_read_string( mpi *X, int radix, const char *s ) n = BITS_TO_LIMBS( slen << 2 ); - MPI_CHK( mpi_grow( X, n ) ); - MPI_CHK( mpi_lset( X, 0 ) ); + MPI_CHK( esp_mpi_grow( X, n ) ); + MPI_CHK( esp_mpi_lset( X, 0 ) ); for( i = slen, j = 0; i > 0; i--, j++ ) { @@ -444,13 +444,13 @@ int mpi_read_string( mpi *X, int radix, const char *s ) break; } - MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) ); + MPI_CHK( esp_mpi_get_digit( &d, radix, s[i - 1] ) ); X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 ); } } else { - MPI_CHK( mpi_lset( X, 0 ) ); + MPI_CHK( esp_mpi_lset( X, 0 ) ); for( i = 0; i < slen; i++ ) { @@ -460,23 +460,23 @@ int mpi_read_string( mpi *X, int radix, const char *s ) continue; } - MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); - MPI_CHK( mpi_mul_int( &T, X, radix ) ); + MPI_CHK( esp_mpi_get_digit( &d, radix, s[i] ) ); + MPI_CHK( esp_mpi_mul_int( &T, X, radix ) ); if( X->s == 1 ) { - MPI_CHK( mpi_add_int( X, &T, d ) ); + MPI_CHK( esp_mpi_add_int( X, &T, d ) ); } else { - MPI_CHK( mpi_sub_int( X, &T, d ) ); + MPI_CHK( esp_mpi_sub_int( X, &T, d ) ); } } } cleanup: - mpi_free( &T ); + esp_mpi_free( &T ); return( ret ); } @@ -484,19 +484,19 @@ cleanup: /* * Helper to write the digits high-order first */ -static int mpi_write_hlp( mpi *X, int radix, char **p ) +static int esp_mpi_write_hlp( mpi *X, int radix, char **p ) { int ret; - mpi_uint r; + esp_mpi_uint r; if( radix < 2 || radix > 16 ) return( ERR_MPI_BAD_INPUT_DATA ); - MPI_CHK( mpi_mod_int( &r, X, radix ) ); - MPI_CHK( mpi_div_int( X, NULL, X, radix ) ); + MPI_CHK( esp_mpi_mod_int( &r, X, radix ) ); + MPI_CHK( esp_mpi_div_int( X, NULL, X, radix ) ); - if( mpi_cmp_int( X, 0 ) != 0 ) - MPI_CHK( mpi_write_hlp( X, radix, p ) ); + if( esp_mpi_cmp_int( X, 0 ) != 0 ) + MPI_CHK( esp_mpi_write_hlp( X, radix, p ) ); if( r < 10 ) *(*p)++ = (char)( r + 0x30 ); @@ -511,7 +511,7 @@ cleanup: /* * Export into an ASCII string */ -int mpi_write_string( const mpi *X, int radix, +int esp_mpi_write_string( const mpi *X, int radix, char *buf, size_t buflen, size_t *olen ) { int ret = 0; @@ -522,7 +522,7 @@ int mpi_write_string( const mpi *X, int radix, if( radix < 2 || radix > 16 ) return( ERR_MPI_BAD_INPUT_DATA ); - n = mpi_bitlen( X ); + n = esp_mpi_bitlen( X ); if( radix >= 4 ) n >>= 1; if( radix >= 16 ) n >>= 1; n += 3; @@ -534,7 +534,7 @@ int mpi_write_string( const mpi *X, int radix, } p = buf; - mpi_init( &T ); + esp_mpi_init( &T ); if( X->s == -1 ) *p++ = '-'; @@ -561,12 +561,12 @@ int mpi_write_string( const mpi *X, int radix, } else { - MPI_CHK( mpi_copy( &T, X ) ); + MPI_CHK( esp_mpi_copy( &T, X ) ); if( T.s == -1 ) T.s = 1; - MPI_CHK( mpi_write_hlp( &T, radix, &p ) ); + MPI_CHK( esp_mpi_write_hlp( &T, radix, &p ) ); } *p++ = '\0'; @@ -574,7 +574,7 @@ int mpi_write_string( const mpi *X, int radix, cleanup: - mpi_free( &T ); + esp_mpi_free( &T ); return( ret ); } @@ -582,7 +582,7 @@ cleanup: /* * Import X from unsigned binary data, big endian */ -int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ) +int esp_mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ) { int ret; size_t i, j, n; @@ -591,11 +591,11 @@ int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ) if( buf[n] != 0 ) break; - MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) ); - MPI_CHK( mpi_lset( X, 0 ) ); + MPI_CHK( esp_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) ); + MPI_CHK( esp_mpi_lset( X, 0 ) ); for( i = buflen, j = 0; i > n; i--, j++ ) - X->p[j / ciL] |= ((mpi_uint) buf[i - 1]) << ((j % ciL) << 3); + X->p[j / ciL] |= ((esp_mpi_uint) buf[i - 1]) << ((j % ciL) << 3); cleanup: @@ -605,11 +605,11 @@ cleanup: /* * Export X into unsigned binary data, big endian */ -int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ) +int esp_mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ) { size_t i, j, n; - n = mpi_size( X ); + n = esp_mpi_size( X ); if( buflen < n ) return( ERR_MPI_BUFFER_TOO_SMALL ); @@ -625,19 +625,19 @@ int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ) /* * Left-shift: X <<= count */ -int mpi_shift_l( mpi *X, size_t count ) +int esp_mpi_shift_l( mpi *X, size_t count ) { int ret; size_t i, v0, t1; - mpi_uint r0 = 0, r1; + esp_mpi_uint r0 = 0, r1; v0 = count / (biL ); t1 = count & (biL - 1); - i = mpi_bitlen( X ) + count; + i = esp_mpi_bitlen( X ) + count; if( X->n * biL < i ) - MPI_CHK( mpi_grow( X, BITS_TO_LIMBS( i ) ) ); + MPI_CHK( esp_mpi_grow( X, BITS_TO_LIMBS( i ) ) ); ret = 0; @@ -675,16 +675,16 @@ cleanup: /* * Right-shift: X >>= count */ -int mpi_shift_r( mpi *X, size_t count ) +int esp_mpi_shift_r( mpi *X, size_t count ) { size_t i, v0, v1; - mpi_uint r0 = 0, r1; + esp_mpi_uint r0 = 0, r1; v0 = count / biL; v1 = count & (biL - 1); if( v0 > X->n || ( v0 == X->n && v1 > 0 ) ) - return mpi_lset( X, 0 ); + return esp_mpi_lset( X, 0 ); /* * shift by count / limb_size @@ -718,7 +718,7 @@ int mpi_shift_r( mpi *X, size_t count ) /* * Compare unsigned values */ -int mpi_cmp_abs( const mpi *X, const mpi *Y ) +int esp_mpi_cmp_abs( const mpi *X, const mpi *Y ) { size_t i, j; @@ -748,7 +748,7 @@ int mpi_cmp_abs( const mpi *X, const mpi *Y ) /* * Compare signed values */ -int mpi_cmp_mpi( const mpi *X, const mpi *Y ) +int esp_mpi_cmp_mpi( const mpi *X, const mpi *Y ) { size_t i, j; @@ -781,27 +781,27 @@ int mpi_cmp_mpi( const mpi *X, const mpi *Y ) /* * Compare signed values */ -int mpi_cmp_int( const mpi *X, mpi_sint z ) +int esp_mpi_cmp_int( const mpi *X, esp_mpi_sint z ) { mpi Y; - mpi_uint p[1]; + esp_mpi_uint p[1]; *p = ( z < 0 ) ? -z : z; Y.s = ( z < 0 ) ? -1 : 1; Y.n = 1; Y.p = p; - return( mpi_cmp_mpi( X, &Y ) ); + return( esp_mpi_cmp_mpi( X, &Y ) ); } /* * Unsigned addition: X = |A| + |B| (HAC 14.7) */ -int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) +int esp_mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) { int ret; size_t i, j; - mpi_uint *o, *p, c; + esp_mpi_uint *o, *p, c; if( X == B ) { @@ -809,7 +809,7 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) } if( X != A ) - MPI_CHK( mpi_copy( X, A ) ); + MPI_CHK( esp_mpi_copy( X, A ) ); /* * X should always be positive as a result of unsigned additions. @@ -820,7 +820,7 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) if( B->p[j - 1] != 0 ) break; - MPI_CHK( mpi_grow( X, j ) ); + MPI_CHK( esp_mpi_grow( X, j ) ); o = B->p; p = X->p; c = 0; @@ -834,7 +834,7 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) { if( i >= X->n ) { - MPI_CHK( mpi_grow( X, i + 1 ) ); + MPI_CHK( esp_mpi_grow( X, i + 1 ) ); p = X->p + i; } @@ -849,10 +849,10 @@ cleanup: /* * Helper for mpi subtraction */ -static void mpi_sub_hlp( size_t n, mpi_uint *s, mpi_uint *d ) +static void esp_mpi_sub_hlp( size_t n, esp_mpi_uint *s, esp_mpi_uint *d ) { size_t i; - mpi_uint c, z; + esp_mpi_uint c, z; for( i = c = 0; i < n; i++, s++, d++ ) { @@ -870,25 +870,25 @@ static void mpi_sub_hlp( size_t n, mpi_uint *s, mpi_uint *d ) /* * Unsigned subtraction: X = |A| - |B| (HAC 14.9) */ -int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ) +int esp_mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ) { mpi TB; int ret; size_t n; - if( mpi_cmp_abs( A, B ) < 0 ) + if( esp_mpi_cmp_abs( A, B ) < 0 ) return( ERR_MPI_NEGATIVE_VALUE ); - mpi_init( &TB ); + esp_mpi_init( &TB ); if( X == B ) { - MPI_CHK( mpi_copy( &TB, B ) ); + MPI_CHK( esp_mpi_copy( &TB, B ) ); B = &TB; } if( X != A ) - MPI_CHK( mpi_copy( X, A ) ); + MPI_CHK( esp_mpi_copy( X, A ) ); /* * X should always be positive as a result of unsigned subtractions. @@ -901,11 +901,11 @@ int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ) if( B->p[n - 1] != 0 ) break; - mpi_sub_hlp( n, B->p, X->p ); + esp_mpi_sub_hlp( n, B->p, X->p ); cleanup: - mpi_free( &TB ); + esp_mpi_free( &TB ); return( ret ); } @@ -913,26 +913,26 @@ cleanup: /* * Signed addition: X = A + B */ -int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ) +int esp_mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ) { int ret, s = A->s; if( A->s * B->s < 0 ) { - if( mpi_cmp_abs( A, B ) >= 0 ) + if( esp_mpi_cmp_abs( A, B ) >= 0 ) { - MPI_CHK( mpi_sub_abs( X, A, B ) ); + MPI_CHK( esp_mpi_sub_abs( X, A, B ) ); X->s = s; } else { - MPI_CHK( mpi_sub_abs( X, B, A ) ); + MPI_CHK( esp_mpi_sub_abs( X, B, A ) ); X->s = -s; } } else { - MPI_CHK( mpi_add_abs( X, A, B ) ); + MPI_CHK( esp_mpi_add_abs( X, A, B ) ); X->s = s; } @@ -944,26 +944,26 @@ cleanup: /* * Signed subtraction: X = A - B */ -int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ) +int esp_mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ) { int ret, s = A->s; if( A->s * B->s > 0 ) { - if( mpi_cmp_abs( A, B ) >= 0 ) + if( esp_mpi_cmp_abs( A, B ) >= 0 ) { - MPI_CHK( mpi_sub_abs( X, A, B ) ); + MPI_CHK( esp_mpi_sub_abs( X, A, B ) ); X->s = s; } else { - MPI_CHK( mpi_sub_abs( X, B, A ) ); + MPI_CHK( esp_mpi_sub_abs( X, B, A ) ); X->s = -s; } } else { - MPI_CHK( mpi_add_abs( X, A, B ) ); + MPI_CHK( esp_mpi_add_abs( X, A, B ) ); X->s = s; } @@ -975,39 +975,39 @@ cleanup: /* * Signed addition: X = A + b */ -int mpi_add_int( mpi *X, const mpi *A, mpi_sint b ) +int esp_mpi_add_int( mpi *X, const mpi *A, esp_mpi_sint b ) { mpi _B; - mpi_uint p[1]; + esp_mpi_uint p[1]; p[0] = ( b < 0 ) ? -b : b; _B.s = ( b < 0 ) ? -1 : 1; _B.n = 1; _B.p = p; - return( mpi_add_mpi( X, A, &_B ) ); + return( esp_mpi_add_mpi( X, A, &_B ) ); } /* * Signed subtraction: X = A - b */ -int mpi_sub_int( mpi *X, const mpi *A, mpi_sint b ) +int esp_mpi_sub_int( mpi *X, const mpi *A, esp_mpi_sint b ) { mpi _B; - mpi_uint p[1]; + esp_mpi_uint p[1]; p[0] = ( b < 0 ) ? -b : b; _B.s = ( b < 0 ) ? -1 : 1; _B.n = 1; _B.p = p; - return( mpi_sub_mpi( X, A, &_B ) ); + return( esp_mpi_sub_mpi( X, A, &_B ) ); } /* * Helper for mpi multiplication */ -static void mpi_mul_hlp( size_t i, mpi_uint *s, mpi_uint *d, mpi_uint b ) +static void esp_mpi_mul_hlp( size_t i, esp_mpi_uint *s, esp_mpi_uint *d, esp_mpi_uint b ) { } @@ -1015,7 +1015,7 @@ static void mpi_mul_hlp( size_t i, mpi_uint *s, mpi_uint *d, mpi_uint b ) /* * Baseline multiplication: X = A * B (HAC 14.12) */ -int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) +int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) { int ret; size_t i, j; @@ -1023,10 +1023,10 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) mpi TA, TB; - mpi_init( &TA ); mpi_init( &TB ); + esp_mpi_init( &TA ); esp_mpi_init( &TB ); - if( X == A ) { MPI_CHK( mpi_copy( &TA, A ) ); A = &TA; } - if( X == B ) { MPI_CHK( mpi_copy( &TB, B ) ); B = &TB; } + if( X == A ) { MPI_CHK( esp_mpi_copy( &TA, A ) ); A = &TA; } + if( X == B ) { MPI_CHK( esp_mpi_copy( &TB, B ) ); B = &TB; } for( i = A->n; i > 0; i-- ) if( A->p[i - 1] != 0 ) @@ -1036,19 +1036,19 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) if( B->p[j - 1] != 0 ) break; - MPI_CHK( mpi_grow( X, i + j ) ); - MPI_CHK( mpi_lset( X, 0 ) ); + MPI_CHK( esp_mpi_grow( X, i + j ) ); + MPI_CHK( esp_mpi_lset( X, 0 ) ); n = j; // for( i++; j > 0; j-- ) - mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); + esp_mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); BIGNUM_LOCK(); if (ets_bigint_mult_prepare(A->p, B->p, n)){ ets_bigint_wait_finish(); ets_bigint_mult_getz(X->p, n); } else{ - mpi_printf("Baseline multiplication failed\n"); + esp_mpi_printf("Baseline multiplication failed\n"); } BIGNUM_UNLOCK(); @@ -1056,7 +1056,7 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) cleanup: - mpi_free( &TB ); mpi_free( &TA ); + esp_mpi_free( &TB ); esp_mpi_free( &TA ); return( ret ); } @@ -1064,33 +1064,33 @@ cleanup: /* * Baseline multiplication: X = A * b */ -int mpi_mul_int( mpi *X, const mpi *A, mpi_uint b ) +int esp_mpi_mul_int( mpi *X, const mpi *A, esp_mpi_uint b ) { mpi _B; - mpi_uint p[1]; + esp_mpi_uint p[1]; _B.s = 1; _B.n = 1; _B.p = p; p[0] = b; - return( mpi_mul_mpi( X, A, &_B ) ); + return( esp_mpi_mul_mpi( X, A, &_B ) ); } /* - * Unsigned integer divide - double mpi_uint dividend, u1/u0, and - * mpi_uint divisor, d + * Unsigned integer divide - double esp_mpi_uint dividend, u1/u0, and + * esp_mpi_uint divisor, d */ -static mpi_uint int_div_int( mpi_uint u1, - mpi_uint u0, mpi_uint d, mpi_uint *r ) +static esp_mpi_uint int_div_int( esp_mpi_uint u1, + esp_mpi_uint u0, esp_mpi_uint d, esp_mpi_uint *r ) { #if defined(HAVE_UDBL) t_udbl dividend, quotient; #else - const mpi_uint radix = (mpi_uint) 1 << biH; - const mpi_uint uint_halfword_mask = ( (mpi_uint) 1 << biH ) - 1; - mpi_uint d0, d1, q0, q1, rAX, r0, quotient; - mpi_uint u0_msw, u0_lsw; + const esp_mpi_uint radix = (esp_mpi_uint) 1 << biH; + const esp_mpi_uint uint_halfword_mask = ( (esp_mpi_uint) 1 << biH ) - 1; + esp_mpi_uint d0, d1, q0, q1, rAX, r0, quotient; + esp_mpi_uint u0_msw, u0_lsw; size_t s; #endif @@ -1112,9 +1112,9 @@ static mpi_uint int_div_int( mpi_uint u1, quotient = ( (t_udbl) 1 << biL ) - 1; if( r != NULL ) - *r = (mpi_uint)( dividend - (quotient * d ) ); + *r = (esp_mpi_uint)( dividend - (quotient * d ) ); - return (mpi_uint) quotient; + return (esp_mpi_uint) quotient; #else /* @@ -1129,7 +1129,7 @@ static mpi_uint int_div_int( mpi_uint u1, d = d << s; u1 = u1 << s; - u1 |= ( u0 >> ( biL - s ) ) & ( -(mpi_sint)s >> ( biL - 1 ) ); + u1 |= ( u0 >> ( biL - s ) ) & ( -(esp_mpi_sint)s >> ( biL - 1 ) ); u0 = u0 << s; d1 = d >> biH; @@ -1176,53 +1176,53 @@ static mpi_uint int_div_int( mpi_uint u1, /* * Division by mpi: A = Q * B + R (HAC 14.20) */ -int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) +int esp_mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) { int ret; size_t i, n, t, k; mpi X, Y, Z, T1, T2; - if( mpi_cmp_int( B, 0 ) == 0 ) + if( esp_mpi_cmp_int( B, 0 ) == 0 ) return( ERR_MPI_DIVISION_BY_ZERO ); - mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z ); - mpi_init( &T1 ); mpi_init( &T2 ); + esp_mpi_init( &X ); esp_mpi_init( &Y ); esp_mpi_init( &Z ); + esp_mpi_init( &T1 ); esp_mpi_init( &T2 ); - if( mpi_cmp_abs( A, B ) < 0 ) + if( esp_mpi_cmp_abs( A, B ) < 0 ) { - if( Q != NULL ) MPI_CHK( mpi_lset( Q, 0 ) ); - if( R != NULL ) MPI_CHK( mpi_copy( R, A ) ); + if( Q != NULL ) MPI_CHK( esp_mpi_lset( Q, 0 ) ); + if( R != NULL ) MPI_CHK( esp_mpi_copy( R, A ) ); return( 0 ); } - MPI_CHK( mpi_copy( &X, A ) ); - MPI_CHK( mpi_copy( &Y, B ) ); + MPI_CHK( esp_mpi_copy( &X, A ) ); + MPI_CHK( esp_mpi_copy( &Y, B ) ); X.s = Y.s = 1; - MPI_CHK( mpi_grow( &Z, A->n + 2 ) ); - MPI_CHK( mpi_lset( &Z, 0 ) ); - MPI_CHK( mpi_grow( &T1, 2 ) ); - MPI_CHK( mpi_grow( &T2, 3 ) ); + MPI_CHK( esp_mpi_grow( &Z, A->n + 2 ) ); + MPI_CHK( esp_mpi_lset( &Z, 0 ) ); + MPI_CHK( esp_mpi_grow( &T1, 2 ) ); + MPI_CHK( esp_mpi_grow( &T2, 3 ) ); - k = mpi_bitlen( &Y ) % biL; + k = esp_mpi_bitlen( &Y ) % biL; if( k < biL - 1 ) { k = biL - 1 - k; - MPI_CHK( mpi_shift_l( &X, k ) ); - MPI_CHK( mpi_shift_l( &Y, k ) ); + MPI_CHK( esp_mpi_shift_l( &X, k ) ); + MPI_CHK( esp_mpi_shift_l( &Y, k ) ); } else k = 0; n = X.n - 1; t = Y.n - 1; - MPI_CHK( mpi_shift_l( &Y, biL * ( n - t ) ) ); + MPI_CHK( esp_mpi_shift_l( &Y, biL * ( n - t ) ) ); - while( mpi_cmp_mpi( &X, &Y ) >= 0 ) + while( esp_mpi_cmp_mpi( &X, &Y ) >= 0 ) { Z.p[n - t]++; - MPI_CHK( mpi_sub_mpi( &X, &X, &Y ) ); + MPI_CHK( esp_mpi_sub_mpi( &X, &X, &Y ) ); } - MPI_CHK( mpi_shift_r( &Y, biL * ( n - t ) ) ); + MPI_CHK( esp_mpi_shift_r( &Y, biL * ( n - t ) ) ); for( i = n; i > t ; i-- ) { @@ -1239,51 +1239,51 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) { Z.p[i - t - 1]--; - MPI_CHK( mpi_lset( &T1, 0 ) ); + MPI_CHK( esp_mpi_lset( &T1, 0 ) ); T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1]; T1.p[1] = Y.p[t]; - MPI_CHK( mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) ); + MPI_CHK( esp_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) ); - MPI_CHK( mpi_lset( &T2, 0 ) ); + MPI_CHK( esp_mpi_lset( &T2, 0 ) ); T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2]; T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1]; T2.p[2] = X.p[i]; } - while( mpi_cmp_mpi( &T1, &T2 ) > 0 ); + while( esp_mpi_cmp_mpi( &T1, &T2 ) > 0 ); - MPI_CHK( mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) ); - MPI_CHK( mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); + MPI_CHK( esp_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) ); + MPI_CHK( esp_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); + MPI_CHK( esp_mpi_sub_mpi( &X, &X, &T1 ) ); - if( mpi_cmp_int( &X, 0 ) < 0 ) + if( esp_mpi_cmp_int( &X, 0 ) < 0 ) { - MPI_CHK( mpi_copy( &T1, &Y ) ); - MPI_CHK( mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MPI_CHK( mpi_add_mpi( &X, &X, &T1 ) ); + MPI_CHK( esp_mpi_copy( &T1, &Y ) ); + MPI_CHK( esp_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); + MPI_CHK( esp_mpi_add_mpi( &X, &X, &T1 ) ); Z.p[i - t - 1]--; } } if( Q != NULL ) { - MPI_CHK( mpi_copy( Q, &Z ) ); + MPI_CHK( esp_mpi_copy( Q, &Z ) ); Q->s = A->s * B->s; } if( R != NULL ) { - MPI_CHK( mpi_shift_r( &X, k ) ); + MPI_CHK( esp_mpi_shift_r( &X, k ) ); X.s = A->s; - MPI_CHK( mpi_copy( R, &X ) ); + MPI_CHK( esp_mpi_copy( R, &X ) ); - if( mpi_cmp_int( R, 0 ) == 0 ) + if( esp_mpi_cmp_int( R, 0 ) == 0 ) R->s = 1; } cleanup: - mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z ); - mpi_free( &T1 ); mpi_free( &T2 ); + esp_mpi_free( &X ); esp_mpi_free( &Y ); esp_mpi_free( &Z ); + esp_mpi_free( &T1 ); esp_mpi_free( &T2 ); return( ret ); } @@ -1291,36 +1291,36 @@ cleanup: /* * Division by int: A = Q * b + R */ -int mpi_div_int( mpi *Q, mpi *R, const mpi *A, mpi_sint b ) +int esp_mpi_div_int( mpi *Q, mpi *R, const mpi *A, esp_mpi_sint b ) { mpi _B; - mpi_uint p[1]; + esp_mpi_uint p[1]; p[0] = ( b < 0 ) ? -b : b; _B.s = ( b < 0 ) ? -1 : 1; _B.n = 1; _B.p = p; - return( mpi_div_mpi( Q, R, A, &_B ) ); + return( esp_mpi_div_mpi( Q, R, A, &_B ) ); } /* * Modulo: R = A mod B */ -int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ) +int esp_mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ) { int ret; - if( mpi_cmp_int( B, 0 ) < 0 ) + if( esp_mpi_cmp_int( B, 0 ) < 0 ) return( ERR_MPI_NEGATIVE_VALUE ); - MPI_CHK( mpi_div_mpi( NULL, R, A, B ) ); + MPI_CHK( esp_mpi_div_mpi( NULL, R, A, B ) ); - while( mpi_cmp_int( R, 0 ) < 0 ) - MPI_CHK( mpi_add_mpi( R, R, B ) ); + while( esp_mpi_cmp_int( R, 0 ) < 0 ) + MPI_CHK( esp_mpi_add_mpi( R, R, B ) ); - while( mpi_cmp_mpi( R, B ) >= 0 ) - MPI_CHK( mpi_sub_mpi( R, R, B ) ); + while( esp_mpi_cmp_mpi( R, B ) >= 0 ) + MPI_CHK( esp_mpi_sub_mpi( R, R, B ) ); cleanup: @@ -1330,10 +1330,10 @@ cleanup: /* * Modulo: r = A mod b */ -int mpi_mod_int( mpi_uint *r, const mpi *A, mpi_sint b ) +int esp_mpi_mod_int( esp_mpi_uint *r, const mpi *A, esp_mpi_sint b ) { size_t i; - mpi_uint x, y, z; + esp_mpi_uint x, y, z; if( b == 0 ) return( ERR_MPI_DIVISION_BY_ZERO ); @@ -1387,9 +1387,9 @@ int mpi_mod_int( mpi_uint *r, const mpi *A, mpi_sint b ) /* * Fast Montgomery initialization (thanks to Tom St Denis) */ -static void mpi_montg_init( mpi_uint *mm, const mpi *N ) +static void esp_mpi_montg_init( esp_mpi_uint *mm, const mpi *N ) { - mpi_uint x, m0 = N->p[0]; + esp_mpi_uint x, m0 = N->p[0]; unsigned int i; x = m0; @@ -1404,11 +1404,11 @@ static void mpi_montg_init( mpi_uint *mm, const mpi *N ) /* * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) */ -static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm, +static void esp_mpi_montmul( mpi *A, const mpi *B, const mpi *N, esp_mpi_uint mm, const mpi *T ) { size_t n, m; - mpi_uint *d = NULL; + esp_mpi_uint *d = NULL; memset( T->p, 0, T->n * ciL ); @@ -1422,7 +1422,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm, ets_bigint_montgomery_mult_getz(A->p, n); } else{ - mpi_printf("Montgomery multiplication failed\n"); + esp_mpi_printf("Montgomery multiplication failed\n"); } BIGNUM_UNLOCK(); @@ -1431,45 +1431,45 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm, /* * Montgomery reduction: A = A * R^-1 mod N */ -static void mpi_montred( mpi *A, const mpi *N, mpi_uint mm, const mpi *T ) +static void esp_mpi_montred( mpi *A, const mpi *N, esp_mpi_uint mm, const mpi *T ) { - mpi_uint z = 1; + esp_mpi_uint z = 1; mpi U; U.n = U.s = (int) z; U.p = &z; - mpi_montmul( A, &U, N, mm, T ); + esp_mpi_montmul( A, &U, N, mm, T ); } /* * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) */ -int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) +int esp_mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) { int ret; size_t wbits, wsize, one = 1; size_t i, j, nblimbs; size_t bufsize, nbits; - mpi_uint ei, mm, state; + esp_mpi_uint ei, mm, state; mpi RR, T, W[ 2 << MPI_WINDOW_SIZE ], Apos; int neg; - if( mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) + if( esp_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) return( ERR_MPI_BAD_INPUT_DATA ); - if( mpi_cmp_int( E, 0 ) < 0 ) + if( esp_mpi_cmp_int( E, 0 ) < 0 ) return( ERR_MPI_BAD_INPUT_DATA ); /* * Init temps and window size */ - mpi_montg_init( &mm, N ); - mpi_init( &RR ); mpi_init( &T ); - mpi_init( &Apos ); + esp_mpi_montg_init( &mm, N ); + esp_mpi_init( &RR ); esp_mpi_init( &T ); + esp_mpi_init( &Apos ); memset( W, 0, sizeof( W ) ); - i = mpi_bitlen( E ); + i = esp_mpi_bitlen( E ); wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; @@ -1478,9 +1478,9 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) wsize = MPI_WINDOW_SIZE; j = N->n + 1; - MPI_CHK( mpi_grow( X, j ) ); - MPI_CHK( mpi_grow( &W[1], j ) ); - MPI_CHK( mpi_grow( &T, j * 2 ) ); + MPI_CHK( esp_mpi_grow( X, j ) ); + MPI_CHK( esp_mpi_grow( &W[1], j ) ); + MPI_CHK( esp_mpi_grow( &T, j * 2 ) ); /* * Compensate for negative A (and correct at the end) @@ -1488,7 +1488,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) neg = ( A->s == -1 ); if( neg ) { - MPI_CHK( mpi_copy( &Apos, A ) ); + MPI_CHK( esp_mpi_copy( &Apos, A ) ); Apos.s = 1; A = &Apos; } @@ -1498,9 +1498,9 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) */ if( _RR == NULL || _RR->p == NULL ) { - MPI_CHK( mpi_lset( &RR, 1 ) ); - MPI_CHK( mpi_shift_l( &RR, N->n * 2 * biL ) ); - MPI_CHK( mpi_mod_mpi( &RR, &RR, N ) ); + MPI_CHK( esp_mpi_lset( &RR, 1 ) ); + MPI_CHK( esp_mpi_shift_l( &RR, N->n * 2 * biL ) ); + MPI_CHK( esp_mpi_mod_mpi( &RR, &RR, N ) ); if( _RR != NULL ) memcpy( _RR, &RR, sizeof( mpi ) ); @@ -1511,18 +1511,18 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) /* * W[1] = A * R^2 * R^-1 mod N = A * R mod N */ - if( mpi_cmp_mpi( A, N ) >= 0 ) - MPI_CHK( mpi_mod_mpi( &W[1], A, N ) ); + if( esp_mpi_cmp_mpi( A, N ) >= 0 ) + MPI_CHK( esp_mpi_mod_mpi( &W[1], A, N ) ); else - MPI_CHK( mpi_copy( &W[1], A ) ); + MPI_CHK( esp_mpi_copy( &W[1], A ) ); - mpi_montmul( &W[1], &RR, N, mm, &T ); + esp_mpi_montmul( &W[1], &RR, N, mm, &T ); /* * X = R^2 * R^-1 mod N = R mod N */ - MPI_CHK( mpi_copy( X, &RR ) ); - mpi_montred( X, N, mm, &T ); + MPI_CHK( esp_mpi_copy( X, &RR ) ); + esp_mpi_montred( X, N, mm, &T ); if( wsize > 1 ) { @@ -1531,21 +1531,21 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) */ j = one << ( wsize - 1 ); - MPI_CHK( mpi_grow( &W[j], N->n + 1 ) ); - MPI_CHK( mpi_copy( &W[j], &W[1] ) ); + MPI_CHK( esp_mpi_grow( &W[j], N->n + 1 ) ); + MPI_CHK( esp_mpi_copy( &W[j], &W[1] ) ); for( i = 0; i < wsize - 1; i++ ) - mpi_montmul( &W[j], &W[j], N, mm, &T ); + esp_mpi_montmul( &W[j], &W[j], N, mm, &T ); /* * W[i] = W[i - 1] * W[1] */ for( i = j + 1; i < ( one << wsize ); i++ ) { - MPI_CHK( mpi_grow( &W[i], N->n + 1 ) ); - MPI_CHK( mpi_copy( &W[i], &W[i - 1] ) ); + MPI_CHK( esp_mpi_grow( &W[i], N->n + 1 ) ); + MPI_CHK( esp_mpi_copy( &W[i], &W[i - 1] ) ); - mpi_montmul( &W[i], &W[1], N, mm, &T ); + esp_mpi_montmul( &W[i], &W[1], N, mm, &T ); } } @@ -1564,7 +1564,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) nblimbs--; - bufsize = sizeof( mpi_uint ) << 3; + bufsize = sizeof( esp_mpi_uint ) << 3; } bufsize--; @@ -1582,7 +1582,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) /* * out of window, square X */ - mpi_montmul( X, X, N, mm, &T ); + esp_mpi_montmul( X, X, N, mm, &T ); continue; } @@ -1600,12 +1600,12 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) * X = X^wsize R^-1 mod N */ for( i = 0; i < wsize; i++ ) - mpi_montmul( X, X, N, mm, &T ); + esp_mpi_montmul( X, X, N, mm, &T ); /* * X = X * W[wbits] R^-1 mod N */ - mpi_montmul( X, &W[wbits], N, mm, &T ); + esp_mpi_montmul( X, &W[wbits], N, mm, &T ); state--; nbits = 0; @@ -1618,34 +1618,34 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) */ for( i = 0; i < nbits; i++ ) { - mpi_montmul( X, X, N, mm, &T ); + esp_mpi_montmul( X, X, N, mm, &T ); wbits <<= 1; if( ( wbits & ( one << wsize ) ) != 0 ) - mpi_montmul( X, &W[1], N, mm, &T ); + esp_mpi_montmul( X, &W[1], N, mm, &T ); } /* * X = A^E * R * R^-1 mod N = A^E mod N */ - mpi_montred( X, N, mm, &T ); + esp_mpi_montred( X, N, mm, &T ); if( neg ) { X->s = -1; - MPI_CHK( mpi_add_mpi( X, N, X ) ); + MPI_CHK( esp_mpi_add_mpi( X, N, X ) ); } cleanup: for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ ) - mpi_free( &W[i] ); + esp_mpi_free( &W[i] ); - mpi_free( &W[1] ); mpi_free( &T ); mpi_free( &Apos ); + esp_mpi_free( &W[1] ); esp_mpi_free( &T ); esp_mpi_free( &Apos ); if( _RR == NULL || _RR->p == NULL ) - mpi_free( &RR ); + esp_mpi_free( &RR ); return( ret ); } @@ -1653,51 +1653,51 @@ cleanup: /* * Greatest common divisor: G = gcd(A, B) (HAC 14.54) */ -int mpi_gcd( mpi *G, const mpi *A, const mpi *B ) +int esp_mpi_gcd( mpi *G, const mpi *A, const mpi *B ) { int ret; size_t lz, lzt; mpi TG, TA, TB; - mpi_init( &TG ); mpi_init( &TA ); mpi_init( &TB ); + esp_mpi_init( &TG ); esp_mpi_init( &TA ); esp_mpi_init( &TB ); - MPI_CHK( mpi_copy( &TA, A ) ); - MPI_CHK( mpi_copy( &TB, B ) ); + MPI_CHK( esp_mpi_copy( &TA, A ) ); + MPI_CHK( esp_mpi_copy( &TB, B ) ); - lz = mpi_lsb( &TA ); - lzt = mpi_lsb( &TB ); + lz = esp_mpi_lsb( &TA ); + lzt = esp_mpi_lsb( &TB ); if( lzt < lz ) lz = lzt; - MPI_CHK( mpi_shift_r( &TA, lz ) ); - MPI_CHK( mpi_shift_r( &TB, lz ) ); + MPI_CHK( esp_mpi_shift_r( &TA, lz ) ); + MPI_CHK( esp_mpi_shift_r( &TB, lz ) ); TA.s = TB.s = 1; - while( mpi_cmp_int( &TA, 0 ) != 0 ) + while( esp_mpi_cmp_int( &TA, 0 ) != 0 ) { - MPI_CHK( mpi_shift_r( &TA, mpi_lsb( &TA ) ) ); - MPI_CHK( mpi_shift_r( &TB, mpi_lsb( &TB ) ) ); + MPI_CHK( esp_mpi_shift_r( &TA, esp_mpi_lsb( &TA ) ) ); + MPI_CHK( esp_mpi_shift_r( &TB, esp_mpi_lsb( &TB ) ) ); - if( mpi_cmp_mpi( &TA, &TB ) >= 0 ) + if( esp_mpi_cmp_mpi( &TA, &TB ) >= 0 ) { - MPI_CHK( mpi_sub_abs( &TA, &TA, &TB ) ); - MPI_CHK( mpi_shift_r( &TA, 1 ) ); + MPI_CHK( esp_mpi_sub_abs( &TA, &TA, &TB ) ); + MPI_CHK( esp_mpi_shift_r( &TA, 1 ) ); } else { - MPI_CHK( mpi_sub_abs( &TB, &TB, &TA ) ); - MPI_CHK( mpi_shift_r( &TB, 1 ) ); + MPI_CHK( esp_mpi_sub_abs( &TB, &TB, &TA ) ); + MPI_CHK( esp_mpi_shift_r( &TB, 1 ) ); } } - MPI_CHK( mpi_shift_l( &TB, lz ) ); - MPI_CHK( mpi_copy( G, &TB ) ); + MPI_CHK( esp_mpi_shift_l( &TB, lz ) ); + MPI_CHK( esp_mpi_copy( G, &TB ) ); cleanup: - mpi_free( &TG ); mpi_free( &TA ); mpi_free( &TB ); + esp_mpi_free( &TG ); esp_mpi_free( &TA ); esp_mpi_free( &TB ); return( ret ); } @@ -1709,7 +1709,7 @@ cleanup: * regardless of the platform endianness (useful when f_rng is actually * deterministic, eg for tests). */ -int mpi_fill_random( mpi *X, size_t size, +int esp_mpi_fill_random( mpi *X, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { @@ -1720,7 +1720,7 @@ int mpi_fill_random( mpi *X, size_t size, return( ERR_MPI_BAD_INPUT_DATA ); MPI_CHK( f_rng( p_rng, buf, size ) ); - MPI_CHK( mpi_read_binary( X, buf, size ) ); + MPI_CHK( esp_mpi_read_binary( X, buf, size ) ); cleanup: return( ret ); @@ -1729,94 +1729,94 @@ cleanup: /* * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64) */ -int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ) +int esp_mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ) { int ret; mpi G, TA, TU, U1, U2, TB, TV, V1, V2; - if( mpi_cmp_int( N, 0 ) <= 0 ) + if( esp_mpi_cmp_int( N, 0 ) <= 0 ) return( ERR_MPI_BAD_INPUT_DATA ); - mpi_init( &TA ); mpi_init( &TU ); mpi_init( &U1 ); mpi_init( &U2 ); - mpi_init( &G ); mpi_init( &TB ); mpi_init( &TV ); - mpi_init( &V1 ); mpi_init( &V2 ); + esp_mpi_init( &TA ); esp_mpi_init( &TU ); esp_mpi_init( &U1 ); esp_mpi_init( &U2 ); + esp_mpi_init( &G ); esp_mpi_init( &TB ); esp_mpi_init( &TV ); + esp_mpi_init( &V1 ); esp_mpi_init( &V2 ); - MPI_CHK( mpi_gcd( &G, A, N ) ); + MPI_CHK( esp_mpi_gcd( &G, A, N ) ); - if( mpi_cmp_int( &G, 1 ) != 0 ) + if( esp_mpi_cmp_int( &G, 1 ) != 0 ) { ret = ERR_MPI_NOT_ACCEPTABLE; goto cleanup; } - MPI_CHK( mpi_mod_mpi( &TA, A, N ) ); - MPI_CHK( mpi_copy( &TU, &TA ) ); - MPI_CHK( mpi_copy( &TB, N ) ); - MPI_CHK( mpi_copy( &TV, N ) ); + MPI_CHK( esp_mpi_mod_mpi( &TA, A, N ) ); + MPI_CHK( esp_mpi_copy( &TU, &TA ) ); + MPI_CHK( esp_mpi_copy( &TB, N ) ); + MPI_CHK( esp_mpi_copy( &TV, N ) ); - MPI_CHK( mpi_lset( &U1, 1 ) ); - MPI_CHK( mpi_lset( &U2, 0 ) ); - MPI_CHK( mpi_lset( &V1, 0 ) ); - MPI_CHK( mpi_lset( &V2, 1 ) ); + MPI_CHK( esp_mpi_lset( &U1, 1 ) ); + MPI_CHK( esp_mpi_lset( &U2, 0 ) ); + MPI_CHK( esp_mpi_lset( &V1, 0 ) ); + MPI_CHK( esp_mpi_lset( &V2, 1 ) ); do { while( ( TU.p[0] & 1 ) == 0 ) { - MPI_CHK( mpi_shift_r( &TU, 1 ) ); + MPI_CHK( esp_mpi_shift_r( &TU, 1 ) ); if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 ) { - MPI_CHK( mpi_add_mpi( &U1, &U1, &TB ) ); - MPI_CHK( mpi_sub_mpi( &U2, &U2, &TA ) ); + MPI_CHK( esp_mpi_add_mpi( &U1, &U1, &TB ) ); + MPI_CHK( esp_mpi_sub_mpi( &U2, &U2, &TA ) ); } - MPI_CHK( mpi_shift_r( &U1, 1 ) ); - MPI_CHK( mpi_shift_r( &U2, 1 ) ); + MPI_CHK( esp_mpi_shift_r( &U1, 1 ) ); + MPI_CHK( esp_mpi_shift_r( &U2, 1 ) ); } while( ( TV.p[0] & 1 ) == 0 ) { - MPI_CHK( mpi_shift_r( &TV, 1 ) ); + MPI_CHK( esp_mpi_shift_r( &TV, 1 ) ); if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 ) { - MPI_CHK( mpi_add_mpi( &V1, &V1, &TB ) ); - MPI_CHK( mpi_sub_mpi( &V2, &V2, &TA ) ); + MPI_CHK( esp_mpi_add_mpi( &V1, &V1, &TB ) ); + MPI_CHK( esp_mpi_sub_mpi( &V2, &V2, &TA ) ); } - MPI_CHK( mpi_shift_r( &V1, 1 ) ); - MPI_CHK( mpi_shift_r( &V2, 1 ) ); + MPI_CHK( esp_mpi_shift_r( &V1, 1 ) ); + MPI_CHK( esp_mpi_shift_r( &V2, 1 ) ); } - if( mpi_cmp_mpi( &TU, &TV ) >= 0 ) + if( esp_mpi_cmp_mpi( &TU, &TV ) >= 0 ) { - MPI_CHK( mpi_sub_mpi( &TU, &TU, &TV ) ); - MPI_CHK( mpi_sub_mpi( &U1, &U1, &V1 ) ); - MPI_CHK( mpi_sub_mpi( &U2, &U2, &V2 ) ); + MPI_CHK( esp_mpi_sub_mpi( &TU, &TU, &TV ) ); + MPI_CHK( esp_mpi_sub_mpi( &U1, &U1, &V1 ) ); + MPI_CHK( esp_mpi_sub_mpi( &U2, &U2, &V2 ) ); } else { - MPI_CHK( mpi_sub_mpi( &TV, &TV, &TU ) ); - MPI_CHK( mpi_sub_mpi( &V1, &V1, &U1 ) ); - MPI_CHK( mpi_sub_mpi( &V2, &V2, &U2 ) ); + MPI_CHK( esp_mpi_sub_mpi( &TV, &TV, &TU ) ); + MPI_CHK( esp_mpi_sub_mpi( &V1, &V1, &U1 ) ); + MPI_CHK( esp_mpi_sub_mpi( &V2, &V2, &U2 ) ); } } - while( mpi_cmp_int( &TU, 0 ) != 0 ); + while( esp_mpi_cmp_int( &TU, 0 ) != 0 ); - while( mpi_cmp_int( &V1, 0 ) < 0 ) - MPI_CHK( mpi_add_mpi( &V1, &V1, N ) ); + while( esp_mpi_cmp_int( &V1, 0 ) < 0 ) + MPI_CHK( esp_mpi_add_mpi( &V1, &V1, N ) ); - while( mpi_cmp_mpi( &V1, N ) >= 0 ) - MPI_CHK( mpi_sub_mpi( &V1, &V1, N ) ); + while( esp_mpi_cmp_mpi( &V1, N ) >= 0 ) + MPI_CHK( esp_mpi_sub_mpi( &V1, &V1, N ) ); - MPI_CHK( mpi_copy( X, &V1 ) ); + MPI_CHK( esp_mpi_copy( X, &V1 ) ); cleanup: - mpi_free( &TA ); mpi_free( &TU ); mpi_free( &U1 ); mpi_free( &U2 ); - mpi_free( &G ); mpi_free( &TB ); mpi_free( &TV ); - mpi_free( &V1 ); mpi_free( &V2 ); + esp_mpi_free( &TA ); esp_mpi_free( &TU ); esp_mpi_free( &U1 ); esp_mpi_free( &U2 ); + esp_mpi_free( &G ); esp_mpi_free( &TB ); esp_mpi_free( &TV ); + esp_mpi_free( &V1 ); esp_mpi_free( &V2 ); return( ret ); } @@ -1855,21 +1855,21 @@ static const int small_prime[] = * ERR_MPI_NOT_ACCEPTABLE: certain non-prime * other negative: error */ -static int mpi_check_small_factors( const mpi *X ) +static int esp_mpi_check_small_factors( const mpi *X ) { int ret = 0; size_t i; - mpi_uint r; + esp_mpi_uint r; if( ( X->p[0] & 1 ) == 0 ) return( ERR_MPI_NOT_ACCEPTABLE ); for( i = 0; small_prime[i] > 0; i++ ) { - if( mpi_cmp_int( X, small_prime[i] ) <= 0 ) + if( esp_mpi_cmp_int( X, small_prime[i] ) <= 0 ) return( 1 ); - MPI_CHK( mpi_mod_int( &r, X, small_prime[i] ) ); + MPI_CHK( esp_mpi_mod_int( &r, X, small_prime[i] ) ); if( r == 0 ) return( ERR_MPI_NOT_ACCEPTABLE ); @@ -1882,7 +1882,7 @@ cleanup: /* * Miller-Rabin pseudo-primality test (HAC 4.24) */ -static int mpi_miller_rabin( const mpi *X, +static int esp_mpi_miller_rabin( const mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { @@ -1890,19 +1890,19 @@ static int mpi_miller_rabin( const mpi *X, size_t i, j, k, n, s; mpi W, R, T, A, RR; - mpi_init( &W ); mpi_init( &R ); mpi_init( &T ); mpi_init( &A ); - mpi_init( &RR ); + esp_mpi_init( &W ); esp_mpi_init( &R ); esp_mpi_init( &T ); esp_mpi_init( &A ); + esp_mpi_init( &RR ); /* * W = |X| - 1 * R = W >> lsb( W ) */ - MPI_CHK( mpi_sub_int( &W, X, 1 ) ); - s = mpi_lsb( &W ); - MPI_CHK( mpi_copy( &R, &W ) ); - MPI_CHK( mpi_shift_r( &R, s ) ); + MPI_CHK( esp_mpi_sub_int( &W, X, 1 ) ); + s = esp_mpi_lsb( &W ); + MPI_CHK( esp_mpi_copy( &R, &W ) ); + MPI_CHK( esp_mpi_shift_r( &R, s ) ); - i = mpi_bitlen( X ); + i = esp_mpi_bitlen( X ); /* * HAC, table 4.4 */ @@ -1915,51 +1915,51 @@ static int mpi_miller_rabin( const mpi *X, /* * pick a random A, 1 < A < |X| - 1 */ - MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); + MPI_CHK( esp_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); - if( mpi_cmp_mpi( &A, &W ) >= 0 ) + if( esp_mpi_cmp_mpi( &A, &W ) >= 0 ) { - j = mpi_bitlen( &A ) - mpi_bitlen( &W ); - MPI_CHK( mpi_shift_r( &A, j + 1 ) ); + j = esp_mpi_bitlen( &A ) - esp_mpi_bitlen( &W ); + MPI_CHK( esp_mpi_shift_r( &A, j + 1 ) ); } A.p[0] |= 3; count = 0; do { - MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); + MPI_CHK( esp_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); - j = mpi_bitlen( &A ); - k = mpi_bitlen( &W ); + j = esp_mpi_bitlen( &A ); + k = esp_mpi_bitlen( &W ); if (j > k) { - MPI_CHK( mpi_shift_r( &A, j - k ) ); + MPI_CHK( esp_mpi_shift_r( &A, j - k ) ); } if (count++ > 30) { return ERR_MPI_NOT_ACCEPTABLE; } - } while ( mpi_cmp_mpi( &A, &W ) >= 0 || - mpi_cmp_int( &A, 1 ) <= 0 ); + } while ( esp_mpi_cmp_mpi( &A, &W ) >= 0 || + esp_mpi_cmp_int( &A, 1 ) <= 0 ); /* * A = A^R mod |X| */ - MPI_CHK( mpi_exp_mod( &A, &A, &R, X, &RR ) ); + MPI_CHK( esp_mpi_exp_mod( &A, &A, &R, X, &RR ) ); - if( mpi_cmp_mpi( &A, &W ) == 0 || - mpi_cmp_int( &A, 1 ) == 0 ) + if( esp_mpi_cmp_mpi( &A, &W ) == 0 || + esp_mpi_cmp_int( &A, 1 ) == 0 ) continue; j = 1; - while( j < s && mpi_cmp_mpi( &A, &W ) != 0 ) + while( j < s && esp_mpi_cmp_mpi( &A, &W ) != 0 ) { /* * A = A * A mod |X| */ - MPI_CHK( mpi_mul_mpi( &T, &A, &A ) ); - MPI_CHK( mpi_mod_mpi( &A, &T, X ) ); + MPI_CHK( esp_mpi_mul_mpi( &T, &A, &A ) ); + MPI_CHK( esp_mpi_mod_mpi( &A, &T, X ) ); - if( mpi_cmp_int( &A, 1 ) == 0 ) + if( esp_mpi_cmp_int( &A, 1 ) == 0 ) break; j++; @@ -1968,8 +1968,8 @@ static int mpi_miller_rabin( const mpi *X, /* * not prime if A != |X| - 1 or A == 1 */ - if( mpi_cmp_mpi( &A, &W ) != 0 || - mpi_cmp_int( &A, 1 ) == 0 ) + if( esp_mpi_cmp_mpi( &A, &W ) != 0 || + esp_mpi_cmp_int( &A, 1 ) == 0 ) { ret = ERR_MPI_NOT_ACCEPTABLE; break; @@ -1977,8 +1977,8 @@ static int mpi_miller_rabin( const mpi *X, } cleanup: - mpi_free( &W ); mpi_free( &R ); mpi_free( &T ); mpi_free( &A ); - mpi_free( &RR ); + esp_mpi_free( &W ); esp_mpi_free( &R ); esp_mpi_free( &T ); esp_mpi_free( &A ); + esp_mpi_free( &RR ); return( ret ); } @@ -1986,7 +1986,7 @@ cleanup: /* * Pseudo-primality test: small factors, then Miller-Rabin */ -int mpi_is_prime( const mpi *X, +int esp_mpi_is_prime( const mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { @@ -1997,14 +1997,14 @@ int mpi_is_prime( const mpi *X, XX.n = X->n; XX.p = X->p; - if( mpi_cmp_int( &XX, 0 ) == 0 || - mpi_cmp_int( &XX, 1 ) == 0 ) + if( esp_mpi_cmp_int( &XX, 0 ) == 0 || + esp_mpi_cmp_int( &XX, 1 ) == 0 ) return( ERR_MPI_NOT_ACCEPTABLE ); - if( mpi_cmp_int( &XX, 2 ) == 0 ) + if( esp_mpi_cmp_int( &XX, 2 ) == 0 ) return( 0 ); - if( ( ret = mpi_check_small_factors( &XX ) ) != 0 ) + if( ( ret = esp_mpi_check_small_factors( &XX ) ) != 0 ) { if( ret == 1 ) return( 0 ); @@ -2012,45 +2012,45 @@ int mpi_is_prime( const mpi *X, return( ret ); } - return( mpi_miller_rabin( &XX, f_rng, p_rng ) ); + return( esp_mpi_miller_rabin( &XX, f_rng, p_rng ) ); } /* * Prime number generation */ -int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, +int esp_mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret; size_t k, n; - mpi_uint r; + esp_mpi_uint r; mpi Y; if( nbits < 3 || nbits > MPI_MAX_BITS ) return( ERR_MPI_BAD_INPUT_DATA ); - mpi_init( &Y ); + esp_mpi_init( &Y ); n = BITS_TO_LIMBS( nbits ); - MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); + MPI_CHK( esp_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); - k = mpi_bitlen( X ); - if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits + 1 ) ); + k = esp_mpi_bitlen( X ); + if( k > nbits ) MPI_CHK( esp_mpi_shift_r( X, k - nbits + 1 ) ); - mpi_set_bit( X, nbits-1, 1 ); + esp_mpi_set_bit( X, nbits-1, 1 ); X->p[0] |= 1; if( dh_flag == 0 ) { - while( ( ret = mpi_is_prime( X, f_rng, p_rng ) ) != 0 ) + while( ( ret = esp_mpi_is_prime( X, f_rng, p_rng ) ) != 0 ) { if( ret != ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; - MPI_CHK( mpi_add_int( X, X, 2 ) ); + MPI_CHK( esp_mpi_add_int( X, X, 2 ) ); } } else @@ -2063,15 +2063,15 @@ int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, X->p[0] |= 2; - MPI_CHK( mpi_mod_int( &r, X, 3 ) ); + MPI_CHK( esp_mpi_mod_int( &r, X, 3 ) ); if( r == 0 ) - MPI_CHK( mpi_add_int( X, X, 8 ) ); + MPI_CHK( esp_mpi_add_int( X, X, 8 ) ); else if( r == 1 ) - MPI_CHK( mpi_add_int( X, X, 4 ) ); + MPI_CHK( esp_mpi_add_int( X, X, 4 ) ); /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ - MPI_CHK( mpi_copy( &Y, X ) ); - MPI_CHK( mpi_shift_r( &Y, 1 ) ); + MPI_CHK( esp_mpi_copy( &Y, X ) ); + MPI_CHK( esp_mpi_shift_r( &Y, 1 ) ); while( 1 ) { @@ -2079,10 +2079,10 @@ int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, * First, check small factors for X and Y * before doing Miller-Rabin on any of them */ - if( ( ret = mpi_check_small_factors( X ) ) == 0 && - ( ret = mpi_check_small_factors( &Y ) ) == 0 && - ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && - ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) + if( ( ret = esp_mpi_check_small_factors( X ) ) == 0 && + ( ret = esp_mpi_check_small_factors( &Y ) ) == 0 && + ( ret = esp_mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && + ( ret = esp_mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) { break; } @@ -2095,14 +2095,14 @@ int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) * so up Y by 6 and X by 12. */ - MPI_CHK( mpi_add_int( X, X, 12 ) ); - MPI_CHK( mpi_add_int( &Y, &Y, 6 ) ); + MPI_CHK( esp_mpi_add_int( X, X, 12 ) ); + MPI_CHK( esp_mpi_add_int( &Y, &Y, 6 ) ); } } cleanup: - mpi_free( &Y ); + esp_mpi_free( &Y ); return( ret ); } diff --git a/components/esp32/esp_thread.c b/components/esp32/esp_thread.c new file mode 100644 index 0000000000..e72dc996bb --- /dev/null +++ b/components/esp32/esp_thread.c @@ -0,0 +1,53 @@ +#include "esp_thread.h" +#include "freertos/FreeRTOS.h" +#include "freertos/semphr.h" + +static xSemaphoreHandle esp_thread_mutex[MUTEX_MAX_NUM]; +static int esp_thread_sig[MUTEX_MAX_NUM]; + +int esp_thread_init(void) +{ + int i; + + for (i = 0; i < MUTEX_MAX_NUM; i++) { + esp_thread_mutex[i] = xSemaphoreCreateMutex(); + if (!esp_thread_mutex[i]) { + goto failed1; + } + esp_thread_sig[i] = 0; + } + + return 0; + +failed1: + for (i--; i >= 0; i--) + vQueueDelete(esp_thread_mutex[i]); + + return -1; +} + +void esp_thread_lock(unsigned int num) +{ + xSemaphoreTake(esp_thread_mutex[num], portMAX_DELAY); +} + +void esp_thread_unlock(unsigned int num) +{ + xSemaphoreGive(esp_thread_mutex[num]); +} + +void esp_thread_take(unsigned int num) +{ + esp_thread_sig[num]++; +} + +void esp_thread_give(unsigned int num) +{ + esp_thread_sig[num]--; +} + +bool esp_thread_is_used(unsigned int num) +{ + return (esp_thread_sig[num] != 0) ? true : false; +} + diff --git a/components/mbedtls/include/port/aes_alt.h b/components/esp32/include/aes.h similarity index 89% rename from components/mbedtls/include/port/aes_alt.h rename to components/esp32/include/aes.h index a02f32f299..aa81e1b5f6 100644 --- a/components/mbedtls/include/port/aes_alt.h +++ b/components/esp32/include/aes.h @@ -1,5 +1,5 @@ /** - * \file aes_alt.h + * \file esp_aes.h * * \brief AES block cipher * @@ -21,8 +21,8 @@ * */ -#ifndef AES_ALT_H -#define AES_ALT_H +#ifndef ESP_AES_H +#define ESP_AES_H #include "c_types.h" #include "rom/ets_sys.h" @@ -32,8 +32,6 @@ extern "C" { #endif -#define ESP_AES_C - /* padlock.c and aesni.c rely on these values! */ #define AES_ENCRYPT 1 #define AES_DECRYPT 0 @@ -61,23 +59,21 @@ typedef struct uint32_t *rk; /*!< AES round keys */ KEY_CTX enc; KEY_CTX dec; -}aes_context; - -typedef aes_context AES_CTX; +}aes_context, AES_CTX; /** * \brief Initialize AES context * * \param ctx AES context to be initialized */ -void aes_init( AES_CTX *ctx ); +void esp_aes_init( AES_CTX *ctx ); /** * \brief Clear AES context * * \param ctx AES context to be cleared */ -void aes_free( AES_CTX *ctx ); +void esp_aes_free( AES_CTX *ctx ); /** * \brief AES key schedule (encryption) @@ -88,7 +84,7 @@ void aes_free( AES_CTX *ctx ); * * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH */ -int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,unsigned int keybits ); +int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,unsigned int keybits ); /** * \brief AES key schedule (decryption) @@ -99,7 +95,7 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,unsigned int keybits * * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH */ -int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,unsigned int keybits ); +int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,unsigned int keybits ); /** * \brief AES-ECB block encryption/decryption @@ -111,7 +107,7 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,unsigned int keybits * * \return 0 if successful */ -int aes_crypt_ecb( AES_CTX *ctx,int mode,const unsigned char input[16],unsigned char output[16] ); +int esp_aes_crypt_ecb( AES_CTX *ctx,int mode,const unsigned char input[16],unsigned char output[16] ); /** * \brief AES-CBC buffer encryption/decryption @@ -135,7 +131,7 @@ int aes_crypt_ecb( AES_CTX *ctx,int mode,const unsigned char input[16],unsigned * * \return 0 if successful, or ERR_AES_INVALID_INPUT_LENGTH */ -int aes_crypt_cbc( AES_CTX *ctx, +int esp_aes_crypt_cbc( AES_CTX *ctx, int mode, size_t length, unsigned char iv[16], @@ -148,7 +144,7 @@ int aes_crypt_cbc( AES_CTX *ctx, * * Note: Due to the nature of CFB you should use the same key schedule for * both encryption and decryption. So a context initialized with - * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. + * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -168,7 +164,7 @@ int aes_crypt_cbc( AES_CTX *ctx, * * \return 0 if successful */ -int aes_crypt_cfb128( AES_CTX *ctx, +int esp_aes_crypt_cfb128( AES_CTX *ctx, int mode, size_t length, size_t *iv_off, @@ -181,7 +177,7 @@ int aes_crypt_cfb128( AES_CTX *ctx, * * Note: Due to the nature of CFB you should use the same key schedule for * both encryption and decryption. So a context initialized with - * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. + * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. * * \note Upon exit, the content of the IV is updated so that you can * call the function same function again on the following @@ -200,7 +196,7 @@ int aes_crypt_cfb128( AES_CTX *ctx, * * \return 0 if successful */ -int aes_crypt_cfb8( AES_CTX *ctx, +int esp_aes_crypt_cfb8( AES_CTX *ctx, int mode, size_t length, unsigned char iv[16], @@ -214,7 +210,7 @@ int aes_crypt_cfb8( AES_CTX *ctx, * * Note: Due to the nature of CTR you should use the same key schedule for * both encryption and decryption. So a context initialized with - * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. + * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. * * \param ctx AES context * \param length The length of the data @@ -229,7 +225,7 @@ int aes_crypt_cfb8( AES_CTX *ctx, * * \return 0 if successful */ -int aes_crypt_ctr( AES_CTX *ctx, +int esp_aes_crypt_ctr( AES_CTX *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], @@ -247,7 +243,7 @@ int aes_crypt_ctr( AES_CTX *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -void aes_encrypt( AES_CTX *ctx, const unsigned char input[16],unsigned char output[16] ); +void esp_aes_encrypt( AES_CTX *ctx, const unsigned char input[16],unsigned char output[16] ); /** * \brief Internal AES block decryption function @@ -258,7 +254,7 @@ void aes_encrypt( AES_CTX *ctx, const unsigned char input[16],unsigned char outp * \param input Ciphertext block * \param output Output (plaintext) block */ -void aes_decrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ); +void esp_aes_decrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ); #ifdef __cplusplus } diff --git a/components/mbedtls/include/port/bignum_alt.h b/components/esp32/include/bignum.h similarity index 86% rename from components/mbedtls/include/port/bignum_alt.h rename to components/esp32/include/bignum.h index 64d492a989..4cb1ca88f1 100644 --- a/components/mbedtls/include/port/bignum_alt.h +++ b/components/esp32/include/bignum.h @@ -20,8 +20,8 @@ * */ -#ifndef BIGNUM_ALT_H -#define BIGNUM_ALT_H +#ifndef _ESP_BIGNUM_H +#define _ESP_BIGNUM_H #include "c_types.h" #include "rom/ets_sys.h" @@ -42,9 +42,9 @@ #define MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 ) #if defined(MPI_DEBUG_ALT) -#define mpi_printf ets_printf +#define esp_mpi_printf ets_printf #else -#define mpi_printf +#define esp_mpi_printf #endif /* * Maximum size MPIs are allowed to grow to in number of limbs. @@ -78,8 +78,8 @@ #define MPI_MAX_BITS ( 8 * MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */ /* - * When reading from files with mpi_read_file() and writing to files with - * mpi_write_file() the buffer should have space + * When reading from files with esp_mpi_read_file() and writing to files with + * esp_mpi_write_file() the buffer should have space * for a (short) label, the MPI (in the provided radix), the newline * characters and the '\0'. * @@ -108,8 +108,8 @@ #if ( ! defined(HAVE_INT32) && \ defined(_MSC_VER) && defined(_M_AMD64) ) #define HAVE_INT64 - typedef int64_t mpi_sint; - typedef uint64_t mpi_uint; + typedef int64_t esp_mpi_sint; + typedef uint64_t esp_mpi_uint; #else #if ( ! defined(HAVE_INT32) && \ defined(__GNUC__) && ( \ @@ -119,15 +119,15 @@ (defined(__sparc__) && defined(__arch64__)) || \ defined(__s390x__) || defined(__mips64) ) ) #define HAVE_INT64 - typedef int64_t mpi_sint; - typedef uint64_t mpi_uint; + typedef int64_t esp_mpi_sint; + typedef uint64_t esp_mpi_uint; /* t_udbl defined as 128-bit unsigned int */ typedef unsigned int t_udbl __attribute__((mode(TI))); #define HAVE_UDBL #else #define HAVE_INT32 - typedef int32_t mpi_sint; - typedef uint32_t mpi_uint; + typedef int32_t esp_mpi_sint; + typedef uint32_t esp_mpi_uint; typedef uint64_t t_udbl; #define HAVE_UDBL #endif /* !HAVE_INT32 && __GNUC__ && 64-bit platform */ @@ -144,9 +144,8 @@ typedef struct { int s; /*!< integer sign */ size_t n; /*!< total # of limbs */ - mpi_uint *p; /*!< pointer to limbs */ -} -mpi; + esp_mpi_uint *p; /*!< pointer to limbs */ +}mpi, MPI_CTX; /** * \brief Initialize one MPI (make internal references valid) @@ -155,14 +154,14 @@ mpi; * * \param X One MPI to initialize. */ -void mpi_init( mpi *X ); +void esp_mpi_init( mpi *X ); /** * \brief Unallocate one MPI * * \param X One MPI to unallocate. */ -void mpi_free( mpi *X ); +void esp_mpi_free( mpi *X ); /** * \brief Enlarge to the specified number of limbs @@ -173,7 +172,7 @@ void mpi_free( mpi *X ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_grow( mpi *X, size_t nblimbs ); +int esp_mpi_grow( mpi *X, size_t nblimbs ); /** * \brief Resize down, keeping at least the specified number of limbs @@ -184,7 +183,7 @@ int mpi_grow( mpi *X, size_t nblimbs ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_shrink( mpi *X, size_t nblimbs ); +int esp_mpi_shrink( mpi *X, size_t nblimbs ); /** * \brief Copy the contents of Y into X @@ -195,7 +194,7 @@ int mpi_shrink( mpi *X, size_t nblimbs ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_copy( mpi *X, const mpi *Y ); +int esp_mpi_copy( mpi *X, const mpi *Y ); /** * \brief Swap the contents of X and Y @@ -203,7 +202,7 @@ int mpi_copy( mpi *X, const mpi *Y ); * \param X First MPI value * \param Y Second MPI value */ -void mpi_swap( mpi *X, mpi *Y ); +void esp_mpi_swap( mpi *X, mpi *Y ); /** * \brief Safe conditional assignement X = Y if assign is 1 @@ -216,13 +215,13 @@ void mpi_swap( mpi *X, mpi *Y ); * ERR_MPI_ALLOC_FAILED if memory allocation failed, * * \note This function is equivalent to - * if( assign ) mpi_copy( X, Y ); + * if( assign ) esp_mpi_copy( X, Y ); * except that it avoids leaking any information about whether * the assignment was done or not (the above code may leak * information through branch prediction and/or memory access * patterns analysis). */ -int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ); +int esp_mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ); /** * \brief Safe conditional swap X <-> Y if swap is 1 @@ -235,13 +234,13 @@ int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ); * ERR_MPI_ALLOC_FAILED if memory allocation failed, * * \note This function is equivalent to - * if( assign ) mpi_swap( X, Y ); + * if( assign ) esp_mpi_swap( X, Y ); * except that it avoids leaking any information about whether * the assignment was done or not (the above code may leak * information through branch prediction and/or memory access * patterns analysis). */ -int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char assign ); +int esp_mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char assign ); /** * \brief Set value from integer @@ -252,7 +251,7 @@ int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char assign ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_lset( mpi *X, mpi_sint z ); +int esp_mpi_lset( mpi *X, esp_mpi_sint z ); /** * \brief Get a specific bit from X @@ -262,7 +261,7 @@ int mpi_lset( mpi *X, mpi_sint z ); * * \return Either a 0 or a 1 */ -int mpi_get_bit( const mpi *X, size_t pos ); +int esp_mpi_get_bit( const mpi *X, size_t pos ); /** * \brief Set a bit of X to a specific value of 0 or 1 @@ -278,7 +277,7 @@ int mpi_get_bit( const mpi *X, size_t pos ); * ERR_MPI_ALLOC_FAILED if memory allocation failed, * ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1 */ -int mpi_set_bit( mpi *X, size_t pos, unsigned char val ); +int esp_mpi_set_bit( mpi *X, size_t pos, unsigned char val ); /** * \brief Return the number of zero-bits before the least significant @@ -288,7 +287,7 @@ int mpi_set_bit( mpi *X, size_t pos, unsigned char val ); * * \param X MPI to use */ -size_t mpi_lsb( const mpi *X ); +size_t esp_mpi_lsb( const mpi *X ); /** * \brief Return the number of bits up to and including the most @@ -298,14 +297,14 @@ size_t mpi_lsb( const mpi *X ); * * \param X MPI to use */ -size_t mpi_bitlen( const mpi *X ); +size_t esp_mpi_bitlen( const mpi *X ); /** * \brief Return the total size in bytes * * \param X MPI to use */ -size_t mpi_size( const mpi *X ); +size_t esp_mpi_size( const mpi *X ); /** * \brief Import from an ASCII string @@ -316,7 +315,7 @@ size_t mpi_size( const mpi *X ); * * \return 0 if successful, or a ERR_MPI_XXX error code */ -int mpi_read_string( mpi *X, int radix, const char *s ); +int esp_mpi_read_string( mpi *X, int radix, const char *s ); /** * \brief Export into an ASCII string @@ -334,7 +333,7 @@ int mpi_read_string( mpi *X, int radix, const char *s ); * \note Call this function with buflen = 0 to obtain the * minimum required buffer size in *olen. */ -int mpi_write_string( const mpi *X, int radix, +int esp_mpi_write_string( const mpi *X, int radix, char *buf, size_t buflen, size_t *olen ); #if defined(FS_IO) @@ -349,7 +348,7 @@ int mpi_write_string( const mpi *X, int radix, * the file read buffer is too small or a * ERR_MPI_XXX error code */ -int mpi_read_file( mpi *X, int radix, FILE *fin ); +int esp_mpi_read_file( mpi *X, int radix, FILE *fin ); /** * \brief Write X into an opened file, or stdout if fout is NULL @@ -363,7 +362,7 @@ int mpi_read_file( mpi *X, int radix, FILE *fin ); * * \note Set fout == NULL to print X on the console. */ -int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout ); +int esp_mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout ); #endif /* FS_IO */ /** @@ -376,7 +375,7 @@ int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ); +int esp_mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ); /** * \brief Export X into unsigned binary data, big endian. @@ -390,7 +389,7 @@ int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ); * \return 0 if successful, * ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough */ -int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ); +int esp_mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ); /** * \brief Left-shift: X <<= count @@ -401,7 +400,7 @@ int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_shift_l( mpi *X, size_t count ); +int esp_mpi_shift_l( mpi *X, size_t count ); /** * \brief Right-shift: X >>= count @@ -412,7 +411,7 @@ int mpi_shift_l( mpi *X, size_t count ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_shift_r( mpi *X, size_t count ); +int esp_mpi_shift_r( mpi *X, size_t count ); /** * \brief Compare unsigned values @@ -424,7 +423,7 @@ int mpi_shift_r( mpi *X, size_t count ); * -1 if |X| is lesser than |Y| or * 0 if |X| is equal to |Y| */ -int mpi_cmp_abs( const mpi *X, const mpi *Y ); +int esp_mpi_cmp_abs( const mpi *X, const mpi *Y ); /** * \brief Compare signed values @@ -436,7 +435,7 @@ int mpi_cmp_abs( const mpi *X, const mpi *Y ); * -1 if X is lesser than Y or * 0 if X is equal to Y */ -int mpi_cmp_mpi( const mpi *X, const mpi *Y ); +int esp_mpi_cmp_mpi( const mpi *X, const mpi *Y ); /** * \brief Compare signed values @@ -448,7 +447,7 @@ int mpi_cmp_mpi( const mpi *X, const mpi *Y ); * -1 if X is lesser than z or * 0 if X is equal to z */ -int mpi_cmp_int( const mpi *X, mpi_sint z ); +int esp_mpi_cmp_int( const mpi *X, esp_mpi_sint z ); /** * \brief Unsigned addition: X = |A| + |B| @@ -460,7 +459,7 @@ int mpi_cmp_int( const mpi *X, mpi_sint z ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ); +int esp_mpi_add_abs( mpi *X, const mpi *A, const mpi *B ); /** * \brief Unsigned subtraction: X = |A| - |B| @@ -472,7 +471,7 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ); * \return 0 if successful, * ERR_MPI_NEGATIVE_VALUE if B is greater than A */ -int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ); +int esp_mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ); /** * \brief Signed addition: X = A + B @@ -484,7 +483,7 @@ int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ); +int esp_mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ); /** * \brief Signed subtraction: X = A - B @@ -496,7 +495,7 @@ int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ); +int esp_mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ); /** * \brief Signed addition: X = A + b @@ -508,7 +507,7 @@ int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_add_int( mpi *X, const mpi *A, mpi_sint b ); +int esp_mpi_add_int( mpi *X, const mpi *A, esp_mpi_sint b ); /** * \brief Signed subtraction: X = A - b @@ -520,7 +519,7 @@ int mpi_add_int( mpi *X, const mpi *A, mpi_sint b ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_sub_int( mpi *X, const mpi *A, mpi_sint b ); +int esp_mpi_sub_int( mpi *X, const mpi *A, esp_mpi_sint b ); /** * \brief Baseline multiplication: X = A * B @@ -532,7 +531,7 @@ int mpi_sub_int( mpi *X, const mpi *A, mpi_sint b ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ); +int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ); /** * \brief Baseline multiplication: X = A * b @@ -546,7 +545,7 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_mul_int( mpi *X, const mpi *A, mpi_uint b ); +int esp_mpi_mul_int( mpi *X, const mpi *A, esp_mpi_uint b ); /** * \brief Division by mpi: A = Q * B + R @@ -562,7 +561,7 @@ int mpi_mul_int( mpi *X, const mpi *A, mpi_uint b ); * * \note Either Q or R can be NULL. */ -int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ); +int esp_mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ); /** * \brief Division by int: A = Q * b + R @@ -578,7 +577,7 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ); * * \note Either Q or R can be NULL. */ -int mpi_div_int( mpi *Q, mpi *R, const mpi *A, mpi_sint b ); +int esp_mpi_div_int( mpi *Q, mpi *R, const mpi *A, esp_mpi_sint b ); /** * \brief Modulo: R = A mod B @@ -592,12 +591,12 @@ int mpi_div_int( mpi *Q, mpi *R, const mpi *A, mpi_sint b ); * ERR_MPI_DIVISION_BY_ZERO if B == 0, * ERR_MPI_NEGATIVE_VALUE if B < 0 */ -int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ); +int esp_mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ); /** * \brief Modulo: r = A mod b * - * \param r Destination mpi_uint + * \param r Destination esp_mpi_uint * \param A Left-hand MPI * \param b Integer to divide by * @@ -606,7 +605,7 @@ int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ); * ERR_MPI_DIVISION_BY_ZERO if b == 0, * ERR_MPI_NEGATIVE_VALUE if b < 0 */ -int mpi_mod_int( mpi_uint *r, const mpi *A, mpi_sint b ); +int esp_mpi_mod_int( esp_mpi_uint *r, const mpi *A, esp_mpi_sint b ); /** * \brief Sliding-window exponentiation: X = A^E mod N @@ -626,7 +625,7 @@ int mpi_mod_int( mpi_uint *r, const mpi *A, mpi_sint b ); * multiple calls, which speeds up things a bit. It can * be set to NULL if the extra performance is unneeded. */ -int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ); +int esp_mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ); /** * \brief Fill an MPI X with size bytes of random @@ -639,7 +638,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ); * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_fill_random( mpi *X, size_t size, +int esp_mpi_fill_random( mpi *X, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); @@ -653,7 +652,7 @@ int mpi_fill_random( mpi *X, size_t size, * \return 0 if successful, * ERR_MPI_ALLOC_FAILED if memory allocation failed */ -int mpi_gcd( mpi *G, const mpi *A, const mpi *B ); +int esp_mpi_gcd( mpi *G, const mpi *A, const mpi *B ); /** * \brief Modular inverse: X = A^-1 mod N @@ -667,7 +666,7 @@ int mpi_gcd( mpi *G, const mpi *A, const mpi *B ); * ERR_MPI_BAD_INPUT_DATA if N is negative or nil ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N */ -int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ); +int esp_mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ); /** * \brief Miller-Rabin primality test @@ -680,7 +679,7 @@ int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ); * ERR_MPI_ALLOC_FAILED if memory allocation failed, * ERR_MPI_NOT_ACCEPTABLE if X is not prime */ -int mpi_is_prime( const mpi *X, +int esp_mpi_is_prime( const mpi *X, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); @@ -698,7 +697,7 @@ int mpi_is_prime( const mpi *X, * ERR_MPI_ALLOC_FAILED if memory allocation failed, * ERR_MPI_BAD_INPUT_DATA if nbits is < 3 */ -int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, +int esp_mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); #endif diff --git a/components/esp32/include/esp_thread.h b/components/esp32/include/esp_thread.h new file mode 100644 index 0000000000..7716f00f19 --- /dev/null +++ b/components/esp32/include/esp_thread.h @@ -0,0 +1,56 @@ +#ifndef _MULTI_THREAD_H_ +#define _MULTI_THREAD_H_ + +#include "c_types.h" +#include "rom/ets_sys.h" + +#ifdef __cplusplus +extern "C" { +#endif + +enum { + AES_MUTEX = 0, + BIGNUM_MUTEX, + SHA_MUTEX, + + MUTEX_MAX_NUM, +}; + +int esp_thread_init(void); + +void esp_thread_lock(unsigned int num); +void esp_thread_unlock(unsigned int num); + +void esp_thread_take(unsigned int num); +void esp_thread_give(unsigned int num); +bool esp_thread_is_used(unsigned int num); + +#define MUTEX_LOCK(num) esp_thread_lock(num) +#define MUTEX_UNLOCK(num) esp_thread_unlock(num) + +#define SIG_TAKE(num) esp_thread_take(num) +#define SIG_GIVE(num) esp_thread_give(num) +#define SIG_IS_USED(num) esp_thread_is_used(num) + +#define AES_LOCK() MUTEX_LOCK(AES_MUTEX) +#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX) +#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX) +#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX) +#define SHA_LOCK() MUTEX_LOCK(SHA_MUTEX) +#define SHA_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) + +#define AES_TAKE() SIG_TAKE(AES_MUTEX) +#define AES_GIVE() SIG_GIVE(AES_MUTEX) +#define AES_IS_USED() SIG_IS_USED(AES_MUTEX) +#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX) +#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX) +#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX) +#define SHA_TAKE() SIG_TAKE(SHA_MUTEX) +#define SHA_GIVE() SIG_GIVE(SHA_MUTEX) +#define SHA_IS_USED() SIG_IS_USED(SHA_MUTEX) + +#ifdef __cplusplus +} +#endif + +#endif /* esp_thread.h */ diff --git a/components/esp32/include/sha.h b/components/esp32/include/sha.h new file mode 100644 index 0000000000..661354c1de --- /dev/null +++ b/components/esp32/include/sha.h @@ -0,0 +1,224 @@ +/* + * copyright (c) 2010 - 2012 Espressif System + * + * esf Link List Descriptor + */ +#ifndef _ESP_SHA_H_ +#define _ESP_SHA_H_ + +#include "c_types.h" +#include "rom/ets_sys.h" +#include "rom/sha.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-1 context structure + */ +typedef struct{ + SHA_CTX context; + int context_type; +} sha_context; + +typedef sha_context SHA1_CTX; + +/** + * \brief Initialize SHA-1 context + * + * \param ctx SHA-1 context to be initialized + */ +void esp_sha1_init( SHA1_CTX *ctx ); + +/** + * \brief Clear SHA-1 context + * + * \param ctx SHA-1 context to be cleared + */ +void esp_sha1_free( SHA1_CTX *ctx ); + +/** + * \brief Clone (the state of) a SHA-1 context + * + * \param dst The destination context + * \param src The context to be cloned + */ +void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ); + +void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]); + +/** + * \brief SHA-1 context setup + * + * \param ctx context to be initialized + */ +void esp_sha1_starts( SHA1_CTX *ctx ); + +/** + * \brief SHA-1 process buffer + * + * \param ctx SHA-1 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief SHA-1 final digest + * + * \param ctx SHA-1 context + * \param output SHA-1 checksum result + */ +void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ); + +/** + * \brief Output = SHA-1( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-1 checksum result + */ +void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ); + +/// +#define SHA256 SHA2_256 +#define SHA224 4 + +/** + * \brief SHA-256 context structure + */ + +typedef sha_context SHA256_CTX; + +/** + * \brief Initialize SHA-256 context + * + * \param ctx SHA-256 context to be initialized + */ +void esp_sha256_init( SHA256_CTX *ctx ); + +/** + * \brief Clear SHA-256 context + * + * \param ctx SHA-256 context to be cleared + */ +void esp_sha256_free( SHA256_CTX *ctx ); +void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64]); + +/** + * \brief Clone (the state of) a SHA-256 context + * + * \param dst The destination context + * \param src The context to be cloned + */ +void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ); + +/** + * \brief SHA-256 context setup + * + * \param ctx context to be initialized + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void esp_sha256_starts( SHA256_CTX *ctx, int is224 ); + +/** + * \brief SHA-256 process buffer + * + * \param ctx SHA-256 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief SHA-256 final digest + * + * \param ctx SHA-256 context + * \param output SHA-224/256 checksum result + */ +void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ); + +/** + * \brief Output = SHA-256( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-224/256 checksum result + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ); + +// + +/** + * \brief SHA-512 context structure + */ + +typedef sha_context SHA512_CTX; + +/** + * \brief Initialize SHA-512 context + * + * \param ctx SHA-512 context to be initialized + */ +void esp_sha512_init( SHA512_CTX *ctx ); + +/** + * \brief Clear SHA-512 context + * + * \param ctx SHA-512 context to be cleared + */ +void esp_sha512_free( SHA512_CTX *ctx ); + +/** + * \brief Clone (the state of) a SHA-512 context + * + * \param dst The destination context + * \param src The context to be cloned + */ +void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ); + +/** + * \brief SHA-512 context setup + * + * \param ctx context to be initialized + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +void esp_sha512_starts( SHA512_CTX *ctx, int is384 ); + +/** + * \brief SHA-512 process buffer + * + * \param ctx SHA-512 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief SHA-512 final digest + * + * \param ctx SHA-512 context + * \param output SHA-384/512 checksum result + */ +void esp_sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ); + +/** + * \brief Output = SHA-512( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-384/512 checksum result + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +void esp_sha512_output( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ); + +// + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/components/esp32/sha.c b/components/esp32/sha.c new file mode 100644 index 0000000000..9c28ca9c44 --- /dev/null +++ b/components/esp32/sha.c @@ -0,0 +1,285 @@ +/* + * FIPS-180-1 compliant SHA-1 implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +/* + * The SHA-1 standard was published by NIST in 1993. + * + * http://www.itl.nist.gov/fipspubs/fip180-1.htm + */ + +#include "sha.h" + +#include +#include "esp_thread.h" + +/* Implementation that should never be optimized out by the compiler */ +static void esp_sha_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +void esp_sha1_init( SHA1_CTX *ctx ) +{ + memset( ctx, 0, sizeof( SHA1_CTX ) ); + + SHA_LOCK(); + SHA_TAKE(); + ets_sha_enable(); + SHA_UNLOCK(); +} + +void esp_sha1_free( SHA1_CTX *ctx ) +{ + if( ctx == NULL ) + return; + + esp_sha_zeroize( ctx, sizeof( SHA1_CTX ) ); + + SHA_LOCK(); + SHA_GIVE(); + if (false == SHA_IS_USED()) + ets_sha_disable(); + SHA_UNLOCK(); +} + +void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) +{ + *dst = *src; +} + +void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]) +{ + +} + +/* + * SHA-1 context setup + */ +void esp_sha1_starts( SHA1_CTX *ctx ) +{ + SHA_LOCK(); + ets_sha_init(&ctx->context); + SHA_UNLOCK(); + + ctx->context_type = SHA1; +} + +/* + * SHA-1 process buffer + */ +void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) +{ + SHA_LOCK(); + ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); +} + +/* + * SHA-1 final digest + */ +void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ) +{ + ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA_UNLOCK(); +} + +/* + * output = SHA-1( input buffer ) + */ +void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ) +{ + SHA1_CTX ctx; + + esp_sha1_init( &ctx ); + esp_sha1_starts( &ctx ); + esp_sha1_update( &ctx, input, ilen ); + esp_sha1_finish( &ctx, output ); + esp_sha1_free( &ctx ); +} + +///// +/* Implementation that should never be optimized out by the compiler */ +void esp_sha256_init( SHA256_CTX *ctx ) +{ + memset( ctx, 0, sizeof( SHA256_CTX ) ); + + SHA_LOCK(); + SHA_TAKE(); + ets_sha_enable(); + SHA_UNLOCK(); +} + +void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64]) +{ + +} + +void esp_sha256_free( SHA256_CTX *ctx ) +{ + if( ctx == NULL ) + return; + + esp_sha_zeroize( ctx, sizeof( SHA256_CTX ) ); + + SHA_LOCK(); + SHA_GIVE(); + if (false == SHA_IS_USED()) + ets_sha_disable(); + SHA_UNLOCK(); +} + +void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) +{ + *dst = *src; +} + +/* + * SHA-256 context setup + */ +void esp_sha256_starts( SHA256_CTX *ctx, int is224 ) +{ + SHA_LOCK(); + ets_sha_init(&ctx->context); + SHA_UNLOCK(); + + if( is224 == 0 ) + { + /* SHA-256 */ + ctx->context_type = SHA256; + }else{ + /* SHA-224 */ + ctx->context_type = SHA224; + } +} + +/* + * SHA-256 process buffer + */ +void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) +{ + SHA_LOCK(); + ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); +} + +/* + * SHA-256 final digest + */ +void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) +{ + ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA_UNLOCK(); +} + +/* + * output = SHA-256( input buffer ) + */ +void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ) +{ + SHA256_CTX ctx; + + esp_sha256_init( &ctx ); + esp_sha256_starts( &ctx, is224 ); + esp_sha256_update( &ctx, input, ilen ); + esp_sha256_finish( &ctx, output ); + esp_sha256_free( &ctx ); +} + + +///// +void esp_sha512_init( SHA512_CTX *ctx ) +{ + memset( ctx, 0, sizeof( SHA512_CTX ) ); + + SHA_LOCK(); + SHA_TAKE(); + ets_sha_enable(); + SHA_UNLOCK(); +} + +void esp_sha512_free( SHA512_CTX *ctx ) +{ + if( ctx == NULL ) + return; + + esp_sha_zeroize( ctx, sizeof( SHA512_CTX ) ); + + SHA_LOCK(); + SHA_GIVE(); + if (false == SHA_IS_USED()) + ets_sha_disable(); + SHA_UNLOCK(); +} + +void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) +{ + *dst = *src; +} + +/* + * SHA-512 context setup + */ +void esp_sha512_starts( SHA512_CTX *ctx, int is384 ) +{ + SHA_LOCK(); + ets_sha_init(&ctx->context); + SHA_UNLOCK(); + if( is384 == 0 ) + { + /* SHA-512 */ + ctx->context_type = SHA2_512; + } + else + { + /* SHA-384 */ + ctx->context_type = SHA2_384; + } +} + +/* + * SHA-512 process buffer + */ +void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) +{ + SHA_LOCK(); + ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); +} + +/* + * SHA-512 final digest + */ +void esp_sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ) +{ + ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA_UNLOCK(); +} + +/* + * output = SHA-512( input buffer ) + */ +void esp_sha512_output( const unsigned char *input, size_t ilen,unsigned char output[64], int is384 ) +{ + SHA512_CTX ctx; + + esp_sha512_init( &ctx ); + esp_sha512_starts( &ctx, is384 ); + esp_sha512_update( &ctx, input, ilen ); + esp_sha512_finish( &ctx, output ); + esp_sha512_free( &ctx ); +} + +//// + diff --git a/components/mbedtls/Makefile b/components/mbedtls/Makefile old mode 100755 new mode 100644 diff --git a/components/mbedtls/include/mbedtls/aes.h b/components/mbedtls/include/mbedtls/aes.h index f5e1600b36..a36e825a2e 100644 --- a/components/mbedtls/include/mbedtls/aes.h +++ b/components/mbedtls/include/mbedtls/aes.h @@ -276,27 +276,7 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, #endif #else /* MBEDTLS_AES_ALT */ -#include "port/aes_alt.h" - -typedef AES_CTX mbedtls_aes_context; - -#define mbedtls_aes_init aes_init -#define mbedtls_aes_free aes_free -#define mbedtls_aes_setkey_enc aes_setkey_enc -#define mbedtls_aes_setkey_dec aes_setkey_dec -#define mbedtls_aes_crypt_ecb aes_crypt_ecb -#if defined(MBEDTLS_CIPHER_MODE_CBC) -#define mbedtls_aes_crypt_cbc aes_crypt_cbc -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) -#define mbedtls_aes_crypt_cfb128 aes_crypt_cfb128 -#define mbedtls_aes_crypt_cfb8 aes_crypt_cfb8 -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) -#define mbedtls_aes_crypt_ctr aes_crypt_ctr -#endif -#define mbedtls_aes_encrypt aes_encrypt -#define mbedtls_aes_decrypt aes_decrypt +#include "aes_alt.h" #endif /* MBEDTLS_AES_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/bignum.h b/components/mbedtls/include/mbedtls/bignum.h index d062a75112..46f2507625 100644 --- a/components/mbedtls/include/mbedtls/bignum.h +++ b/components/mbedtls/include/mbedtls/bignum.h @@ -705,52 +705,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); #else /* MBEDTLS_BIGNUM_ALT */ -#include "port/bignum_alt.h" - -typedef mpi mbedtls_mpi; - -#define mbedtls_mpi_init mpi_init -#define mbedtls_mpi_free mpi_free -#define mbedtls_mpi_grow mpi_grow -#define mbedtls_mpi_shrink mpi_shrink -#define mbedtls_mpi_copy mpi_copy -#define mbedtls_mpi_swap mpi_swap -#define mbedtls_mpi_safe_cond_assign mpi_safe_cond_assign -#define mbedtls_mpi_safe_cond_swap mpi_safe_cond_swap -#define mbedtls_mpi_lset mpi_lset -#define mbedtls_mpi_get_bit mpi_get_bit -#define mbedtls_mpi_set_bit mpi_set_bit -#define mbedtls_mpi_lsb mpi_lsb -#define mbedtls_mpi_bitlen mpi_bitlen -#define mbedtls_mpi_size mpi_size -#define mbedtls_mpi_read_string mpi_read_string -#define mbedtls_mpi_write_string mpi_write_string -#define mbedtls_mpi_read_binary mpi_read_binary -#define mbedtls_mpi_write_binary mpi_write_binary -#define mbedtls_mpi_shift_l mpi_shift_l -#define mbedtls_mpi_shift_r mpi_shift_r -#define mbedtls_mpi_cmp_abs mpi_cmp_abs -#define mbedtls_mpi_cmp_mpi mpi_cmp_mpi -#define mbedtls_mpi_cmp_int mpi_cmp_int -#define mbedtls_mpi_add_abs mpi_add_abs -#define mbedtls_mpi_sub_abs mpi_sub_abs -#define mbedtls_mpi_add_mpi mpi_add_mpi -#define mbedtls_mpi_sub_mpi mpi_sub_mpi -#define mbedtls_mpi_add_int mpi_add_int -#define mbedtls_mpi_sub_int mpi_sub_int -#define mbedtls_mpi_mul_mpi mpi_mul_mpi -#define mbedtls_mpi_mul_int mpi_mul_int -#define mbedtls_mpi_div_mpi mpi_div_mpi -#define mbedtls_mpi_div_int mpi_div_int -#define mbedtls_mpi_mod_mpi mpi_mod_mpi -#define mbedtls_mpi_mod_int mpi_mod_int -#define mbedtls_mpi_exp_mod mpi_exp_mod -#define mbedtls_mpi_fill_random mpi_fill_random -#define mbedtls_mpi_gcd mpi_gcd -#define mbedtls_mpi_inv_mod mpi_inv_mod -#define mbedtls_mpi_is_prime mpi_is_prime -#define mbedtls_mpi_gen_prime mpi_gen_prime - +#include "bignum_alt.h" #endif /* MBEDTLS_BIGNUM_ALT */ /** diff --git a/components/mbedtls/include/mbedtls/esp_config.h b/components/mbedtls/include/mbedtls/esp_config.h index 614e8018bb..1ea6076813 100644 --- a/components/mbedtls/include/mbedtls/esp_config.h +++ b/components/mbedtls/include/mbedtls/esp_config.h @@ -2466,8 +2466,7 @@ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ /* SSL options */ -extern unsigned int max_content_len; -#define MBEDTLS_SSL_MAX_CONTENT_LEN max_content_len /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ +#define MBEDTLS_SSL_MAX_CONTENT_LEN 3072 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ diff --git a/components/mbedtls/include/mbedtls/sha1.h b/components/mbedtls/include/mbedtls/sha1.h index 2d85a59f78..7a67c6c1fb 100644 --- a/components/mbedtls/include/mbedtls/sha1.h +++ b/components/mbedtls/include/mbedtls/sha1.h @@ -106,17 +106,7 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6 #endif #else /* MBEDTLS_SHA1_ALT */ -#include "port/sha1_alt.h" - -typedef SHA1_CTX mbedtls_sha1_context; - -#define mbedtls_sha1_init sha1_init -#define mbedtls_sha1_starts sha1_starts -#define mbedtls_sha1_clone sha1_clone -#define mbedtls_sha1_update sha1_update -#define mbedtls_sha1_finish sha1_finish -#define mbedtls_sha1_free sha1_free -#define mbedtls_sha1_process sha1_process +#include "sha1_alt.h" #endif /* MBEDTLS_SHA1_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/sha256.h b/components/mbedtls/include/mbedtls/sha256.h index 4ab444e8d1..f8041adf08 100644 --- a/components/mbedtls/include/mbedtls/sha256.h +++ b/components/mbedtls/include/mbedtls/sha256.h @@ -109,17 +109,7 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da #endif #else /* MBEDTLS_SHA256_ALT */ -#include "port/sha256_alt.h" - -typedef SHA256_CTX mbedtls_sha256_context; - -#define mbedtls_sha256_init sha256_init -#define mbedtls_sha256_clone sha256_clone -#define mbedtls_sha256_starts sha256_starts -#define mbedtls_sha256_update sha256_update -#define mbedtls_sha256_finish sha256_finish -#define mbedtls_sha256_free sha256_free -#define mbedtls_sha256_process sha256_process +#include "sha256_alt.h" #endif /* MBEDTLS_SHA256_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/sha512.h b/components/mbedtls/include/mbedtls/sha512.h index 0ebc092f43..627694f425 100644 --- a/components/mbedtls/include/mbedtls/sha512.h +++ b/components/mbedtls/include/mbedtls/sha512.h @@ -106,17 +106,7 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 #endif #else /* MBEDTLS_SHA512_ALT */ -#include "port/sha512_alt.h" - -typedef SHA512_CTX mbedtls_sha512_context; - -#define mbedtls_sha512_init sha512_init -#define mbedtls_sha512_clone sha512_clone -#define mbedtls_sha512_starts sha512_starts -#define mbedtls_sha512_update sha512_update -#define mbedtls_sha512_finish sha512_finish -#define mbedtls_sha512_free sha512_free - +#include "sha512_alt.h" #endif /* MBEDTLS_SHA512_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/port/multi_thread.h b/components/mbedtls/include/port/multi_thread.h deleted file mode 100644 index 6732eeddef..0000000000 --- a/components/mbedtls/include/port/multi_thread.h +++ /dev/null @@ -1,63 +0,0 @@ -#ifndef _MULTI_THREAD_H_ -#define _MULTI_THREAD_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -enum { - AES_MUTEX = 0, - BIGNUM_MUTEX, - SHA_MUTEX, - - MUTEX_MAX_NUM, -}; - -int multi_thread_init(void); - -void multi_thread_lock(unsigned int num); -void multi_thread_unlock(unsigned int num); - -void multi_thread_take(unsigned int num); -void multi_thread_give(unsigned int num); -bool multi_thread_is_used(num); - -#define MUTEX_LOCK(num) multi_thread_lock(num) -#define MUTEX_UNLOCK(num) multi_thread_unlock(num) - -#define SIG_TAKE(num) multi_thread_take(num) -#define SIG_GIVE(num) multi_thread_give(num) -#define SIG_IS_USED(num) multi_thread_is_used(num) - -#define AES_LOCK() MUTEX_LOCK(AES_MUTEX) -#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX) -#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX) -#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX) -#define SHA1_LOCK() MUTEX_LOCK(SHA_MUTEX) -#define SHA1_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) -#define SHA256_LOCK() MUTEX_LOCK(SHA_MUTEX) -#define SHA256_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) -#define SHA512_LOCK() MUTEX_LOCK(SHA_MUTEX) -#define SHA512_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) - -#define AES_TAKE() SIG_TAKE(AES_MUTEX) -#define AES_GIVE() SIG_GIVE(AES_MUTEX) -#define AES_IS_USED() SIG_IS_USED(AES_MUTEX) -#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX) -#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX) -#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX) -#define SHA1_TAKE() SIG_TAKE(SHA_MUTEX) -#define SHA1_GIVE() SIG_GIVE(SHA_MUTEX) -#define SHA1_IS_USED() SIG_IS_USED(SHA_MUTEX) -#define SHA256_TAKE() SIG_TAKE(SHA_MUTEX) -#define SHA256_GIVE() SIG_GIVE(SHA_MUTEX) -#define SHA256_IS_USED() SIG_IS_USED(SHA_MUTEX) -#define SHA512_TAKE() SIG_TAKE(SHA_MUTEX) -#define SHA512_GIVE() SIG_GIVE(SHA_MUTEX) -#define SHA512_IS_USED() SIG_IS_USED(SHA_MUTEX) - -#ifdef __cplusplus -} -#endif - -#endif /* multi_thread.h */ diff --git a/components/mbedtls/include/port/sha1_alt.h b/components/mbedtls/include/port/sha1_alt.h deleted file mode 100644 index 9187986277..0000000000 --- a/components/mbedtls/include/port/sha1_alt.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * copyright (c) 2010 - 2012 Espressif System - * - * esf Link List Descriptor - */ -#ifndef _SHA1_H_ -#define _SHA1_H_ - -#include "c_types.h" -#include "rom/ets_sys.h" -#include "rom/sha.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define ESP_SHA1_C - -#define SHA1 0 - -/** - * \brief SHA-1 context structure - */ -typedef struct{ - SHA_CTX context; - int context_type; -} sha1_context; - -typedef sha1_context SHA1_CTX; - -/** - * \brief Initialize SHA-1 context - * - * \param ctx SHA-1 context to be initialized - */ -void sha1_init( SHA1_CTX *ctx ); - -/** - * \brief Clear SHA-1 context - * - * \param ctx SHA-1 context to be cleared - */ -void sha1_free( SHA1_CTX *ctx ); - -/** - * \brief Clone (the state of) a SHA-1 context - * - * \param dst The destination context - * \param src The context to be cloned - */ -void sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ); - -void sha1_process(SHA1_CTX *ctx, const unsigned char data[64]); - -/** - * \brief SHA-1 context setup - * - * \param ctx context to be initialized - */ -void sha1_starts( SHA1_CTX *ctx ); - -/** - * \brief SHA-1 process buffer - * - * \param ctx SHA-1 context - * \param input buffer holding the data - * \param ilen length of the input data - */ -void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ); - -/** - * \brief SHA-1 final digest - * - * \param ctx SHA-1 context - * \param output SHA-1 checksum result - */ -void sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ); - -/** - * \brief Output = SHA-1( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-1 checksum result - */ -void sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ); - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/components/mbedtls/include/port/sha256_alt.h b/components/mbedtls/include/port/sha256_alt.h deleted file mode 100644 index bc661d3932..0000000000 --- a/components/mbedtls/include/port/sha256_alt.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * copyright (c) 2010 - 2012 Espressif System - * - * esf Link List Descriptor - */ - -#ifndef _SHA256_H_ -#define _SHA256_H_ - -#include "c_types.h" -#include "rom/ets_sys.h" -#include "rom/sha.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define ESP_SHA256_C - -#define SHA256 SHA2_256 -#define SHA224 4 - -/** - * \brief SHA-256 context structure - */ -typedef struct{ - SHA_CTX context; - int context_type; -}sha256_context; - -typedef sha256_context SHA256_CTX; - -/** - * \brief Initialize SHA-256 context - * - * \param ctx SHA-256 context to be initialized - */ -void sha256_init( SHA256_CTX *ctx ); - -/** - * \brief Clear SHA-256 context - * - * \param ctx SHA-256 context to be cleared - */ -void sha256_free( SHA256_CTX *ctx ); -void sha256_process(SHA256_CTX *ctx, const unsigned char data[64]); - -/** - * \brief Clone (the state of) a SHA-256 context - * - * \param dst The destination context - * \param src The context to be cloned - */ -void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ); - -/** - * \brief SHA-256 context setup - * - * \param ctx context to be initialized - * \param is224 0 = use SHA256, 1 = use SHA224 - */ -void sha256_starts( SHA256_CTX *ctx, int is224 ); - -/** - * \brief SHA-256 process buffer - * - * \param ctx SHA-256 context - * \param input buffer holding the data - * \param ilen length of the input data - */ -void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ); - -/** - * \brief SHA-256 final digest - * - * \param ctx SHA-256 context - * \param output SHA-224/256 checksum result - */ -void sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ); - -/** - * \brief Output = SHA-256( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-224/256 checksum result - * \param is224 0 = use SHA256, 1 = use SHA224 - */ -void sha256_output( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ); - -#ifdef __cplusplus -} -#endif - -#endif /* sha256.h */ diff --git a/components/mbedtls/include/port/sha512_alt.h b/components/mbedtls/include/port/sha512_alt.h deleted file mode 100644 index a3e1c50c64..0000000000 --- a/components/mbedtls/include/port/sha512_alt.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * copyright (c) 2010 - 2012 Espressif System - * - * esf Link List Descriptor - */ - -#ifndef _SHA512_H_ -#define _SHA512_H_ - -#include "c_types.h" -#include "rom/ets_sys.h" -#include "rom/sha.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define ESP_SHA512_C - -/** - * \brief SHA-512 context structure - */ -typedef struct{ - SHA_CTX context; - int context_type; -}sha512_context; - -typedef sha512_context SHA512_CTX; - -/** - * \brief Initialize SHA-512 context - * - * \param ctx SHA-512 context to be initialized - */ -void sha512_init( SHA512_CTX *ctx ); - -/** - * \brief Clear SHA-512 context - * - * \param ctx SHA-512 context to be cleared - */ -void sha512_free( SHA512_CTX *ctx ); - -/** - * \brief Clone (the state of) a SHA-512 context - * - * \param dst The destination context - * \param src The context to be cloned - */ -void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ); - -/** - * \brief SHA-512 context setup - * - * \param ctx context to be initialized - * \param is384 0 = use SHA512, 1 = use SHA384 - */ -void sha512_starts( SHA512_CTX *ctx, int is384 ); - -/** - * \brief SHA-512 process buffer - * - * \param ctx SHA-512 context - * \param input buffer holding the data - * \param ilen length of the input data - */ -void sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen ); - -/** - * \brief SHA-512 final digest - * - * \param ctx SHA-512 context - * \param output SHA-384/512 checksum result - */ -void sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ); - -/** - * \brief Output = SHA-512( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-384/512 checksum result - * \param is384 0 = use SHA512, 1 = use SHA384 - */ -void sha512_output( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ); - - -#ifdef __cplusplus -} -#endif - -#endif /* sha512.h */ diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h new file mode 100644 index 0000000000..90e659483c --- /dev/null +++ b/components/mbedtls/port/include/aes_alt.h @@ -0,0 +1,59 @@ +/** + * \file aes_alt.h + * + * \brief AES block cipher + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + */ + +#ifndef AES_ALT_H +#define AES_ALT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_AES_ALT) +#include "aes.h" + +typedef AES_CTX mbedtls_aes_context; + +#define mbedtls_aes_init esp_aes_init +#define mbedtls_aes_free esp_aes_free +#define mbedtls_aes_setkey_enc esp_aes_setkey_enc +#define mbedtls_aes_setkey_dec esp_aes_setkey_dec +#define mbedtls_aes_crypt_ecb esp_aes_crypt_ecb +#if defined(MBEDTLS_CIPHER_MODE_CBC) +#define mbedtls_aes_crypt_cbc esp_aes_crypt_cbc +#endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) +#define mbedtls_aes_crypt_cfb128 esp_aes_crypt_cfb128 +#define mbedtls_aes_crypt_cfb8 esp_aes_crypt_cfb8 +#endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) +#define mbedtls_aes_crypt_ctr esp_aes_crypt_ctr +#endif +#define mbedtls_aes_encrypt esp_aes_encrypt +#define mbedtls_aes_decrypt esp_aes_decrypt +#endif /* MBEDTLS_AES_ALT */ + +#ifdef __cplusplus +} +#endif + +#endif /* aes.h */ diff --git a/components/mbedtls/port/include/bignum_alt.h b/components/mbedtls/port/include/bignum_alt.h new file mode 100644 index 0000000000..a4ac0db3ef --- /dev/null +++ b/components/mbedtls/port/include/bignum_alt.h @@ -0,0 +1,77 @@ +/** + * \file bignum_alt.h + * + * \brief Multi-precision integer library + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef BIGNUM_ALT_H +#define BIGNUM_ALT_H + +#include "bignum.h" + +#if defined(MBEDTLS_BIGNUM_ALT) + +typedef MPI_CTX mbedtls_mpi; + +#define mbedtls_mpi_init esp_mpi_init +#define mbedtls_mpi_free esp_mpi_free +#define mbedtls_mpi_grow esp_mpi_grow +#define mbedtls_mpi_shrink esp_mpi_shrink +#define mbedtls_mpi_copy esp_mpi_copy +#define mbedtls_mpi_swap esp_mpi_swap +#define mbedtls_mpi_safe_cond_assign esp_mpi_safe_cond_assign +#define mbedtls_mpi_safe_cond_swap esp_mpi_safe_cond_swap +#define mbedtls_mpi_lset esp_mpi_lset +#define mbedtls_mpi_get_bit esp_mpi_get_bit +#define mbedtls_mpi_set_bit esp_mpi_set_bit +#define mbedtls_mpi_lsb esp_mpi_lsb +#define mbedtls_mpi_bitlen esp_mpi_bitlen +#define mbedtls_mpi_size esp_mpi_size +#define mbedtls_mpi_read_string esp_mpi_read_string +#define mbedtls_mpi_write_string esp_mpi_write_string +#define mbedtls_mpi_read_binary esp_mpi_read_binary +#define mbedtls_mpi_write_binary esp_mpi_write_binary +#define mbedtls_mpi_shift_l esp_mpi_shift_l +#define mbedtls_mpi_shift_r esp_mpi_shift_r +#define mbedtls_mpi_cmp_abs esp_mpi_cmp_abs +#define mbedtls_mpi_cmp_mpi esp_mpi_cmp_mpi +#define mbedtls_mpi_cmp_int esp_mpi_cmp_int +#define mbedtls_mpi_add_abs esp_mpi_add_abs +#define mbedtls_mpi_sub_abs esp_mpi_sub_abs +#define mbedtls_mpi_add_mpi esp_mpi_add_mpi +#define mbedtls_mpi_sub_mpi esp_mpi_sub_mpi +#define mbedtls_mpi_add_int esp_mpi_add_int +#define mbedtls_mpi_sub_int esp_mpi_sub_int +#define mbedtls_mpi_mul_mpi esp_mpi_mul_mpi +#define mbedtls_mpi_mul_int esp_mpi_mul_int +#define mbedtls_mpi_div_mpi esp_mpi_div_mpi +#define mbedtls_mpi_div_int esp_mpi_div_int +#define mbedtls_mpi_mod_mpi esp_mpi_mod_mpi +#define mbedtls_mpi_mod_int esp_mpi_mod_int +#define mbedtls_mpi_exp_mod esp_mpi_exp_mod +#define mbedtls_mpi_fill_random esp_mpi_fill_random +#define mbedtls_mpi_gcd esp_mpi_gcd +#define mbedtls_mpi_inv_mod esp_mpi_inv_mod +#define mbedtls_mpi_is_prime esp_mpi_is_prime +#define mbedtls_mpi_gen_prime esp_mpi_gen_prime + +#endif + +#endif + diff --git a/components/mbedtls/port/include/sha1_alt.h b/components/mbedtls/port/include/sha1_alt.h new file mode 100644 index 0000000000..2cb0e926de --- /dev/null +++ b/components/mbedtls/port/include/sha1_alt.h @@ -0,0 +1,34 @@ +/* + * copyright (c) 2010 - 2012 Espressif System + * + * esf Link List Descriptor + */ +#ifndef _SHA1_ALT_H_ +#define _SHA1_ALT_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_SHA1_ALT) + +#include "sha.h" + +typedef SHA1_CTX mbedtls_sha1_context; + +#define mbedtls_sha1_init esp_sha1_init +#define mbedtls_sha1_starts esp_sha1_starts +#define mbedtls_sha1_clone esp_sha1_clone +#define mbedtls_sha1_update esp_sha1_update +#define mbedtls_sha1_finish esp_sha1_finish +#define mbedtls_sha1_free esp_sha1_free +#define mbedtls_sha1_process esp_sha1_process + +#endif + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/components/mbedtls/port/include/sha256_alt.h b/components/mbedtls/port/include/sha256_alt.h new file mode 100644 index 0000000000..00beb2d28c --- /dev/null +++ b/components/mbedtls/port/include/sha256_alt.h @@ -0,0 +1,34 @@ +/* + * copyright (c) 2010 - 2012 Espressif System + * + * esf Link List Descriptor + */ + +#ifndef _SHA256_ALT_H_ +#define _SHA256_ALT_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_SHA256_ALT) + +#include "sha.h" + +typedef SHA256_CTX mbedtls_sha256_context; + +#define mbedtls_sha256_init esp_sha256_init +#define mbedtls_sha256_clone esp_sha256_clone +#define mbedtls_sha256_starts esp_sha256_starts +#define mbedtls_sha256_update esp_sha256_update +#define mbedtls_sha256_finish esp_sha256_finish +#define mbedtls_sha256_free esp_sha256_free +#define mbedtls_sha256_process esp_sha256_process + +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* sha256.h */ diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h new file mode 100644 index 0000000000..b4e17259e4 --- /dev/null +++ b/components/mbedtls/port/include/sha512_alt.h @@ -0,0 +1,32 @@ +/* + * copyright (c) 2010 - 2012 Espressif System + * + * esf Link List Descriptor + */ + +#ifndef _SHA512_ALT_H_ +#define _SHA512_ALT_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_SHA512_ALT) +#include "sha.h" + +typedef SHA512_CTX mbedtls_sha512_context; + +#define mbedtls_sha512_init esp_sha512_init +#define mbedtls_sha512_clone esp_sha512_clone +#define mbedtls_sha512_starts esp_sha512_starts +#define mbedtls_sha512_update esp_sha512_update +#define mbedtls_sha512_finish esp_sha512_finish +#define mbedtls_sha512_free esp_sha512_free + +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* sha512.h */ diff --git a/components/mbedtls/port/multi_thread.c b/components/mbedtls/port/multi_thread.c deleted file mode 100644 index 31cf1ea6da..0000000000 --- a/components/mbedtls/port/multi_thread.c +++ /dev/null @@ -1,53 +0,0 @@ -#include "multi_thread.h" -#include "freertos/FreeRTOS.h" -#include "freertos/semphr.h" - -static xSemaphoreHandle multi_thread_mutex[MUTEX_MAX_NUM]; -static int multi_thread_sig[MUTEX_MAX_NUM]; - -int multi_thread_init(void) -{ - int i; - - for (i = 0; i < MUTEX_MAX_NUM; i++) { - multi_thread_mutex[i] = xSemaphoreCreateMutex(); - if (!multi_thread_mutex[i]) { - goto failed1; - } - multi_thread_sig[i] = 0; - } - - return 0; - -failed1: - for (i--; i >= 0; i--) - vQueueDelete(multi_thread_mutex[i]); - - return -1; -} - -void multi_thread_lock(unsigned int num) -{ - xSemaphoreTake(multi_thread_mutex[num], portMAX_DELAY); -} - -void multi_thread_unlock(unsigned int num) -{ - xSemaphoreGive(multi_thread_mutex[num]); -} - -void multi_thread_take(unsigned int num) -{ - multi_thread_sig[num]++; -} - -void multi_thread_give(unsigned int num) -{ - multi_thread_sig[num]--; -} - -bool multi_thread_is_used(num) -{ - return (multi_thread_sig[num] != 0) ? true : false; -} - diff --git a/components/mbedtls/port/sha1_alt.c b/components/mbedtls/port/sha1_alt.c deleted file mode 100644 index b73d03ffa5..0000000000 --- a/components/mbedtls/port/sha1_alt.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * FIPS-180-1 compliant SHA-1 implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The SHA-1 standard was published by NIST in 1993. - * - * http://www.itl.nist.gov/fipspubs/fip180-1.htm - */ - -#include "port/sha1_alt.h" - -#if defined(ESP_SHA1_C) -#include -#include "multi_thread.h" - -/* Implementation that should never be optimized out by the compiler */ -static void sha1_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -void sha1_init( SHA1_CTX *ctx ) -{ - memset( ctx, 0, sizeof( SHA1_CTX ) ); - - SHA1_LOCK(); - SHA1_TAKE(); - ets_sha_enable(); - SHA1_UNLOCK(); -} - -void sha1_free( SHA1_CTX *ctx ) -{ - if( ctx == NULL ) - return; - - sha1_zeroize( ctx, sizeof( SHA1_CTX ) ); - - SHA1_LOCK(); - SHA1_GIVE(); - if (false == SHA1_IS_USED()) - ets_sha_disable(); - SHA1_UNLOCK(); -} - -void sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) -{ - *dst = *src; -} - -void sha1_process(SHA1_CTX *ctx, const unsigned char data[64]) -{ - -} - -/* - * SHA-1 context setup - */ -void sha1_starts( SHA1_CTX *ctx ) -{ - SHA1_LOCK(); - ets_sha_init(&ctx->context); - SHA1_UNLOCK(); - - ctx->context_type = SHA1; -} - -/* - * SHA-1 process buffer - */ -void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) -{ - SHA1_LOCK(); - ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); -} - -/* - * SHA-1 final digest - */ -void sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ) -{ - ets_sha_finish(&ctx->context, ctx->context_type, output); - SHA1_UNLOCK(); -} - -/* - * output = SHA-1( input buffer ) - */ -void sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ) -{ - SHA1_CTX ctx; - - sha1_init( &ctx ); - sha1_starts( &ctx ); - sha1_update( &ctx, input, ilen ); - sha1_finish( &ctx, output ); - sha1_free( &ctx ); -} - -#endif /* _SHA1_C */ - - diff --git a/components/mbedtls/port/sha256_alt.c b/components/mbedtls/port/sha256_alt.c deleted file mode 100644 index fc8769d1ba..0000000000 --- a/components/mbedtls/port/sha256_alt.c +++ /dev/null @@ -1,122 +0,0 @@ -/* - * FIPS-180-2 compliant SHA-256 implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The SHA-256 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -#include "port/sha256_alt.h" - -#if defined(ESP_SHA256_C) -#include -#include "multi_thread.h" - -/* Implementation that should never be optimized out by the compiler */ -static void sha256_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -void sha256_init( SHA256_CTX *ctx ) -{ - memset( ctx, 0, sizeof( SHA256_CTX ) ); - - SHA256_LOCK(); - SHA256_TAKE(); - ets_sha_enable(); - SHA256_UNLOCK(); -} - -void sha256_process(SHA256_CTX *ctx, const unsigned char data[64]) -{ - -} - -void sha256_free( SHA256_CTX *ctx ) -{ - if( ctx == NULL ) - return; - - sha256_zeroize( ctx, sizeof( SHA256_CTX ) ); - - SHA256_LOCK(); - SHA256_GIVE(); - if (false == SHA256_IS_USED()) - ets_sha_disable(); - SHA256_UNLOCK(); -} - -void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) -{ - *dst = *src; -} - -/* - * SHA-256 context setup - */ -void sha256_starts( SHA256_CTX *ctx, int is224 ) -{ - SHA256_LOCK(); - ets_sha_init(&ctx->context); - SHA256_UNLOCK(); - - if( is224 == 0 ) - { - /* SHA-256 */ - ctx->context_type = SHA256; - }else{ - /* SHA-224 */ - ctx->context_type = SHA224; - } -} - -/* - * SHA-256 process buffer - */ -void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) -{ - SHA256_LOCK(); - ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); -} - -/* - * SHA-256 final digest - */ -void sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) -{ - ets_sha_finish(&ctx->context, ctx->context_type, output); - SHA256_UNLOCK(); -} - -/* - * output = SHA-256( input buffer ) - */ -void sha256_output( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ) -{ - SHA256_CTX ctx; - - sha256_init( &ctx ); - sha256_starts( &ctx, is224 ); - sha256_update( &ctx, input, ilen ); - sha256_finish( &ctx, output ); - sha256_free( &ctx ); -} - -#endif /* SHA256_C */ diff --git a/components/mbedtls/port/sha512_alt.c b/components/mbedtls/port/sha512_alt.c deleted file mode 100644 index 02d315681e..0000000000 --- a/components/mbedtls/port/sha512_alt.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * FIPS-180-2 compliant SHA-384/512 implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The SHA-512 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ -#include "port/sha512_alt.h" - -#if defined(ESP_SHA512_C) -#include -#include "multi_thread.h" - -/* Implementation that should never be optimized out by the compiler */ -static void sha512_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -void sha512_init( SHA512_CTX *ctx ) -{ - memset( ctx, 0, sizeof( SHA512_CTX ) ); - - SHA512_LOCK(); - SHA512_TAKE(); - ets_sha_enable(); - SHA512_UNLOCK(); -} - -void sha512_free( SHA512_CTX *ctx ) -{ - if( ctx == NULL ) - return; - - sha512_zeroize( ctx, sizeof( SHA512_CTX ) ); - - SHA512_LOCK(); - SHA512_GIVE(); - if (false == SHA512_IS_USED()) - ets_sha_disable(); - SHA512_UNLOCK(); -} - -void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) -{ - *dst = *src; -} - -/* - * SHA-512 context setup - */ -void sha512_starts( SHA512_CTX *ctx, int is384 ) -{ - SHA512_LOCK(); - ets_sha_init(&ctx->context); - SHA512_UNLOCK(); - if( is384 == 0 ) - { - /* SHA-512 */ - ctx->context_type = SHA2_512; - } - else - { - /* SHA-384 */ - ctx->context_type = SHA2_384; - } -} - -/* - * SHA-512 process buffer - */ -void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) -{ - SHA512_LOCK(); - ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); -} - -/* - * SHA-512 final digest - */ -void sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ) -{ - ets_sha_finish(&ctx->context, ctx->context_type, output); - SHA512_UNLOCK(); -} - -/* - * output = SHA-512( input buffer ) - */ -void sha512_output( const unsigned char *input, size_t ilen,unsigned char output[64], int is384 ) -{ - SHA512_CTX ctx; - - sha512_init( &ctx ); - sha512_starts( &ctx, is384 ); - sha512_update( &ctx, input, ilen ); - sha512_finish( &ctx, output ); - sha512_free( &ctx ); -} - -#endif /* SHA512_C */ From 0f83831c743801960242525bc19ed15383e091e7 Mon Sep 17 00:00:00 2001 From: liuhan Date: Mon, 15 Aug 2016 21:04:57 +0800 Subject: [PATCH 04/28] 1. multi thread verify bignum AES and SHA --- components/esp32/aes.c | 54 ++++----- components/esp32/bignum.c | 107 +++++++++++++++--- components/esp32/esp_crypto.c | 64 +++++++++++ components/esp32/esp_thread.c | 53 --------- components/esp32/include/bignum.h | 6 +- .../include/{esp_thread.h => esp_crypto.h} | 28 ++--- components/esp32/sha.c | 24 ++-- components/mbedtls/library/aes.c | 24 +++- components/mbedtls/library/sha1.c | 9 +- components/mbedtls/library/sha256.c | 9 +- components/mbedtls/library/sha512.c | 10 +- 11 files changed, 238 insertions(+), 150 deletions(-) create mode 100644 components/esp32/esp_crypto.c delete mode 100644 components/esp32/esp_thread.c rename components/esp32/include/{esp_thread.h => esp_crypto.h} (61%) diff --git a/components/esp32/aes.c b/components/esp32/aes.c index 10a5025a56..0b0a7ce3cc 100644 --- a/components/esp32/aes.c +++ b/components/esp32/aes.c @@ -24,16 +24,14 @@ * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ - -#include "aes.h" - #include -#include "esp_thread.h" +#include "aes.h" +#include "esp_crypto.h" /* Implementation that should never be optimized out by the compiler */ -static void esp_aes_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +//static void bzero( void *v, size_t n ) { +// volatile unsigned char *p = v; while( n-- ) *p++ = 0; +//} void esp_aes_init( AES_CTX *ctx ) { @@ -50,7 +48,7 @@ void esp_aes_free( AES_CTX *ctx ) if( ctx == NULL ) return; - esp_aes_zeroize( ctx, sizeof( AES_CTX ) ); + bzero( ctx, sizeof( AES_CTX ) ); AES_LOCK(); AES_GIVE(); @@ -84,8 +82,9 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, ctx->enc.keybites = keybits; memset(ctx->enc.key, 0, sizeof(ctx->enc.key)); memcpy(ctx->enc.key, key, keybyte); + } else { + ets_aes_setkey_enc(key, keybit); } - ets_aes_setkey_enc(key, keybit); return 0; } @@ -114,8 +113,9 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, ctx->dec.keybites = keybits; memset(ctx->dec.key, 0, sizeof(ctx->dec.key)); memcpy(ctx->dec.key, key, keybyte); + } else { + ets_aes_setkey_dec(key, keybit); } - ets_aes_setkey_dec(key, keybit); return 0; } @@ -169,10 +169,19 @@ int esp_aes_crypt_ecb( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ) { + AES_LOCK(); + + esp_aes_process_enable(ctx, mode); + if( mode == AES_ENCRYPT ) esp_aes_encrypt( ctx, input, output ); else esp_aes_decrypt( ctx, input, output ); + + esp_aes_process_disable(ctx, mode); + + AES_UNLOCK(); + return 0; } @@ -193,9 +202,6 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, if( length % 16 ) return( ERR_AES_INVALID_INPUT_LENGTH ); - AES_LOCK(); - - esp_aes_process_enable(ctx, mode); if( mode == AES_DECRYPT ) { while( length > 0 ) @@ -228,9 +234,6 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, length -= 16; } } - esp_aes_process_disable(ctx, mode); - - AES_UNLOCK(); return 0; } @@ -249,9 +252,6 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, int c; size_t n = *iv_off; - AES_LOCK(); - - esp_aes_process_enable(ctx, mode); if( mode == AES_DECRYPT ) { while( length-- ) @@ -280,9 +280,6 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, } *iv_off = n; - esp_aes_process_disable(ctx, mode); - - AES_UNLOCK(); return 0; } @@ -300,9 +297,6 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx, unsigned char c; unsigned char ov[17]; - AES_LOCK(); - - esp_aes_process_enable(ctx, mode); while( length-- ) { memcpy( ov, iv, 16 ); @@ -318,9 +312,6 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx, memcpy( iv, ov + 1, 16 ); } - esp_aes_process_disable(ctx, mode); - - AES_UNLOCK(); return 0; } @@ -339,10 +330,6 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, int c, i; size_t n = *nc_off; - AES_LOCK(); - - esp_aes_process_enable(ctx, AES_ENCRYPT); - while( length-- ) { if( n == 0 ) { @@ -359,9 +346,6 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, } *nc_off = n; - esp_aes_process_disable(ctx, AES_ENCRYPT); - - AES_UNLOCK(); return 0; } diff --git a/components/esp32/bignum.c b/components/esp32/bignum.c index 02d5a9c3d2..049116206d 100644 --- a/components/esp32/bignum.c +++ b/components/esp32/bignum.c @@ -33,17 +33,16 @@ * https://gmplib.org/manual/index.html * */ -#include "bignum.h" -#if defined(ESP_BIGNUM_ALT) #include #include -#include "esp_thread.h" +#include "bignum.h" +#include "esp_crypto.h" /* Implementation that should never be optimized out by the compiler */ -static void esp_mpi_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +//static void bzero( void *v, size_t n ) { +// volatile unsigned char *p = v; while( n-- ) *p++ = 0; +//} #define ciL (sizeof(esp_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ @@ -85,7 +84,7 @@ void esp_mpi_free( mpi *X ) if( X->p != NULL ) { - esp_mpi_zeroize( X->p, X->n * ciL ); + bzero( X->p, X->n * ciL ); free( X->p ); } @@ -117,7 +116,7 @@ int esp_mpi_grow( mpi *X, size_t nblimbs ) if( X->p != NULL ) { memcpy( p, X->p, X->n * ciL ); - esp_mpi_zeroize( X->p, X->n * ciL ); + bzero( X->p, X->n * ciL ); free( X->p ); } @@ -155,7 +154,7 @@ int esp_mpi_shrink( mpi *X, size_t nblimbs ) if( X->p != NULL ) { memcpy( p, X->p, i * ciL ); - esp_mpi_zeroize( X->p, X->n * ciL ); + bzero( X->p, X->n * ciL ); free( X->p ); } @@ -1015,11 +1014,76 @@ static void esp_mpi_mul_hlp( size_t i, esp_mpi_uint *s, esp_mpi_uint *d, esp_mpi /* * Baseline multiplication: X = A * B (HAC 14.12) */ + +static int mul_pram_alloc( mpi *X, const mpi *A, const mpi *B, char **pA, char **pB, char **pX, size_t *bites) +{ + char *sa, *sb, *sx; + int algn; + int words, bytes; + int abytes, bbytes, cbytes; + + if (A->n > B->n) + words = A->n; + else + words = B->n; + + bytes = (words / 16 + ((words % 16) ? 1 : 0 )) * 16 * 4 * 2; + + abytes = A->n * 4; + bbytes = B->n * 4; + + sa = malloc(bytes); + if (!sa) { + return -1; + } + + sb = malloc(bytes); + if (!sb) { + free(sa); + return -1; + } + + sx = malloc(bytes); + if (!sx) { + free(sa); + free(sb); + return -1; + } + + memcpy(sa, A->p, abytes); + memset(sa + abytes, 0, bytes - abytes); + + memcpy(sb, B->p, bbytes); + memset(sb + bbytes, 0, bytes - bbytes); + + *pA = sa; + *pB = sb; + + *pX = sx; + + *bites = bytes * 4; + + return 0; +} + +void mul_pram_free(char **pA, char **pB, char **pX) +{ + free(*pA); + *pA = NULL; + + free(*pB); + *pB = NULL; + + free(*pX); + *pX = NULL; +} + int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) { - int ret; + int ret = -1; size_t i, j; - size_t n = 0; + char *s1 = NULL, *s2 = NULL, *dest = NULL; + size_t bites; mpi TA, TB; @@ -1039,14 +1103,19 @@ int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) MPI_CHK( esp_mpi_grow( X, i + j ) ); MPI_CHK( esp_mpi_lset( X, 0 ) ); - n = j; -// for( i++; j > 0; j-- ) - esp_mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); + if (mul_pram_alloc(X, A, B, &s1, &s2, &dest, &bites)) { + goto cleanup; + } - BIGNUM_LOCK(); - if (ets_bigint_mult_prepare(A->p, B->p, n)){ - ets_bigint_wait_finish(); - ets_bigint_mult_getz(X->p, n); + BIGNUM_LOCK(); + if (ets_bigint_mult_prepare((uint32_t *)s1, (uint32_t *)s2, bites)){ + ets_bigint_wait_finish(); + if (ets_bigint_mult_getz((uint32_t *)dest, bites) == true) { + memcpy(X->p, dest, (i + j) * 4); + ret = 0; + } else { + esp_mpi_printf("ets_bigint_mult_getz failed\n"); + } } else{ esp_mpi_printf("Baseline multiplication failed\n"); } @@ -1054,6 +1123,8 @@ int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) X->s = A->s * B->s; + mul_pram_free(&s1, &s2, &dest); + cleanup: esp_mpi_free( &TB ); esp_mpi_free( &TA ); diff --git a/components/esp32/esp_crypto.c b/components/esp32/esp_crypto.c new file mode 100644 index 0000000000..f0e2cdcb13 --- /dev/null +++ b/components/esp32/esp_crypto.c @@ -0,0 +1,64 @@ +#include "esp_crypto.h" +#include "freertos/FreeRTOS.h" +#include "freertos/semphr.h" + +static SemaphoreHandle_t esp_crypto_mutex[MUTEX_MAX_NUM]; +static int esp_crypto_sig[MUTEX_MAX_NUM]; + +#if 0 + #define ESP_DEBUG ets_printf +#else + #define ESP_DEBUG(...) +#endif + +int esp_crypto_init(void) +{ + int i; + + for (i = 0; i < MUTEX_MAX_NUM; i++) { + esp_crypto_mutex[i] = xSemaphoreCreateMutex(); + ESP_DEBUG("init num %d mutex %p\n", i, esp_crypto_mutex[i]); + if (!esp_crypto_mutex[i]) { + goto failed1; + } + esp_crypto_sig[i] = 0; + } + + return 0; + +failed1: + ESP_DEBUG("esp_crypto_init failed\n"); + for (i--; i >= 0; i--) + vQueueDelete(esp_crypto_mutex[i]); + + return -1; +} + +void esp_crypto_lock(unsigned int num) +{ + ESP_DEBUG("1num %d, mutex %p\n", num, esp_crypto_mutex[num]); + xSemaphoreTake(esp_crypto_mutex[num], portMAX_DELAY); +} + +void esp_crypto_unlock(unsigned int num) +{ + ESP_DEBUG("2num %d, mutex %p\n", num, esp_crypto_mutex[num]); + xSemaphoreGive(esp_crypto_mutex[num]); +} + +void esp_crypto_take(unsigned int num) +{ + esp_crypto_sig[num]++; +} + +void esp_crypto_give(unsigned int num) +{ + if (esp_crypto_sig[num]) + esp_crypto_sig[num]--; +} + +bool esp_crypto_is_used(unsigned int num) +{ + return (esp_crypto_sig[num] != 0) ? true : false; +} + diff --git a/components/esp32/esp_thread.c b/components/esp32/esp_thread.c deleted file mode 100644 index e72dc996bb..0000000000 --- a/components/esp32/esp_thread.c +++ /dev/null @@ -1,53 +0,0 @@ -#include "esp_thread.h" -#include "freertos/FreeRTOS.h" -#include "freertos/semphr.h" - -static xSemaphoreHandle esp_thread_mutex[MUTEX_MAX_NUM]; -static int esp_thread_sig[MUTEX_MAX_NUM]; - -int esp_thread_init(void) -{ - int i; - - for (i = 0; i < MUTEX_MAX_NUM; i++) { - esp_thread_mutex[i] = xSemaphoreCreateMutex(); - if (!esp_thread_mutex[i]) { - goto failed1; - } - esp_thread_sig[i] = 0; - } - - return 0; - -failed1: - for (i--; i >= 0; i--) - vQueueDelete(esp_thread_mutex[i]); - - return -1; -} - -void esp_thread_lock(unsigned int num) -{ - xSemaphoreTake(esp_thread_mutex[num], portMAX_DELAY); -} - -void esp_thread_unlock(unsigned int num) -{ - xSemaphoreGive(esp_thread_mutex[num]); -} - -void esp_thread_take(unsigned int num) -{ - esp_thread_sig[num]++; -} - -void esp_thread_give(unsigned int num) -{ - esp_thread_sig[num]--; -} - -bool esp_thread_is_used(unsigned int num) -{ - return (esp_thread_sig[num] != 0) ? true : false; -} - diff --git a/components/esp32/include/bignum.h b/components/esp32/include/bignum.h index 4cb1ca88f1..fc1a5932c5 100644 --- a/components/esp32/include/bignum.h +++ b/components/esp32/include/bignum.h @@ -27,9 +27,9 @@ #include "rom/ets_sys.h" #include "rom/bigint.h" -#define ESP_BIGNUM_ALT + #define MPI_DEBUG_ALT -#if defined(ESP_BIGNUM_ALT) + #define ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */ #define ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */ @@ -700,7 +700,7 @@ int esp_mpi_is_prime( const mpi *X, int esp_mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); -#endif + #endif diff --git a/components/esp32/include/esp_thread.h b/components/esp32/include/esp_crypto.h similarity index 61% rename from components/esp32/include/esp_thread.h rename to components/esp32/include/esp_crypto.h index 7716f00f19..ef6d86ac0d 100644 --- a/components/esp32/include/esp_thread.h +++ b/components/esp32/include/esp_crypto.h @@ -1,5 +1,5 @@ -#ifndef _MULTI_THREAD_H_ -#define _MULTI_THREAD_H_ +#ifndef _MULTI_CRYPTO_H_ +#define _MULTI_CRYPTO_H_ #include "c_types.h" #include "rom/ets_sys.h" @@ -16,21 +16,21 @@ enum { MUTEX_MAX_NUM, }; -int esp_thread_init(void); +int esp_crypto_init(void); -void esp_thread_lock(unsigned int num); -void esp_thread_unlock(unsigned int num); +void esp_crypto_lock(unsigned int num); +void esp_crypto_unlock(unsigned int num); -void esp_thread_take(unsigned int num); -void esp_thread_give(unsigned int num); -bool esp_thread_is_used(unsigned int num); +void esp_crypto_take(unsigned int num); +void esp_crypto_give(unsigned int num); +bool esp_crypto_is_used(unsigned int num); -#define MUTEX_LOCK(num) esp_thread_lock(num) -#define MUTEX_UNLOCK(num) esp_thread_unlock(num) +#define MUTEX_LOCK(num) esp_crypto_lock(num) +#define MUTEX_UNLOCK(num) esp_crypto_unlock(num) -#define SIG_TAKE(num) esp_thread_take(num) -#define SIG_GIVE(num) esp_thread_give(num) -#define SIG_IS_USED(num) esp_thread_is_used(num) +#define SIG_TAKE(num) esp_crypto_take(num) +#define SIG_GIVE(num) esp_crypto_give(num) +#define SIG_IS_USED(num) esp_crypto_is_used(num) #define AES_LOCK() MUTEX_LOCK(AES_MUTEX) #define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX) @@ -53,4 +53,4 @@ bool esp_thread_is_used(unsigned int num); } #endif -#endif /* esp_thread.h */ +#endif /* esp_crypto.h */ diff --git a/components/esp32/sha.c b/components/esp32/sha.c index 9c28ca9c44..2e98de3693 100644 --- a/components/esp32/sha.c +++ b/components/esp32/sha.c @@ -23,15 +23,14 @@ * http://www.itl.nist.gov/fipspubs/fip180-1.htm */ -#include "sha.h" - #include -#include "esp_thread.h" +#include "sha.h" +#include "esp_crypto.h" /* Implementation that should never be optimized out by the compiler */ -static void esp_sha_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +//static void bzero( void *v, size_t n ) { +// volatile unsigned char *p = v; while( n-- ) *p++ = 0; +//} void esp_sha1_init( SHA1_CTX *ctx ) { @@ -48,7 +47,7 @@ void esp_sha1_free( SHA1_CTX *ctx ) if( ctx == NULL ) return; - esp_sha_zeroize( ctx, sizeof( SHA1_CTX ) ); + bzero( ctx, sizeof( SHA1_CTX ) ); SHA_LOCK(); SHA_GIVE(); @@ -74,7 +73,6 @@ void esp_sha1_starts( SHA1_CTX *ctx ) { SHA_LOCK(); ets_sha_init(&ctx->context); - SHA_UNLOCK(); ctx->context_type = SHA1; } @@ -84,7 +82,6 @@ void esp_sha1_starts( SHA1_CTX *ctx ) */ void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) { - SHA_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -133,7 +130,7 @@ void esp_sha256_free( SHA256_CTX *ctx ) if( ctx == NULL ) return; - esp_sha_zeroize( ctx, sizeof( SHA256_CTX ) ); + bzero( ctx, sizeof( SHA256_CTX ) ); SHA_LOCK(); SHA_GIVE(); @@ -154,7 +151,6 @@ void esp_sha256_starts( SHA256_CTX *ctx, int is224 ) { SHA_LOCK(); ets_sha_init(&ctx->context); - SHA_UNLOCK(); if( is224 == 0 ) { @@ -171,7 +167,6 @@ void esp_sha256_starts( SHA256_CTX *ctx, int is224 ) */ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) { - SHA_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -215,7 +210,7 @@ void esp_sha512_free( SHA512_CTX *ctx ) if( ctx == NULL ) return; - esp_sha_zeroize( ctx, sizeof( SHA512_CTX ) ); + bzero( ctx, sizeof( SHA512_CTX ) ); SHA_LOCK(); SHA_GIVE(); @@ -236,7 +231,7 @@ void esp_sha512_starts( SHA512_CTX *ctx, int is384 ) { SHA_LOCK(); ets_sha_init(&ctx->context); - SHA_UNLOCK(); + if( is384 == 0 ) { /* SHA-512 */ @@ -254,7 +249,6 @@ void esp_sha512_starts( SHA512_CTX *ctx, int is384 ) */ void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) { - SHA_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } diff --git a/components/mbedtls/library/aes.c b/components/mbedtls/library/aes.c index a186dee981..6903585194 100644 --- a/components/mbedtls/library/aes.c +++ b/components/mbedtls/library/aes.c @@ -1237,9 +1237,8 @@ int mbedtls_aes_self_test( int verbose ) unsigned char stream_block[16]; #endif mbedtls_aes_context ctx; - - memset( key, 0, 32 ); - mbedtls_aes_init( &ctx ); + + memset( key, 0, 32 ); /* * ECB mode @@ -1255,6 +1254,8 @@ int mbedtls_aes_self_test( int verbose ) memset( buf, 0, 16 ); + mbedtls_aes_init( &ctx ); + if( v == MBEDTLS_AES_DECRYPT ) { mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 ); @@ -1267,6 +1268,7 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); + mbedtls_aes_free( &ctx ); ret = 1; goto exit; } @@ -1283,6 +1285,8 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); + mbedtls_aes_free( &ctx ); + ret = 1; goto exit; } @@ -1290,6 +1294,8 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_aes_free( &ctx ); } if( verbose != 0 ) @@ -1312,6 +1318,8 @@ int mbedtls_aes_self_test( int verbose ) memset( prv, 0, 16 ); memset( buf, 0, 16 ); + mbedtls_aes_init( &ctx ); + if( v == MBEDTLS_AES_DECRYPT ) { mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 ); @@ -1324,6 +1332,8 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); + mbedtls_aes_free( &ctx ); + ret = 1; goto exit; } @@ -1348,6 +1358,8 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); + mbedtls_aes_free( &ctx ); + ret = 1; goto exit; } @@ -1355,6 +1367,8 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_aes_free( &ctx ); } if( verbose != 0 ) @@ -1377,6 +1391,8 @@ int mbedtls_aes_self_test( int verbose ) memcpy( iv, aes_test_cfb128_iv, 16 ); memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 ); + mbedtls_aes_init( &ctx ); + offset = 0; mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 ); @@ -1433,6 +1449,8 @@ int mbedtls_aes_self_test( int verbose ) memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); memcpy( key, aes_test_ctr_key[u], 16 ); + mbedtls_aes_init( &ctx ); + offset = 0; mbedtls_aes_setkey_enc( &ctx, key, 128 ); diff --git a/components/mbedtls/library/sha1.c b/components/mbedtls/library/sha1.c index 2ccf2a2f52..46ed34f943 100644 --- a/components/mbedtls/library/sha1.c +++ b/components/mbedtls/library/sha1.c @@ -396,13 +396,13 @@ int mbedtls_sha1_self_test( int verbose ) unsigned char sha1sum[20]; mbedtls_sha1_context ctx; - mbedtls_sha1_init( &ctx ); - /* * SHA-1 */ for( i = 0; i < 3; i++ ) { + mbedtls_sha1_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); @@ -426,19 +426,22 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); + mbedtls_sha1_free( &ctx ); + ret = 1; goto exit; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_sha1_free( &ctx ); } if( verbose != 0 ) mbedtls_printf( "\n" ); exit: - mbedtls_sha1_free( &ctx ); return( ret ); } diff --git a/components/mbedtls/library/sha256.c b/components/mbedtls/library/sha256.c index 4e82c0b793..cc6bd335df 100644 --- a/components/mbedtls/library/sha256.c +++ b/components/mbedtls/library/sha256.c @@ -393,13 +393,13 @@ int mbedtls_sha256_self_test( int verbose ) unsigned char sha256sum[32]; mbedtls_sha256_context ctx; - mbedtls_sha256_init( &ctx ); - for( i = 0; i < 6; i++ ) { j = i % 3; k = i < 3; + mbedtls_sha256_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); @@ -423,19 +423,22 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); + mbedtls_sha256_free( &ctx ); + ret = 1; goto exit; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_sha256_free( &ctx ); } if( verbose != 0 ) mbedtls_printf( "\n" ); exit: - mbedtls_sha256_free( &ctx ); return( ret ); } diff --git a/components/mbedtls/library/sha512.c b/components/mbedtls/library/sha512.c index 0f9e1e5352..245ede0eb2 100644 --- a/components/mbedtls/library/sha512.c +++ b/components/mbedtls/library/sha512.c @@ -449,13 +449,13 @@ int mbedtls_sha512_self_test( int verbose ) unsigned char sha512sum[64]; mbedtls_sha512_context ctx; - mbedtls_sha512_init( &ctx ); - for( i = 0; i < 6; i++ ) { j = i % 3; k = i < 3; + mbedtls_sha512_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); @@ -479,19 +479,23 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); + mbedtls_sha512_free( &ctx ); + ret = 1; goto exit; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_sha512_free( &ctx ); } if( verbose != 0 ) mbedtls_printf( "\n" ); exit: - mbedtls_sha512_free( &ctx ); + return( ret ); } From 2d80fada70e2096781e8fd49586841c81a5751a0 Mon Sep 17 00:00:00 2001 From: liuhan Date: Tue, 30 Aug 2016 20:40:58 +0800 Subject: [PATCH 05/28] components/mbedtls: MBEDTLS Handshake result check modify esp_config.h add some feature for support http2.0 protocol, TLS Handshake OK. --- components/esp32/aes.c | 4 +- components/esp32/bignum.c | 7 +- components/esp32/include/aes.h | 6 +- components/esp32/include/bignum.h | 2 +- components/esp32/include/esp_crypto.h | 2 +- components/esp32/include/sha.h | 4 +- components/esp32/sha.c | 5 + .../mbedtls/include/mbedtls/esp_config.h | 147 ++--- components/mbedtls/port/esp_hardware.c | 45 ++ components/mbedtls/port/include/sha512_alt.h | 1 + components/mbedtls/port/net.c | 522 ++++++++++++++++++ 11 files changed, 659 insertions(+), 86 deletions(-) create mode 100644 components/mbedtls/port/esp_hardware.c create mode 100644 components/mbedtls/port/net.c diff --git a/components/esp32/aes.c b/components/esp32/aes.c index 0b0a7ce3cc..3767dd7eed 100644 --- a/components/esp32/aes.c +++ b/components/esp32/aes.c @@ -64,7 +64,7 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; - uint16 keybyte = keybits / 8; + uint16_t keybyte = keybits / 8; switch (keybits){ case 128: keybit = AES128; @@ -95,7 +95,7 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; - uint16 keybyte = keybits / 8; + uint16_t keybyte = keybits / 8; switch (keybits){ case 128: keybit = AES128; diff --git a/components/esp32/bignum.c b/components/esp32/bignum.c index 049116206d..dbfa418ec8 100644 --- a/components/esp32/bignum.c +++ b/components/esp32/bignum.c @@ -1018,9 +1018,9 @@ static void esp_mpi_mul_hlp( size_t i, esp_mpi_uint *s, esp_mpi_uint *d, esp_mpi static int mul_pram_alloc( mpi *X, const mpi *A, const mpi *B, char **pA, char **pB, char **pX, size_t *bites) { char *sa, *sb, *sx; - int algn; +// int algn; int words, bytes; - int abytes, bbytes, cbytes; + int abytes, bbytes; if (A->n > B->n) words = A->n; @@ -2178,6 +2178,3 @@ cleanup: return( ret ); } - -#endif /* ESP_BIGNUM_ALT */ - diff --git a/components/esp32/include/aes.h b/components/esp32/include/aes.h index aa81e1b5f6..b1a47eb4ee 100644 --- a/components/esp32/include/aes.h +++ b/components/esp32/include/aes.h @@ -24,7 +24,7 @@ #ifndef ESP_AES_H #define ESP_AES_H -#include "c_types.h" +#include "esp_types.h" #include "rom/ets_sys.h" #include "rom/aes.h" @@ -41,8 +41,8 @@ extern "C" { typedef struct{ bool flag; - uint16 keybites; - uint8 key[32]; + uint16_t keybites; + uint8_t key[32]; }key_context, KEY_CTX; /** diff --git a/components/esp32/include/bignum.h b/components/esp32/include/bignum.h index fc1a5932c5..e077fe2ed6 100644 --- a/components/esp32/include/bignum.h +++ b/components/esp32/include/bignum.h @@ -23,7 +23,7 @@ #ifndef _ESP_BIGNUM_H #define _ESP_BIGNUM_H -#include "c_types.h" +#include "esp_types.h" #include "rom/ets_sys.h" #include "rom/bigint.h" diff --git a/components/esp32/include/esp_crypto.h b/components/esp32/include/esp_crypto.h index ef6d86ac0d..5accfe8382 100644 --- a/components/esp32/include/esp_crypto.h +++ b/components/esp32/include/esp_crypto.h @@ -1,7 +1,7 @@ #ifndef _MULTI_CRYPTO_H_ #define _MULTI_CRYPTO_H_ -#include "c_types.h" +#include "esp_types.h" #include "rom/ets_sys.h" #ifdef __cplusplus diff --git a/components/esp32/include/sha.h b/components/esp32/include/sha.h index 661354c1de..301d893ae6 100644 --- a/components/esp32/include/sha.h +++ b/components/esp32/include/sha.h @@ -6,7 +6,7 @@ #ifndef _ESP_SHA_H_ #define _ESP_SHA_H_ -#include "c_types.h" +#include "esp_types.h" #include "rom/ets_sys.h" #include "rom/sha.h" @@ -164,6 +164,8 @@ typedef sha_context SHA512_CTX; */ void esp_sha512_init( SHA512_CTX *ctx ); +void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] ); + /** * \brief Clear SHA-512 context * diff --git a/components/esp32/sha.c b/components/esp32/sha.c index 2e98de3693..e7d7e0be9a 100644 --- a/components/esp32/sha.c +++ b/components/esp32/sha.c @@ -205,6 +205,11 @@ void esp_sha512_init( SHA512_CTX *ctx ) SHA_UNLOCK(); } +void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] ) +{ + +} + void esp_sha512_free( SHA512_CTX *ctx ) { if( ctx == NULL ) diff --git a/components/mbedtls/include/mbedtls/esp_config.h b/components/mbedtls/include/mbedtls/esp_config.h index 1ea6076813..0bf7e14d17 100644 --- a/components/mbedtls/include/mbedtls/esp_config.h +++ b/components/mbedtls/include/mbedtls/esp_config.h @@ -225,7 +225,7 @@ * Uncomment a macro to enable alternate implementation of the corresponding * module. */ -#define MBEDTLS_AES_ALT +//#define MBEDTLS_AES_ALT //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT @@ -235,11 +235,11 @@ //#define MBEDTLS_MD4_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_RIPEMD160_ALT -#define MBEDTLS_SHA1_ALT -#define MBEDTLS_SHA256_ALT -#define MBEDTLS_SHA512_ALT +//#define MBEDTLS_SHA1_ALT +//#define MBEDTLS_SHA256_ALT +//#define MBEDTLS_SHA512_ALT -#define MBEDTLS_BIGNUM_ALT +//#define MBEDTLS_BIGNUM_ALT /** * \def MBEDTLS_MD2_PROCESS_ALT * @@ -374,10 +374,10 @@ * * Enable padding modes in the cipher layer. */ -//#define MBEDTLS_CIPHER_PADDING_PKCS7 -//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -//#define MBEDTLS_CIPHER_PADDING_ZEROS +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +#define MBEDTLS_CIPHER_PADDING_ZEROS /** * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES @@ -415,18 +415,18 @@ * * Comment macros to disable the curve and functions for it */ -//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -//#define MBEDTLS_ECP_DP_BP256R1_ENABLED -//#define MBEDTLS_ECP_DP_BP384R1_ENABLED -//#define MBEDTLS_ECP_DP_BP512R1_ENABLED -//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +#define MBEDTLS_ECP_DP_BP384R1_ENABLED +#define MBEDTLS_ECP_DP_BP512R1_ENABLED +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM @@ -437,7 +437,7 @@ * * Comment this macro to disable NIST curves optimisation. */ -//#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_ECP_NIST_OPTIM /** * \def MBEDTLS_ECDSA_DETERMINISTIC @@ -451,7 +451,7 @@ * * Comment this macro to disable deterministic ECDSA. */ -//#define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_ECDSA_DETERMINISTIC /** * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED @@ -473,7 +473,7 @@ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -497,7 +497,7 @@ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -517,7 +517,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED @@ -596,7 +596,7 @@ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -621,7 +621,7 @@ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -645,7 +645,7 @@ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -669,7 +669,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ -//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -693,7 +693,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ -//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -946,7 +946,7 @@ * * Comment this macro to disable support for Encrypt-then-MAC */ -//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +#define MBEDTLS_SSL_ENCRYPT_THEN_MAC /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * @@ -964,7 +964,7 @@ * * Comment this macro to disable support for Extended Master Secret. */ -//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET /** * \def MBEDTLS_SSL_FALLBACK_SCSV @@ -981,7 +981,7 @@ * * Comment this macro to disable support for FALLBACK_SCSV */ -//#define MBEDTLS_SSL_FALLBACK_SCSV +#define MBEDTLS_SSL_FALLBACK_SCSV /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL @@ -1018,7 +1018,7 @@ * * Comment this to disable support for renegotiation. */ -//#define MBEDTLS_SSL_RENEGOTIATION +#define MBEDTLS_SSL_RENEGOTIATION /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO @@ -1047,7 +1047,7 @@ * * Comment this macro to disable support for the max_fragment_length extension */ -//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH /** * \def MBEDTLS_SSL_PROTO_SSL3 @@ -1059,7 +1059,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -//#define MBEDTLS_SSL_PROTO_SSL3 +#define MBEDTLS_SSL_PROTO_SSL3 /** * \def MBEDTLS_SSL_PROTO_TLS1 @@ -1110,7 +1110,7 @@ * * Comment this macro to disable support for DTLS */ -//#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_PROTO_DTLS /** * \def MBEDTLS_SSL_ALPN @@ -1119,7 +1119,7 @@ * * Comment this macro to disable support for ALPN. */ -//#define MBEDTLS_SSL_ALPN +#define MBEDTLS_SSL_ALPN /** * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY @@ -1134,7 +1134,7 @@ * * Comment this to disable anti-replay in DTLS. */ -//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY @@ -1152,7 +1152,7 @@ * * Comment this to disable support for HelloVerifyRequest. */ -//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE @@ -1168,7 +1168,7 @@ * * Comment this to disable support for clients reusing the source port. */ -//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE /** * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT @@ -1179,7 +1179,7 @@ * * Requires: MBEDTLS_SSL_PROTO_DTLS */ -//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT +#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT /** * \def MBEDTLS_SSL_SESSION_TICKETS @@ -1193,7 +1193,7 @@ * * Comment this macro to disable support for SSL session tickets */ -//#define MBEDTLS_SSL_SESSION_TICKETS +#define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_EXPORT_KEYS @@ -1203,7 +1203,7 @@ * * Comment this macro to disable support for key export */ -//#define MBEDTLS_SSL_EXPORT_KEYS +#define MBEDTLS_SSL_EXPORT_KEYS /** * \def MBEDTLS_SSL_SERVER_NAME_INDICATION @@ -1223,7 +1223,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ -//#define MBEDTLS_SSL_TRUNCATED_HMAC +#define MBEDTLS_SSL_TRUNCATED_HMAC /** * \def MBEDTLS_THREADING_ALT @@ -1258,7 +1258,7 @@ * * Comment this to disable run-time checking and save ROM space */ -//#define MBEDTLS_VERSION_FEATURES +#define MBEDTLS_VERSION_FEATURES /** * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 @@ -1294,7 +1294,7 @@ * * Comment to skip keyUsage checking for both CA and leaf certificates. */ -//#define MBEDTLS_X509_CHECK_KEY_USAGE +#define MBEDTLS_X509_CHECK_KEY_USAGE /** * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE @@ -1307,7 +1307,7 @@ * * Comment to skip extendedKeyUsage checking for certificates. */ -//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1317,7 +1317,7 @@ * * Comment this macro to disallow using RSASSA-PSS in certificates. */ -//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +#define MBEDTLS_X509_RSASSA_PSS_SUPPORT /** * \def MBEDTLS_ZLIB_SUPPORT @@ -1459,7 +1459,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -//#define MBEDTLS_ARC4_C +#define MBEDTLS_ARC4_C /** * \def MBEDTLS_ASN1_PARSE_C @@ -1524,7 +1524,7 @@ * * Module: library/blowfish.c */ -//#define MBEDTLS_BLOWFISH_C +#define MBEDTLS_BLOWFISH_C /** * \def MBEDTLS_CAMELLIA_C @@ -1579,7 +1579,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -//#define MBEDTLS_CAMELLIA_C +#define MBEDTLS_CAMELLIA_C /** * \def MBEDTLS_CCM_C @@ -1593,7 +1593,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ -//#define MBEDTLS_CCM_C +#define MBEDTLS_CCM_C /** * \def MBEDTLS_CERTS_C @@ -1605,7 +1605,7 @@ * * This module is used for testing (ssl_client/server). */ -//#define MBEDTLS_CERTS_C +#define MBEDTLS_CERTS_C /** * \def MBEDTLS_CIPHER_C @@ -1645,7 +1645,7 @@ * * This module provides debugging functions. */ -//#define MBEDTLS_DEBUG_C +#define MBEDTLS_DEBUG_C /** * \def MBEDTLS_DES_C @@ -1671,7 +1671,7 @@ * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. */ -//#define MBEDTLS_DES_C +#define MBEDTLS_DES_C /** * \def MBEDTLS_DHM_C @@ -1685,7 +1685,7 @@ * This module is used by the following key exchanges: * DHE-RSA, DHE-PSK */ -//#define MBEDTLS_DHM_C +#define MBEDTLS_DHM_C /** * \def MBEDTLS_ECDH_C @@ -1701,7 +1701,7 @@ * * Requires: MBEDTLS_ECP_C */ -//#define MBEDTLS_ECDH_C +#define MBEDTLS_ECDH_C /** * \def MBEDTLS_ECDSA_C @@ -1716,7 +1716,7 @@ * * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C */ -//#define MBEDTLS_ECDSA_C +#define MBEDTLS_ECDSA_C /** * \def MBEDTLS_ECJPAKE_C @@ -1749,7 +1749,7 @@ * * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED */ -//#define MBEDTLS_ECP_C +#define MBEDTLS_ECP_C /** * \def MBEDTLS_ENTROPY_C @@ -1775,7 +1775,7 @@ * * This module enables mbedtls_strerror(). */ -//#define MBEDTLS_ERROR_C +#define MBEDTLS_ERROR_C /** * \def MBEDTLS_GCM_C @@ -1789,7 +1789,7 @@ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ -//#define MBEDTLS_GCM_C //764 Byte +#define MBEDTLS_GCM_C /** * \def MBEDTLS_HAVEGE_C @@ -1826,7 +1826,7 @@ * * Uncomment to enable the HMAC_DRBG random number geerator. */ -//#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_HMAC_DRBG_C /** * \def MBEDTLS_MD_C @@ -1941,7 +1941,7 @@ * * This modules adds support for the VIA PadLock on x86. */ -//#define MBEDTLS_PADLOCK_C +#define MBEDTLS_PADLOCK_C /** * \def MBEDTLS_PEM_PARSE_C @@ -2033,7 +2033,7 @@ * * This module adds support for the PKCS#5 functions. */ -//#define MBEDTLS_PKCS5_C +#define MBEDTLS_PKCS5_C /** * \def MBEDTLS_PKCS11_C @@ -2064,7 +2064,7 @@ * * This module enables PKCS#12 functions. */ -//#define MBEDTLS_PKCS12_C +#define MBEDTLS_PKCS12_C /** * \def MBEDTLS_PLATFORM_C @@ -2084,7 +2084,7 @@ * * This module enables abstraction of common (libc) functions. */ -//#define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_C /** * \def MBEDTLS_RIPEMD160_C @@ -2095,7 +2095,7 @@ * Caller: library/mbedtls_md.c * */ -//#define MBEDTLS_RIPEMD160_C +#define MBEDTLS_RIPEMD160_C /** * \def MBEDTLS_RSA_C @@ -2173,7 +2173,7 @@ * * Requires: MBEDTLS_SSL_CACHE_C */ -//#define MBEDTLS_SSL_CACHE_C +#define MBEDTLS_SSL_CACHE_C /** * \def MBEDTLS_SSL_COOKIE_C @@ -2183,7 +2183,7 @@ * Module: library/ssl_cookie.c * Caller: */ -//#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_COOKIE_C /** * \def MBEDTLS_SSL_TICKET_C @@ -2195,7 +2195,7 @@ * * Requires: MBEDTLS_CIPHER_C */ -//#define MBEDTLS_SSL_TICKET_C +#define MBEDTLS_SSL_TICKET_C /** * \def MBEDTLS_SSL_CLI_C @@ -2466,7 +2466,8 @@ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ /* SSL options */ -#define MBEDTLS_SSL_MAX_CONTENT_LEN 3072 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ + +#define MBEDTLS_SSL_MAX_CONTENT_LEN 5120 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ diff --git a/components/mbedtls/port/esp_hardware.c b/components/mbedtls/port/esp_hardware.c new file mode 100644 index 0000000000..c269a0e3f1 --- /dev/null +++ b/components/mbedtls/port/esp_hardware.c @@ -0,0 +1,45 @@ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include +#include +#include +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +/** + * \brief Entropy poll callback for a hardware source + * + * \warning This is not provided by mbed TLS! + * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h. + * + * \note This must accept NULL as its first argument. + */ +static int os_get_random(unsigned char *buf, size_t len) +{ + int i, j; + unsigned long tmp; + for (i = 0; i < ((len + 3) & ~3) / 4; i ++){ + tmp = rand(); + for (j = 0; j < 4; j ++){ + if ((i * 4 + j) < len){ + buf[i * 4 + j] = (unsigned char)(tmp >> (j * 8)); + }else{ + break; + } + } + + } + return 0; +} + +int mbedtls_hardware_poll( void *data, + unsigned char *output, size_t len, size_t *olen ) +{ + os_get_random(output, len); + *olen = len; + return 0; +} +#endif + diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h index b4e17259e4..7814bf19d8 100644 --- a/components/mbedtls/port/include/sha512_alt.h +++ b/components/mbedtls/port/include/sha512_alt.h @@ -17,6 +17,7 @@ extern "C" { typedef SHA512_CTX mbedtls_sha512_context; #define mbedtls_sha512_init esp_sha512_init +#define mbedtls_sha512_process esp_sha512_process #define mbedtls_sha512_clone esp_sha512_clone #define mbedtls_sha512_starts esp_sha512_starts #define mbedtls_sha512_update esp_sha512_update diff --git a/components/mbedtls/port/net.c b/components/mbedtls/port/net.c new file mode 100644 index 0000000000..f712d9a651 --- /dev/null +++ b/components/mbedtls/port/net.c @@ -0,0 +1,522 @@ +/* + * TCP/IP or UDP/IP networking functions + * modified for LWIP support on ESP32 + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2015 Angus Gratton + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if !defined(MBEDTLS_NET_C) + +#include "mbedtls/net.h" + +#include + +#include +#include +//#include +#include +#include +//#include + +#include +#include + +#include + +#include + +/* + * Prepare for using the sockets interface + */ +static int net_prepare( void ) +{ +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + WSADATA wsaData; + + if( wsa_init_done == 0 ) + { + if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 ) + return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + + wsa_init_done = 1; + } +#else +#endif + return( 0 ); +} + +/* + * Initialize a context + */ +void mbedtls_net_init( mbedtls_net_context *ctx ) +{ + ctx->fd = -1; +} + +/* + * Initiate a TCP connection with host:port and the given protocol + */ +int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ) +{ + int ret; + struct addrinfo hints, *addr_list, *cur; + + if( ( ret = net_prepare() ) != 0 ) + return( ret ); + + /* Do name resolution with both IPv6 and IPv4 */ + memset( &hints, 0, sizeof( hints ) ); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; + hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; + + if( getaddrinfo( host, port, &hints, &addr_list ) != 0 ) + return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + + /* Try the sockaddrs until a connection succeeds */ + ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; + for( cur = addr_list; cur != NULL; cur = cur->ai_next ) + { + ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, + cur->ai_protocol ); + if( ctx->fd < 0 ) + { + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } + + if( connect( ctx->fd, cur->ai_addr, cur->ai_addrlen ) == 0 ) + { + ret = 0; + break; + } + + close( ctx->fd ); + ret = MBEDTLS_ERR_NET_CONNECT_FAILED; + } + + freeaddrinfo( addr_list ); + + return( ret ); +} + +/* + * Create a listening socket on bind_ip:port + */ +int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ) +{ + int n, ret; + struct addrinfo hints, *addr_list, *cur; + + if( ( ret = net_prepare() ) != 0 ) + return( ret ); + + /* Bind to IPv6 and/or IPv4, but only in the desired protocol */ + memset( &hints, 0, sizeof( hints ) ); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; + hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; + + if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 ) + return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + + /* Try the sockaddrs until a binding succeeds */ + ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; + for( cur = addr_list; cur != NULL; cur = cur->ai_next ) + { + ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, + cur->ai_protocol ); + if( ctx->fd < 0 ) + { + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } + + /*SO_REUSEADDR option dafault is disable in source code(lwip)*/ +#if SO_REUSE + n = 1; + if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &n, sizeof( n ) ) != 0 ) + { + close( ctx->fd ); + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } +#endif + /*bind interface dafault don't process the addr is 0xffffffff for TCP Protocol*/ + struct sockaddr_in *serv_addr = NULL; + serv_addr = (struct sockaddr_in *)cur->ai_addr; + serv_addr->sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */ + if( bind( ctx->fd, (struct sockaddr *)serv_addr, cur->ai_addrlen ) != 0 ) + { + close( ctx->fd ); + ret = MBEDTLS_ERR_NET_BIND_FAILED; + continue; + } + + /* Listen only makes sense for TCP */ + if( proto == MBEDTLS_NET_PROTO_TCP ) + { + if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 ) + { + close( ctx->fd ); + ret = MBEDTLS_ERR_NET_LISTEN_FAILED; + continue; + } + } + + /* I we ever get there, it's a success */ + ret = 0; + break; + } + + freeaddrinfo( addr_list ); + + return( ret ); + +} + +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) +/* + * Check if the requested operation would be blocking on a non-blocking socket + * and thus 'failed' with a negative return value. + */ +static int net_would_block( const mbedtls_net_context *ctx ) +{ + ((void) ctx); + return( WSAGetLastError() == WSAEWOULDBLOCK ); +} +#else +/* + * Check if the requested operation would be blocking on a non-blocking socket + * and thus 'failed' with a negative return value. + * + * Note: on a blocking socket this function always returns 0! + */ +static int net_would_block( const mbedtls_net_context *ctx ) +{ + /* + * Never return 'WOULD BLOCK' on a non-blocking socket + */ + if( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK ) + return( 0 ); + + int error = 0; + get_errno(ctx->fd, &error); + switch( error ) + { +#if defined EAGAIN + case EAGAIN: +#endif +#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN + case EWOULDBLOCK: +#endif + return( 1 ); + } + return( 0 ); +} +#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ + +/* + * Accept a connection from a remote client + */ +int mbedtls_net_accept( mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, + void *client_ip, size_t buf_size, size_t *ip_len ) +{ + int ret; + int type; + + struct sockaddr_in client_addr; + + socklen_t n = (socklen_t) sizeof( client_addr ); + socklen_t type_len = (socklen_t) sizeof( type ); + + /* Is this a TCP or UDP socket? */ + if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE, + (void *) &type, (socklen_t *) &type_len ) != 0 || + ( type != SOCK_STREAM && type != SOCK_DGRAM ) ) + { + return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + } + + if( type == SOCK_STREAM ) + { + /* TCP: actual accept() */ + ret = client_ctx->fd = (int) accept( bind_ctx->fd, + (struct sockaddr *) &client_addr, &n ); + } + else + { + /* UDP: wait for a message, but keep it in the queue */ + char buf[1] = { 0 }; + + ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK, + (struct sockaddr *) &client_addr, &n ); + +#if defined(_WIN32) + if( ret == SOCKET_ERROR && + WSAGetLastError() == WSAEMSGSIZE ) + { + /* We know buf is too small, thanks, just peeking here */ + ret = 0; + } +#endif + } + + if( ret < 0 ) + { + if( net_would_block( bind_ctx ) != 0 ) + return( MBEDTLS_ERR_SSL_WANT_READ ); + + return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + } + + /* UDP: hijack the listening socket to communicate with the client, + * then bind a new socket to accept new connections */ + if( type != SOCK_STREAM ) + { + struct sockaddr_in local_addr; + int one = 1; + + if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) + return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + + client_ctx->fd = bind_ctx->fd; + bind_ctx->fd = -1; /* In case we exit early */ + + n = sizeof( struct sockaddr_in ); + if( getsockname( client_ctx->fd, + (struct sockaddr *) &local_addr, &n ) != 0 || + ( bind_ctx->fd = (int) socket( AF_INET, + SOCK_DGRAM, IPPROTO_UDP ) ) < 0 || + setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &one, sizeof( one ) ) != 0 ) + { + return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + } + + if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) + { + return( MBEDTLS_ERR_NET_BIND_FAILED ); + } + } + + if( client_ip != NULL ) + { + struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; + *ip_len = sizeof( addr4->sin_addr.s_addr ); + + if( buf_size < *ip_len ) + return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL ); + + memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len ); + } + + return( 0 ); +} + +/* + * Set the socket blocking or non-blocking + */ +int mbedtls_net_set_block( mbedtls_net_context *ctx ) +{ +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + u_long n = 0; + return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); +#else + return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) ); +#endif +} + +int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) +{ +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + u_long n = 1; + return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); +#else + return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) ); +#endif +} + +/* + * Portable usleep helper + */ +void mbedtls_net_usleep( unsigned long usec ) +{ +#if defined(_WIN32) + Sleep( ( usec + 999 ) / 1000 ); +#else + struct timeval tv; + tv.tv_sec = usec / 1000000; +#if defined(__unix__) || defined(__unix) || \ + ( defined(__APPLE__) && defined(__MACH__) ) + tv.tv_usec = (suseconds_t) usec % 1000000; +#else + tv.tv_usec = usec % 1000000; +#endif + select( 0, NULL, NULL, NULL, &tv ); +#endif +} + +/* + * Read at most 'len' characters + */ +int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) +{ + int ret; + int fd = ((mbedtls_net_context *) ctx)->fd; + int error = 0; + get_errno(fd, &error); + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + ret = (int) read( fd, buf, len ); + + if( ret < 0 ) + { + if( net_would_block( ctx ) != 0 ) + return( MBEDTLS_ERR_SSL_WANT_READ ); + +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + if( WSAGetLastError() == WSAECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); +#else + if( error == EPIPE || error == ECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); + + if( error == EINTR ) + return( MBEDTLS_ERR_SSL_WANT_READ ); +#endif + + return( MBEDTLS_ERR_NET_RECV_FAILED ); + } + + return( ret ); +} + +/* + * Read at most 'len' characters, blocking for at most 'timeout' ms + */ +int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, + uint32_t timeout ) +{ + int ret; + struct timeval tv; + fd_set read_fds; + int fd = ((mbedtls_net_context *) ctx)->fd; + + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + FD_ZERO( &read_fds ); + FD_SET( fd, &read_fds ); + + tv.tv_sec = timeout / 1000; + tv.tv_usec = ( timeout % 1000 ) * 1000; + + ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv ); + + /* Zero fds ready means we timed out */ + if( ret == 0 ) + return( MBEDTLS_ERR_SSL_TIMEOUT ); + + if( ret < 0 ) + { +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + if( WSAGetLastError() == WSAEINTR ) + return( MBEDTLS_ERR_SSL_WANT_READ ); +#else + if( errno == EINTR ) + return( MBEDTLS_ERR_SSL_WANT_READ ); +#endif + + return( MBEDTLS_ERR_NET_RECV_FAILED ); + } + + /* This call will not block */ + return( mbedtls_net_recv( ctx, buf, len ) ); +} + +/* + * Write at most 'len' characters + */ +int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) +{ + int ret; + int fd = ((mbedtls_net_context *) ctx)->fd; + + int error = 0; + get_errno(fd, &error); + + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + ret = (int) write( fd, buf, len ); + + if( ret < 0 ) + { + if( net_would_block( ctx ) != 0 ) + return( MBEDTLS_ERR_SSL_WANT_WRITE ); + +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + if( WSAGetLastError() == WSAECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); +#else + if( error == EPIPE || error == ECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); + + if( error == EINTR ) + return( MBEDTLS_ERR_SSL_WANT_WRITE ); +#endif + + return( MBEDTLS_ERR_NET_SEND_FAILED ); + } + + return( ret ); +} + +/* + * Gracefully close the connection + */ +void mbedtls_net_free( mbedtls_net_context *ctx ) +{ + if( ctx->fd == -1 ) + return; + + shutdown( ctx->fd, 2 ); + close( ctx->fd ); + + ctx->fd = -1; +} + +#endif /* MBEDTLS_NET_C */ From 1900c50d3b2bf017bf27f981e6caa8a991b11035 Mon Sep 17 00:00:00 2001 From: liuhan Date: Wed, 31 Aug 2016 11:43:48 +0800 Subject: [PATCH 06/28] components/mbedtls: modify hardware encryption feature rename "flag" and "keybites" in aes file, rename "xxx_starts" and add license in sha file. --- components/esp32/aes.c | 16 ++++++------- components/esp32/include/aes.h | 4 ++-- components/esp32/include/sha.h | 25 +++++++++++++------- components/esp32/sha.c | 12 +++++----- components/mbedtls/port/include/sha1_alt.h | 2 +- components/mbedtls/port/include/sha256_alt.h | 2 +- components/mbedtls/port/include/sha512_alt.h | 2 +- 7 files changed, 36 insertions(+), 27 deletions(-) diff --git a/components/esp32/aes.c b/components/esp32/aes.c index 3767dd7eed..bcc4eb2fdb 100644 --- a/components/esp32/aes.c +++ b/components/esp32/aes.c @@ -77,9 +77,9 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, break; default : return( ERR_AES_INVALID_KEY_LENGTH ); } - if (ctx->enc.flag == false){ - ctx->enc.flag = true; - ctx->enc.keybites = keybits; + if (ctx->enc.keyflag == false){ + ctx->enc.keyflag = true; + ctx->enc.keybits = keybits; memset(ctx->enc.key, 0, sizeof(ctx->enc.key)); memcpy(ctx->enc.key, key, keybyte); } else { @@ -108,9 +108,9 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, break; default : return( ERR_AES_INVALID_KEY_LENGTH ); } - if (ctx->dec.flag == false){ - ctx->dec.flag = true; - ctx->dec.keybites = keybits; + if (ctx->dec.keyflag == false){ + ctx->dec.keyflag = true; + ctx->dec.keybits = keybits; memset(ctx->dec.key, 0, sizeof(ctx->dec.key)); memcpy(ctx->dec.key, key, keybyte); } else { @@ -123,9 +123,9 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, static void esp_aes_process_enable(AES_CTX *ctx, int mode) { if( mode == AES_ENCRYPT ){ - esp_aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybites); + esp_aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybits); }else{ - esp_aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybites); + esp_aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybits); } return; } diff --git a/components/esp32/include/aes.h b/components/esp32/include/aes.h index b1a47eb4ee..c3409cbaf1 100644 --- a/components/esp32/include/aes.h +++ b/components/esp32/include/aes.h @@ -40,8 +40,8 @@ extern "C" { #define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ typedef struct{ - bool flag; - uint16_t keybites; + bool keyflag; + uint16_t keybits; uint8_t key[32]; }key_context, KEY_CTX; diff --git a/components/esp32/include/sha.h b/components/esp32/include/sha.h index 301d893ae6..93aed46e80 100644 --- a/components/esp32/include/sha.h +++ b/components/esp32/include/sha.h @@ -1,8 +1,17 @@ -/* - * copyright (c) 2010 - 2012 Espressif System - * - * esf Link List Descriptor - */ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _ESP_SHA_H_ #define _ESP_SHA_H_ @@ -53,7 +62,7 @@ void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]); * * \param ctx context to be initialized */ -void esp_sha1_starts( SHA1_CTX *ctx ); +void esp_sha1_start( SHA1_CTX *ctx ); /** * \brief SHA-1 process buffer @@ -120,7 +129,7 @@ void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ); * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 */ -void esp_sha256_starts( SHA256_CTX *ctx, int is224 ); +void esp_sha256_start( SHA256_CTX *ctx, int is224 ); /** * \brief SHA-256 process buffer @@ -187,7 +196,7 @@ void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ); * \param ctx context to be initialized * \param is384 0 = use SHA512, 1 = use SHA384 */ -void esp_sha512_starts( SHA512_CTX *ctx, int is384 ); +void esp_sha512_start( SHA512_CTX *ctx, int is384 ); /** * \brief SHA-512 process buffer diff --git a/components/esp32/sha.c b/components/esp32/sha.c index e7d7e0be9a..1a09ab7b56 100644 --- a/components/esp32/sha.c +++ b/components/esp32/sha.c @@ -69,7 +69,7 @@ void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]) /* * SHA-1 context setup */ -void esp_sha1_starts( SHA1_CTX *ctx ) +void esp_sha1_start( SHA1_CTX *ctx ) { SHA_LOCK(); ets_sha_init(&ctx->context); @@ -102,7 +102,7 @@ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char out SHA1_CTX ctx; esp_sha1_init( &ctx ); - esp_sha1_starts( &ctx ); + esp_sha1_start( &ctx ); esp_sha1_update( &ctx, input, ilen ); esp_sha1_finish( &ctx, output ); esp_sha1_free( &ctx ); @@ -147,7 +147,7 @@ void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) /* * SHA-256 context setup */ -void esp_sha256_starts( SHA256_CTX *ctx, int is224 ) +void esp_sha256_start( SHA256_CTX *ctx, int is224 ) { SHA_LOCK(); ets_sha_init(&ctx->context); @@ -187,7 +187,7 @@ void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char o SHA256_CTX ctx; esp_sha256_init( &ctx ); - esp_sha256_starts( &ctx, is224 ); + esp_sha256_start( &ctx, is224 ); esp_sha256_update( &ctx, input, ilen ); esp_sha256_finish( &ctx, output ); esp_sha256_free( &ctx ); @@ -232,7 +232,7 @@ void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) /* * SHA-512 context setup */ -void esp_sha512_starts( SHA512_CTX *ctx, int is384 ) +void esp_sha512_start( SHA512_CTX *ctx, int is384 ) { SHA_LOCK(); ets_sha_init(&ctx->context); @@ -274,7 +274,7 @@ void esp_sha512_output( const unsigned char *input, size_t ilen,unsigned char ou SHA512_CTX ctx; esp_sha512_init( &ctx ); - esp_sha512_starts( &ctx, is384 ); + esp_sha512_start( &ctx, is384 ); esp_sha512_update( &ctx, input, ilen ); esp_sha512_finish( &ctx, output ); esp_sha512_free( &ctx ); diff --git a/components/mbedtls/port/include/sha1_alt.h b/components/mbedtls/port/include/sha1_alt.h index 2cb0e926de..98cbf5b625 100644 --- a/components/mbedtls/port/include/sha1_alt.h +++ b/components/mbedtls/port/include/sha1_alt.h @@ -17,7 +17,7 @@ extern "C" { typedef SHA1_CTX mbedtls_sha1_context; #define mbedtls_sha1_init esp_sha1_init -#define mbedtls_sha1_starts esp_sha1_starts +#define mbedtls_sha1_starts esp_sha1_start #define mbedtls_sha1_clone esp_sha1_clone #define mbedtls_sha1_update esp_sha1_update #define mbedtls_sha1_finish esp_sha1_finish diff --git a/components/mbedtls/port/include/sha256_alt.h b/components/mbedtls/port/include/sha256_alt.h index 00beb2d28c..e8585e9768 100644 --- a/components/mbedtls/port/include/sha256_alt.h +++ b/components/mbedtls/port/include/sha256_alt.h @@ -19,7 +19,7 @@ typedef SHA256_CTX mbedtls_sha256_context; #define mbedtls_sha256_init esp_sha256_init #define mbedtls_sha256_clone esp_sha256_clone -#define mbedtls_sha256_starts esp_sha256_starts +#define mbedtls_sha256_starts esp_sha256_start #define mbedtls_sha256_update esp_sha256_update #define mbedtls_sha256_finish esp_sha256_finish #define mbedtls_sha256_free esp_sha256_free diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h index 7814bf19d8..117660dcde 100644 --- a/components/mbedtls/port/include/sha512_alt.h +++ b/components/mbedtls/port/include/sha512_alt.h @@ -19,7 +19,7 @@ typedef SHA512_CTX mbedtls_sha512_context; #define mbedtls_sha512_init esp_sha512_init #define mbedtls_sha512_process esp_sha512_process #define mbedtls_sha512_clone esp_sha512_clone -#define mbedtls_sha512_starts esp_sha512_starts +#define mbedtls_sha512_starts esp_sha512_start #define mbedtls_sha512_update esp_sha512_update #define mbedtls_sha512_finish esp_sha512_finish #define mbedtls_sha512_free esp_sha512_free From 09aa6ebc856667e0914155aae0104f65a4d6c4a9 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Thu, 1 Sep 2016 08:28:03 +1000 Subject: [PATCH 07/28] lwip Makefile: Add POSIX headers to include path to #include , etc, works. --- components/lwip/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/lwip/Makefile b/components/lwip/Makefile index e159c25c2d..cf9c361f5a 100644 --- a/components/lwip/Makefile +++ b/components/lwip/Makefile @@ -2,7 +2,7 @@ # Component Makefile # -COMPONENT_ADD_INCLUDEDIRS := include/lwip include/lwip/port +COMPONENT_ADD_INCLUDEDIRS := include/lwip include/lwip/port include/lwip/posix COMPONENT_SRCDIRS := api apps/sntp apps core/ipv4 core/ipv6 core netif port/freertos port/netif port From f4ff32977df57f67a3fb036d8efff632ca918943 Mon Sep 17 00:00:00 2001 From: liuhan Date: Thu, 1 Sep 2016 10:53:23 +0800 Subject: [PATCH 08/28] components/mbedtls: modify MBEDTLS net feature modify get the connection's 'errno' info by calling getsockopt function. --- components/mbedtls/port/net.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/components/mbedtls/port/net.c b/components/mbedtls/port/net.c index f712d9a651..61162a78e2 100644 --- a/components/mbedtls/port/net.c +++ b/components/mbedtls/port/net.c @@ -68,6 +68,14 @@ static int net_prepare( void ) return( 0 ); } +static int mbedtls_net_errno(int fd) +{ + int sock_errno = 0; + u32_t optlen = sizeof(sock_errno); + getsockopt(fd, SOL_SOCKET, SO_ERROR, &sock_errno, &optlen); + return sock_errno; +} + /* * Initialize a context */ @@ -225,8 +233,8 @@ static int net_would_block( const mbedtls_net_context *ctx ) if( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK ) return( 0 ); - int error = 0; - get_errno(ctx->fd, &error); + int error = mbedtls_net_errno(ctx->fd); + switch( error ) { #if defined EAGAIN @@ -393,7 +401,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) int ret; int fd = ((mbedtls_net_context *) ctx)->fd; int error = 0; - get_errno(fd, &error); + if( fd < 0 ) return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); @@ -404,6 +412,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) if( net_would_block( ctx ) != 0 ) return( MBEDTLS_ERR_SSL_WANT_READ ); + error = mbedtls_net_errno(fd); #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) if( WSAGetLastError() == WSAECONNRESET ) @@ -475,7 +484,6 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) int fd = ((mbedtls_net_context *) ctx)->fd; int error = 0; - get_errno(fd, &error); if( fd < 0 ) return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); @@ -487,6 +495,7 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) if( net_would_block( ctx ) != 0 ) return( MBEDTLS_ERR_SSL_WANT_WRITE ); + error = mbedtls_net_errno(fd); #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) if( WSAGetLastError() == WSAECONNRESET ) From fc2bfc1f4911c6b5310d51f3b7b3d0dcaa4f93f5 Mon Sep 17 00:00:00 2001 From: Wu Jian Gang Date: Fri, 2 Sep 2016 11:31:38 +0800 Subject: [PATCH 09/28] mbedtls: just format related files method from !46 --- components/esp32/aes.c | 347 ++++++++++--------- components/esp32/esp_crypto.c | 50 +-- components/esp32/include/aes.h | 61 ++-- components/esp32/include/esp_crypto.h | 48 +-- components/esp32/include/sha.h | 10 +- components/esp32/sha.c | 96 ++--- components/mbedtls/port/esp_hardware.c | 36 +- components/mbedtls/port/include/aes_alt.h | 26 +- components/mbedtls/port/include/bignum_alt.h | 90 ++--- components/mbedtls/port/include/sha1_alt.h | 20 +- components/mbedtls/port/include/sha256_alt.h | 20 +- components/mbedtls/port/include/sha512_alt.h | 22 +- components/mbedtls/port/net.c | 296 ++++++++-------- 13 files changed, 574 insertions(+), 548 deletions(-) diff --git a/components/esp32/aes.c b/components/esp32/aes.c index bcc4eb2fdb..e22c08a371 100644 --- a/components/esp32/aes.c +++ b/components/esp32/aes.c @@ -39,100 +39,112 @@ void esp_aes_init( AES_CTX *ctx ) AES_LOCK(); AES_TAKE(); - ets_aes_enable(); - AES_UNLOCK(); + ets_aes_enable(); + AES_UNLOCK(); } void esp_aes_free( AES_CTX *ctx ) { - if( ctx == NULL ) + if ( ctx == NULL ) { return; + } bzero( ctx, sizeof( AES_CTX ) ); AES_LOCK(); AES_GIVE(); - if (false == AES_IS_USED()) - ets_aes_disable(); - AES_UNLOCK(); + + if (false == AES_IS_USED()) { + ets_aes_disable(); + } + + AES_UNLOCK(); } /* * AES key schedule (encryption) */ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, - unsigned int keybits ) + unsigned int keybits ) { - enum AES_BITS keybit; - uint16_t keybyte = keybits / 8; - switch (keybits){ - case 128: - keybit = AES128; - break; - case 192: - keybit = AES192; - break; - case 256: - keybit = AES256; - break; - default : return( ERR_AES_INVALID_KEY_LENGTH ); - } - if (ctx->enc.keyflag == false){ - ctx->enc.keyflag = true; - ctx->enc.keybits = keybits; - memset(ctx->enc.key, 0, sizeof(ctx->enc.key)); - memcpy(ctx->enc.key, key, keybyte); - } else { - ets_aes_setkey_enc(key, keybit); - } - return 0; + enum AES_BITS keybit; + uint16_t keybyte = keybits / 8; + + switch (keybits) { + case 128: + keybit = AES128; + break; + case 192: + keybit = AES192; + break; + case 256: + keybit = AES256; + break; + default: + return ( ERR_AES_INVALID_KEY_LENGTH ); + } + + if (ctx->enc.keyflag == false) { + ctx->enc.keyflag = true; + ctx->enc.keybits = keybits; + memset(ctx->enc.key, 0, sizeof(ctx->enc.key)); + memcpy(ctx->enc.key, key, keybyte); + } else { + ets_aes_setkey_enc(key, keybit); + } + + return 0; } /* * AES key schedule (decryption) */ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, - unsigned int keybits ) + unsigned int keybits ) { - enum AES_BITS keybit; - uint16_t keybyte = keybits / 8; - switch (keybits){ - case 128: - keybit = AES128; - break; - case 192: - keybit = AES192; - break; - case 256: - keybit = AES256; - break; - default : return( ERR_AES_INVALID_KEY_LENGTH ); - } - if (ctx->dec.keyflag == false){ - ctx->dec.keyflag = true; - ctx->dec.keybits = keybits; - memset(ctx->dec.key, 0, sizeof(ctx->dec.key)); - memcpy(ctx->dec.key, key, keybyte); - } else { - ets_aes_setkey_dec(key, keybit); - } - return 0; + enum AES_BITS keybit; + uint16_t keybyte = keybits / 8; + switch (keybits) { + case 128: + keybit = AES128; + break; + case 192: + keybit = AES192; + break; + case 256: + keybit = AES256; + break; + default: + return ( ERR_AES_INVALID_KEY_LENGTH ); + } + + if (ctx->dec.keyflag == false) { + ctx->dec.keyflag = true; + ctx->dec.keybits = keybits; + memset(ctx->dec.key, 0, sizeof(ctx->dec.key)); + memcpy(ctx->dec.key, key, keybyte); + } else { + ets_aes_setkey_dec(key, keybit); + } + + return 0; } static void esp_aes_process_enable(AES_CTX *ctx, int mode) { - if( mode == AES_ENCRYPT ){ - esp_aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybits); - }else{ - esp_aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybits); - } - return; + if ( mode == AES_ENCRYPT ) { + esp_aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybits); + } else { + esp_aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybits); + } + + return; } static void esp_aes_process_disable(AES_CTX *ctx, int mode) { - + } /* @@ -140,11 +152,12 @@ static void esp_aes_process_disable(AES_CTX *ctx, int mode) */ void esp_aes_encrypt( AES_CTX *ctx, - const unsigned char input[16], - unsigned char output[16] ) + const unsigned char input[16], + unsigned char output[16] ) { - ets_aes_crypt(input, output); - return ; + ets_aes_crypt(input, output); + + return ; } @@ -153,11 +166,12 @@ void esp_aes_encrypt( AES_CTX *ctx, */ void esp_aes_decrypt( AES_CTX *ctx, - const unsigned char input[16], - unsigned char output[16] ) + const unsigned char input[16], + unsigned char output[16] ) { - ets_aes_crypt(input, output); - return ; + ets_aes_crypt(input, output); + + return ; } @@ -165,24 +179,25 @@ void esp_aes_decrypt( AES_CTX *ctx, * AES-ECB block encryption/decryption */ int esp_aes_crypt_ecb( AES_CTX *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) + int mode, + const unsigned char input[16], + unsigned char output[16] ) { - AES_LOCK(); - - esp_aes_process_enable(ctx, mode); + AES_LOCK(); - if( mode == AES_ENCRYPT ) + esp_aes_process_enable(ctx, mode); + + if ( mode == AES_ENCRYPT ) { esp_aes_encrypt( ctx, input, output ); - else + } else { esp_aes_decrypt( ctx, input, output ); + } - esp_aes_process_disable(ctx, mode); - - AES_UNLOCK(); - - return 0; + esp_aes_process_disable(ctx, mode); + + AES_UNLOCK(); + + return 0; } @@ -190,27 +205,27 @@ int esp_aes_crypt_ecb( AES_CTX *ctx, * AES-CBC buffer encryption/decryption */ int esp_aes_crypt_cbc( AES_CTX *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) { - int i; + int i; unsigned char temp[16]; - if( length % 16 ) - return( ERR_AES_INVALID_INPUT_LENGTH ); + if ( length % 16 ) { + return ( ERR_AES_INVALID_INPUT_LENGTH ); + } - if( mode == AES_DECRYPT ) - { - while( length > 0 ) - { + if ( mode == AES_DECRYPT ) { + while ( length > 0 ) { memcpy( temp, input, 16 ); esp_aes_crypt_ecb( ctx, mode, input, output ); - for( i = 0; i < 16; i++ ) + for ( i = 0; i < 16; i++ ) { output[i] = (unsigned char)( output[i] ^ iv[i] ); + } memcpy( iv, temp, 16 ); @@ -218,13 +233,11 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, output += 16; length -= 16; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < 16; i++ ) + } else { + while ( length > 0 ) { + for ( i = 0; i < 16; i++ ) { output[i] = (unsigned char)( input[i] ^ iv[i] ); + } esp_aes_crypt_ecb( ctx, mode, output, output ); memcpy( iv, output, 16 ); @@ -235,85 +248,83 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, } } - return 0; + return 0; } /* * AES-CFB128 buffer encryption/decryption */ int esp_aes_crypt_cfb128( AES_CTX *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) { - int c; - size_t n = *iv_off; + int c; + size_t n = *iv_off; - if( mode == AES_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + if ( mode == AES_DECRYPT ) { + while ( length-- ) { + if ( n == 0 ) { + esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + } - c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); - iv[n] = (unsigned char) c; - - n = ( n + 1 ) & 0x0F; - } - } - else - { - while( length-- ) - { - if( n == 0 ) - esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); - - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); - - n = ( n + 1 ) & 0x0F; - } - } - - *iv_off = n; + c = *input++; + *output++ = (unsigned char)( c ^ iv[n] ); + iv[n] = (unsigned char) c; - return 0; + n = ( n + 1 ) & 0x0F; + } + } else { + while ( length-- ) { + if ( n == 0 ) { + esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + } + + iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + + n = ( n + 1 ) & 0x0F; + } + } + + *iv_off = n; + + return 0; } /* * AES-CFB8 buffer encryption/decryption */ int esp_aes_crypt_cfb8( AES_CTX *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) { - unsigned char c; - unsigned char ov[17]; + unsigned char c; + unsigned char ov[17]; - while( length-- ) - { - memcpy( ov, iv, 16 ); - esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); - - if( mode == AES_DECRYPT ) - ov[16] = *input; - - c = *output++ = (unsigned char)( iv[0] ^ *input++ ); + while ( length-- ) { + memcpy( ov, iv, 16 ); + esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); - if( mode == AES_ENCRYPT ) - ov[16] = c; - - memcpy( iv, ov + 1, 16 ); - } + if ( mode == AES_DECRYPT ) { + ov[16] = *input; + } - return 0; + c = *output++ = (unsigned char)( iv[0] ^ *input++ ); + + if ( mode == AES_ENCRYPT ) { + ov[16] = c; + } + + memcpy( iv, ov + 1, 16 ); + } + + return 0; } /* @@ -326,18 +337,18 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, unsigned char stream_block[16], const unsigned char *input, unsigned char *output ) -{ - int c, i; +{ + int c, i; size_t n = *nc_off; - while( length-- ) - { - if( n == 0 ) { + while ( length-- ) { + if ( n == 0 ) { esp_aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); - for( i = 16; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for ( i = 16; i > 0; i-- ) + if ( ++nonce_counter[i - 1] != 0 ) { break; + } } c = *input++; *output++ = (unsigned char)( c ^ stream_block[n] ); @@ -347,6 +358,6 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, *nc_off = n; - return 0; + return 0; } diff --git a/components/esp32/esp_crypto.c b/components/esp32/esp_crypto.c index f0e2cdcb13..0a5cd2f472 100644 --- a/components/esp32/esp_crypto.c +++ b/components/esp32/esp_crypto.c @@ -6,59 +6,61 @@ static SemaphoreHandle_t esp_crypto_mutex[MUTEX_MAX_NUM]; static int esp_crypto_sig[MUTEX_MAX_NUM]; #if 0 - #define ESP_DEBUG ets_printf +#define ESP_DEBUG ets_printf #else - #define ESP_DEBUG(...) +#define ESP_DEBUG(...) #endif int esp_crypto_init(void) { - int i; + int i; - for (i = 0; i < MUTEX_MAX_NUM; i++) { - esp_crypto_mutex[i] = xSemaphoreCreateMutex(); - ESP_DEBUG("init num %d mutex %p\n", i, esp_crypto_mutex[i]); - if (!esp_crypto_mutex[i]) { - goto failed1; - } - esp_crypto_sig[i] = 0; - } + for (i = 0; i < MUTEX_MAX_NUM; i++) { + esp_crypto_mutex[i] = xSemaphoreCreateMutex(); + ESP_DEBUG("init num %d mutex %p\n", i, esp_crypto_mutex[i]); + if (!esp_crypto_mutex[i]) { + goto failed1; + } + esp_crypto_sig[i] = 0; + } - return 0; + return 0; failed1: - ESP_DEBUG("esp_crypto_init failed\n"); - for (i--; i >= 0; i--) - vQueueDelete(esp_crypto_mutex[i]); + ESP_DEBUG("esp_crypto_init failed\n"); + for (i--; i >= 0; i--) { + vQueueDelete(esp_crypto_mutex[i]); + } - return -1; + return -1; } void esp_crypto_lock(unsigned int num) { - ESP_DEBUG("1num %d, mutex %p\n", num, esp_crypto_mutex[num]); - xSemaphoreTake(esp_crypto_mutex[num], portMAX_DELAY); + ESP_DEBUG("1num %d, mutex %p\n", num, esp_crypto_mutex[num]); + xSemaphoreTake(esp_crypto_mutex[num], portMAX_DELAY); } void esp_crypto_unlock(unsigned int num) { - ESP_DEBUG("2num %d, mutex %p\n", num, esp_crypto_mutex[num]); - xSemaphoreGive(esp_crypto_mutex[num]); + ESP_DEBUG("2num %d, mutex %p\n", num, esp_crypto_mutex[num]); + xSemaphoreGive(esp_crypto_mutex[num]); } void esp_crypto_take(unsigned int num) { - esp_crypto_sig[num]++; + esp_crypto_sig[num]++; } void esp_crypto_give(unsigned int num) { - if (esp_crypto_sig[num]) - esp_crypto_sig[num]--; + if (esp_crypto_sig[num]) { + esp_crypto_sig[num]--; + } } bool esp_crypto_is_used(unsigned int num) { - return (esp_crypto_sig[num] != 0) ? true : false; + return (esp_crypto_sig[num] != 0) ? true : false; } diff --git a/components/esp32/include/aes.h b/components/esp32/include/aes.h index c3409cbaf1..76ea47c556 100644 --- a/components/esp32/include/aes.h +++ b/components/esp32/include/aes.h @@ -18,9 +18,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * + * */ - + #ifndef ESP_AES_H #define ESP_AES_H @@ -39,11 +39,11 @@ extern "C" { #define ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ -typedef struct{ - bool keyflag; - uint16_t keybits; +typedef struct { + bool keyflag; + uint16_t keybits; uint8_t key[32]; -}key_context, KEY_CTX; +} key_context, KEY_CTX; /** * \brief AES context structure @@ -53,13 +53,12 @@ typedef struct{ * - to simplify key expansion in the 256-bit case by * generating an extra round key */ -typedef struct -{ +typedef struct { int nr; /*!< number of rounds */ uint32_t *rk; /*!< AES round keys */ - KEY_CTX enc; - KEY_CTX dec; -}aes_context, AES_CTX; + KEY_CTX enc; + KEY_CTX dec; +} aes_context, AES_CTX; /** * \brief Initialize AES context @@ -84,7 +83,7 @@ void esp_aes_free( AES_CTX *ctx ); * * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH */ -int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,unsigned int keybits ); +int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ); /** * \brief AES key schedule (decryption) @@ -95,7 +94,7 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,unsigned int keyb * * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH */ -int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,unsigned int keybits ); +int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ); /** * \brief AES-ECB block encryption/decryption @@ -107,7 +106,7 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,unsigned int keyb * * \return 0 if successful */ -int esp_aes_crypt_ecb( AES_CTX *ctx,int mode,const unsigned char input[16],unsigned char output[16] ); +int esp_aes_crypt_ecb( AES_CTX *ctx, int mode, const unsigned char input[16], unsigned char output[16] ); /** * \brief AES-CBC buffer encryption/decryption @@ -132,11 +131,11 @@ int esp_aes_crypt_ecb( AES_CTX *ctx,int mode,const unsigned char input[16],unsig * \return 0 if successful, or ERR_AES_INVALID_INPUT_LENGTH */ int esp_aes_crypt_cbc( AES_CTX *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); /** @@ -165,12 +164,12 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, * \return 0 if successful */ int esp_aes_crypt_cfb128( AES_CTX *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); /** * \brief AES-CFB8 buffer encryption/decryption. @@ -197,11 +196,11 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, * \return 0 if successful */ int esp_aes_crypt_cfb8( AES_CTX *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); /** * \brief AES-CTR buffer encryption/decryption @@ -243,7 +242,7 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -void esp_aes_encrypt( AES_CTX *ctx, const unsigned char input[16],unsigned char output[16] ); +void esp_aes_encrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ); /** * \brief Internal AES block decryption function diff --git a/components/esp32/include/esp_crypto.h b/components/esp32/include/esp_crypto.h index 5accfe8382..bac07ceac0 100644 --- a/components/esp32/include/esp_crypto.h +++ b/components/esp32/include/esp_crypto.h @@ -9,11 +9,11 @@ extern "C" { #endif enum { - AES_MUTEX = 0, - BIGNUM_MUTEX, - SHA_MUTEX, + AES_MUTEX = 0, + BIGNUM_MUTEX, + SHA_MUTEX, - MUTEX_MAX_NUM, + MUTEX_MAX_NUM, }; int esp_crypto_init(void); @@ -25,29 +25,29 @@ void esp_crypto_take(unsigned int num); void esp_crypto_give(unsigned int num); bool esp_crypto_is_used(unsigned int num); -#define MUTEX_LOCK(num) esp_crypto_lock(num) -#define MUTEX_UNLOCK(num) esp_crypto_unlock(num) +#define MUTEX_LOCK(num) esp_crypto_lock(num) +#define MUTEX_UNLOCK(num) esp_crypto_unlock(num) -#define SIG_TAKE(num) esp_crypto_take(num) -#define SIG_GIVE(num) esp_crypto_give(num) -#define SIG_IS_USED(num) esp_crypto_is_used(num) +#define SIG_TAKE(num) esp_crypto_take(num) +#define SIG_GIVE(num) esp_crypto_give(num) +#define SIG_IS_USED(num) esp_crypto_is_used(num) -#define AES_LOCK() MUTEX_LOCK(AES_MUTEX) -#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX) -#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX) -#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX) -#define SHA_LOCK() MUTEX_LOCK(SHA_MUTEX) -#define SHA_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) +#define AES_LOCK() MUTEX_LOCK(AES_MUTEX) +#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX) +#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX) +#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX) +#define SHA_LOCK() MUTEX_LOCK(SHA_MUTEX) +#define SHA_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) -#define AES_TAKE() SIG_TAKE(AES_MUTEX) -#define AES_GIVE() SIG_GIVE(AES_MUTEX) -#define AES_IS_USED() SIG_IS_USED(AES_MUTEX) -#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX) -#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX) -#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX) -#define SHA_TAKE() SIG_TAKE(SHA_MUTEX) -#define SHA_GIVE() SIG_GIVE(SHA_MUTEX) -#define SHA_IS_USED() SIG_IS_USED(SHA_MUTEX) +#define AES_TAKE() SIG_TAKE(AES_MUTEX) +#define AES_GIVE() SIG_GIVE(AES_MUTEX) +#define AES_IS_USED() SIG_IS_USED(AES_MUTEX) +#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX) +#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX) +#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX) +#define SHA_TAKE() SIG_TAKE(SHA_MUTEX) +#define SHA_GIVE() SIG_GIVE(SHA_MUTEX) +#define SHA_IS_USED() SIG_IS_USED(SHA_MUTEX) #ifdef __cplusplus } diff --git a/components/esp32/include/sha.h b/components/esp32/include/sha.h index 93aed46e80..2ee667cf71 100644 --- a/components/esp32/include/sha.h +++ b/components/esp32/include/sha.h @@ -26,9 +26,9 @@ extern "C" { /** * \brief SHA-1 context structure */ -typedef struct{ - SHA_CTX context; - int context_type; +typedef struct { + SHA_CTX context; + int context_type; } sha_context; typedef sha_context SHA1_CTX; @@ -91,8 +91,8 @@ void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ); void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ); /// -#define SHA256 SHA2_256 -#define SHA224 4 +#define SHA256 SHA2_256 +#define SHA224 4 /** * \brief SHA-256 context structure diff --git a/components/esp32/sha.c b/components/esp32/sha.c index 1a09ab7b56..cc850f0845 100644 --- a/components/esp32/sha.c +++ b/components/esp32/sha.c @@ -38,22 +38,26 @@ void esp_sha1_init( SHA1_CTX *ctx ) SHA_LOCK(); SHA_TAKE(); - ets_sha_enable(); - SHA_UNLOCK(); + ets_sha_enable(); + SHA_UNLOCK(); } void esp_sha1_free( SHA1_CTX *ctx ) { - if( ctx == NULL ) + if ( ctx == NULL ) { return; + } bzero( ctx, sizeof( SHA1_CTX ) ); SHA_LOCK(); SHA_GIVE(); - if (false == SHA_IS_USED()) - ets_sha_disable(); - SHA_UNLOCK(); + + if (false == SHA_IS_USED()) { + ets_sha_disable(); + } + + SHA_UNLOCK(); } void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) @@ -71,10 +75,10 @@ void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]) */ void esp_sha1_start( SHA1_CTX *ctx ) { - SHA_LOCK(); - ets_sha_init(&ctx->context); + SHA_LOCK(); + ets_sha_init(&ctx->context); - ctx->context_type = SHA1; + ctx->context_type = SHA1; } /* @@ -82,7 +86,7 @@ void esp_sha1_start( SHA1_CTX *ctx ) */ void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) { - ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); + ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } /* @@ -90,8 +94,8 @@ void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) */ void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ) { - ets_sha_finish(&ctx->context, ctx->context_type, output); - SHA_UNLOCK(); + ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA_UNLOCK(); } /* @@ -116,8 +120,8 @@ void esp_sha256_init( SHA256_CTX *ctx ) SHA_LOCK(); SHA_TAKE(); - ets_sha_enable(); - SHA_UNLOCK(); + ets_sha_enable(); + SHA_UNLOCK(); } void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64]) @@ -127,16 +131,20 @@ void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64]) void esp_sha256_free( SHA256_CTX *ctx ) { - if( ctx == NULL ) + if ( ctx == NULL ) { return; + } bzero( ctx, sizeof( SHA256_CTX ) ); SHA_LOCK(); SHA_GIVE(); - if (false == SHA_IS_USED()) - ets_sha_disable(); - SHA_UNLOCK(); + + if (false == SHA_IS_USED()) { + ets_sha_disable(); + } + + SHA_UNLOCK(); } void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) @@ -149,17 +157,16 @@ void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) */ void esp_sha256_start( SHA256_CTX *ctx, int is224 ) { - SHA_LOCK(); + SHA_LOCK(); ets_sha_init(&ctx->context); - if( is224 == 0 ) - { + if ( is224 == 0 ) { /* SHA-256 */ - ctx->context_type = SHA256; - }else{ - /* SHA-224 */ - ctx->context_type = SHA224; - } + ctx->context_type = SHA256; + } else { + /* SHA-224 */ + ctx->context_type = SHA224; + } } /* @@ -167,7 +174,7 @@ void esp_sha256_start( SHA256_CTX *ctx, int is224 ) */ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) { - ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); + ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } /* @@ -175,8 +182,8 @@ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen */ void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) { - ets_sha_finish(&ctx->context, ctx->context_type, output); - SHA_UNLOCK(); + ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA_UNLOCK(); } /* @@ -201,8 +208,8 @@ void esp_sha512_init( SHA512_CTX *ctx ) SHA_LOCK(); SHA_TAKE(); - ets_sha_enable(); - SHA_UNLOCK(); + ets_sha_enable(); + SHA_UNLOCK(); } void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] ) @@ -212,16 +219,20 @@ void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] ) void esp_sha512_free( SHA512_CTX *ctx ) { - if( ctx == NULL ) + if ( ctx == NULL ) { return; + } bzero( ctx, sizeof( SHA512_CTX ) ); SHA_LOCK(); SHA_GIVE(); - if (false == SHA_IS_USED()) - ets_sha_disable(); - SHA_UNLOCK(); + + if (false == SHA_IS_USED()) { + ets_sha_disable(); + } + + SHA_UNLOCK(); } void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) @@ -234,16 +245,13 @@ void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) */ void esp_sha512_start( SHA512_CTX *ctx, int is384 ) { - SHA_LOCK(); - ets_sha_init(&ctx->context); + SHA_LOCK(); + ets_sha_init(&ctx->context); - if( is384 == 0 ) - { + if ( is384 == 0 ) { /* SHA-512 */ ctx->context_type = SHA2_512; - } - else - { + } else { /* SHA-384 */ ctx->context_type = SHA2_384; } @@ -252,7 +260,7 @@ void esp_sha512_start( SHA512_CTX *ctx, int is384 ) /* * SHA-512 process buffer */ -void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) +void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen ) { ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -269,7 +277,7 @@ void esp_sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ) /* * output = SHA-512( input buffer ) */ -void esp_sha512_output( const unsigned char *input, size_t ilen,unsigned char output[64], int is384 ) +void esp_sha512_output( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ) { SHA512_CTX ctx; diff --git a/components/mbedtls/port/esp_hardware.c b/components/mbedtls/port/esp_hardware.c index c269a0e3f1..b83c4d7aa9 100644 --- a/components/mbedtls/port/esp_hardware.c +++ b/components/mbedtls/port/esp_hardware.c @@ -7,6 +7,7 @@ #include #include #include + #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) /** * \brief Entropy poll callback for a hardware source @@ -18,28 +19,31 @@ */ static int os_get_random(unsigned char *buf, size_t len) { - int i, j; - unsigned long tmp; - for (i = 0; i < ((len + 3) & ~3) / 4; i ++){ - tmp = rand(); - for (j = 0; j < 4; j ++){ - if ((i * 4 + j) < len){ - buf[i * 4 + j] = (unsigned char)(tmp >> (j * 8)); - }else{ - break; - } - } + int i, j; + unsigned long tmp; - } - return 0; + for (i = 0; i < ((len + 3) & ~3) / 4; i ++) { + tmp = rand(); + for (j = 0; j < 4; j ++) { + if ((i * 4 + j) < len) { + buf[i * 4 + j] = (unsigned char)(tmp >> (j * 8)); + } else { + break; + } + } + + } + + return 0; } int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen ) { - os_get_random(output, len); - *olen = len; - return 0; + os_get_random(output, len); + *olen = len; + + return 0; } #endif diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h index 90e659483c..daf30d72b8 100644 --- a/components/mbedtls/port/include/aes_alt.h +++ b/components/mbedtls/port/include/aes_alt.h @@ -18,9 +18,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * + * */ - + #ifndef AES_ALT_H #define AES_ALT_H @@ -33,23 +33,23 @@ extern "C" { typedef AES_CTX mbedtls_aes_context; -#define mbedtls_aes_init esp_aes_init -#define mbedtls_aes_free esp_aes_free -#define mbedtls_aes_setkey_enc esp_aes_setkey_enc -#define mbedtls_aes_setkey_dec esp_aes_setkey_dec -#define mbedtls_aes_crypt_ecb esp_aes_crypt_ecb +#define mbedtls_aes_init esp_aes_init +#define mbedtls_aes_free esp_aes_free +#define mbedtls_aes_setkey_enc esp_aes_setkey_enc +#define mbedtls_aes_setkey_dec esp_aes_setkey_dec +#define mbedtls_aes_crypt_ecb esp_aes_crypt_ecb #if defined(MBEDTLS_CIPHER_MODE_CBC) -#define mbedtls_aes_crypt_cbc esp_aes_crypt_cbc +#define mbedtls_aes_crypt_cbc esp_aes_crypt_cbc #endif #if defined(MBEDTLS_CIPHER_MODE_CFB) -#define mbedtls_aes_crypt_cfb128 esp_aes_crypt_cfb128 -#define mbedtls_aes_crypt_cfb8 esp_aes_crypt_cfb8 +#define mbedtls_aes_crypt_cfb128 esp_aes_crypt_cfb128 +#define mbedtls_aes_crypt_cfb8 esp_aes_crypt_cfb8 #endif #if defined(MBEDTLS_CIPHER_MODE_CTR) -#define mbedtls_aes_crypt_ctr esp_aes_crypt_ctr +#define mbedtls_aes_crypt_ctr esp_aes_crypt_ctr #endif -#define mbedtls_aes_encrypt esp_aes_encrypt -#define mbedtls_aes_decrypt esp_aes_decrypt +#define mbedtls_aes_encrypt esp_aes_encrypt +#define mbedtls_aes_decrypt esp_aes_decrypt #endif /* MBEDTLS_AES_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/port/include/bignum_alt.h b/components/mbedtls/port/include/bignum_alt.h index a4ac0db3ef..f30d7d25cd 100644 --- a/components/mbedtls/port/include/bignum_alt.h +++ b/components/mbedtls/port/include/bignum_alt.h @@ -19,7 +19,7 @@ * limitations under the License. * */ - + #ifndef BIGNUM_ALT_H #define BIGNUM_ALT_H @@ -27,50 +27,50 @@ #if defined(MBEDTLS_BIGNUM_ALT) -typedef MPI_CTX mbedtls_mpi; - -#define mbedtls_mpi_init esp_mpi_init -#define mbedtls_mpi_free esp_mpi_free -#define mbedtls_mpi_grow esp_mpi_grow -#define mbedtls_mpi_shrink esp_mpi_shrink -#define mbedtls_mpi_copy esp_mpi_copy -#define mbedtls_mpi_swap esp_mpi_swap -#define mbedtls_mpi_safe_cond_assign esp_mpi_safe_cond_assign -#define mbedtls_mpi_safe_cond_swap esp_mpi_safe_cond_swap -#define mbedtls_mpi_lset esp_mpi_lset -#define mbedtls_mpi_get_bit esp_mpi_get_bit -#define mbedtls_mpi_set_bit esp_mpi_set_bit -#define mbedtls_mpi_lsb esp_mpi_lsb -#define mbedtls_mpi_bitlen esp_mpi_bitlen -#define mbedtls_mpi_size esp_mpi_size -#define mbedtls_mpi_read_string esp_mpi_read_string -#define mbedtls_mpi_write_string esp_mpi_write_string -#define mbedtls_mpi_read_binary esp_mpi_read_binary -#define mbedtls_mpi_write_binary esp_mpi_write_binary -#define mbedtls_mpi_shift_l esp_mpi_shift_l -#define mbedtls_mpi_shift_r esp_mpi_shift_r -#define mbedtls_mpi_cmp_abs esp_mpi_cmp_abs -#define mbedtls_mpi_cmp_mpi esp_mpi_cmp_mpi -#define mbedtls_mpi_cmp_int esp_mpi_cmp_int -#define mbedtls_mpi_add_abs esp_mpi_add_abs -#define mbedtls_mpi_sub_abs esp_mpi_sub_abs -#define mbedtls_mpi_add_mpi esp_mpi_add_mpi -#define mbedtls_mpi_sub_mpi esp_mpi_sub_mpi -#define mbedtls_mpi_add_int esp_mpi_add_int -#define mbedtls_mpi_sub_int esp_mpi_sub_int -#define mbedtls_mpi_mul_mpi esp_mpi_mul_mpi -#define mbedtls_mpi_mul_int esp_mpi_mul_int -#define mbedtls_mpi_div_mpi esp_mpi_div_mpi -#define mbedtls_mpi_div_int esp_mpi_div_int -#define mbedtls_mpi_mod_mpi esp_mpi_mod_mpi -#define mbedtls_mpi_mod_int esp_mpi_mod_int -#define mbedtls_mpi_exp_mod esp_mpi_exp_mod -#define mbedtls_mpi_fill_random esp_mpi_fill_random -#define mbedtls_mpi_gcd esp_mpi_gcd -#define mbedtls_mpi_inv_mod esp_mpi_inv_mod -#define mbedtls_mpi_is_prime esp_mpi_is_prime -#define mbedtls_mpi_gen_prime esp_mpi_gen_prime - +typedef MPI_CTX mbedtls_mpi; + +#define mbedtls_mpi_init esp_mpi_init +#define mbedtls_mpi_free esp_mpi_free +#define mbedtls_mpi_grow esp_mpi_grow +#define mbedtls_mpi_shrink esp_mpi_shrink +#define mbedtls_mpi_copy esp_mpi_copy +#define mbedtls_mpi_swap esp_mpi_swap +#define mbedtls_mpi_safe_cond_assign esp_mpi_safe_cond_assign +#define mbedtls_mpi_safe_cond_swap esp_mpi_safe_cond_swap +#define mbedtls_mpi_lset esp_mpi_lset +#define mbedtls_mpi_get_bit esp_mpi_get_bit +#define mbedtls_mpi_set_bit esp_mpi_set_bit +#define mbedtls_mpi_lsb esp_mpi_lsb +#define mbedtls_mpi_bitlen esp_mpi_bitlen +#define mbedtls_mpi_size esp_mpi_size +#define mbedtls_mpi_read_string esp_mpi_read_string +#define mbedtls_mpi_write_string esp_mpi_write_string +#define mbedtls_mpi_read_binary esp_mpi_read_binary +#define mbedtls_mpi_write_binary esp_mpi_write_binary +#define mbedtls_mpi_shift_l esp_mpi_shift_l +#define mbedtls_mpi_shift_r esp_mpi_shift_r +#define mbedtls_mpi_cmp_abs esp_mpi_cmp_abs +#define mbedtls_mpi_cmp_mpi esp_mpi_cmp_mpi +#define mbedtls_mpi_cmp_int esp_mpi_cmp_int +#define mbedtls_mpi_add_abs esp_mpi_add_abs +#define mbedtls_mpi_sub_abs esp_mpi_sub_abs +#define mbedtls_mpi_add_mpi esp_mpi_add_mpi +#define mbedtls_mpi_sub_mpi esp_mpi_sub_mpi +#define mbedtls_mpi_add_int esp_mpi_add_int +#define mbedtls_mpi_sub_int esp_mpi_sub_int +#define mbedtls_mpi_mul_mpi esp_mpi_mul_mpi +#define mbedtls_mpi_mul_int esp_mpi_mul_int +#define mbedtls_mpi_div_mpi esp_mpi_div_mpi +#define mbedtls_mpi_div_int esp_mpi_div_int +#define mbedtls_mpi_mod_mpi esp_mpi_mod_mpi +#define mbedtls_mpi_mod_int esp_mpi_mod_int +#define mbedtls_mpi_exp_mod esp_mpi_exp_mod +#define mbedtls_mpi_fill_random esp_mpi_fill_random +#define mbedtls_mpi_gcd esp_mpi_gcd +#define mbedtls_mpi_inv_mod esp_mpi_inv_mod +#define mbedtls_mpi_is_prime esp_mpi_is_prime +#define mbedtls_mpi_gen_prime esp_mpi_gen_prime + #endif #endif diff --git a/components/mbedtls/port/include/sha1_alt.h b/components/mbedtls/port/include/sha1_alt.h index 98cbf5b625..3cf39d2ffb 100644 --- a/components/mbedtls/port/include/sha1_alt.h +++ b/components/mbedtls/port/include/sha1_alt.h @@ -1,6 +1,6 @@ -/* - * copyright (c) 2010 - 2012 Espressif System - * +/* + * copyright (c) 2010 - 2012 Espressif System + * * esf Link List Descriptor */ #ifndef _SHA1_ALT_H_ @@ -16,13 +16,13 @@ extern "C" { typedef SHA1_CTX mbedtls_sha1_context; -#define mbedtls_sha1_init esp_sha1_init -#define mbedtls_sha1_starts esp_sha1_start -#define mbedtls_sha1_clone esp_sha1_clone -#define mbedtls_sha1_update esp_sha1_update -#define mbedtls_sha1_finish esp_sha1_finish -#define mbedtls_sha1_free esp_sha1_free -#define mbedtls_sha1_process esp_sha1_process +#define mbedtls_sha1_init esp_sha1_init +#define mbedtls_sha1_starts esp_sha1_start +#define mbedtls_sha1_clone esp_sha1_clone +#define mbedtls_sha1_update esp_sha1_update +#define mbedtls_sha1_finish esp_sha1_finish +#define mbedtls_sha1_free esp_sha1_free +#define mbedtls_sha1_process esp_sha1_process #endif diff --git a/components/mbedtls/port/include/sha256_alt.h b/components/mbedtls/port/include/sha256_alt.h index e8585e9768..15ea356acb 100644 --- a/components/mbedtls/port/include/sha256_alt.h +++ b/components/mbedtls/port/include/sha256_alt.h @@ -1,6 +1,6 @@ -/* - * copyright (c) 2010 - 2012 Espressif System - * +/* + * copyright (c) 2010 - 2012 Espressif System + * * esf Link List Descriptor */ @@ -17,13 +17,13 @@ extern "C" { typedef SHA256_CTX mbedtls_sha256_context; -#define mbedtls_sha256_init esp_sha256_init -#define mbedtls_sha256_clone esp_sha256_clone -#define mbedtls_sha256_starts esp_sha256_start -#define mbedtls_sha256_update esp_sha256_update -#define mbedtls_sha256_finish esp_sha256_finish -#define mbedtls_sha256_free esp_sha256_free -#define mbedtls_sha256_process esp_sha256_process +#define mbedtls_sha256_init esp_sha256_init +#define mbedtls_sha256_clone esp_sha256_clone +#define mbedtls_sha256_starts esp_sha256_start +#define mbedtls_sha256_update esp_sha256_update +#define mbedtls_sha256_finish esp_sha256_finish +#define mbedtls_sha256_free esp_sha256_free +#define mbedtls_sha256_process esp_sha256_process #endif diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h index 117660dcde..9e337c1b60 100644 --- a/components/mbedtls/port/include/sha512_alt.h +++ b/components/mbedtls/port/include/sha512_alt.h @@ -1,6 +1,6 @@ -/* - * copyright (c) 2010 - 2012 Espressif System - * +/* + * copyright (c) 2010 - 2012 Espressif System + * * esf Link List Descriptor */ @@ -14,15 +14,15 @@ extern "C" { #if defined(MBEDTLS_SHA512_ALT) #include "sha.h" -typedef SHA512_CTX mbedtls_sha512_context; +typedef SHA512_CTX mbedtls_sha512_context; -#define mbedtls_sha512_init esp_sha512_init -#define mbedtls_sha512_process esp_sha512_process -#define mbedtls_sha512_clone esp_sha512_clone -#define mbedtls_sha512_starts esp_sha512_start -#define mbedtls_sha512_update esp_sha512_update -#define mbedtls_sha512_finish esp_sha512_finish -#define mbedtls_sha512_free esp_sha512_free +#define mbedtls_sha512_init esp_sha512_init +#define mbedtls_sha512_process esp_sha512_process +#define mbedtls_sha512_clone esp_sha512_clone +#define mbedtls_sha512_starts esp_sha512_start +#define mbedtls_sha512_update esp_sha512_update +#define mbedtls_sha512_finish esp_sha512_finish +#define mbedtls_sha512_free esp_sha512_free #endif diff --git a/components/mbedtls/port/net.c b/components/mbedtls/port/net.c index 61162a78e2..390513c17e 100644 --- a/components/mbedtls/port/net.c +++ b/components/mbedtls/port/net.c @@ -56,24 +56,26 @@ static int net_prepare( void ) !defined(EFI32) WSADATA wsaData; - if( wsa_init_done == 0 ) - { - if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 ) - return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + if ( wsa_init_done == 0 ) { + if ( WSAStartup( MAKEWORD(2, 0), &wsaData ) != 0 ) { + return ( MBEDTLS_ERR_NET_SOCKET_FAILED ); + } wsa_init_done = 1; } #else #endif - return( 0 ); + return ( 0 ); } static int mbedtls_net_errno(int fd) { - int sock_errno = 0; - u32_t optlen = sizeof(sock_errno); - getsockopt(fd, SOL_SOCKET, SO_ERROR, &sock_errno, &optlen); - return sock_errno; + int sock_errno = 0; + u32_t optlen = sizeof(sock_errno); + + getsockopt(fd, SOL_SOCKET, SO_ERROR, &sock_errno, &optlen); + + return sock_errno; } /* @@ -92,8 +94,9 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char int ret; struct addrinfo hints, *addr_list, *cur; - if( ( ret = net_prepare() ) != 0 ) - return( ret ); + if ( ( ret = net_prepare() ) != 0 ) { + return ( ret ); + } /* Do name resolution with both IPv6 and IPv4 */ memset( &hints, 0, sizeof( hints ) ); @@ -101,23 +104,21 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - if( getaddrinfo( host, port, &hints, &addr_list ) != 0 ) - return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + if ( getaddrinfo( host, port, &hints, &addr_list ) != 0 ) { + return ( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + } /* Try the sockaddrs until a connection succeeds */ ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for( cur = addr_list; cur != NULL; cur = cur->ai_next ) - { + for ( cur = addr_list; cur != NULL; cur = cur->ai_next ) { ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, - cur->ai_protocol ); - if( ctx->fd < 0 ) - { + cur->ai_protocol ); + if ( ctx->fd < 0 ) { ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } - if( connect( ctx->fd, cur->ai_addr, cur->ai_addrlen ) == 0 ) - { + if ( connect( ctx->fd, cur->ai_addr, cur->ai_addrlen ) == 0 ) { ret = 0; break; } @@ -128,7 +129,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char freeaddrinfo( addr_list ); - return( ret ); + return ( ret ); } /* @@ -139,8 +140,9 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char int n, ret; struct addrinfo hints, *addr_list, *cur; - if( ( ret = net_prepare() ) != 0 ) - return( ret ); + if ( ( ret = net_prepare() ) != 0 ) { + return ( ret ); + } /* Bind to IPv6 and/or IPv4, but only in the desired protocol */ memset( &hints, 0, sizeof( hints ) ); @@ -148,48 +150,43 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 ) - return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + if ( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 ) { + return ( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + } /* Try the sockaddrs until a binding succeeds */ ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for( cur = addr_list; cur != NULL; cur = cur->ai_next ) - { + for ( cur = addr_list; cur != NULL; cur = cur->ai_next ) { ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, - cur->ai_protocol ); - if( ctx->fd < 0 ) - { + cur->ai_protocol ); + if ( ctx->fd < 0 ) { ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } - /*SO_REUSEADDR option dafault is disable in source code(lwip)*/ + /*SO_REUSEADDR option dafault is disable in source code(lwip)*/ #if SO_REUSE n = 1; - if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &n, sizeof( n ) ) != 0 ) - { + if ( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &n, sizeof( n ) ) != 0 ) { close( ctx->fd ); ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } #endif - /*bind interface dafault don't process the addr is 0xffffffff for TCP Protocol*/ - struct sockaddr_in *serv_addr = NULL; - serv_addr = (struct sockaddr_in *)cur->ai_addr; - serv_addr->sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */ - if( bind( ctx->fd, (struct sockaddr *)serv_addr, cur->ai_addrlen ) != 0 ) - { + /*bind interface dafault don't process the addr is 0xffffffff for TCP Protocol*/ + struct sockaddr_in *serv_addr = NULL; + serv_addr = (struct sockaddr_in *)cur->ai_addr; + serv_addr->sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */ + if ( bind( ctx->fd, (struct sockaddr *)serv_addr, cur->ai_addrlen ) != 0 ) { close( ctx->fd ); ret = MBEDTLS_ERR_NET_BIND_FAILED; continue; } /* Listen only makes sense for TCP */ - if( proto == MBEDTLS_NET_PROTO_TCP ) - { - if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 ) - { + if ( proto == MBEDTLS_NET_PROTO_TCP ) { + if ( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 ) { close( ctx->fd ); ret = MBEDTLS_ERR_NET_LISTEN_FAILED; continue; @@ -203,7 +200,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char freeaddrinfo( addr_list ); - return( ret ); + return ( ret ); } @@ -216,7 +213,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char static int net_would_block( const mbedtls_net_context *ctx ) { ((void) ctx); - return( WSAGetLastError() == WSAEWOULDBLOCK ); + return ( WSAGetLastError() == WSAEWOULDBLOCK ); } #else /* @@ -230,22 +227,22 @@ static int net_would_block( const mbedtls_net_context *ctx ) /* * Never return 'WOULD BLOCK' on a non-blocking socket */ - if( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK ) - return( 0 ); + if ( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK ) { + return ( 0 ); + } - int error = mbedtls_net_errno(ctx->fd); - - switch( error ) - { + int error = mbedtls_net_errno(ctx->fd); + + switch ( error ) { #if defined EAGAIN - case EAGAIN: + case EAGAIN: #endif #if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN - case EWOULDBLOCK: + case EWOULDBLOCK: #endif - return( 1 ); + return ( 1 ); } - return( 0 ); + return ( 0 ); } #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ @@ -265,21 +262,17 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, socklen_t type_len = (socklen_t) sizeof( type ); /* Is this a TCP or UDP socket? */ - if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE, - (void *) &type, (socklen_t *) &type_len ) != 0 || - ( type != SOCK_STREAM && type != SOCK_DGRAM ) ) - { - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + if ( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE, + (void *) &type, (socklen_t *) &type_len ) != 0 || + ( type != SOCK_STREAM && type != SOCK_DGRAM ) ) { + return ( MBEDTLS_ERR_NET_ACCEPT_FAILED ); } - if( type == SOCK_STREAM ) - { + if ( type == SOCK_STREAM ) { /* TCP: actual accept() */ ret = client_ctx->fd = (int) accept( bind_ctx->fd, (struct sockaddr *) &client_addr, &n ); - } - else - { + } else { /* UDP: wait for a message, but keep it in the queue */ char buf[1] = { 0 }; @@ -287,65 +280,62 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, (struct sockaddr *) &client_addr, &n ); #if defined(_WIN32) - if( ret == SOCKET_ERROR && - WSAGetLastError() == WSAEMSGSIZE ) - { + if ( ret == SOCKET_ERROR && + WSAGetLastError() == WSAEMSGSIZE ) { /* We know buf is too small, thanks, just peeking here */ ret = 0; } #endif } - if( ret < 0 ) - { - if( net_would_block( bind_ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if ( ret < 0 ) { + if ( net_would_block( bind_ctx ) != 0 ) { + return ( MBEDTLS_ERR_SSL_WANT_READ ); + } - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + return ( MBEDTLS_ERR_NET_ACCEPT_FAILED ); } /* UDP: hijack the listening socket to communicate with the client, * then bind a new socket to accept new connections */ - if( type != SOCK_STREAM ) - { + if ( type != SOCK_STREAM ) { struct sockaddr_in local_addr; int one = 1; - if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + if ( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) { + return ( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + } client_ctx->fd = bind_ctx->fd; bind_ctx->fd = -1; /* In case we exit early */ n = sizeof( struct sockaddr_in ); - if( getsockname( client_ctx->fd, - (struct sockaddr *) &local_addr, &n ) != 0 || - ( bind_ctx->fd = (int) socket( AF_INET, - SOCK_DGRAM, IPPROTO_UDP ) ) < 0 || - setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &one, sizeof( one ) ) != 0 ) - { - return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + if ( getsockname( client_ctx->fd, + (struct sockaddr *) &local_addr, &n ) != 0 || + ( bind_ctx->fd = (int) socket( AF_INET, + SOCK_DGRAM, IPPROTO_UDP ) ) < 0 || + setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &one, sizeof( one ) ) != 0 ) { + return ( MBEDTLS_ERR_NET_SOCKET_FAILED ); } - if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) - { - return( MBEDTLS_ERR_NET_BIND_FAILED ); + if ( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) { + return ( MBEDTLS_ERR_NET_BIND_FAILED ); } } - if( client_ip != NULL ) - { - struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; - *ip_len = sizeof( addr4->sin_addr.s_addr ); + if ( client_ip != NULL ) { + struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; + *ip_len = sizeof( addr4->sin_addr.s_addr ); - if( buf_size < *ip_len ) - return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL ); + if ( buf_size < *ip_len ) { + return ( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL ); + } - memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len ); + memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len ); } - return( 0 ); + return ( 0 ); } /* @@ -356,9 +346,9 @@ int mbedtls_net_set_block( mbedtls_net_context *ctx ) #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) u_long n = 0; - return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); + return ( ioctlsocket( ctx->fd, FIONBIO, &n ) ); #else - return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) ); + return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) ); #endif } @@ -367,9 +357,9 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) u_long n = 1; - return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); + return ( ioctlsocket( ctx->fd, FIONBIO, &n ) ); #else - return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) ); + return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) ); #endif } @@ -401,49 +391,54 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) int ret; int fd = ((mbedtls_net_context *) ctx)->fd; int error = 0; - - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + if ( fd < 0 ) { + return ( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + } ret = (int) read( fd, buf, len ); - if( ret < 0 ) - { - if( net_would_block( ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if ( ret < 0 ) { + if ( net_would_block( ctx ) != 0 ) { + return ( MBEDTLS_ERR_SSL_WANT_READ ); + } - error = mbedtls_net_errno(fd); + error = mbedtls_net_errno(fd); #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) - if( WSAGetLastError() == WSAECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if ( WSAGetLastError() == WSAECONNRESET ) { + return ( MBEDTLS_ERR_NET_CONN_RESET ); + } #else - if( error == EPIPE || error == ECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if ( error == EPIPE || error == ECONNRESET ) { + return ( MBEDTLS_ERR_NET_CONN_RESET ); + } - if( error == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if ( error == EINTR ) { + return ( MBEDTLS_ERR_SSL_WANT_READ ); + } #endif - return( MBEDTLS_ERR_NET_RECV_FAILED ); + return ( MBEDTLS_ERR_NET_RECV_FAILED ); } - return( ret ); + return ( ret ); } /* * Read at most 'len' characters, blocking for at most 'timeout' ms */ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ) + uint32_t timeout ) { int ret; struct timeval tv; fd_set read_fds; int fd = ((mbedtls_net_context *) ctx)->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + if ( fd < 0 ) { + return ( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + } FD_ZERO( &read_fds ); FD_SET( fd, &read_fds ); @@ -454,25 +449,27 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv ); /* Zero fds ready means we timed out */ - if( ret == 0 ) - return( MBEDTLS_ERR_SSL_TIMEOUT ); + if ( ret == 0 ) { + return ( MBEDTLS_ERR_SSL_TIMEOUT ); + } - if( ret < 0 ) - { + if ( ret < 0 ) { #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) - if( WSAGetLastError() == WSAEINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if ( WSAGetLastError() == WSAEINTR ) { + return ( MBEDTLS_ERR_SSL_WANT_READ ); + } #else - if( errno == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if ( errno == EINTR ) { + return ( MBEDTLS_ERR_SSL_WANT_READ ); + } #endif - return( MBEDTLS_ERR_NET_RECV_FAILED ); + return ( MBEDTLS_ERR_NET_RECV_FAILED ); } /* This call will not block */ - return( mbedtls_net_recv( ctx, buf, len ) ); + return ( mbedtls_net_recv( ctx, buf, len ) ); } /* @@ -483,35 +480,39 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) int ret; int fd = ((mbedtls_net_context *) ctx)->fd; - int error = 0; + int error = 0; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + if ( fd < 0 ) { + return ( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + } ret = (int) write( fd, buf, len ); - if( ret < 0 ) - { - if( net_would_block( ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_WRITE ); + if ( ret < 0 ) { + if ( net_would_block( ctx ) != 0 ) { + return ( MBEDTLS_ERR_SSL_WANT_WRITE ); + } - error = mbedtls_net_errno(fd); + error = mbedtls_net_errno(fd); #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) - if( WSAGetLastError() == WSAECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if ( WSAGetLastError() == WSAECONNRESET ) { + return ( MBEDTLS_ERR_NET_CONN_RESET ); + } #else - if( error == EPIPE || error == ECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if ( error == EPIPE || error == ECONNRESET ) { + return ( MBEDTLS_ERR_NET_CONN_RESET ); + } - if( error == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_WRITE ); + if ( error == EINTR ) { + return ( MBEDTLS_ERR_SSL_WANT_WRITE ); + } #endif - return( MBEDTLS_ERR_NET_SEND_FAILED ); + return ( MBEDTLS_ERR_NET_SEND_FAILED ); } - return( ret ); + return ( ret ); } /* @@ -519,8 +520,9 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) */ void mbedtls_net_free( mbedtls_net_context *ctx ) { - if( ctx->fd == -1 ) + if ( ctx->fd == -1 ) { return; + } shutdown( ctx->fd, 2 ); close( ctx->fd ); From 4167b68eef84667593aff7e6f90da50f2358ee14 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 2 Sep 2016 14:40:43 +1000 Subject: [PATCH 10/28] esp32: Move hardware crypto implementation/headers to hwcrypto directories --- components/esp32/{ => hwcrypto}/aes.c | 0 components/esp32/{ => hwcrypto}/bignum.c | 0 components/esp32/{ => hwcrypto}/esp_crypto.c | 0 components/esp32/{ => hwcrypto}/sha.c | 0 components/esp32/include/{ => hwcrypto}/aes.h | 0 components/esp32/include/{ => hwcrypto}/bignum.h | 0 components/esp32/include/{ => hwcrypto}/esp_crypto.h | 0 components/esp32/include/{ => hwcrypto}/sha.h | 0 8 files changed, 0 insertions(+), 0 deletions(-) rename components/esp32/{ => hwcrypto}/aes.c (100%) rename components/esp32/{ => hwcrypto}/bignum.c (100%) rename components/esp32/{ => hwcrypto}/esp_crypto.c (100%) rename components/esp32/{ => hwcrypto}/sha.c (100%) rename components/esp32/include/{ => hwcrypto}/aes.h (100%) rename components/esp32/include/{ => hwcrypto}/bignum.h (100%) rename components/esp32/include/{ => hwcrypto}/esp_crypto.h (100%) rename components/esp32/include/{ => hwcrypto}/sha.h (100%) diff --git a/components/esp32/aes.c b/components/esp32/hwcrypto/aes.c similarity index 100% rename from components/esp32/aes.c rename to components/esp32/hwcrypto/aes.c diff --git a/components/esp32/bignum.c b/components/esp32/hwcrypto/bignum.c similarity index 100% rename from components/esp32/bignum.c rename to components/esp32/hwcrypto/bignum.c diff --git a/components/esp32/esp_crypto.c b/components/esp32/hwcrypto/esp_crypto.c similarity index 100% rename from components/esp32/esp_crypto.c rename to components/esp32/hwcrypto/esp_crypto.c diff --git a/components/esp32/sha.c b/components/esp32/hwcrypto/sha.c similarity index 100% rename from components/esp32/sha.c rename to components/esp32/hwcrypto/sha.c diff --git a/components/esp32/include/aes.h b/components/esp32/include/hwcrypto/aes.h similarity index 100% rename from components/esp32/include/aes.h rename to components/esp32/include/hwcrypto/aes.h diff --git a/components/esp32/include/bignum.h b/components/esp32/include/hwcrypto/bignum.h similarity index 100% rename from components/esp32/include/bignum.h rename to components/esp32/include/hwcrypto/bignum.h diff --git a/components/esp32/include/esp_crypto.h b/components/esp32/include/hwcrypto/esp_crypto.h similarity index 100% rename from components/esp32/include/esp_crypto.h rename to components/esp32/include/hwcrypto/esp_crypto.h diff --git a/components/esp32/include/sha.h b/components/esp32/include/hwcrypto/sha.h similarity index 100% rename from components/esp32/include/sha.h rename to components/esp32/include/hwcrypto/sha.h From 0647d1e9225de9284edd449b400dc08c2743a5d9 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 2 Sep 2016 18:36:26 +1000 Subject: [PATCH 11/28] esp32 hwcrypto: Rework hardware crypto locking Should protect against concurrent use of hardware crypto primitives, with good performance. Not necessary to call esp_aes_acquire_hardware(), esp_sha_acquire_hardware(), etc when using these APIs. These are provided for external users calling the hardware crypto hardware directly, to coexist with this implementation. --- components/esp32/hwcrypto/aes.c | 209 +++++++++--------- components/esp32/hwcrypto/bignum.c | 43 ++-- components/esp32/hwcrypto/esp_crypto.c | 66 ------ components/esp32/hwcrypto/sha.c | 109 +++------ components/esp32/include/hwcrypto/aes.h | 29 ++- components/esp32/include/hwcrypto/bignum.h | 29 ++- .../esp32/include/hwcrypto/esp_crypto.h | 56 ----- components/esp32/include/hwcrypto/sha.h | 34 ++- 8 files changed, 235 insertions(+), 340 deletions(-) delete mode 100644 components/esp32/hwcrypto/esp_crypto.c delete mode 100644 components/esp32/include/hwcrypto/esp_crypto.h diff --git a/components/esp32/hwcrypto/aes.c b/components/esp32/hwcrypto/aes.c index e22c08a371..e2ee67bec0 100644 --- a/components/esp32/hwcrypto/aes.c +++ b/components/esp32/hwcrypto/aes.c @@ -1,8 +1,10 @@ /* - * FIPS-197 compliant AES implementation + * ESP32 hardware accelerated AES implementation + * based on mbedTLS FIPS-197 compliant version. * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -25,22 +27,30 @@ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ #include -#include "aes.h" -#include "esp_crypto.h" +#include "hwcrypto/aes.h" +#include "rom/aes.h" +#include -/* Implementation that should never be optimized out by the compiler */ -//static void bzero( void *v, size_t n ) { -// volatile unsigned char *p = v; while( n-- ) *p++ = 0; -//} +static _lock_t aes_lock; + +void esp_aes_acquire_hardware( void ) +{ + /* newlib locks lazy initialize on ESP-IDF */ + _lock_acquire(&aes_lock); + ets_aes_enable(); +} + +void esp_aes_release_hardware( void ) +{ + uint8_t zero[256/8] = { 0 }; + ets_aes_setkey_enc(zero, AES256); + ets_aes_disable(); + _lock_release(&aes_lock); +} void esp_aes_init( AES_CTX *ctx ) { - memset( ctx, 0, sizeof( AES_CTX ) ); - - AES_LOCK(); - AES_TAKE(); - ets_aes_enable(); - AES_UNLOCK(); + bzero( ctx, sizeof( AES_CTX ) ); } void esp_aes_free( AES_CTX *ctx ) @@ -50,117 +60,94 @@ void esp_aes_free( AES_CTX *ctx ) } bzero( ctx, sizeof( AES_CTX ) ); +} - AES_LOCK(); - AES_GIVE(); - - if (false == AES_IS_USED()) { - ets_aes_disable(); +/* Translate number of bits to an AES_BITS enum */ +static int keybits_to_aesbits(unsigned int keybits) +{ + switch (keybits) { + case 128: + return AES128; + case 192: + return AES192; + break; + case 256: + return AES256; + default: + return ( ERR_AES_INVALID_KEY_LENGTH ); } - - AES_UNLOCK(); } /* * AES key schedule (encryption) + * */ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { - enum AES_BITS keybit; - uint16_t keybyte = keybits / 8; - - switch (keybits) { - case 128: - keybit = AES128; - break; - case 192: - keybit = AES192; - break; - case 256: - keybit = AES256; - break; - default: - return ( ERR_AES_INVALID_KEY_LENGTH ); + uint16_t keybytes = keybits / 8; + int aesbits = keybits_to_aesbits(keybits); + if (aesbits < 0) { + return aesbits; } - - if (ctx->enc.keyflag == false) { - ctx->enc.keyflag = true; - ctx->enc.keybits = keybits; - memset(ctx->enc.key, 0, sizeof(ctx->enc.key)); - memcpy(ctx->enc.key, key, keybyte); - } else { - ets_aes_setkey_enc(key, keybit); - } - + ctx->enc.aesbits = aesbits; + bzero(ctx->enc.key, sizeof(ctx->enc.key)); + memcpy(ctx->enc.key, key, keybytes); return 0; } /* * AES key schedule (decryption) + * */ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { - enum AES_BITS keybit; - uint16_t keybyte = keybits / 8; - - switch (keybits) { - case 128: - keybit = AES128; - break; - case 192: - keybit = AES192; - break; - case 256: - keybit = AES256; - break; - default: - return ( ERR_AES_INVALID_KEY_LENGTH ); + uint16_t keybytes = keybits / 8; + int aesbits = keybits_to_aesbits(keybits); + if (aesbits < 0) { + return aesbits; } - - if (ctx->dec.keyflag == false) { - ctx->dec.keyflag = true; - ctx->dec.keybits = keybits; - memset(ctx->dec.key, 0, sizeof(ctx->dec.key)); - memcpy(ctx->dec.key, key, keybyte); - } else { - ets_aes_setkey_dec(key, keybit); - } - + ctx->dec.aesbits = aesbits; + bzero(ctx->dec.key, sizeof(ctx->dec.key)); + memcpy(ctx->dec.key, key, keybytes); return 0; } -static void esp_aes_process_enable(AES_CTX *ctx, int mode) +/* + * Inner AES-ECB function. Call only when protected by esp_aes_acquire_hardware(). + * + * Optimisation to prevent overhead of locking each time when + * encrypting many blocks in sequence. + */ +static int esp_aes_crypt_ecb_inner( AES_CTX *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16] ) { if ( mode == AES_ENCRYPT ) { - esp_aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybits); + ets_aes_setkey_enc(ctx->enc.key, ctx->enc.aesbits); + ets_aes_crypt(input, output); } else { - esp_aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybits); + ets_aes_setkey_dec(ctx->enc.key, ctx->enc.aesbits); + /* TODO: previous commit esp_aes_decrypt function calls this but this is not correct! */ + ets_aes_crypt(input, output); } - - return; -} - -static void esp_aes_process_disable(AES_CTX *ctx, int mode) -{ - + return 0; } /* * AES-ECB block encryption */ - void esp_aes_encrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ) { - ets_aes_crypt(input, output); - - return ; + esp_aes_acquire_hardware(); + esp_aes_crypt_ecb_inner(ctx, AES_ENCRYPT, input, output); + esp_aes_release_hardware(); } - /* * AES-ECB block decryption */ @@ -169,9 +156,9 @@ void esp_aes_decrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ) { - ets_aes_crypt(input, output); - - return ; + esp_aes_acquire_hardware(); + esp_aes_crypt_ecb_inner(ctx, AES_DECRYPT, input, output); + esp_aes_release_hardware(); } @@ -183,20 +170,9 @@ int esp_aes_crypt_ecb( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ) { - AES_LOCK(); - - esp_aes_process_enable(ctx, mode); - - if ( mode == AES_ENCRYPT ) { - esp_aes_encrypt( ctx, input, output ); - } else { - esp_aes_decrypt( ctx, input, output ); - } - - esp_aes_process_disable(ctx, mode); - - AES_UNLOCK(); - + esp_aes_acquire_hardware(); + esp_aes_crypt_ecb_inner(ctx, mode, input, output); + esp_aes_release_hardware(); return 0; } @@ -218,10 +194,12 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, return ( ERR_AES_INVALID_INPUT_LENGTH ); } + esp_aes_acquire_hardware(); + if ( mode == AES_DECRYPT ) { while ( length > 0 ) { memcpy( temp, input, 16 ); - esp_aes_crypt_ecb( ctx, mode, input, output ); + esp_aes_crypt_ecb_inner( ctx, mode, input, output ); for ( i = 0; i < 16; i++ ) { output[i] = (unsigned char)( output[i] ^ iv[i] ); @@ -239,7 +217,7 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, output[i] = (unsigned char)( input[i] ^ iv[i] ); } - esp_aes_crypt_ecb( ctx, mode, output, output ); + esp_aes_crypt_ecb_inner( ctx, mode, output, output ); memcpy( iv, output, 16 ); input += 16; @@ -248,6 +226,8 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, } } + esp_aes_release_hardware(); + return 0; } @@ -265,10 +245,12 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, int c; size_t n = *iv_off; + esp_aes_acquire_hardware(); + if ( mode == AES_DECRYPT ) { while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv ); } c = *input++; @@ -280,7 +262,7 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, } else { while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv ); } iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); @@ -291,6 +273,8 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, *iv_off = n; + esp_aes_release_hardware(); + return 0; } @@ -307,9 +291,11 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx, unsigned char c; unsigned char ov[17]; + esp_aes_acquire_hardware(); + while ( length-- ) { memcpy( ov, iv, 16 ); - esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv ); if ( mode == AES_DECRYPT ) { ov[16] = *input; @@ -324,6 +310,8 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx, memcpy( iv, ov + 1, 16 ); } + esp_aes_release_hardware(); + return 0; } @@ -341,9 +329,11 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, int c, i; size_t n = *nc_off; + esp_aes_acquire_hardware(); + while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); + esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, nonce_counter, stream_block ); for ( i = 16; i > 0; i-- ) if ( ++nonce_counter[i - 1] != 0 ) { @@ -358,6 +348,7 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, *nc_off = n; + esp_aes_release_hardware(); + return 0; } - diff --git a/components/esp32/hwcrypto/bignum.c b/components/esp32/hwcrypto/bignum.c index dbfa418ec8..93b31e6f6f 100644 --- a/components/esp32/hwcrypto/bignum.c +++ b/components/esp32/hwcrypto/bignum.c @@ -1,7 +1,9 @@ /* - * Multi-precision integer library + * ESP32 hardware accelerated multi-precision integer functions + * based on mbedTLS implementation * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -36,8 +38,10 @@ #include #include -#include "bignum.h" -#include "esp_crypto.h" +#include +#include "hwcrypto/bignum.h" +#include "rom/ets_sys.h" +#include "rom/bigint.h" /* Implementation that should never be optimized out by the compiler */ //static void bzero( void *v, size_t n ) { @@ -57,6 +61,22 @@ #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +static _lock_t mpi_lock; + +void esp_mpi_acquire_hardware( void ) +{ + /* newlib locks lazy initialize on ESP-IDF */ + _lock_acquire(&mpi_lock); + ets_bigint_enable(); +} + +void esp_mpi_release_hardware( void ) +{ + ets_bigint_disable(); + _lock_release(&mpi_lock); +} + + /* * Initialize one MPI */ @@ -68,10 +88,6 @@ void esp_mpi_init( mpi *X ) X->s = 1; X->n = 0; X->p = NULL; - BIGNUM_LOCK(); - BIGNUM_TAKE(); - ets_bigint_enable(); - BIGNUM_UNLOCK(); } /* @@ -91,11 +107,6 @@ void esp_mpi_free( mpi *X ) X->s = 1; X->n = 0; X->p = NULL; - BIGNUM_LOCK(); - BIGNUM_GIVE(); - if (false == BIGNUM_IS_USED()) - ets_bigint_disable(); - BIGNUM_UNLOCK(); } /* @@ -1107,7 +1118,7 @@ int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) goto cleanup; } - BIGNUM_LOCK(); + esp_mpi_acquire_hardware(); if (ets_bigint_mult_prepare((uint32_t *)s1, (uint32_t *)s2, bites)){ ets_bigint_wait_finish(); if (ets_bigint_mult_getz((uint32_t *)dest, bites) == true) { @@ -1119,7 +1130,7 @@ int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) } else{ esp_mpi_printf("Baseline multiplication failed\n"); } - BIGNUM_UNLOCK(); + esp_mpi_release_hardware(); X->s = A->s * B->s; @@ -1487,7 +1498,7 @@ static void esp_mpi_montmul( mpi *A, const mpi *B, const mpi *N, esp_mpi_uint mm n = N->n; m = ( B->n < n ) ? B->n : n; - BIGNUM_LOCK(); + esp_mpi_acquire_hardware(); if (ets_bigint_montgomery_mult_prepare(N->p, B->p, d, m, n, false)) { ets_bigint_wait_finish(); @@ -1495,7 +1506,7 @@ static void esp_mpi_montmul( mpi *A, const mpi *B, const mpi *N, esp_mpi_uint mm } else{ esp_mpi_printf("Montgomery multiplication failed\n"); } - BIGNUM_UNLOCK(); + esp_mpi_release_hardware(); } diff --git a/components/esp32/hwcrypto/esp_crypto.c b/components/esp32/hwcrypto/esp_crypto.c deleted file mode 100644 index 0a5cd2f472..0000000000 --- a/components/esp32/hwcrypto/esp_crypto.c +++ /dev/null @@ -1,66 +0,0 @@ -#include "esp_crypto.h" -#include "freertos/FreeRTOS.h" -#include "freertos/semphr.h" - -static SemaphoreHandle_t esp_crypto_mutex[MUTEX_MAX_NUM]; -static int esp_crypto_sig[MUTEX_MAX_NUM]; - -#if 0 -#define ESP_DEBUG ets_printf -#else -#define ESP_DEBUG(...) -#endif - -int esp_crypto_init(void) -{ - int i; - - for (i = 0; i < MUTEX_MAX_NUM; i++) { - esp_crypto_mutex[i] = xSemaphoreCreateMutex(); - ESP_DEBUG("init num %d mutex %p\n", i, esp_crypto_mutex[i]); - if (!esp_crypto_mutex[i]) { - goto failed1; - } - esp_crypto_sig[i] = 0; - } - - return 0; - -failed1: - ESP_DEBUG("esp_crypto_init failed\n"); - for (i--; i >= 0; i--) { - vQueueDelete(esp_crypto_mutex[i]); - } - - return -1; -} - -void esp_crypto_lock(unsigned int num) -{ - ESP_DEBUG("1num %d, mutex %p\n", num, esp_crypto_mutex[num]); - xSemaphoreTake(esp_crypto_mutex[num], portMAX_DELAY); -} - -void esp_crypto_unlock(unsigned int num) -{ - ESP_DEBUG("2num %d, mutex %p\n", num, esp_crypto_mutex[num]); - xSemaphoreGive(esp_crypto_mutex[num]); -} - -void esp_crypto_take(unsigned int num) -{ - esp_crypto_sig[num]++; -} - -void esp_crypto_give(unsigned int num) -{ - if (esp_crypto_sig[num]) { - esp_crypto_sig[num]--; - } -} - -bool esp_crypto_is_used(unsigned int num) -{ - return (esp_crypto_sig[num] != 0) ? true : false; -} - diff --git a/components/esp32/hwcrypto/sha.c b/components/esp32/hwcrypto/sha.c index cc850f0845..e54ef45a86 100644 --- a/components/esp32/hwcrypto/sha.c +++ b/components/esp32/hwcrypto/sha.c @@ -1,7 +1,9 @@ /* - * FIPS-180-1 compliant SHA-1 implementation + * ESP32 hardware accelerated SHA1/256/512 implementation + * based on mbedTLS FIPS-197 compliant version. * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -24,22 +26,33 @@ */ #include -#include "sha.h" -#include "esp_crypto.h" +#include +#include "hwcrypto/sha.h" +#include "rom/ets_sys.h" -/* Implementation that should never be optimized out by the compiler */ -//static void bzero( void *v, size_t n ) { -// volatile unsigned char *p = v; while( n-- ) *p++ = 0; -//} + +static _lock_t sha_lock; + +void esp_sha_acquire_hardware( void ) +{ + /* newlib locks lazy initialize on ESP-IDF */ + _lock_acquire(&sha_lock); + ets_sha_enable(); +} + +void esp_sha_release_hardware( void ) +{ + /* Want to empty internal SHA buffers where possible, + need to check if this is sufficient for this. */ + SHA_CTX zero = { 0 }; + ets_sha_init(&zero); + ets_sha_disable(); + _lock_release(&sha_lock); +} void esp_sha1_init( SHA1_CTX *ctx ) { - memset( ctx, 0, sizeof( SHA1_CTX ) ); - - SHA_LOCK(); - SHA_TAKE(); - ets_sha_enable(); - SHA_UNLOCK(); + bzero( ctx, sizeof( SHA1_CTX ) ); } void esp_sha1_free( SHA1_CTX *ctx ) @@ -49,15 +62,6 @@ void esp_sha1_free( SHA1_CTX *ctx ) } bzero( ctx, sizeof( SHA1_CTX ) ); - - SHA_LOCK(); - SHA_GIVE(); - - if (false == SHA_IS_USED()) { - ets_sha_disable(); - } - - SHA_UNLOCK(); } void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) @@ -65,19 +69,12 @@ void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) *dst = *src; } -void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]) -{ - -} - /* * SHA-1 context setup */ void esp_sha1_start( SHA1_CTX *ctx ) { - SHA_LOCK(); - ets_sha_init(&ctx->context); - + esp_sha_acquire_hardware(); ctx->context_type = SHA1; } @@ -95,7 +92,7 @@ void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); - SHA_UNLOCK(); + esp_sha_release_hardware(); } /* @@ -112,21 +109,9 @@ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char out esp_sha1_free( &ctx ); } -///// -/* Implementation that should never be optimized out by the compiler */ void esp_sha256_init( SHA256_CTX *ctx ) { - memset( ctx, 0, sizeof( SHA256_CTX ) ); - - SHA_LOCK(); - SHA_TAKE(); - ets_sha_enable(); - SHA_UNLOCK(); -} - -void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64]) -{ - + bzero( ctx, sizeof( SHA256_CTX ) ); } void esp_sha256_free( SHA256_CTX *ctx ) @@ -136,15 +121,6 @@ void esp_sha256_free( SHA256_CTX *ctx ) } bzero( ctx, sizeof( SHA256_CTX ) ); - - SHA_LOCK(); - SHA_GIVE(); - - if (false == SHA_IS_USED()) { - ets_sha_disable(); - } - - SHA_UNLOCK(); } void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) @@ -157,7 +133,7 @@ void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) */ void esp_sha256_start( SHA256_CTX *ctx, int is224 ) { - SHA_LOCK(); + esp_sha_acquire_hardware(); ets_sha_init(&ctx->context); if ( is224 == 0 ) { @@ -183,7 +159,7 @@ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); - SHA_UNLOCK(); + esp_sha_release_hardware(); } /* @@ -205,16 +181,6 @@ void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char o void esp_sha512_init( SHA512_CTX *ctx ) { memset( ctx, 0, sizeof( SHA512_CTX ) ); - - SHA_LOCK(); - SHA_TAKE(); - ets_sha_enable(); - SHA_UNLOCK(); -} - -void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] ) -{ - } void esp_sha512_free( SHA512_CTX *ctx ) @@ -224,15 +190,6 @@ void esp_sha512_free( SHA512_CTX *ctx ) } bzero( ctx, sizeof( SHA512_CTX ) ); - - SHA_LOCK(); - SHA_GIVE(); - - if (false == SHA_IS_USED()) { - ets_sha_disable(); - } - - SHA_UNLOCK(); } void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) @@ -245,7 +202,7 @@ void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) */ void esp_sha512_start( SHA512_CTX *ctx, int is384 ) { - SHA_LOCK(); + esp_sha_acquire_hardware(); ets_sha_init(&ctx->context); if ( is384 == 0 ) { @@ -271,7 +228,7 @@ void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen void esp_sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); - SHA_UNLOCK(); + esp_sha_release_hardware(); } /* diff --git a/components/esp32/include/hwcrypto/aes.h b/components/esp32/include/hwcrypto/aes.h index 76ea47c556..9c149a9352 100644 --- a/components/esp32/include/hwcrypto/aes.h +++ b/components/esp32/include/hwcrypto/aes.h @@ -1,9 +1,11 @@ /** * \file esp_aes.h * - * \brief AES block cipher + * \brief AES block cipher, ESP32 hardware accelerated version + * Based on mbedTLS version. * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -25,7 +27,6 @@ #define ESP_AES_H #include "esp_types.h" -#include "rom/ets_sys.h" #include "rom/aes.h" #ifdef __cplusplus @@ -40,8 +41,7 @@ extern "C" { #define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ typedef struct { - bool keyflag; - uint16_t keybits; + enum AES_BITS aesbits; uint8_t key[32]; } key_context, KEY_CTX; @@ -60,6 +60,27 @@ typedef struct { KEY_CTX dec; } aes_context, AES_CTX; +/** + * \brief Lock access to AES hardware unit + * + * AES hardware unit can only be used by one + * consumer at a time. + * + * esp_aes_xxx API calls automatically manage locking & unlocking of + * hardware, this function is only needed if you want to call + * ets_aes_xxx functions directly. + */ +void esp_aes_acquire_hardware( void ); + +/** + * \brief Unlock access to AES hardware unit + * + * esp_aes_xxx API calls automatically manage locking & unlocking of + * hardware, this function is only needed if you want to call + * ets_aes_xxx functions directly. + */ +void esp_aes_release_hardware( void ); + /** * \brief Initialize AES context * diff --git a/components/esp32/include/hwcrypto/bignum.h b/components/esp32/include/hwcrypto/bignum.h index e077fe2ed6..dbcef43de4 100644 --- a/components/esp32/include/hwcrypto/bignum.h +++ b/components/esp32/include/hwcrypto/bignum.h @@ -1,9 +1,11 @@ /** * \file bignum_alt.h * - * \brief Multi-precision integer library + * \brief Multi-precision integer library, ESP32 hardware accelerated version + * Based on mbedTLS version. * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,13 +21,11 @@ * limitations under the License. * */ - + #ifndef _ESP_BIGNUM_H #define _ESP_BIGNUM_H #include "esp_types.h" -#include "rom/ets_sys.h" -#include "rom/bigint.h" #define MPI_DEBUG_ALT @@ -147,6 +147,27 @@ typedef struct esp_mpi_uint *p; /*!< pointer to limbs */ }mpi, MPI_CTX; +/** + * \brief Lock access to MPI hardware unit + * + * MPI hardware unit can only be used by one + * consumer at a time. + * + * esp_mpi_xxx API calls automatically manage locking & unlocking of + * hardware, this function is only needed if you want to call + * ets_bigint_xxx functions directly. + */ +void esp_mpi_acquire_hardware( void ); + +/** + * \brief Unlock access to MPI hardware unit + * + * esp_mpi_xxx API calls automatically manage locking & unlocking of + * hardware, this function is only needed if you want to call + * ets_bigint_xxx functions directly. + */ +void esp_mpi_release_hardware( void ); + /** * \brief Initialize one MPI (make internal references valid) * This just makes it ready to be set or freed, diff --git a/components/esp32/include/hwcrypto/esp_crypto.h b/components/esp32/include/hwcrypto/esp_crypto.h deleted file mode 100644 index bac07ceac0..0000000000 --- a/components/esp32/include/hwcrypto/esp_crypto.h +++ /dev/null @@ -1,56 +0,0 @@ -#ifndef _MULTI_CRYPTO_H_ -#define _MULTI_CRYPTO_H_ - -#include "esp_types.h" -#include "rom/ets_sys.h" - -#ifdef __cplusplus -extern "C" { -#endif - -enum { - AES_MUTEX = 0, - BIGNUM_MUTEX, - SHA_MUTEX, - - MUTEX_MAX_NUM, -}; - -int esp_crypto_init(void); - -void esp_crypto_lock(unsigned int num); -void esp_crypto_unlock(unsigned int num); - -void esp_crypto_take(unsigned int num); -void esp_crypto_give(unsigned int num); -bool esp_crypto_is_used(unsigned int num); - -#define MUTEX_LOCK(num) esp_crypto_lock(num) -#define MUTEX_UNLOCK(num) esp_crypto_unlock(num) - -#define SIG_TAKE(num) esp_crypto_take(num) -#define SIG_GIVE(num) esp_crypto_give(num) -#define SIG_IS_USED(num) esp_crypto_is_used(num) - -#define AES_LOCK() MUTEX_LOCK(AES_MUTEX) -#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX) -#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX) -#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX) -#define SHA_LOCK() MUTEX_LOCK(SHA_MUTEX) -#define SHA_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) - -#define AES_TAKE() SIG_TAKE(AES_MUTEX) -#define AES_GIVE() SIG_GIVE(AES_MUTEX) -#define AES_IS_USED() SIG_IS_USED(AES_MUTEX) -#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX) -#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX) -#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX) -#define SHA_TAKE() SIG_TAKE(SHA_MUTEX) -#define SHA_GIVE() SIG_GIVE(SHA_MUTEX) -#define SHA_IS_USED() SIG_IS_USED(SHA_MUTEX) - -#ifdef __cplusplus -} -#endif - -#endif /* esp_crypto.h */ diff --git a/components/esp32/include/hwcrypto/sha.h b/components/esp32/include/hwcrypto/sha.h index 2ee667cf71..a5de3d402e 100644 --- a/components/esp32/include/hwcrypto/sha.h +++ b/components/esp32/include/hwcrypto/sha.h @@ -15,10 +15,10 @@ #ifndef _ESP_SHA_H_ #define _ESP_SHA_H_ -#include "esp_types.h" -#include "rom/ets_sys.h" #include "rom/sha.h" +#include "esp_types.h" + #ifdef __cplusplus extern "C" { #endif @@ -28,11 +28,32 @@ extern "C" { */ typedef struct { SHA_CTX context; - int context_type; + enum SHA_TYPE context_type; /* defined in rom/sha.h */ } sha_context; typedef sha_context SHA1_CTX; +/** + * \brief Lock access to SHA hardware unit + * + * SHA hardware unit can only be used by one + * consumer at a time. + * + * esp_sha_xxx API calls automatically manage locking & unlocking of + * hardware, this function is only needed if you want to call + * ets_sha_xxx functions directly. + */ +void esp_sha_acquire_hardware( void ); + +/** + * \brief Unlock access to SHA hardware unit + * + * esp_sha_xxx API calls automatically manage locking & unlocking of + * hardware, this function is only needed if you want to call + * ets_sha_xxx functions directly. + */ +void esp_sha_release_hardware( void ); + /** * \brief Initialize SHA-1 context * @@ -55,8 +76,6 @@ void esp_sha1_free( SHA1_CTX *ctx ); */ void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ); -void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]); - /** * \brief SHA-1 context setup * @@ -92,7 +111,7 @@ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char out /// #define SHA256 SHA2_256 -#define SHA224 4 +#define SHA224 4 /* TODO: check this */ /** * \brief SHA-256 context structure @@ -113,7 +132,6 @@ void esp_sha256_init( SHA256_CTX *ctx ); * \param ctx SHA-256 context to be cleared */ void esp_sha256_free( SHA256_CTX *ctx ); -void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64]); /** * \brief Clone (the state of) a SHA-256 context @@ -173,8 +191,6 @@ typedef sha_context SHA512_CTX; */ void esp_sha512_init( SHA512_CTX *ctx ); -void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] ); - /** * \brief Clear SHA-512 context * From 2bee84062af96890b9680bfb0420c8ced542930c Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 2 Sep 2016 18:39:57 +1000 Subject: [PATCH 12/28] esp32: Add comment to ROM crypto functions recommending they not be used directly --- components/esp32/include/rom/aes.h | 7 +++++++ components/esp32/include/rom/bigint.h | 7 +++++++ components/esp32/include/rom/sha.h | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/components/esp32/include/rom/aes.h b/components/esp32/include/rom/aes.h index 9fd0e5baea..2f058f1c25 100644 --- a/components/esp32/include/rom/aes.h +++ b/components/esp32/include/rom/aes.h @@ -1,3 +1,10 @@ +/* + ROM functions for hardware AES support. + + It is not recommended to use these functions directly, + use the wrapper functions in hwcrypto/aes.h instead. + + */ // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD // // Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/components/esp32/include/rom/bigint.h b/components/esp32/include/rom/bigint.h index 461469cacd..624336695b 100644 --- a/components/esp32/include/rom/bigint.h +++ b/components/esp32/include/rom/bigint.h @@ -1,3 +1,10 @@ +/* + ROM functions for hardware bigint support. + + It is not recommended to use these functions directly, + use the wrapper functions in hwcrypto/mpi.h instead. + + */ // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD // // Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/components/esp32/include/rom/sha.h b/components/esp32/include/rom/sha.h index a5536bd3ba..b35faa9a07 100644 --- a/components/esp32/include/rom/sha.h +++ b/components/esp32/include/rom/sha.h @@ -1,3 +1,10 @@ +/* + ROM functions for hardware SHA support. + + It is not recommended to use these functions directly, + use the wrapper functions in hwcrypto/sha.h instead. + + */ // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD // // Licensed under the Apache License, Version 2.0 (the "License"); From 2580c07ae671b2432cbaacd3912eb24d70da3b3e Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Mon, 5 Sep 2016 10:36:25 +1000 Subject: [PATCH 13/28] esp32 hwcrypto: Make SHA-224 an obvious no-op for now This is not the long term solution... --- components/esp32/hwcrypto/sha.c | 14 ++++++++++---- components/esp32/include/hwcrypto/sha.h | 4 ---- components/esp32/include/rom/sha.h | 3 ++- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/components/esp32/hwcrypto/sha.c b/components/esp32/hwcrypto/sha.c index e54ef45a86..584383eb17 100644 --- a/components/esp32/hwcrypto/sha.c +++ b/components/esp32/hwcrypto/sha.c @@ -138,10 +138,10 @@ void esp_sha256_start( SHA256_CTX *ctx, int is224 ) if ( is224 == 0 ) { /* SHA-256 */ - ctx->context_type = SHA256; + ctx->context_type = SHA2_256; } else { - /* SHA-224 */ - ctx->context_type = SHA224; + /* SHA-224 is not supported! */ + ctx->context_type = SHA_INVALID; } } @@ -158,7 +158,13 @@ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen */ void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) { - ets_sha_finish(&ctx->context, ctx->context_type, output); + if ( ctx->context_type == SHA2_256 ) { + ets_sha_finish(&ctx->context, ctx->context_type, output); + } else { + /* No hardware SHA-224 support, but mbedTLS API doesn't allow failure. + For now, zero the output to make it clear it's not valid. */ + bzero( output, 28 ); + } esp_sha_release_hardware(); } diff --git a/components/esp32/include/hwcrypto/sha.h b/components/esp32/include/hwcrypto/sha.h index a5de3d402e..dbefcef06a 100644 --- a/components/esp32/include/hwcrypto/sha.h +++ b/components/esp32/include/hwcrypto/sha.h @@ -109,10 +109,6 @@ void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ); */ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ); -/// -#define SHA256 SHA2_256 -#define SHA224 4 /* TODO: check this */ - /** * \brief SHA-256 context structure */ diff --git a/components/esp32/include/rom/sha.h b/components/esp32/include/rom/sha.h index b35faa9a07..8082a394c9 100644 --- a/components/esp32/include/rom/sha.h +++ b/components/esp32/include/rom/sha.h @@ -37,7 +37,8 @@ enum SHA_TYPE { SHA1 = 0, SHA2_256, SHA2_384, - SHA2_512 + SHA2_512, + SHA_INVALID = -1, }; void ets_sha_init(SHA_CTX *ctx); From 0a970e3a258327db02410c41cb79126fb87ca222 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 6 Sep 2016 10:38:12 +1000 Subject: [PATCH 14/28] hwcrypto: Match API completely to mbedTLS naming conventions --- components/esp32/hwcrypto/aes.c | 61 ++++++++------- components/esp32/hwcrypto/bignum.c | 5 +- components/esp32/hwcrypto/sha.c | 68 +++++++++-------- components/esp32/include/hwcrypto/aes.h | 36 +++++---- components/esp32/include/hwcrypto/sha.h | 99 +++++++++++++------------ 5 files changed, 135 insertions(+), 134 deletions(-) diff --git a/components/esp32/hwcrypto/aes.c b/components/esp32/hwcrypto/aes.c index e2ee67bec0..16ed704ba3 100644 --- a/components/esp32/hwcrypto/aes.c +++ b/components/esp32/hwcrypto/aes.c @@ -1,7 +1,6 @@ - -/* - * ESP32 hardware accelerated AES implementation - * based on mbedTLS FIPS-197 compliant version. +/** + * \brief AES block cipher, ESP32 hardware accelerated version + * Based on mbedTLS FIPS-197 compliant version. * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd @@ -48,18 +47,18 @@ void esp_aes_release_hardware( void ) _lock_release(&aes_lock); } -void esp_aes_init( AES_CTX *ctx ) +void esp_aes_init( esp_aes_context *ctx ) { - bzero( ctx, sizeof( AES_CTX ) ); + bzero( ctx, sizeof( esp_aes_context ) ); } -void esp_aes_free( AES_CTX *ctx ) +void esp_aes_free( esp_aes_context *ctx ) { if ( ctx == NULL ) { return; } - bzero( ctx, sizeof( AES_CTX ) ); + bzero( ctx, sizeof( esp_aes_context ) ); } /* Translate number of bits to an AES_BITS enum */ @@ -74,7 +73,7 @@ static int keybits_to_aesbits(unsigned int keybits) case 256: return AES256; default: - return ( ERR_AES_INVALID_KEY_LENGTH ); + return ( ERR_ESP_AES_INVALID_KEY_LENGTH ); } } @@ -82,7 +81,7 @@ static int keybits_to_aesbits(unsigned int keybits) * AES key schedule (encryption) * */ -int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, +int esp_aes_setkey_enc( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits ) { uint16_t keybytes = keybits / 8; @@ -100,7 +99,7 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, * AES key schedule (decryption) * */ -int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, +int esp_aes_setkey_dec( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits ) { uint16_t keybytes = keybits / 8; @@ -120,12 +119,12 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, * Optimisation to prevent overhead of locking each time when * encrypting many blocks in sequence. */ -static int esp_aes_crypt_ecb_inner( AES_CTX *ctx, +static int esp_aes_crypt_ecb_inner( esp_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] ) { - if ( mode == AES_ENCRYPT ) { + if ( mode == ESP_AES_ENCRYPT ) { ets_aes_setkey_enc(ctx->enc.key, ctx->enc.aesbits); ets_aes_crypt(input, output); } else { @@ -139,12 +138,12 @@ static int esp_aes_crypt_ecb_inner( AES_CTX *ctx, /* * AES-ECB block encryption */ -void esp_aes_encrypt( AES_CTX *ctx, +void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { esp_aes_acquire_hardware(); - esp_aes_crypt_ecb_inner(ctx, AES_ENCRYPT, input, output); + esp_aes_crypt_ecb_inner(ctx, ESP_AES_ENCRYPT, input, output); esp_aes_release_hardware(); } @@ -152,12 +151,12 @@ void esp_aes_encrypt( AES_CTX *ctx, * AES-ECB block decryption */ -void esp_aes_decrypt( AES_CTX *ctx, +void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { esp_aes_acquire_hardware(); - esp_aes_crypt_ecb_inner(ctx, AES_DECRYPT, input, output); + esp_aes_crypt_ecb_inner(ctx, ESP_AES_DECRYPT, input, output); esp_aes_release_hardware(); } @@ -165,7 +164,7 @@ void esp_aes_decrypt( AES_CTX *ctx, /* * AES-ECB block encryption/decryption */ -int esp_aes_crypt_ecb( AES_CTX *ctx, +int esp_aes_crypt_ecb( esp_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] ) @@ -180,7 +179,7 @@ int esp_aes_crypt_ecb( AES_CTX *ctx, /* * AES-CBC buffer encryption/decryption */ -int esp_aes_crypt_cbc( AES_CTX *ctx, +int esp_aes_crypt_cbc( esp_aes_context *ctx, int mode, size_t length, unsigned char iv[16], @@ -191,12 +190,12 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, unsigned char temp[16]; if ( length % 16 ) { - return ( ERR_AES_INVALID_INPUT_LENGTH ); + return ( ERR_ESP_AES_INVALID_INPUT_LENGTH ); } esp_aes_acquire_hardware(); - if ( mode == AES_DECRYPT ) { + if ( mode == ESP_AES_DECRYPT ) { while ( length > 0 ) { memcpy( temp, input, 16 ); esp_aes_crypt_ecb_inner( ctx, mode, input, output ); @@ -234,7 +233,7 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, /* * AES-CFB128 buffer encryption/decryption */ -int esp_aes_crypt_cfb128( AES_CTX *ctx, +int esp_aes_crypt_cfb128( esp_aes_context *ctx, int mode, size_t length, size_t *iv_off, @@ -247,10 +246,10 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, esp_aes_acquire_hardware(); - if ( mode == AES_DECRYPT ) { + if ( mode == ESP_AES_DECRYPT ) { while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb_inner( ctx, ESP_AES_ENCRYPT, iv, iv ); } c = *input++; @@ -262,7 +261,7 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, } else { while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb_inner( ctx, ESP_AES_ENCRYPT, iv, iv ); } iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); @@ -281,7 +280,7 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, /* * AES-CFB8 buffer encryption/decryption */ -int esp_aes_crypt_cfb8( AES_CTX *ctx, +int esp_aes_crypt_cfb8( esp_aes_context *ctx, int mode, size_t length, unsigned char iv[16], @@ -295,15 +294,15 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx, while ( length-- ) { memcpy( ov, iv, 16 ); - esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv ); + esp_aes_crypt_ecb_inner( ctx, ESP_AES_ENCRYPT, iv, iv ); - if ( mode == AES_DECRYPT ) { + if ( mode == ESP_AES_DECRYPT ) { ov[16] = *input; } c = *output++ = (unsigned char)( iv[0] ^ *input++ ); - if ( mode == AES_ENCRYPT ) { + if ( mode == ESP_AES_ENCRYPT ) { ov[16] = c; } @@ -318,7 +317,7 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx, /* * AES-CTR buffer encryption/decryption */ -int esp_aes_crypt_ctr( AES_CTX *ctx, +int esp_aes_crypt_ctr( esp_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], @@ -333,7 +332,7 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, nonce_counter, stream_block ); + esp_aes_crypt_ecb_inner( ctx, ESP_AES_ENCRYPT, nonce_counter, stream_block ); for ( i = 16; i > 0; i-- ) if ( ++nonce_counter[i - 1] != 0 ) { diff --git a/components/esp32/hwcrypto/bignum.c b/components/esp32/hwcrypto/bignum.c index 93b31e6f6f..96f12419e6 100644 --- a/components/esp32/hwcrypto/bignum.c +++ b/components/esp32/hwcrypto/bignum.c @@ -1,4 +1,7 @@ -/* +/** + * \brief Multi-precision integer library, ESP32 hardware accelerated version + * Based on mbedTLS version. + * * ESP32 hardware accelerated multi-precision integer functions * based on mbedTLS implementation * diff --git a/components/esp32/hwcrypto/sha.c b/components/esp32/hwcrypto/sha.c index 584383eb17..06be8b8251 100644 --- a/components/esp32/hwcrypto/sha.c +++ b/components/esp32/hwcrypto/sha.c @@ -50,21 +50,21 @@ void esp_sha_release_hardware( void ) _lock_release(&sha_lock); } -void esp_sha1_init( SHA1_CTX *ctx ) +void esp_sha1_init( esp_sha_context *ctx ) { - bzero( ctx, sizeof( SHA1_CTX ) ); + bzero( ctx, sizeof( esp_sha_context ) ); } -void esp_sha1_free( SHA1_CTX *ctx ) +void esp_sha1_free( esp_sha_context *ctx ) { if ( ctx == NULL ) { return; } - bzero( ctx, sizeof( SHA1_CTX ) ); + bzero( ctx, sizeof( esp_sha_context ) ); } -void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) +void esp_sha1_clone( esp_sha_context *dst, const esp_sha_context *src ) { *dst = *src; } @@ -72,7 +72,7 @@ void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) /* * SHA-1 context setup */ -void esp_sha1_start( SHA1_CTX *ctx ) +void esp_sha1_start( esp_sha_context *ctx ) { esp_sha_acquire_hardware(); ctx->context_type = SHA1; @@ -81,7 +81,7 @@ void esp_sha1_start( SHA1_CTX *ctx ) /* * SHA-1 process buffer */ -void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) +void esp_sha1_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ) { ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -89,18 +89,16 @@ void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) /* * SHA-1 final digest */ -void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ) +void esp_sha1_finish( esp_sha_context *ctx, unsigned char output[20] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); esp_sha_release_hardware(); } -/* - * output = SHA-1( input buffer ) - */ -void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ) +/* Full SHA-1 calculation */ +void esp_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) { - SHA1_CTX ctx; + esp_sha_context ctx; esp_sha1_init( &ctx ); esp_sha1_start( &ctx ); @@ -109,21 +107,21 @@ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char out esp_sha1_free( &ctx ); } -void esp_sha256_init( SHA256_CTX *ctx ) +void esp_sha256_init( esp_sha_context *ctx ) { - bzero( ctx, sizeof( SHA256_CTX ) ); + bzero( ctx, sizeof( esp_sha_context ) ); } -void esp_sha256_free( SHA256_CTX *ctx ) +void esp_sha256_free( esp_sha_context *ctx ) { if ( ctx == NULL ) { return; } - bzero( ctx, sizeof( SHA256_CTX ) ); + bzero( ctx, sizeof( esp_sha_context ) ); } -void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) +void esp_sha256_clone( esp_sha_context *dst, const esp_sha_context *src ) { *dst = *src; } @@ -131,7 +129,7 @@ void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) /* * SHA-256 context setup */ -void esp_sha256_start( SHA256_CTX *ctx, int is224 ) +void esp_sha256_start( esp_sha_context *ctx, int is224 ) { esp_sha_acquire_hardware(); ets_sha_init(&ctx->context); @@ -148,7 +146,7 @@ void esp_sha256_start( SHA256_CTX *ctx, int is224 ) /* * SHA-256 process buffer */ -void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) +void esp_sha256_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ) { ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -156,7 +154,7 @@ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen /* * SHA-256 final digest */ -void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) +void esp_sha256_finish( esp_sha_context *ctx, unsigned char output[32] ) { if ( ctx->context_type == SHA2_256 ) { ets_sha_finish(&ctx->context, ctx->context_type, output); @@ -169,11 +167,11 @@ void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) } /* - * output = SHA-256( input buffer ) + * Full SHA-256 calculation */ -void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ) +void esp_sha256( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ) { - SHA256_CTX ctx; + esp_sha_context ctx; esp_sha256_init( &ctx ); esp_sha256_start( &ctx, is224 ); @@ -184,21 +182,21 @@ void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char o ///// -void esp_sha512_init( SHA512_CTX *ctx ) +void esp_sha512_init( esp_sha_context *ctx ) { - memset( ctx, 0, sizeof( SHA512_CTX ) ); + memset( ctx, 0, sizeof( esp_sha_context ) ); } -void esp_sha512_free( SHA512_CTX *ctx ) +void esp_sha512_free( esp_sha_context *ctx ) { if ( ctx == NULL ) { return; } - bzero( ctx, sizeof( SHA512_CTX ) ); + bzero( ctx, sizeof( esp_sha_context ) ); } -void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) +void esp_sha512_clone( esp_sha_context *dst, const esp_sha_context *src ) { *dst = *src; } @@ -206,7 +204,7 @@ void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) /* * SHA-512 context setup */ -void esp_sha512_start( SHA512_CTX *ctx, int is384 ) +void esp_sha512_start( esp_sha_context *ctx, int is384 ) { esp_sha_acquire_hardware(); ets_sha_init(&ctx->context); @@ -223,7 +221,7 @@ void esp_sha512_start( SHA512_CTX *ctx, int is384 ) /* * SHA-512 process buffer */ -void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen ) +void esp_sha512_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ) { ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -231,18 +229,18 @@ void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen /* * SHA-512 final digest */ -void esp_sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ) +void esp_sha512_finish( esp_sha_context *ctx, unsigned char output[64] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); esp_sha_release_hardware(); } /* - * output = SHA-512( input buffer ) + * Full SHA-512 calculation */ -void esp_sha512_output( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ) +void esp_sha512( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ) { - SHA512_CTX ctx; + esp_sha_context ctx; esp_sha512_init( &ctx ); esp_sha512_start( &ctx, is384 ); diff --git a/components/esp32/include/hwcrypto/aes.h b/components/esp32/include/hwcrypto/aes.h index 9c149a9352..b6a632affc 100644 --- a/components/esp32/include/hwcrypto/aes.h +++ b/components/esp32/include/hwcrypto/aes.h @@ -1,8 +1,6 @@ /** - * \file esp_aes.h - * * \brief AES block cipher, ESP32 hardware accelerated version - * Based on mbedTLS version. + * Based on mbedTLS FIPS-197 compliant version. * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd @@ -34,11 +32,11 @@ extern "C" { #endif /* padlock.c and aesni.c rely on these values! */ -#define AES_ENCRYPT 1 -#define AES_DECRYPT 0 +#define ESP_AES_ENCRYPT 1 +#define ESP_AES_DECRYPT 0 -#define ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ -#define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ +#define ERR_ESP_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ +#define ERR_ESP_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ typedef struct { enum AES_BITS aesbits; @@ -58,7 +56,7 @@ typedef struct { uint32_t *rk; /*!< AES round keys */ KEY_CTX enc; KEY_CTX dec; -} aes_context, AES_CTX; +} esp_aes_context; /** * \brief Lock access to AES hardware unit @@ -86,14 +84,14 @@ void esp_aes_release_hardware( void ); * * \param ctx AES context to be initialized */ -void esp_aes_init( AES_CTX *ctx ); +void esp_aes_init( esp_aes_context *ctx ); /** * \brief Clear AES context * * \param ctx AES context to be cleared */ -void esp_aes_free( AES_CTX *ctx ); +void esp_aes_free( esp_aes_context *ctx ); /** * \brief AES key schedule (encryption) @@ -104,7 +102,7 @@ void esp_aes_free( AES_CTX *ctx ); * * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH */ -int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ); +int esp_aes_setkey_enc( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits ); /** * \brief AES key schedule (decryption) @@ -115,7 +113,7 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int key * * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH */ -int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ); +int esp_aes_setkey_dec( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits ); /** * \brief AES-ECB block encryption/decryption @@ -127,7 +125,7 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int key * * \return 0 if successful */ -int esp_aes_crypt_ecb( AES_CTX *ctx, int mode, const unsigned char input[16], unsigned char output[16] ); +int esp_aes_crypt_ecb( esp_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] ); /** * \brief AES-CBC buffer encryption/decryption @@ -151,7 +149,7 @@ int esp_aes_crypt_ecb( AES_CTX *ctx, int mode, const unsigned char input[16], un * * \return 0 if successful, or ERR_AES_INVALID_INPUT_LENGTH */ -int esp_aes_crypt_cbc( AES_CTX *ctx, +int esp_aes_crypt_cbc( esp_aes_context *ctx, int mode, size_t length, unsigned char iv[16], @@ -184,7 +182,7 @@ int esp_aes_crypt_cbc( AES_CTX *ctx, * * \return 0 if successful */ -int esp_aes_crypt_cfb128( AES_CTX *ctx, +int esp_aes_crypt_cfb128( esp_aes_context *ctx, int mode, size_t length, size_t *iv_off, @@ -216,7 +214,7 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx, * * \return 0 if successful */ -int esp_aes_crypt_cfb8( AES_CTX *ctx, +int esp_aes_crypt_cfb8( esp_aes_context *ctx, int mode, size_t length, unsigned char iv[16], @@ -245,7 +243,7 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx, * * \return 0 if successful */ -int esp_aes_crypt_ctr( AES_CTX *ctx, +int esp_aes_crypt_ctr( esp_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], @@ -263,7 +261,7 @@ int esp_aes_crypt_ctr( AES_CTX *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -void esp_aes_encrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ); +void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); /** * \brief Internal AES block decryption function @@ -274,7 +272,7 @@ void esp_aes_encrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char * \param input Ciphertext block * \param output Output (plaintext) block */ -void esp_aes_decrypt( AES_CTX *ctx, const unsigned char input[16], unsigned char output[16] ); +void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); #ifdef __cplusplus } diff --git a/components/esp32/include/hwcrypto/sha.h b/components/esp32/include/hwcrypto/sha.h index dbefcef06a..a165c46c1c 100644 --- a/components/esp32/include/hwcrypto/sha.h +++ b/components/esp32/include/hwcrypto/sha.h @@ -1,16 +1,24 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * ESP32 hardware accelerated SHA1/256/512 implementation + * based on mbedTLS FIPS-197 compliant version. + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ #ifndef _ESP_SHA_H_ #define _ESP_SHA_H_ @@ -27,11 +35,10 @@ extern "C" { * \brief SHA-1 context structure */ typedef struct { + /* both types defined in rom/sha.h */ SHA_CTX context; - enum SHA_TYPE context_type; /* defined in rom/sha.h */ -} sha_context; - -typedef sha_context SHA1_CTX; + enum SHA_TYPE context_type; +} esp_sha_context; /** * \brief Lock access to SHA hardware unit @@ -59,14 +66,14 @@ void esp_sha_release_hardware( void ); * * \param ctx SHA-1 context to be initialized */ -void esp_sha1_init( SHA1_CTX *ctx ); +void esp_sha1_init( esp_sha_context *ctx ); /** * \brief Clear SHA-1 context * * \param ctx SHA-1 context to be cleared */ -void esp_sha1_free( SHA1_CTX *ctx ); +void esp_sha1_free( esp_sha_context *ctx ); /** * \brief Clone (the state of) a SHA-1 context @@ -74,14 +81,14 @@ void esp_sha1_free( SHA1_CTX *ctx ); * \param dst The destination context * \param src The context to be cloned */ -void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ); +void esp_sha1_clone( esp_sha_context *dst, const esp_sha_context *src ); /** * \brief SHA-1 context setup * * \param ctx context to be initialized */ -void esp_sha1_start( SHA1_CTX *ctx ); +void esp_sha1_start( esp_sha_context *ctx ); /** * \brief SHA-1 process buffer @@ -90,7 +97,7 @@ void esp_sha1_start( SHA1_CTX *ctx ); * \param input buffer holding the data * \param ilen length of the input data */ -void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ); +void esp_sha1_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ); /** * \brief SHA-1 final digest @@ -98,36 +105,34 @@ void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ); * \param ctx SHA-1 context * \param output SHA-1 checksum result */ -void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ); +void esp_sha1_finish( esp_sha_context *ctx, unsigned char output[20] ); /** - * \brief Output = SHA-1( input buffer ) + * \brief Calculate SHA-1 of input buffer * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result */ -void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ); +void esp_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); /** * \brief SHA-256 context structure */ -typedef sha_context SHA256_CTX; - /** * \brief Initialize SHA-256 context * * \param ctx SHA-256 context to be initialized */ -void esp_sha256_init( SHA256_CTX *ctx ); +void esp_sha256_init( esp_sha_context *ctx ); /** * \brief Clear SHA-256 context * * \param ctx SHA-256 context to be cleared */ -void esp_sha256_free( SHA256_CTX *ctx ); +void esp_sha256_free( esp_sha_context *ctx ); /** * \brief Clone (the state of) a SHA-256 context @@ -135,7 +140,7 @@ void esp_sha256_free( SHA256_CTX *ctx ); * \param dst The destination context * \param src The context to be cloned */ -void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ); +void esp_sha256_clone( esp_sha_context *dst, const esp_sha_context *src ); /** * \brief SHA-256 context setup @@ -143,7 +148,7 @@ void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ); * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 */ -void esp_sha256_start( SHA256_CTX *ctx, int is224 ); +void esp_sha256_start( esp_sha_context *ctx, int is224 ); /** * \brief SHA-256 process buffer @@ -152,7 +157,7 @@ void esp_sha256_start( SHA256_CTX *ctx, int is224 ); * \param input buffer holding the data * \param ilen length of the input data */ -void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ); +void esp_sha256_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ); /** * \brief SHA-256 final digest @@ -160,17 +165,17 @@ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen * \param ctx SHA-256 context * \param output SHA-224/256 checksum result */ -void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ); +void esp_sha256_finish( esp_sha_context *ctx, unsigned char output[32] ); /** - * \brief Output = SHA-256( input buffer ) + * \brief Calculate SHA-256 of input buffer * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-224/256 checksum result * \param is224 0 = use SHA256, 1 = use SHA224 */ -void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ); +void esp_sha256( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ); // @@ -178,21 +183,19 @@ void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char o * \brief SHA-512 context structure */ -typedef sha_context SHA512_CTX; - /** * \brief Initialize SHA-512 context * * \param ctx SHA-512 context to be initialized */ -void esp_sha512_init( SHA512_CTX *ctx ); +void esp_sha512_init( esp_sha_context *ctx ); /** * \brief Clear SHA-512 context * * \param ctx SHA-512 context to be cleared */ -void esp_sha512_free( SHA512_CTX *ctx ); +void esp_sha512_free( esp_sha_context *ctx ); /** * \brief Clone (the state of) a SHA-512 context @@ -200,7 +203,7 @@ void esp_sha512_free( SHA512_CTX *ctx ); * \param dst The destination context * \param src The context to be cloned */ -void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ); +void esp_sha512_clone( esp_sha_context *dst, const esp_sha_context *src ); /** * \brief SHA-512 context setup @@ -208,7 +211,7 @@ void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ); * \param ctx context to be initialized * \param is384 0 = use SHA512, 1 = use SHA384 */ -void esp_sha512_start( SHA512_CTX *ctx, int is384 ); +void esp_sha512_start( esp_sha_context *ctx, int is384 ); /** * \brief SHA-512 process buffer @@ -217,7 +220,7 @@ void esp_sha512_start( SHA512_CTX *ctx, int is384 ); * \param input buffer holding the data * \param ilen length of the input data */ -void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen ); +void esp_sha512_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ); /** * \brief SHA-512 final digest @@ -225,17 +228,17 @@ void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen * \param ctx SHA-512 context * \param output SHA-384/512 checksum result */ -void esp_sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ); +void esp_sha512_finish( esp_sha_context *ctx, unsigned char output[64] ); /** - * \brief Output = SHA-512( input buffer ) + * \brief Calculate SHA-512 of input buffer. * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-384/512 checksum result * \param is384 0 = use SHA512, 1 = use SHA384 */ -void esp_sha512_output( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ); +void esp_sha512( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ); // From a32e954f67bec9e933b6a454f8be89ccf58ae604 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 6 Sep 2016 11:05:56 +1000 Subject: [PATCH 15/28] hwcrypto sha: Feed one block at a time to hardware SHA implementation Fixes a bug where some longer block sizes produced incorrect results. --- components/esp32/hwcrypto/sha.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/components/esp32/hwcrypto/sha.c b/components/esp32/hwcrypto/sha.c index 06be8b8251..78ecbf7714 100644 --- a/components/esp32/hwcrypto/sha.c +++ b/components/esp32/hwcrypto/sha.c @@ -50,6 +50,18 @@ void esp_sha_release_hardware( void ) _lock_release(&sha_lock); } +/* Generic esp_shaX_update implementation */ +static void esp_sha_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen, size_t block_size) +{ + /* Feed the SHA engine one block at a time */ + while(ilen > 0) { + size_t chunk_len = (ilen > block_size) ? block_size : ilen; + ets_sha_update(&ctx->context, ctx->context_type, input, chunk_len * 8); + input += chunk_len; + ilen -= chunk_len; + } +} + void esp_sha1_init( esp_sha_context *ctx ) { bzero( ctx, sizeof( esp_sha_context ) ); @@ -83,7 +95,7 @@ void esp_sha1_start( esp_sha_context *ctx ) */ void esp_sha1_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ) { - ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); + esp_sha_update(ctx, input, ilen, 64); } /* @@ -148,7 +160,7 @@ void esp_sha256_start( esp_sha_context *ctx, int is224 ) */ void esp_sha256_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ) { - ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); + esp_sha_update(ctx, input, ilen, 64); } /* @@ -223,7 +235,7 @@ void esp_sha512_start( esp_sha_context *ctx, int is384 ) */ void esp_sha512_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ) { - ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); + esp_sha_update(ctx, input, ilen, 128); } /* From d951ab266121fdd3ce8c18170c182e60274eff4a Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Wed, 7 Sep 2016 14:48:20 +1000 Subject: [PATCH 16/28] hwcrypto aes: Performance tweak, only write key to hardware once Shaves ~10% off time to compute AES-CBC --- components/esp32/hwcrypto/aes.c | 39 +++++++++++++++++---------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/components/esp32/hwcrypto/aes.c b/components/esp32/hwcrypto/aes.c index 16ed704ba3..e08486de28 100644 --- a/components/esp32/hwcrypto/aes.c +++ b/components/esp32/hwcrypto/aes.c @@ -114,23 +114,17 @@ int esp_aes_setkey_dec( esp_aes_context *ctx, const unsigned char *key, } /* - * Inner AES-ECB function. Call only when protected by esp_aes_acquire_hardware(). + * Helper function to copy key from esp_aes_context buffer + * to hardware key registers. * - * Optimisation to prevent overhead of locking each time when - * encrypting many blocks in sequence. + * Only call when protected by esp_aes_acquire_hardware(). */ -static int esp_aes_crypt_ecb_inner( esp_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) +static inline int esp_aes_setkey_hardware( esp_aes_context *ctx, int mode) { if ( mode == ESP_AES_ENCRYPT ) { ets_aes_setkey_enc(ctx->enc.key, ctx->enc.aesbits); - ets_aes_crypt(input, output); } else { ets_aes_setkey_dec(ctx->enc.key, ctx->enc.aesbits); - /* TODO: previous commit esp_aes_decrypt function calls this but this is not correct! */ - ets_aes_crypt(input, output); } return 0; } @@ -143,7 +137,8 @@ void esp_aes_encrypt( esp_aes_context *ctx, unsigned char output[16] ) { esp_aes_acquire_hardware(); - esp_aes_crypt_ecb_inner(ctx, ESP_AES_ENCRYPT, input, output); + esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); + ets_aes_crypt(input, output); esp_aes_release_hardware(); } @@ -156,7 +151,8 @@ void esp_aes_decrypt( esp_aes_context *ctx, unsigned char output[16] ) { esp_aes_acquire_hardware(); - esp_aes_crypt_ecb_inner(ctx, ESP_AES_DECRYPT, input, output); + esp_aes_setkey_hardware(ctx, ESP_AES_DECRYPT); + ets_aes_crypt(input, output); esp_aes_release_hardware(); } @@ -170,7 +166,8 @@ int esp_aes_crypt_ecb( esp_aes_context *ctx, unsigned char output[16] ) { esp_aes_acquire_hardware(); - esp_aes_crypt_ecb_inner(ctx, mode, input, output); + esp_aes_setkey_hardware(ctx, mode); + ets_aes_crypt(input, output); esp_aes_release_hardware(); return 0; } @@ -194,11 +191,12 @@ int esp_aes_crypt_cbc( esp_aes_context *ctx, } esp_aes_acquire_hardware(); + esp_aes_setkey_hardware(ctx, mode); if ( mode == ESP_AES_DECRYPT ) { while ( length > 0 ) { memcpy( temp, input, 16 ); - esp_aes_crypt_ecb_inner( ctx, mode, input, output ); + ets_aes_crypt(input, output); for ( i = 0; i < 16; i++ ) { output[i] = (unsigned char)( output[i] ^ iv[i] ); @@ -216,7 +214,7 @@ int esp_aes_crypt_cbc( esp_aes_context *ctx, output[i] = (unsigned char)( input[i] ^ iv[i] ); } - esp_aes_crypt_ecb_inner( ctx, mode, output, output ); + ets_aes_crypt(output, output); memcpy( iv, output, 16 ); input += 16; @@ -245,11 +243,12 @@ int esp_aes_crypt_cfb128( esp_aes_context *ctx, size_t n = *iv_off; esp_aes_acquire_hardware(); + esp_aes_setkey_hardware(ctx, mode); if ( mode == ESP_AES_DECRYPT ) { while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb_inner( ctx, ESP_AES_ENCRYPT, iv, iv ); + ets_aes_crypt(iv, iv ); } c = *input++; @@ -261,7 +260,7 @@ int esp_aes_crypt_cfb128( esp_aes_context *ctx, } else { while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb_inner( ctx, ESP_AES_ENCRYPT, iv, iv ); + ets_aes_crypt(iv, iv ); } iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); @@ -291,10 +290,11 @@ int esp_aes_crypt_cfb8( esp_aes_context *ctx, unsigned char ov[17]; esp_aes_acquire_hardware(); + esp_aes_setkey_hardware(ctx, mode); while ( length-- ) { memcpy( ov, iv, 16 ); - esp_aes_crypt_ecb_inner( ctx, ESP_AES_ENCRYPT, iv, iv ); + ets_aes_crypt(iv, iv); if ( mode == ESP_AES_DECRYPT ) { ov[16] = *input; @@ -329,10 +329,11 @@ int esp_aes_crypt_ctr( esp_aes_context *ctx, size_t n = *nc_off; esp_aes_acquire_hardware(); + esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); while ( length-- ) { if ( n == 0 ) { - esp_aes_crypt_ecb_inner( ctx, ESP_AES_ENCRYPT, nonce_counter, stream_block ); + ets_aes_crypt(nonce_counter, stream_block); for ( i = 16; i > 0; i-- ) if ( ++nonce_counter[i - 1] != 0 ) { From 2211759cc08779ad0bd1fd471db123eab5bc1457 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Thu, 8 Sep 2016 17:06:27 +1000 Subject: [PATCH 17/28] hwcrypto aes: Fix bugs w/ ECB decrypt, CFB modes --- components/esp32/hwcrypto/aes.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/components/esp32/hwcrypto/aes.c b/components/esp32/hwcrypto/aes.c index e08486de28..169465822d 100644 --- a/components/esp32/hwcrypto/aes.c +++ b/components/esp32/hwcrypto/aes.c @@ -124,7 +124,7 @@ static inline int esp_aes_setkey_hardware( esp_aes_context *ctx, int mode) if ( mode == ESP_AES_ENCRYPT ) { ets_aes_setkey_enc(ctx->enc.key, ctx->enc.aesbits); } else { - ets_aes_setkey_dec(ctx->enc.key, ctx->enc.aesbits); + ets_aes_setkey_dec(ctx->dec.key, ctx->dec.aesbits); } return 0; } @@ -243,7 +243,7 @@ int esp_aes_crypt_cfb128( esp_aes_context *ctx, size_t n = *iv_off; esp_aes_acquire_hardware(); - esp_aes_setkey_hardware(ctx, mode); + esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); if ( mode == ESP_AES_DECRYPT ) { while ( length-- ) { @@ -290,7 +290,7 @@ int esp_aes_crypt_cfb8( esp_aes_context *ctx, unsigned char ov[17]; esp_aes_acquire_hardware(); - esp_aes_setkey_hardware(ctx, mode); + esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); while ( length-- ) { memcpy( ov, iv, 16 ); From 95defc7d32fcc085e2470f790785352a0ec2a6d8 Mon Sep 17 00:00:00 2001 From: Wu Jian Gang Date: Thu, 8 Sep 2016 17:41:43 +0800 Subject: [PATCH 18/28] mbedtls: Use hardware accelerated AES, SHA, bignum --- components/esp32/Makefile | 2 + components/esp32/hwcrypto/bignum.c | 2194 ----------------- components/esp32/include/hwcrypto/bignum.h | 727 ------ components/mbedtls/Makefile | 3 + .../mbedtls/include/mbedtls/esp_config.h | 20 +- components/mbedtls/library/bignum.c | 4 + components/mbedtls/port/esp_bignum.c | 536 ++++ components/mbedtls/port/esp_hardware.c | 28 +- components/mbedtls/port/include/aes_alt.h | 4 +- components/mbedtls/port/include/bignum_alt.h | 77 - components/mbedtls/port/include/sha1_alt.h | 7 +- components/mbedtls/port/include/sha256_alt.h | 7 +- components/mbedtls/port/include/sha512_alt.h | 6 +- 13 files changed, 572 insertions(+), 3043 deletions(-) delete mode 100644 components/esp32/hwcrypto/bignum.c delete mode 100644 components/esp32/include/hwcrypto/bignum.h create mode 100644 components/mbedtls/port/esp_bignum.c delete mode 100644 components/mbedtls/port/include/bignum_alt.h diff --git a/components/esp32/Makefile b/components/esp32/Makefile index 1d55d0ff63..95647c2ebf 100644 --- a/components/esp32/Makefile +++ b/components/esp32/Makefile @@ -8,6 +8,8 @@ # -include $(PROJECT_PATH)/build/include/config/auto.conf +COMPONENT_SRCDIRS := . hwcrypto + LIBS := crypto core net80211 phy rtc pp wpa wps ifeq ($(CONFIG_MEMMAP_BT),y) diff --git a/components/esp32/hwcrypto/bignum.c b/components/esp32/hwcrypto/bignum.c deleted file mode 100644 index 96f12419e6..0000000000 --- a/components/esp32/hwcrypto/bignum.c +++ /dev/null @@ -1,2194 +0,0 @@ -/** - * \brief Multi-precision integer library, ESP32 hardware accelerated version - * Based on mbedTLS version. - * - * ESP32 hardware accelerated multi-precision integer functions - * based on mbedTLS implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/* - * The following sources were referenced in the design of this Multi-precision - * Integer library: - * - * [1] Handbook of Applied Cryptography - 1997 - * Menezes, van Oorschot and Vanstone - * - * [2] Multi-Precision Math - * Tom St Denis - * https://github.com/libtom/libtommath/blob/develop/tommath.pdf - * - * [3] GNU Multi-Precision Arithmetic Library - * https://gmplib.org/manual/index.html - * - */ - -#include -#include -#include -#include "hwcrypto/bignum.h" -#include "rom/ets_sys.h" -#include "rom/bigint.h" - -/* Implementation that should never be optimized out by the compiler */ -//static void bzero( void *v, size_t n ) { -// volatile unsigned char *p = v; while( n-- ) *p++ = 0; -//} - -#define ciL (sizeof(esp_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ - -#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ - -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) - -static _lock_t mpi_lock; - -void esp_mpi_acquire_hardware( void ) -{ - /* newlib locks lazy initialize on ESP-IDF */ - _lock_acquire(&mpi_lock); - ets_bigint_enable(); -} - -void esp_mpi_release_hardware( void ) -{ - ets_bigint_disable(); - _lock_release(&mpi_lock); -} - - -/* - * Initialize one MPI - */ -void esp_mpi_init( mpi *X ) -{ - if( X == NULL ) - return; - - X->s = 1; - X->n = 0; - X->p = NULL; -} - -/* - * Unallocate one MPI - */ -void esp_mpi_free( mpi *X ) -{ - if( X == NULL ) - return; - - if( X->p != NULL ) - { - bzero( X->p, X->n * ciL ); - free( X->p ); - } - - X->s = 1; - X->n = 0; - X->p = NULL; -} - -/* - * Enlarge to the specified number of limbs - */ -int esp_mpi_grow( mpi *X, size_t nblimbs ) -{ - esp_mpi_uint *p; - - if( nblimbs > MPI_MAX_LIMBS ) - return( ERR_MPI_ALLOC_FAILED ); - - if( X->n < nblimbs ) - { - if( ( p = calloc( nblimbs, ciL ) ) == NULL ) - return( ERR_MPI_ALLOC_FAILED ); - - if( X->p != NULL ) - { - memcpy( p, X->p, X->n * ciL ); - bzero( X->p, X->n * ciL ); - free( X->p ); - } - - X->n = nblimbs; - X->p = p; - } - - return( 0 ); -} - -/* - * Resize down as much as possible, - * while keeping at least the specified number of limbs - */ -int esp_mpi_shrink( mpi *X, size_t nblimbs ) -{ - esp_mpi_uint *p; - size_t i; - - /* Actually resize up in this case */ - if( X->n <= nblimbs ) - return( esp_mpi_grow( X, nblimbs ) ); - - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) - break; - i++; - - if( i < nblimbs ) - i = nblimbs; - - if( ( p = calloc( i, ciL ) ) == NULL ) - return( ERR_MPI_ALLOC_FAILED ); - - if( X->p != NULL ) - { - memcpy( p, X->p, i * ciL ); - bzero( X->p, X->n * ciL ); - free( X->p ); - } - - X->n = i; - X->p = p; - - return( 0 ); -} - -/* - * Copy the contents of Y into X - */ -int esp_mpi_copy( mpi *X, const mpi *Y ) -{ - int ret; - size_t i; - - if( X == Y ) - return( 0 ); - - if( Y->p == NULL ) - { - esp_mpi_free( X ); - return( 0 ); - } - - for( i = Y->n - 1; i > 0; i-- ) - if( Y->p[i] != 0 ) - break; - i++; - - X->s = Y->s; - - MPI_CHK( esp_mpi_grow( X, i ) ); - - memset( X->p, 0, X->n * ciL ); - memcpy( X->p, Y->p, i * ciL ); - -cleanup: - - return( ret ); -} - -/* - * Swap the contents of X and Y - */ -void esp_mpi_swap( mpi *X, mpi *Y ) -{ - mpi T; - - memcpy( &T, X, sizeof( mpi ) ); - memcpy( X, Y, sizeof( mpi ) ); - memcpy( Y, &T, sizeof( mpi ) ); -} - -/* - * Conditionally assign X = Y, without leaking information - * about whether the assignment was made or not. - * (Leaking information about the respective sizes of X and Y is ok however.) - */ -int esp_mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ) -{ - int ret = 0; - size_t i; - - /* make sure assign is 0 or 1 in a time-constant manner */ - assign = (assign | (unsigned char)-assign) >> 7; - - MPI_CHK( esp_mpi_grow( X, Y->n ) ); - - X->s = X->s * ( 1 - assign ) + Y->s * assign; - - for( i = 0; i < Y->n; i++ ) - X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign; - - for( ; i < X->n; i++ ) - X->p[i] *= ( 1 - assign ); - -cleanup: - return( ret ); -} - -/* - * Conditionally swap X and Y, without leaking information - * about whether the swap was made or not. - * Here it is not ok to simply swap the pointers, which whould lead to - * different memory access patterns when X and Y are used afterwards. - */ -int esp_mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char swap ) -{ - int ret, s; - size_t i; - esp_mpi_uint tmp; - - if( X == Y ) - return( 0 ); - - /* make sure swap is 0 or 1 in a time-constant manner */ - swap = (swap | (unsigned char)-swap) >> 7; - - MPI_CHK( esp_mpi_grow( X, Y->n ) ); - MPI_CHK( esp_mpi_grow( Y, X->n ) ); - - s = X->s; - X->s = X->s * ( 1 - swap ) + Y->s * swap; - Y->s = Y->s * ( 1 - swap ) + s * swap; - - - for( i = 0; i < X->n; i++ ) - { - tmp = X->p[i]; - X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap; - Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap; - } - -cleanup: - return( ret ); -} - -/* - * Set value from integer - */ -int esp_mpi_lset( mpi *X, esp_mpi_sint z ) -{ - int ret; - - MPI_CHK( esp_mpi_grow( X, 1 ) ); - memset( X->p, 0, X->n * ciL ); - - X->p[0] = ( z < 0 ) ? -z : z; - X->s = ( z < 0 ) ? -1 : 1; - -cleanup: - - return( ret ); -} - -/* - * Get a specific bit - */ -int esp_mpi_get_bit( const mpi *X, size_t pos ) -{ - if( X->n * biL <= pos ) - return( 0 ); - - return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 ); -} - -/* - * Set a bit to a specific value of 0 or 1 - */ -int esp_mpi_set_bit( mpi *X, size_t pos, unsigned char val ) -{ - int ret = 0; - size_t off = pos / biL; - size_t idx = pos % biL; - - if( val != 0 && val != 1 ) - return( ERR_MPI_BAD_INPUT_DATA ); - - if( X->n * biL <= pos ) - { - if( val == 0 ) - return( 0 ); - - MPI_CHK( esp_mpi_grow( X, off + 1 ) ); - } - - X->p[off] &= ~( (esp_mpi_uint) 0x01 << idx ); - X->p[off] |= (esp_mpi_uint) val << idx; - -cleanup: - - return( ret ); -} - -/* - * Return the number of less significant zero-bits - */ -size_t esp_mpi_lsb( const mpi *X ) -{ - size_t i, j, count = 0; - - for( i = 0; i < X->n; i++ ) - for( j = 0; j < biL; j++, count++ ) - if( ( ( X->p[i] >> j ) & 1 ) != 0 ) - return( count ); - - return( 0 ); -} - -/* - * Count leading zero bits in a given integer - */ -static size_t clz( const esp_mpi_uint x ) -{ - size_t j; - esp_mpi_uint mask = (esp_mpi_uint) 1 << (biL - 1); - - for( j = 0; j < biL; j++ ) - { - if( x & mask ) break; - - mask >>= 1; - } - - return j; -} - -/* - * Return the number of bits - */ -size_t esp_mpi_bitlen( const mpi *X ) -{ - size_t i, j; - - if( X->n == 0 ) - return( 0 ); - - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) - break; - - j = biL - clz( X->p[i] ); - - return( ( i * biL ) + j ); -} - -/* - * Return the total size in bytes - */ -size_t esp_mpi_size( const mpi *X ) -{ - return( ( esp_mpi_bitlen( X ) + 7 ) >> 3 ); -} - -/* - * Convert an ASCII character to digit value - */ -static int esp_mpi_get_digit( esp_mpi_uint *d, int radix, char c ) -{ - *d = 255; - - if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30; - if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37; - if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57; - - if( *d >= (esp_mpi_uint) radix ) - return( ERR_MPI_INVALID_CHARACTER ); - - return( 0 ); -} - -/* - * Import from an ASCII string - */ -int esp_mpi_read_string( mpi *X, int radix, const char *s ) -{ - int ret; - size_t i, j, slen, n; - esp_mpi_uint d; - mpi T; - - if( radix < 2 || radix > 16 ) - return( ERR_MPI_BAD_INPUT_DATA ); - - esp_mpi_init( &T ); - - slen = strlen( s ); - - if( radix == 16 ) - { - if( slen > MPI_SIZE_T_MAX >> 2 ) - return( ERR_MPI_BAD_INPUT_DATA ); - - n = BITS_TO_LIMBS( slen << 2 ); - - MPI_CHK( esp_mpi_grow( X, n ) ); - MPI_CHK( esp_mpi_lset( X, 0 ) ); - - for( i = slen, j = 0; i > 0; i--, j++ ) - { - if( i == 1 && s[i - 1] == '-' ) - { - X->s = -1; - break; - } - - MPI_CHK( esp_mpi_get_digit( &d, radix, s[i - 1] ) ); - X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 ); - } - } - else - { - MPI_CHK( esp_mpi_lset( X, 0 ) ); - - for( i = 0; i < slen; i++ ) - { - if( i == 0 && s[i] == '-' ) - { - X->s = -1; - continue; - } - - MPI_CHK( esp_mpi_get_digit( &d, radix, s[i] ) ); - MPI_CHK( esp_mpi_mul_int( &T, X, radix ) ); - - if( X->s == 1 ) - { - MPI_CHK( esp_mpi_add_int( X, &T, d ) ); - } - else - { - MPI_CHK( esp_mpi_sub_int( X, &T, d ) ); - } - } - } - -cleanup: - - esp_mpi_free( &T ); - - return( ret ); -} - -/* - * Helper to write the digits high-order first - */ -static int esp_mpi_write_hlp( mpi *X, int radix, char **p ) -{ - int ret; - esp_mpi_uint r; - - if( radix < 2 || radix > 16 ) - return( ERR_MPI_BAD_INPUT_DATA ); - - MPI_CHK( esp_mpi_mod_int( &r, X, radix ) ); - MPI_CHK( esp_mpi_div_int( X, NULL, X, radix ) ); - - if( esp_mpi_cmp_int( X, 0 ) != 0 ) - MPI_CHK( esp_mpi_write_hlp( X, radix, p ) ); - - if( r < 10 ) - *(*p)++ = (char)( r + 0x30 ); - else - *(*p)++ = (char)( r + 0x37 ); - -cleanup: - - return( ret ); -} - -/* - * Export into an ASCII string - */ -int esp_mpi_write_string( const mpi *X, int radix, - char *buf, size_t buflen, size_t *olen ) -{ - int ret = 0; - size_t n; - char *p; - mpi T; - - if( radix < 2 || radix > 16 ) - return( ERR_MPI_BAD_INPUT_DATA ); - - n = esp_mpi_bitlen( X ); - if( radix >= 4 ) n >>= 1; - if( radix >= 16 ) n >>= 1; - n += 3; - - if( buflen < n ) - { - *olen = n; - return( ERR_MPI_BUFFER_TOO_SMALL ); - } - - p = buf; - esp_mpi_init( &T ); - - if( X->s == -1 ) - *p++ = '-'; - - if( radix == 16 ) - { - int c; - size_t i, j, k; - - for( i = X->n, k = 0; i > 0; i-- ) - { - for( j = ciL; j > 0; j-- ) - { - c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF; - - if( c == 0 && k == 0 && ( i + j ) != 2 ) - continue; - - *(p++) = "0123456789ABCDEF" [c / 16]; - *(p++) = "0123456789ABCDEF" [c % 16]; - k = 1; - } - } - } - else - { - MPI_CHK( esp_mpi_copy( &T, X ) ); - - if( T.s == -1 ) - T.s = 1; - - MPI_CHK( esp_mpi_write_hlp( &T, radix, &p ) ); - } - - *p++ = '\0'; - *olen = p - buf; - -cleanup: - - esp_mpi_free( &T ); - - return( ret ); -} - -/* - * Import X from unsigned binary data, big endian - */ -int esp_mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ) -{ - int ret; - size_t i, j, n; - - for( n = 0; n < buflen; n++ ) - if( buf[n] != 0 ) - break; - - MPI_CHK( esp_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) ); - MPI_CHK( esp_mpi_lset( X, 0 ) ); - - for( i = buflen, j = 0; i > n; i--, j++ ) - X->p[j / ciL] |= ((esp_mpi_uint) buf[i - 1]) << ((j % ciL) << 3); - -cleanup: - - return( ret ); -} - -/* - * Export X into unsigned binary data, big endian - */ -int esp_mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ) -{ - size_t i, j, n; - - n = esp_mpi_size( X ); - - if( buflen < n ) - return( ERR_MPI_BUFFER_TOO_SMALL ); - - memset( buf, 0, buflen ); - - for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- ) - buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) ); - - return( 0 ); -} - -/* - * Left-shift: X <<= count - */ -int esp_mpi_shift_l( mpi *X, size_t count ) -{ - int ret; - size_t i, v0, t1; - esp_mpi_uint r0 = 0, r1; - - v0 = count / (biL ); - t1 = count & (biL - 1); - - i = esp_mpi_bitlen( X ) + count; - - if( X->n * biL < i ) - MPI_CHK( esp_mpi_grow( X, BITS_TO_LIMBS( i ) ) ); - - ret = 0; - - /* - * shift by count / limb_size - */ - if( v0 > 0 ) - { - for( i = X->n; i > v0; i-- ) - X->p[i - 1] = X->p[i - v0 - 1]; - - for( ; i > 0; i-- ) - X->p[i - 1] = 0; - } - - /* - * shift by count % limb_size - */ - if( t1 > 0 ) - { - for( i = v0; i < X->n; i++ ) - { - r1 = X->p[i] >> (biL - t1); - X->p[i] <<= t1; - X->p[i] |= r0; - r0 = r1; - } - } - -cleanup: - - return( ret ); -} - -/* - * Right-shift: X >>= count - */ -int esp_mpi_shift_r( mpi *X, size_t count ) -{ - size_t i, v0, v1; - esp_mpi_uint r0 = 0, r1; - - v0 = count / biL; - v1 = count & (biL - 1); - - if( v0 > X->n || ( v0 == X->n && v1 > 0 ) ) - return esp_mpi_lset( X, 0 ); - - /* - * shift by count / limb_size - */ - if( v0 > 0 ) - { - for( i = 0; i < X->n - v0; i++ ) - X->p[i] = X->p[i + v0]; - - for( ; i < X->n; i++ ) - X->p[i] = 0; - } - - /* - * shift by count % limb_size - */ - if( v1 > 0 ) - { - for( i = X->n; i > 0; i-- ) - { - r1 = X->p[i - 1] << (biL - v1); - X->p[i - 1] >>= v1; - X->p[i - 1] |= r0; - r0 = r1; - } - } - - return( 0 ); -} - -/* - * Compare unsigned values - */ -int esp_mpi_cmp_abs( const mpi *X, const mpi *Y ) -{ - size_t i, j; - - for( i = X->n; i > 0; i-- ) - if( X->p[i - 1] != 0 ) - break; - - for( j = Y->n; j > 0; j-- ) - if( Y->p[j - 1] != 0 ) - break; - - if( i == 0 && j == 0 ) - return( 0 ); - - if( i > j ) return( 1 ); - if( j > i ) return( -1 ); - - for( ; i > 0; i-- ) - { - if( X->p[i - 1] > Y->p[i - 1] ) return( 1 ); - if( X->p[i - 1] < Y->p[i - 1] ) return( -1 ); - } - - return( 0 ); -} - -/* - * Compare signed values - */ -int esp_mpi_cmp_mpi( const mpi *X, const mpi *Y ) -{ - size_t i, j; - - for( i = X->n; i > 0; i-- ) - if( X->p[i - 1] != 0 ) - break; - - for( j = Y->n; j > 0; j-- ) - if( Y->p[j - 1] != 0 ) - break; - - if( i == 0 && j == 0 ) - return( 0 ); - - if( i > j ) return( X->s ); - if( j > i ) return( -Y->s ); - - if( X->s > 0 && Y->s < 0 ) return( 1 ); - if( Y->s > 0 && X->s < 0 ) return( -1 ); - - for( ; i > 0; i-- ) - { - if( X->p[i - 1] > Y->p[i - 1] ) return( X->s ); - if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s ); - } - - return( 0 ); -} - -/* - * Compare signed values - */ -int esp_mpi_cmp_int( const mpi *X, esp_mpi_sint z ) -{ - mpi Y; - esp_mpi_uint p[1]; - - *p = ( z < 0 ) ? -z : z; - Y.s = ( z < 0 ) ? -1 : 1; - Y.n = 1; - Y.p = p; - - return( esp_mpi_cmp_mpi( X, &Y ) ); -} - -/* - * Unsigned addition: X = |A| + |B| (HAC 14.7) - */ -int esp_mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) -{ - int ret; - size_t i, j; - esp_mpi_uint *o, *p, c; - - if( X == B ) - { - const mpi *T = A; A = X; B = T; - } - - if( X != A ) - MPI_CHK( esp_mpi_copy( X, A ) ); - - /* - * X should always be positive as a result of unsigned additions. - */ - X->s = 1; - - for( j = B->n; j > 0; j-- ) - if( B->p[j - 1] != 0 ) - break; - - MPI_CHK( esp_mpi_grow( X, j ) ); - - o = B->p; p = X->p; c = 0; - - for( i = 0; i < j; i++, o++, p++ ) - { - *p += c; c = ( *p < c ); - *p += *o; c += ( *p < *o ); - } - - while( c != 0 ) - { - if( i >= X->n ) - { - MPI_CHK( esp_mpi_grow( X, i + 1 ) ); - p = X->p + i; - } - - *p += c; c = ( *p < c ); i++; p++; - } - -cleanup: - - return( ret ); -} - -/* - * Helper for mpi subtraction - */ -static void esp_mpi_sub_hlp( size_t n, esp_mpi_uint *s, esp_mpi_uint *d ) -{ - size_t i; - esp_mpi_uint c, z; - - for( i = c = 0; i < n; i++, s++, d++ ) - { - z = ( *d < c ); *d -= c; - c = ( *d < *s ) + z; *d -= *s; - } - - while( c != 0 ) - { - z = ( *d < c ); *d -= c; - c = z; i++; d++; - } -} - -/* - * Unsigned subtraction: X = |A| - |B| (HAC 14.9) - */ -int esp_mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ) -{ - mpi TB; - int ret; - size_t n; - - if( esp_mpi_cmp_abs( A, B ) < 0 ) - return( ERR_MPI_NEGATIVE_VALUE ); - - esp_mpi_init( &TB ); - - if( X == B ) - { - MPI_CHK( esp_mpi_copy( &TB, B ) ); - B = &TB; - } - - if( X != A ) - MPI_CHK( esp_mpi_copy( X, A ) ); - - /* - * X should always be positive as a result of unsigned subtractions. - */ - X->s = 1; - - ret = 0; - - for( n = B->n; n > 0; n-- ) - if( B->p[n - 1] != 0 ) - break; - - esp_mpi_sub_hlp( n, B->p, X->p ); - -cleanup: - - esp_mpi_free( &TB ); - - return( ret ); -} - -/* - * Signed addition: X = A + B - */ -int esp_mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ) -{ - int ret, s = A->s; - - if( A->s * B->s < 0 ) - { - if( esp_mpi_cmp_abs( A, B ) >= 0 ) - { - MPI_CHK( esp_mpi_sub_abs( X, A, B ) ); - X->s = s; - } - else - { - MPI_CHK( esp_mpi_sub_abs( X, B, A ) ); - X->s = -s; - } - } - else - { - MPI_CHK( esp_mpi_add_abs( X, A, B ) ); - X->s = s; - } - -cleanup: - - return( ret ); -} - -/* - * Signed subtraction: X = A - B - */ -int esp_mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ) -{ - int ret, s = A->s; - - if( A->s * B->s > 0 ) - { - if( esp_mpi_cmp_abs( A, B ) >= 0 ) - { - MPI_CHK( esp_mpi_sub_abs( X, A, B ) ); - X->s = s; - } - else - { - MPI_CHK( esp_mpi_sub_abs( X, B, A ) ); - X->s = -s; - } - } - else - { - MPI_CHK( esp_mpi_add_abs( X, A, B ) ); - X->s = s; - } - -cleanup: - - return( ret ); -} - -/* - * Signed addition: X = A + b - */ -int esp_mpi_add_int( mpi *X, const mpi *A, esp_mpi_sint b ) -{ - mpi _B; - esp_mpi_uint p[1]; - - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; - _B.n = 1; - _B.p = p; - - return( esp_mpi_add_mpi( X, A, &_B ) ); -} - -/* - * Signed subtraction: X = A - b - */ -int esp_mpi_sub_int( mpi *X, const mpi *A, esp_mpi_sint b ) -{ - mpi _B; - esp_mpi_uint p[1]; - - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; - _B.n = 1; - _B.p = p; - - return( esp_mpi_sub_mpi( X, A, &_B ) ); -} - -/* - * Helper for mpi multiplication - */ -static void esp_mpi_mul_hlp( size_t i, esp_mpi_uint *s, esp_mpi_uint *d, esp_mpi_uint b ) -{ - -} - -/* - * Baseline multiplication: X = A * B (HAC 14.12) - */ - -static int mul_pram_alloc( mpi *X, const mpi *A, const mpi *B, char **pA, char **pB, char **pX, size_t *bites) -{ - char *sa, *sb, *sx; -// int algn; - int words, bytes; - int abytes, bbytes; - - if (A->n > B->n) - words = A->n; - else - words = B->n; - - bytes = (words / 16 + ((words % 16) ? 1 : 0 )) * 16 * 4 * 2; - - abytes = A->n * 4; - bbytes = B->n * 4; - - sa = malloc(bytes); - if (!sa) { - return -1; - } - - sb = malloc(bytes); - if (!sb) { - free(sa); - return -1; - } - - sx = malloc(bytes); - if (!sx) { - free(sa); - free(sb); - return -1; - } - - memcpy(sa, A->p, abytes); - memset(sa + abytes, 0, bytes - abytes); - - memcpy(sb, B->p, bbytes); - memset(sb + bbytes, 0, bytes - bbytes); - - *pA = sa; - *pB = sb; - - *pX = sx; - - *bites = bytes * 4; - - return 0; -} - -void mul_pram_free(char **pA, char **pB, char **pX) -{ - free(*pA); - *pA = NULL; - - free(*pB); - *pB = NULL; - - free(*pX); - *pX = NULL; -} - -int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) -{ - int ret = -1; - size_t i, j; - char *s1 = NULL, *s2 = NULL, *dest = NULL; - size_t bites; - - mpi TA, TB; - - esp_mpi_init( &TA ); esp_mpi_init( &TB ); - - if( X == A ) { MPI_CHK( esp_mpi_copy( &TA, A ) ); A = &TA; } - if( X == B ) { MPI_CHK( esp_mpi_copy( &TB, B ) ); B = &TB; } - - for( i = A->n; i > 0; i-- ) - if( A->p[i - 1] != 0 ) - break; - - for( j = B->n; j > 0; j-- ) - if( B->p[j - 1] != 0 ) - break; - - MPI_CHK( esp_mpi_grow( X, i + j ) ); - MPI_CHK( esp_mpi_lset( X, 0 ) ); - - if (mul_pram_alloc(X, A, B, &s1, &s2, &dest, &bites)) { - goto cleanup; - } - - esp_mpi_acquire_hardware(); - if (ets_bigint_mult_prepare((uint32_t *)s1, (uint32_t *)s2, bites)){ - ets_bigint_wait_finish(); - if (ets_bigint_mult_getz((uint32_t *)dest, bites) == true) { - memcpy(X->p, dest, (i + j) * 4); - ret = 0; - } else { - esp_mpi_printf("ets_bigint_mult_getz failed\n"); - } - } else{ - esp_mpi_printf("Baseline multiplication failed\n"); - } - esp_mpi_release_hardware(); - - X->s = A->s * B->s; - - mul_pram_free(&s1, &s2, &dest); - -cleanup: - - esp_mpi_free( &TB ); esp_mpi_free( &TA ); - - return( ret ); -} - -/* - * Baseline multiplication: X = A * b - */ -int esp_mpi_mul_int( mpi *X, const mpi *A, esp_mpi_uint b ) -{ - mpi _B; - esp_mpi_uint p[1]; - - _B.s = 1; - _B.n = 1; - _B.p = p; - p[0] = b; - - return( esp_mpi_mul_mpi( X, A, &_B ) ); -} - -/* - * Unsigned integer divide - double esp_mpi_uint dividend, u1/u0, and - * esp_mpi_uint divisor, d - */ -static esp_mpi_uint int_div_int( esp_mpi_uint u1, - esp_mpi_uint u0, esp_mpi_uint d, esp_mpi_uint *r ) -{ -#if defined(HAVE_UDBL) - t_udbl dividend, quotient; -#else - const esp_mpi_uint radix = (esp_mpi_uint) 1 << biH; - const esp_mpi_uint uint_halfword_mask = ( (esp_mpi_uint) 1 << biH ) - 1; - esp_mpi_uint d0, d1, q0, q1, rAX, r0, quotient; - esp_mpi_uint u0_msw, u0_lsw; - size_t s; -#endif - - /* - * Check for overflow - */ - if( 0 == d || u1 >= d ) - { - if (r != NULL) *r = ~0; - - return ( ~0 ); - } - -#if defined(HAVE_UDBL) - dividend = (t_udbl) u1 << biL; - dividend |= (t_udbl) u0; - quotient = dividend / d; - if( quotient > ( (t_udbl) 1 << biL ) - 1 ) - quotient = ( (t_udbl) 1 << biL ) - 1; - - if( r != NULL ) - *r = (esp_mpi_uint)( dividend - (quotient * d ) ); - - return (esp_mpi_uint) quotient; -#else - - /* - * Algorithm D, Section 4.3.1 - The Art of Computer Programming - * Vol. 2 - Seminumerical Algorithms, Knuth - */ - - /* - * Normalize the divisor, d, and dividend, u0, u1 - */ - s = clz( d ); - d = d << s; - - u1 = u1 << s; - u1 |= ( u0 >> ( biL - s ) ) & ( -(esp_mpi_sint)s >> ( biL - 1 ) ); - u0 = u0 << s; - - d1 = d >> biH; - d0 = d & uint_halfword_mask; - - u0_msw = u0 >> biH; - u0_lsw = u0 & uint_halfword_mask; - - /* - * Find the first quotient and remainder - */ - q1 = u1 / d1; - r0 = u1 - d1 * q1; - - while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) ) - { - q1 -= 1; - r0 += d1; - - if ( r0 >= radix ) break; - } - - rAX = ( u1 * radix ) + ( u0_msw - q1 * d ); - q0 = rAX / d1; - r0 = rAX - q0 * d1; - - while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) ) - { - q0 -= 1; - r0 += d1; - - if ( r0 >= radix ) break; - } - - if (r != NULL) - *r = ( rAX * radix + u0_lsw - q0 * d ) >> s; - - quotient = q1 * radix + q0; - - return quotient; -#endif -} - -/* - * Division by mpi: A = Q * B + R (HAC 14.20) - */ -int esp_mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) -{ - int ret; - size_t i, n, t, k; - mpi X, Y, Z, T1, T2; - - if( esp_mpi_cmp_int( B, 0 ) == 0 ) - return( ERR_MPI_DIVISION_BY_ZERO ); - - esp_mpi_init( &X ); esp_mpi_init( &Y ); esp_mpi_init( &Z ); - esp_mpi_init( &T1 ); esp_mpi_init( &T2 ); - - if( esp_mpi_cmp_abs( A, B ) < 0 ) - { - if( Q != NULL ) MPI_CHK( esp_mpi_lset( Q, 0 ) ); - if( R != NULL ) MPI_CHK( esp_mpi_copy( R, A ) ); - return( 0 ); - } - - MPI_CHK( esp_mpi_copy( &X, A ) ); - MPI_CHK( esp_mpi_copy( &Y, B ) ); - X.s = Y.s = 1; - - MPI_CHK( esp_mpi_grow( &Z, A->n + 2 ) ); - MPI_CHK( esp_mpi_lset( &Z, 0 ) ); - MPI_CHK( esp_mpi_grow( &T1, 2 ) ); - MPI_CHK( esp_mpi_grow( &T2, 3 ) ); - - k = esp_mpi_bitlen( &Y ) % biL; - if( k < biL - 1 ) - { - k = biL - 1 - k; - MPI_CHK( esp_mpi_shift_l( &X, k ) ); - MPI_CHK( esp_mpi_shift_l( &Y, k ) ); - } - else k = 0; - - n = X.n - 1; - t = Y.n - 1; - MPI_CHK( esp_mpi_shift_l( &Y, biL * ( n - t ) ) ); - - while( esp_mpi_cmp_mpi( &X, &Y ) >= 0 ) - { - Z.p[n - t]++; - MPI_CHK( esp_mpi_sub_mpi( &X, &X, &Y ) ); - } - MPI_CHK( esp_mpi_shift_r( &Y, biL * ( n - t ) ) ); - - for( i = n; i > t ; i-- ) - { - if( X.p[i] >= Y.p[t] ) - Z.p[i - t - 1] = ~0; - else - { - Z.p[i - t - 1] = int_div_int( X.p[i], X.p[i - 1], - Y.p[t], NULL); - } - - Z.p[i - t - 1]++; - do - { - Z.p[i - t - 1]--; - - MPI_CHK( esp_mpi_lset( &T1, 0 ) ); - T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1]; - T1.p[1] = Y.p[t]; - MPI_CHK( esp_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) ); - - MPI_CHK( esp_mpi_lset( &T2, 0 ) ); - T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2]; - T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1]; - T2.p[2] = X.p[i]; - } - while( esp_mpi_cmp_mpi( &T1, &T2 ) > 0 ); - - MPI_CHK( esp_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) ); - MPI_CHK( esp_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MPI_CHK( esp_mpi_sub_mpi( &X, &X, &T1 ) ); - - if( esp_mpi_cmp_int( &X, 0 ) < 0 ) - { - MPI_CHK( esp_mpi_copy( &T1, &Y ) ); - MPI_CHK( esp_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MPI_CHK( esp_mpi_add_mpi( &X, &X, &T1 ) ); - Z.p[i - t - 1]--; - } - } - - if( Q != NULL ) - { - MPI_CHK( esp_mpi_copy( Q, &Z ) ); - Q->s = A->s * B->s; - } - - if( R != NULL ) - { - MPI_CHK( esp_mpi_shift_r( &X, k ) ); - X.s = A->s; - MPI_CHK( esp_mpi_copy( R, &X ) ); - - if( esp_mpi_cmp_int( R, 0 ) == 0 ) - R->s = 1; - } - -cleanup: - - esp_mpi_free( &X ); esp_mpi_free( &Y ); esp_mpi_free( &Z ); - esp_mpi_free( &T1 ); esp_mpi_free( &T2 ); - - return( ret ); -} - -/* - * Division by int: A = Q * b + R - */ -int esp_mpi_div_int( mpi *Q, mpi *R, const mpi *A, esp_mpi_sint b ) -{ - mpi _B; - esp_mpi_uint p[1]; - - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; - _B.n = 1; - _B.p = p; - - return( esp_mpi_div_mpi( Q, R, A, &_B ) ); -} - -/* - * Modulo: R = A mod B - */ -int esp_mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ) -{ - int ret; - - if( esp_mpi_cmp_int( B, 0 ) < 0 ) - return( ERR_MPI_NEGATIVE_VALUE ); - - MPI_CHK( esp_mpi_div_mpi( NULL, R, A, B ) ); - - while( esp_mpi_cmp_int( R, 0 ) < 0 ) - MPI_CHK( esp_mpi_add_mpi( R, R, B ) ); - - while( esp_mpi_cmp_mpi( R, B ) >= 0 ) - MPI_CHK( esp_mpi_sub_mpi( R, R, B ) ); - -cleanup: - - return( ret ); -} - -/* - * Modulo: r = A mod b - */ -int esp_mpi_mod_int( esp_mpi_uint *r, const mpi *A, esp_mpi_sint b ) -{ - size_t i; - esp_mpi_uint x, y, z; - - if( b == 0 ) - return( ERR_MPI_DIVISION_BY_ZERO ); - - if( b < 0 ) - return( ERR_MPI_NEGATIVE_VALUE ); - - /* - * handle trivial cases - */ - if( b == 1 ) - { - *r = 0; - return( 0 ); - } - - if( b == 2 ) - { - *r = A->p[0] & 1; - return( 0 ); - } - - /* - * general case - */ - for( i = A->n, y = 0; i > 0; i-- ) - { - x = A->p[i - 1]; - y = ( y << biH ) | ( x >> biH ); - z = y / b; - y -= z * b; - - x <<= biH; - y = ( y << biH ) | ( x >> biH ); - z = y / b; - y -= z * b; - } - - /* - * If A is negative, then the current y represents a negative value. - * Flipping it to the positive side. - */ - if( A->s < 0 && y != 0 ) - y = b - y; - - *r = y; - - return( 0 ); -} - -/* - * Fast Montgomery initialization (thanks to Tom St Denis) - */ -static void esp_mpi_montg_init( esp_mpi_uint *mm, const mpi *N ) -{ - esp_mpi_uint x, m0 = N->p[0]; - unsigned int i; - - x = m0; - x += ( ( m0 + 2 ) & 4 ) << 1; - - for( i = biL; i >= 8; i /= 2 ) - x *= ( 2 - ( m0 * x ) ); - - *mm = ~x + 1; -} - -/* - * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) - */ -static void esp_mpi_montmul( mpi *A, const mpi *B, const mpi *N, esp_mpi_uint mm, - const mpi *T ) -{ - size_t n, m; - esp_mpi_uint *d = NULL; - - memset( T->p, 0, T->n * ciL ); - - d = T->p; - n = N->n; - m = ( B->n < n ) ? B->n : n; - - esp_mpi_acquire_hardware(); - if (ets_bigint_montgomery_mult_prepare(N->p, B->p, d, m, n, false)) { - ets_bigint_wait_finish(); - - ets_bigint_montgomery_mult_getz(A->p, n); - } else{ - esp_mpi_printf("Montgomery multiplication failed\n"); - } - esp_mpi_release_hardware(); - -} - -/* - * Montgomery reduction: A = A * R^-1 mod N - */ -static void esp_mpi_montred( mpi *A, const mpi *N, esp_mpi_uint mm, const mpi *T ) -{ - esp_mpi_uint z = 1; - mpi U; - - U.n = U.s = (int) z; - U.p = &z; - - esp_mpi_montmul( A, &U, N, mm, T ); -} - -/* - * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) - */ -int esp_mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ) -{ - int ret; - size_t wbits, wsize, one = 1; - size_t i, j, nblimbs; - size_t bufsize, nbits; - esp_mpi_uint ei, mm, state; - mpi RR, T, W[ 2 << MPI_WINDOW_SIZE ], Apos; - int neg; - - if( esp_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) - return( ERR_MPI_BAD_INPUT_DATA ); - - if( esp_mpi_cmp_int( E, 0 ) < 0 ) - return( ERR_MPI_BAD_INPUT_DATA ); - - /* - * Init temps and window size - */ - esp_mpi_montg_init( &mm, N ); - esp_mpi_init( &RR ); esp_mpi_init( &T ); - esp_mpi_init( &Apos ); - memset( W, 0, sizeof( W ) ); - - i = esp_mpi_bitlen( E ); - - wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : - ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; - - if( wsize > MPI_WINDOW_SIZE ) - wsize = MPI_WINDOW_SIZE; - - j = N->n + 1; - MPI_CHK( esp_mpi_grow( X, j ) ); - MPI_CHK( esp_mpi_grow( &W[1], j ) ); - MPI_CHK( esp_mpi_grow( &T, j * 2 ) ); - - /* - * Compensate for negative A (and correct at the end) - */ - neg = ( A->s == -1 ); - if( neg ) - { - MPI_CHK( esp_mpi_copy( &Apos, A ) ); - Apos.s = 1; - A = &Apos; - } - - /* - * If 1st call, pre-compute R^2 mod N - */ - if( _RR == NULL || _RR->p == NULL ) - { - MPI_CHK( esp_mpi_lset( &RR, 1 ) ); - MPI_CHK( esp_mpi_shift_l( &RR, N->n * 2 * biL ) ); - MPI_CHK( esp_mpi_mod_mpi( &RR, &RR, N ) ); - - if( _RR != NULL ) - memcpy( _RR, &RR, sizeof( mpi ) ); - } - else - memcpy( &RR, _RR, sizeof( mpi ) ); - - /* - * W[1] = A * R^2 * R^-1 mod N = A * R mod N - */ - if( esp_mpi_cmp_mpi( A, N ) >= 0 ) - MPI_CHK( esp_mpi_mod_mpi( &W[1], A, N ) ); - else - MPI_CHK( esp_mpi_copy( &W[1], A ) ); - - esp_mpi_montmul( &W[1], &RR, N, mm, &T ); - - /* - * X = R^2 * R^-1 mod N = R mod N - */ - MPI_CHK( esp_mpi_copy( X, &RR ) ); - esp_mpi_montred( X, N, mm, &T ); - - if( wsize > 1 ) - { - /* - * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1) - */ - j = one << ( wsize - 1 ); - - MPI_CHK( esp_mpi_grow( &W[j], N->n + 1 ) ); - MPI_CHK( esp_mpi_copy( &W[j], &W[1] ) ); - - for( i = 0; i < wsize - 1; i++ ) - esp_mpi_montmul( &W[j], &W[j], N, mm, &T ); - - /* - * W[i] = W[i - 1] * W[1] - */ - for( i = j + 1; i < ( one << wsize ); i++ ) - { - MPI_CHK( esp_mpi_grow( &W[i], N->n + 1 ) ); - MPI_CHK( esp_mpi_copy( &W[i], &W[i - 1] ) ); - - esp_mpi_montmul( &W[i], &W[1], N, mm, &T ); - } - } - - nblimbs = E->n; - bufsize = 0; - nbits = 0; - wbits = 0; - state = 0; - - while( 1 ) - { - if( bufsize == 0 ) - { - if( nblimbs == 0 ) - break; - - nblimbs--; - - bufsize = sizeof( esp_mpi_uint ) << 3; - } - - bufsize--; - - ei = (E->p[nblimbs] >> bufsize) & 1; - - /* - * skip leading 0s - */ - if( ei == 0 && state == 0 ) - continue; - - if( ei == 0 && state == 1 ) - { - /* - * out of window, square X - */ - esp_mpi_montmul( X, X, N, mm, &T ); - continue; - } - - /* - * add ei to current window - */ - state = 2; - - nbits++; - wbits |= ( ei << ( wsize - nbits ) ); - - if( nbits == wsize ) - { - /* - * X = X^wsize R^-1 mod N - */ - for( i = 0; i < wsize; i++ ) - esp_mpi_montmul( X, X, N, mm, &T ); - - /* - * X = X * W[wbits] R^-1 mod N - */ - esp_mpi_montmul( X, &W[wbits], N, mm, &T ); - - state--; - nbits = 0; - wbits = 0; - } - } - - /* - * process the remaining bits - */ - for( i = 0; i < nbits; i++ ) - { - esp_mpi_montmul( X, X, N, mm, &T ); - - wbits <<= 1; - - if( ( wbits & ( one << wsize ) ) != 0 ) - esp_mpi_montmul( X, &W[1], N, mm, &T ); - } - - /* - * X = A^E * R * R^-1 mod N = A^E mod N - */ - esp_mpi_montred( X, N, mm, &T ); - - if( neg ) - { - X->s = -1; - MPI_CHK( esp_mpi_add_mpi( X, N, X ) ); - } - -cleanup: - - for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ ) - esp_mpi_free( &W[i] ); - - esp_mpi_free( &W[1] ); esp_mpi_free( &T ); esp_mpi_free( &Apos ); - - if( _RR == NULL || _RR->p == NULL ) - esp_mpi_free( &RR ); - - return( ret ); -} - -/* - * Greatest common divisor: G = gcd(A, B) (HAC 14.54) - */ -int esp_mpi_gcd( mpi *G, const mpi *A, const mpi *B ) -{ - int ret; - size_t lz, lzt; - mpi TG, TA, TB; - - esp_mpi_init( &TG ); esp_mpi_init( &TA ); esp_mpi_init( &TB ); - - MPI_CHK( esp_mpi_copy( &TA, A ) ); - MPI_CHK( esp_mpi_copy( &TB, B ) ); - - lz = esp_mpi_lsb( &TA ); - lzt = esp_mpi_lsb( &TB ); - - if( lzt < lz ) - lz = lzt; - - MPI_CHK( esp_mpi_shift_r( &TA, lz ) ); - MPI_CHK( esp_mpi_shift_r( &TB, lz ) ); - - TA.s = TB.s = 1; - - while( esp_mpi_cmp_int( &TA, 0 ) != 0 ) - { - MPI_CHK( esp_mpi_shift_r( &TA, esp_mpi_lsb( &TA ) ) ); - MPI_CHK( esp_mpi_shift_r( &TB, esp_mpi_lsb( &TB ) ) ); - - if( esp_mpi_cmp_mpi( &TA, &TB ) >= 0 ) - { - MPI_CHK( esp_mpi_sub_abs( &TA, &TA, &TB ) ); - MPI_CHK( esp_mpi_shift_r( &TA, 1 ) ); - } - else - { - MPI_CHK( esp_mpi_sub_abs( &TB, &TB, &TA ) ); - MPI_CHK( esp_mpi_shift_r( &TB, 1 ) ); - } - } - - MPI_CHK( esp_mpi_shift_l( &TB, lz ) ); - MPI_CHK( esp_mpi_copy( G, &TB ) ); - -cleanup: - - esp_mpi_free( &TG ); esp_mpi_free( &TA ); esp_mpi_free( &TB ); - - return( ret ); -} - -/* - * Fill X with size bytes of random. - * - * Use a temporary bytes representation to make sure the result is the same - * regardless of the platform endianness (useful when f_rng is actually - * deterministic, eg for tests). - */ -int esp_mpi_fill_random( mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - int ret; - unsigned char buf[MPI_MAX_SIZE]; - - if( size > MPI_MAX_SIZE ) - return( ERR_MPI_BAD_INPUT_DATA ); - - MPI_CHK( f_rng( p_rng, buf, size ) ); - MPI_CHK( esp_mpi_read_binary( X, buf, size ) ); - -cleanup: - return( ret ); -} - -/* - * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64) - */ -int esp_mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ) -{ - int ret; - mpi G, TA, TU, U1, U2, TB, TV, V1, V2; - - if( esp_mpi_cmp_int( N, 0 ) <= 0 ) - return( ERR_MPI_BAD_INPUT_DATA ); - - esp_mpi_init( &TA ); esp_mpi_init( &TU ); esp_mpi_init( &U1 ); esp_mpi_init( &U2 ); - esp_mpi_init( &G ); esp_mpi_init( &TB ); esp_mpi_init( &TV ); - esp_mpi_init( &V1 ); esp_mpi_init( &V2 ); - - MPI_CHK( esp_mpi_gcd( &G, A, N ) ); - - if( esp_mpi_cmp_int( &G, 1 ) != 0 ) - { - ret = ERR_MPI_NOT_ACCEPTABLE; - goto cleanup; - } - - MPI_CHK( esp_mpi_mod_mpi( &TA, A, N ) ); - MPI_CHK( esp_mpi_copy( &TU, &TA ) ); - MPI_CHK( esp_mpi_copy( &TB, N ) ); - MPI_CHK( esp_mpi_copy( &TV, N ) ); - - MPI_CHK( esp_mpi_lset( &U1, 1 ) ); - MPI_CHK( esp_mpi_lset( &U2, 0 ) ); - MPI_CHK( esp_mpi_lset( &V1, 0 ) ); - MPI_CHK( esp_mpi_lset( &V2, 1 ) ); - - do - { - while( ( TU.p[0] & 1 ) == 0 ) - { - MPI_CHK( esp_mpi_shift_r( &TU, 1 ) ); - - if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 ) - { - MPI_CHK( esp_mpi_add_mpi( &U1, &U1, &TB ) ); - MPI_CHK( esp_mpi_sub_mpi( &U2, &U2, &TA ) ); - } - - MPI_CHK( esp_mpi_shift_r( &U1, 1 ) ); - MPI_CHK( esp_mpi_shift_r( &U2, 1 ) ); - } - - while( ( TV.p[0] & 1 ) == 0 ) - { - MPI_CHK( esp_mpi_shift_r( &TV, 1 ) ); - - if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 ) - { - MPI_CHK( esp_mpi_add_mpi( &V1, &V1, &TB ) ); - MPI_CHK( esp_mpi_sub_mpi( &V2, &V2, &TA ) ); - } - - MPI_CHK( esp_mpi_shift_r( &V1, 1 ) ); - MPI_CHK( esp_mpi_shift_r( &V2, 1 ) ); - } - - if( esp_mpi_cmp_mpi( &TU, &TV ) >= 0 ) - { - MPI_CHK( esp_mpi_sub_mpi( &TU, &TU, &TV ) ); - MPI_CHK( esp_mpi_sub_mpi( &U1, &U1, &V1 ) ); - MPI_CHK( esp_mpi_sub_mpi( &U2, &U2, &V2 ) ); - } - else - { - MPI_CHK( esp_mpi_sub_mpi( &TV, &TV, &TU ) ); - MPI_CHK( esp_mpi_sub_mpi( &V1, &V1, &U1 ) ); - MPI_CHK( esp_mpi_sub_mpi( &V2, &V2, &U2 ) ); - } - } - while( esp_mpi_cmp_int( &TU, 0 ) != 0 ); - - while( esp_mpi_cmp_int( &V1, 0 ) < 0 ) - MPI_CHK( esp_mpi_add_mpi( &V1, &V1, N ) ); - - while( esp_mpi_cmp_mpi( &V1, N ) >= 0 ) - MPI_CHK( esp_mpi_sub_mpi( &V1, &V1, N ) ); - - MPI_CHK( esp_mpi_copy( X, &V1 ) ); - -cleanup: - - esp_mpi_free( &TA ); esp_mpi_free( &TU ); esp_mpi_free( &U1 ); esp_mpi_free( &U2 ); - esp_mpi_free( &G ); esp_mpi_free( &TB ); esp_mpi_free( &TV ); - esp_mpi_free( &V1 ); esp_mpi_free( &V2 ); - - return( ret ); -} - -static const int small_prime[] = -{ - 3, 5, 7, 11, 13, 17, 19, 23, - 29, 31, 37, 41, 43, 47, 53, 59, - 61, 67, 71, 73, 79, 83, 89, 97, - 101, 103, 107, 109, 113, 127, 131, 137, - 139, 149, 151, 157, 163, 167, 173, 179, - 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251, 257, 263, 269, - 271, 277, 281, 283, 293, 307, 311, 313, - 317, 331, 337, 347, 349, 353, 359, 367, - 373, 379, 383, 389, 397, 401, 409, 419, - 421, 431, 433, 439, 443, 449, 457, 461, - 463, 467, 479, 487, 491, 499, 503, 509, - 521, 523, 541, 547, 557, 563, 569, 571, - 577, 587, 593, 599, 601, 607, 613, 617, - 619, 631, 641, 643, 647, 653, 659, 661, - 673, 677, 683, 691, 701, 709, 719, 727, - 733, 739, 743, 751, 757, 761, 769, 773, - 787, 797, 809, 811, 821, 823, 827, 829, - 839, 853, 857, 859, 863, 877, 881, 883, - 887, 907, 911, 919, 929, 937, 941, 947, - 953, 967, 971, 977, 983, 991, 997, -103 -}; - -/* - * Small divisors test (X must be positive) - * - * Return values: - * 0: no small factor (possible prime, more tests needed) - * 1: certain prime - * ERR_MPI_NOT_ACCEPTABLE: certain non-prime - * other negative: error - */ -static int esp_mpi_check_small_factors( const mpi *X ) -{ - int ret = 0; - size_t i; - esp_mpi_uint r; - - if( ( X->p[0] & 1 ) == 0 ) - return( ERR_MPI_NOT_ACCEPTABLE ); - - for( i = 0; small_prime[i] > 0; i++ ) - { - if( esp_mpi_cmp_int( X, small_prime[i] ) <= 0 ) - return( 1 ); - - MPI_CHK( esp_mpi_mod_int( &r, X, small_prime[i] ) ); - - if( r == 0 ) - return( ERR_MPI_NOT_ACCEPTABLE ); - } - -cleanup: - return( ret ); -} - -/* - * Miller-Rabin pseudo-primality test (HAC 4.24) - */ -static int esp_mpi_miller_rabin( const mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - int ret, count; - size_t i, j, k, n, s; - mpi W, R, T, A, RR; - - esp_mpi_init( &W ); esp_mpi_init( &R ); esp_mpi_init( &T ); esp_mpi_init( &A ); - esp_mpi_init( &RR ); - - /* - * W = |X| - 1 - * R = W >> lsb( W ) - */ - MPI_CHK( esp_mpi_sub_int( &W, X, 1 ) ); - s = esp_mpi_lsb( &W ); - MPI_CHK( esp_mpi_copy( &R, &W ) ); - MPI_CHK( esp_mpi_shift_r( &R, s ) ); - - i = esp_mpi_bitlen( X ); - /* - * HAC, table 4.4 - */ - n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 : - ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 : - ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 ); - - for( i = 0; i < n; i++ ) - { - /* - * pick a random A, 1 < A < |X| - 1 - */ - MPI_CHK( esp_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); - - if( esp_mpi_cmp_mpi( &A, &W ) >= 0 ) - { - j = esp_mpi_bitlen( &A ) - esp_mpi_bitlen( &W ); - MPI_CHK( esp_mpi_shift_r( &A, j + 1 ) ); - } - A.p[0] |= 3; - - count = 0; - do { - MPI_CHK( esp_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); - - j = esp_mpi_bitlen( &A ); - k = esp_mpi_bitlen( &W ); - if (j > k) { - MPI_CHK( esp_mpi_shift_r( &A, j - k ) ); - } - - if (count++ > 30) { - return ERR_MPI_NOT_ACCEPTABLE; - } - - } while ( esp_mpi_cmp_mpi( &A, &W ) >= 0 || - esp_mpi_cmp_int( &A, 1 ) <= 0 ); - - /* - * A = A^R mod |X| - */ - MPI_CHK( esp_mpi_exp_mod( &A, &A, &R, X, &RR ) ); - - if( esp_mpi_cmp_mpi( &A, &W ) == 0 || - esp_mpi_cmp_int( &A, 1 ) == 0 ) - continue; - - j = 1; - while( j < s && esp_mpi_cmp_mpi( &A, &W ) != 0 ) - { - /* - * A = A * A mod |X| - */ - MPI_CHK( esp_mpi_mul_mpi( &T, &A, &A ) ); - MPI_CHK( esp_mpi_mod_mpi( &A, &T, X ) ); - - if( esp_mpi_cmp_int( &A, 1 ) == 0 ) - break; - - j++; - } - - /* - * not prime if A != |X| - 1 or A == 1 - */ - if( esp_mpi_cmp_mpi( &A, &W ) != 0 || - esp_mpi_cmp_int( &A, 1 ) == 0 ) - { - ret = ERR_MPI_NOT_ACCEPTABLE; - break; - } - } - -cleanup: - esp_mpi_free( &W ); esp_mpi_free( &R ); esp_mpi_free( &T ); esp_mpi_free( &A ); - esp_mpi_free( &RR ); - - return( ret ); -} - -/* - * Pseudo-primality test: small factors, then Miller-Rabin - */ -int esp_mpi_is_prime( const mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - int ret; - mpi XX; - - XX.s = 1; - XX.n = X->n; - XX.p = X->p; - - if( esp_mpi_cmp_int( &XX, 0 ) == 0 || - esp_mpi_cmp_int( &XX, 1 ) == 0 ) - return( ERR_MPI_NOT_ACCEPTABLE ); - - if( esp_mpi_cmp_int( &XX, 2 ) == 0 ) - return( 0 ); - - if( ( ret = esp_mpi_check_small_factors( &XX ) ) != 0 ) - { - if( ret == 1 ) - return( 0 ); - - return( ret ); - } - - return( esp_mpi_miller_rabin( &XX, f_rng, p_rng ) ); -} - -/* - * Prime number generation - */ -int esp_mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - int ret; - size_t k, n; - esp_mpi_uint r; - mpi Y; - - if( nbits < 3 || nbits > MPI_MAX_BITS ) - return( ERR_MPI_BAD_INPUT_DATA ); - - esp_mpi_init( &Y ); - - n = BITS_TO_LIMBS( nbits ); - - MPI_CHK( esp_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); - - k = esp_mpi_bitlen( X ); - if( k > nbits ) MPI_CHK( esp_mpi_shift_r( X, k - nbits + 1 ) ); - - esp_mpi_set_bit( X, nbits-1, 1 ); - - X->p[0] |= 1; - - if( dh_flag == 0 ) - { - while( ( ret = esp_mpi_is_prime( X, f_rng, p_rng ) ) != 0 ) - { - if( ret != ERR_MPI_NOT_ACCEPTABLE ) - goto cleanup; - - MPI_CHK( esp_mpi_add_int( X, X, 2 ) ); - } - } - else - { - /* - * An necessary condition for Y and X = 2Y + 1 to be prime - * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). - * Make sure it is satisfied, while keeping X = 3 mod 4 - */ - - X->p[0] |= 2; - - MPI_CHK( esp_mpi_mod_int( &r, X, 3 ) ); - if( r == 0 ) - MPI_CHK( esp_mpi_add_int( X, X, 8 ) ); - else if( r == 1 ) - MPI_CHK( esp_mpi_add_int( X, X, 4 ) ); - - /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ - MPI_CHK( esp_mpi_copy( &Y, X ) ); - MPI_CHK( esp_mpi_shift_r( &Y, 1 ) ); - - while( 1 ) - { - /* - * First, check small factors for X and Y - * before doing Miller-Rabin on any of them - */ - if( ( ret = esp_mpi_check_small_factors( X ) ) == 0 && - ( ret = esp_mpi_check_small_factors( &Y ) ) == 0 && - ( ret = esp_mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && - ( ret = esp_mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) - { - break; - } - - if( ret != ERR_MPI_NOT_ACCEPTABLE ) - goto cleanup; - - /* - * Next candidates. We want to preserve Y = (X-1) / 2 and - * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) - * so up Y by 6 and X by 12. - */ - MPI_CHK( esp_mpi_add_int( X, X, 12 ) ); - MPI_CHK( esp_mpi_add_int( &Y, &Y, 6 ) ); - } - } - -cleanup: - - esp_mpi_free( &Y ); - - return( ret ); -} - diff --git a/components/esp32/include/hwcrypto/bignum.h b/components/esp32/include/hwcrypto/bignum.h deleted file mode 100644 index dbcef43de4..0000000000 --- a/components/esp32/include/hwcrypto/bignum.h +++ /dev/null @@ -1,727 +0,0 @@ -/** - * \file bignum_alt.h - * - * \brief Multi-precision integer library, ESP32 hardware accelerated version - * Based on mbedTLS version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef _ESP_BIGNUM_H -#define _ESP_BIGNUM_H - -#include "esp_types.h" - - -#define MPI_DEBUG_ALT - - -#define ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */ -#define ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */ -#define ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */ -#define ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write to. */ -#define ERR_MPI_NEGATIVE_VALUE -0x000A /**< The input arguments are negative or result in illegal output. */ -#define ERR_MPI_DIVISION_BY_ZERO -0x000C /**< The input argument for division is zero, which is not allowed. */ -#define ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */ -#define ERR_MPI_ALLOC_FAILED -0x0010 /**< Memory allocation failed. */ - -#define MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 ) -#if defined(MPI_DEBUG_ALT) -#define esp_mpi_printf ets_printf -#else -#define esp_mpi_printf -#endif -/* - * Maximum size MPIs are allowed to grow to in number of limbs. - */ -#define MPI_MAX_LIMBS 10000 - -#if !defined(MPI_WINDOW_SIZE) -/* - * Maximum window size used for modular exponentiation. Default: 6 - * Minimum value: 1. Maximum value: 6. - * - * Result is an array of ( 2 << MPI_WINDOW_SIZE ) MPIs used - * for the sliding window calculation. (So 64 by default) - * - * Reduction in size, reduces speed. - */ -#define MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ -#endif /* !MPI_WINDOW_SIZE */ - -#if !defined(MPI_MAX_SIZE) -/* - * Maximum size of MPIs allowed in bits and bytes for user-MPIs. - * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits ) - * - * Note: Calculations can results temporarily in larger MPIs. So the number - * of limbs required (MPI_MAX_LIMBS) is higher. - */ -#define MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ -#endif /* !MPI_MAX_SIZE */ - -#define MPI_MAX_BITS ( 8 * MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */ - -/* - * When reading from files with esp_mpi_read_file() and writing to files with - * esp_mpi_write_file() the buffer should have space - * for a (short) label, the MPI (in the provided radix), the newline - * characters and the '\0'. - * - * By default we assume at least a 10 char label, a minimum radix of 10 - * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars). - * Autosized at compile time for at least a 10 char label, a minimum radix - * of 10 (decimal) for a number of MPI_MAX_BITS size. - * - * This used to be statically sized to 1250 for a maximum of 4096 bit - * numbers (1234 decimal chars). - * - * Calculate using the formula: - * MPI_RW_BUFFER_SIZE = ceil(MPI_MAX_BITS / ln(10) * ln(2)) + - * LabelSize + 6 - */ -#define MPI_MAX_BITS_SCALE100 ( 100 * MPI_MAX_BITS ) -#define LN_2_DIV_LN_10_SCALE100 332 -#define MPI_RW_BUFFER_SIZE ( ((MPI_MAX_BITS_SCALE100 + LN_2_DIV_LN_10_SCALE100 - 1) / LN_2_DIV_LN_10_SCALE100) + 10 + 6 ) - -/* - * Define the base integer type, architecture-wise. - * - * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) - * by defining HAVE_INT32 and undefining HAVE_ASM - */ -#if ( ! defined(HAVE_INT32) && \ - defined(_MSC_VER) && defined(_M_AMD64) ) - #define HAVE_INT64 - typedef int64_t esp_mpi_sint; - typedef uint64_t esp_mpi_uint; -#else - #if ( ! defined(HAVE_INT32) && \ - defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - (defined(__sparc__) && defined(__arch64__)) || \ - defined(__s390x__) || defined(__mips64) ) ) - #define HAVE_INT64 - typedef int64_t esp_mpi_sint; - typedef uint64_t esp_mpi_uint; - /* t_udbl defined as 128-bit unsigned int */ - typedef unsigned int t_udbl __attribute__((mode(TI))); - #define HAVE_UDBL - #else - #define HAVE_INT32 - typedef int32_t esp_mpi_sint; - typedef uint32_t esp_mpi_uint; - typedef uint64_t t_udbl; - #define HAVE_UDBL - #endif /* !HAVE_INT32 && __GNUC__ && 64-bit platform */ -#endif /* !HAVE_INT32 && _MSC_VER && _M_AMD64 */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief MPI structure - */ -typedef struct -{ - int s; /*!< integer sign */ - size_t n; /*!< total # of limbs */ - esp_mpi_uint *p; /*!< pointer to limbs */ -}mpi, MPI_CTX; - -/** - * \brief Lock access to MPI hardware unit - * - * MPI hardware unit can only be used by one - * consumer at a time. - * - * esp_mpi_xxx API calls automatically manage locking & unlocking of - * hardware, this function is only needed if you want to call - * ets_bigint_xxx functions directly. - */ -void esp_mpi_acquire_hardware( void ); - -/** - * \brief Unlock access to MPI hardware unit - * - * esp_mpi_xxx API calls automatically manage locking & unlocking of - * hardware, this function is only needed if you want to call - * ets_bigint_xxx functions directly. - */ -void esp_mpi_release_hardware( void ); - -/** - * \brief Initialize one MPI (make internal references valid) - * This just makes it ready to be set or freed, - * but does not define a value for the MPI. - * - * \param X One MPI to initialize. - */ -void esp_mpi_init( mpi *X ); - -/** - * \brief Unallocate one MPI - * - * \param X One MPI to unallocate. - */ -void esp_mpi_free( mpi *X ); - -/** - * \brief Enlarge to the specified number of limbs - * - * \param X MPI to grow - * \param nblimbs The target number of limbs - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_grow( mpi *X, size_t nblimbs ); - -/** - * \brief Resize down, keeping at least the specified number of limbs - * - * \param X MPI to shrink - * \param nblimbs The minimum number of limbs to keep - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_shrink( mpi *X, size_t nblimbs ); - -/** - * \brief Copy the contents of Y into X - * - * \param X Destination MPI - * \param Y Source MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_copy( mpi *X, const mpi *Y ); - -/** - * \brief Swap the contents of X and Y - * - * \param X First MPI value - * \param Y Second MPI value - */ -void esp_mpi_swap( mpi *X, mpi *Y ); - -/** - * \brief Safe conditional assignement X = Y if assign is 1 - * - * \param X MPI to conditionally assign to - * \param Y Value to be assigned - * \param assign 1: perform the assignment, 0: keep X's original value - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * - * \note This function is equivalent to - * if( assign ) esp_mpi_copy( X, Y ); - * except that it avoids leaking any information about whether - * the assignment was done or not (the above code may leak - * information through branch prediction and/or memory access - * patterns analysis). - */ -int esp_mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign ); - -/** - * \brief Safe conditional swap X <-> Y if swap is 1 - * - * \param X First mpi value - * \param Y Second mpi value - * \param assign 1: perform the swap, 0: keep X and Y's original values - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * - * \note This function is equivalent to - * if( assign ) esp_mpi_swap( X, Y ); - * except that it avoids leaking any information about whether - * the assignment was done or not (the above code may leak - * information through branch prediction and/or memory access - * patterns analysis). - */ -int esp_mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char assign ); - -/** - * \brief Set value from integer - * - * \param X MPI to set - * \param z Value to use - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_lset( mpi *X, esp_mpi_sint z ); - -/** - * \brief Get a specific bit from X - * - * \param X MPI to use - * \param pos Zero-based index of the bit in X - * - * \return Either a 0 or a 1 - */ -int esp_mpi_get_bit( const mpi *X, size_t pos ); - -/** - * \brief Set a bit of X to a specific value of 0 or 1 - * - * \note Will grow X if necessary to set a bit to 1 in a not yet - * existing limb. Will not grow if bit should be set to 0 - * - * \param X MPI to use - * \param pos Zero-based index of the bit in X - * \param val The value to set the bit to (0 or 1) - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1 - */ -int esp_mpi_set_bit( mpi *X, size_t pos, unsigned char val ); - -/** - * \brief Return the number of zero-bits before the least significant - * '1' bit - * - * Note: Thus also the zero-based index of the least significant '1' bit - * - * \param X MPI to use - */ -size_t esp_mpi_lsb( const mpi *X ); - -/** - * \brief Return the number of bits up to and including the most - * significant '1' bit' - * - * Note: Thus also the one-based index of the most significant '1' bit - * - * \param X MPI to use - */ -size_t esp_mpi_bitlen( const mpi *X ); - -/** - * \brief Return the total size in bytes - * - * \param X MPI to use - */ -size_t esp_mpi_size( const mpi *X ); - -/** - * \brief Import from an ASCII string - * - * \param X Destination MPI - * \param radix Input numeric base - * \param s Null-terminated string buffer - * - * \return 0 if successful, or a ERR_MPI_XXX error code - */ -int esp_mpi_read_string( mpi *X, int radix, const char *s ); - -/** - * \brief Export into an ASCII string - * - * \param X Source MPI - * \param radix Output numeric base - * \param buf Buffer to write the string to - * \param buflen Length of buf - * \param olen Length of the string written, including final NUL byte - * - * \return 0 if successful, or a ERR_MPI_XXX error code. - * *olen is always updated to reflect the amount - * of data that has (or would have) been written. - * - * \note Call this function with buflen = 0 to obtain the - * minimum required buffer size in *olen. - */ -int esp_mpi_write_string( const mpi *X, int radix, - char *buf, size_t buflen, size_t *olen ); - -#if defined(FS_IO) -/** - * \brief Read X from an opened file - * - * \param X Destination MPI - * \param radix Input numeric base - * \param fin Input file handle - * - * \return 0 if successful, ERR_MPI_BUFFER_TOO_SMALL if - * the file read buffer is too small or a - * ERR_MPI_XXX error code - */ -int esp_mpi_read_file( mpi *X, int radix, FILE *fin ); - -/** - * \brief Write X into an opened file, or stdout if fout is NULL - * - * \param p Prefix, can be NULL - * \param X Source MPI - * \param radix Output numeric base - * \param fout Output file handle (can be NULL) - * - * \return 0 if successful, or a ERR_MPI_XXX error code - * - * \note Set fout == NULL to print X on the console. - */ -int esp_mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout ); -#endif /* FS_IO */ - -/** - * \brief Import X from unsigned binary data, big endian - * - * \param X Destination MPI - * \param buf Input buffer - * \param buflen Input buffer size - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen ); - -/** - * \brief Export X into unsigned binary data, big endian. - * Always fills the whole buffer, which will start with zeros - * if the number is smaller. - * - * \param X Source MPI - * \param buf Output buffer - * \param buflen Output buffer size - * - * \return 0 if successful, - * ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough - */ -int esp_mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen ); - -/** - * \brief Left-shift: X <<= count - * - * \param X MPI to shift - * \param count Amount to shift - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_shift_l( mpi *X, size_t count ); - -/** - * \brief Right-shift: X >>= count - * - * \param X MPI to shift - * \param count Amount to shift - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_shift_r( mpi *X, size_t count ); - -/** - * \brief Compare unsigned values - * - * \param X Left-hand MPI - * \param Y Right-hand MPI - * - * \return 1 if |X| is greater than |Y|, - * -1 if |X| is lesser than |Y| or - * 0 if |X| is equal to |Y| - */ -int esp_mpi_cmp_abs( const mpi *X, const mpi *Y ); - -/** - * \brief Compare signed values - * - * \param X Left-hand MPI - * \param Y Right-hand MPI - * - * \return 1 if X is greater than Y, - * -1 if X is lesser than Y or - * 0 if X is equal to Y - */ -int esp_mpi_cmp_mpi( const mpi *X, const mpi *Y ); - -/** - * \brief Compare signed values - * - * \param X Left-hand MPI - * \param z The integer value to compare to - * - * \return 1 if X is greater than z, - * -1 if X is lesser than z or - * 0 if X is equal to z - */ -int esp_mpi_cmp_int( const mpi *X, esp_mpi_sint z ); - -/** - * \brief Unsigned addition: X = |A| + |B| - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_add_abs( mpi *X, const mpi *A, const mpi *B ); - -/** - * \brief Unsigned subtraction: X = |A| - |B| - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_NEGATIVE_VALUE if B is greater than A - */ -int esp_mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ); - -/** - * \brief Signed addition: X = A + B - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ); - -/** - * \brief Signed subtraction: X = A - B - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ); - -/** - * \brief Signed addition: X = A + b - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param b The integer value to add - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_add_int( mpi *X, const mpi *A, esp_mpi_sint b ); - -/** - * \brief Signed subtraction: X = A - b - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param b The integer value to subtract - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_sub_int( mpi *X, const mpi *A, esp_mpi_sint b ); - -/** - * \brief Baseline multiplication: X = A * B - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ); - -/** - * \brief Baseline multiplication: X = A * b - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param b The unsigned integer value to multiply with - * - * \note b is unsigned - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_mul_int( mpi *X, const mpi *A, esp_mpi_uint b ); - -/** - * \brief Division by mpi: A = Q * B + R - * - * \param Q Destination MPI for the quotient - * \param R Destination MPI for the rest value - * \param A Left-hand MPI - * \param B Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_DIVISION_BY_ZERO if B == 0 - * - * \note Either Q or R can be NULL. - */ -int esp_mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ); - -/** - * \brief Division by int: A = Q * b + R - * - * \param Q Destination MPI for the quotient - * \param R Destination MPI for the rest value - * \param A Left-hand MPI - * \param b Integer to divide by - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_DIVISION_BY_ZERO if b == 0 - * - * \note Either Q or R can be NULL. - */ -int esp_mpi_div_int( mpi *Q, mpi *R, const mpi *A, esp_mpi_sint b ); - -/** - * \brief Modulo: R = A mod B - * - * \param R Destination MPI for the rest value - * \param A Left-hand MPI - * \param B Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_DIVISION_BY_ZERO if B == 0, - * ERR_MPI_NEGATIVE_VALUE if B < 0 - */ -int esp_mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ); - -/** - * \brief Modulo: r = A mod b - * - * \param r Destination esp_mpi_uint - * \param A Left-hand MPI - * \param b Integer to divide by - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_DIVISION_BY_ZERO if b == 0, - * ERR_MPI_NEGATIVE_VALUE if b < 0 - */ -int esp_mpi_mod_int( esp_mpi_uint *r, const mpi *A, esp_mpi_sint b ); - -/** - * \brief Sliding-window exponentiation: X = A^E mod N - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param E Exponent MPI - * \param N Modular MPI - * \param _RR Speed-up MPI used for recalculations - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_BAD_INPUT_DATA if N is negative or even or - * if E is negative - * - * \note _RR is used to avoid re-computing R*R mod N across - * multiple calls, which speeds up things a bit. It can - * be set to NULL if the extra performance is unneeded. - */ -int esp_mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ); - -/** - * \brief Fill an MPI X with size bytes of random - * - * \param X Destination MPI - * \param size Size in bytes - * \param f_rng RNG function - * \param p_rng RNG parameter - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_fill_random( mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Greatest common divisor: G = gcd(A, B) - * - * \param G Destination MPI - * \param A Left-hand MPI - * \param B Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed - */ -int esp_mpi_gcd( mpi *G, const mpi *A, const mpi *B ); - -/** - * \brief Modular inverse: X = A^-1 mod N - * - * \param X Destination MPI - * \param A Left-hand MPI - * \param N Right-hand MPI - * - * \return 0 if successful, - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_BAD_INPUT_DATA if N is negative or nil - ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N - */ -int esp_mpi_inv_mod( mpi *X, const mpi *A, const mpi *N ); - -/** - * \brief Miller-Rabin primality test - * - * \param X MPI to check - * \param f_rng RNG function - * \param p_rng RNG parameter - * - * \return 0 if successful (probably prime), - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_NOT_ACCEPTABLE if X is not prime - */ -int esp_mpi_is_prime( const mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Prime number generation - * - * \param X Destination MPI - * \param nbits Required size of X in bits - * ( 3 <= nbits <= MPI_MAX_BITS ) - * \param dh_flag If 1, then (X-1)/2 will be prime too - * \param f_rng RNG function - * \param p_rng RNG parameter - * - * \return 0 if successful (probably prime), - * ERR_MPI_ALLOC_FAILED if memory allocation failed, - * ERR_MPI_BAD_INPUT_DATA if nbits is < 3 - */ -int esp_mpi_gen_prime( mpi *X, size_t nbits, int dh_flag, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - - -#endif - diff --git a/components/mbedtls/Makefile b/components/mbedtls/Makefile index e44ce2b538..cb3ee2c569 100644 --- a/components/mbedtls/Makefile +++ b/components/mbedtls/Makefile @@ -1,5 +1,8 @@ # # Component Makefile +# + +COMPONENT_ADD_INCLUDEDIRS := port/include include COMPONENT_SRCDIRS := library port diff --git a/components/mbedtls/include/mbedtls/esp_config.h b/components/mbedtls/include/mbedtls/esp_config.h index 0bf7e14d17..6d52294b72 100644 --- a/components/mbedtls/include/mbedtls/esp_config.h +++ b/components/mbedtls/include/mbedtls/esp_config.h @@ -225,7 +225,6 @@ * Uncomment a macro to enable alternate implementation of the corresponding * module. */ -//#define MBEDTLS_AES_ALT //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT @@ -235,11 +234,22 @@ //#define MBEDTLS_MD4_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT -//#define MBEDTLS_BIGNUM_ALT +/* The following units have ESP32 hardware support, + uncommenting each _ALT macro will use the + hardware-accelerated implementation. */ +#define MBEDTLS_AES_ALT +#define MBEDTLS_SHA1_ALT +#define MBEDTLS_SHA256_ALT +#define MBEDTLS_SHA512_ALT + +/* The following MPI (bignum) functions have ESP32 hardware support, + Uncommenting these macros will use the hardware-accelerated + implementations. +*/ +#define MBEDTLS_MPI_EXP_MOD_ALT +#define MBEDTLS_MPI_MUL_MPI_ALT + /** * \def MBEDTLS_MD2_PROCESS_ALT * diff --git a/components/mbedtls/library/bignum.c b/components/mbedtls/library/bignum.c index e438fdddbf..e739bc1d38 100644 --- a/components/mbedtls/library/bignum.c +++ b/components/mbedtls/library/bignum.c @@ -1164,6 +1164,7 @@ void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mp while( c != 0 ); } +#if !defined(MBEDTLS_MPI_MUL_MPI_ALT) /* * Baseline multiplication: X = A * B (HAC 14.12) */ @@ -1200,6 +1201,7 @@ cleanup: return( ret ); } +#endif /* * Baseline multiplication: X = A * b @@ -1598,6 +1600,7 @@ static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint m return( mpi_montmul( A, &U, N, mm, T ) ); } +#if !defined(MBEDTLS_MPI_EXP_MOD_ALT) /* * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) */ @@ -1805,6 +1808,7 @@ cleanup: return( ret ); } +#endif /* * Greatest common divisor: G = gcd(A, B) (HAC 14.54) diff --git a/components/mbedtls/port/esp_bignum.c b/components/mbedtls/port/esp_bignum.c new file mode 100644 index 0000000000..59bdc87260 --- /dev/null +++ b/components/mbedtls/port/esp_bignum.c @@ -0,0 +1,536 @@ +/** + * \brief Multi-precision integer library, ESP32 hardware accelerated parts + * + * based on mbedTLS implementation + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#include +#include +#include +#include "mbedtls/bignum.h" +#include "mbedtls/bn_mul.h" +#include "rom/bigint.h" + +#if defined(MBEDTLS_MPI_MUL_MPI_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT) + +/* Constants from mbedTLS bignum.c */ +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ + +static _lock_t mpi_lock; + +/* At the moment these hardware locking functions aren't exposed publically + for MPI. If you want to use the ROM bigint functions and co-exist with mbedTLS, + please raise a feature request. +*/ +static void esp_mpi_acquire_hardware( void ) +{ + /* newlib locks lazy initialize on ESP-IDF */ + _lock_acquire(&mpi_lock); + ets_bigint_enable(); +} + +static void esp_mpi_release_hardware( void ) +{ + ets_bigint_disable(); + _lock_release(&mpi_lock); +} + +/* + * Helper for mbedtls_mpi multiplication + * copied/trimmed from mbedtls bignum.c + */ +static void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b ) +{ + mbedtls_mpi_uint c = 0, t = 0; + + for( ; i >= 16; i -= 16 ) + { + MULADDC_INIT + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_STOP + } + + for( ; i >= 8; i -= 8 ) + { + MULADDC_INIT + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_STOP + } + + + for( ; i > 0; i-- ) + { + MULADDC_INIT + MULADDC_CORE + MULADDC_STOP + } + + t++; + + do { + *d += c; c = ( *d < c ); d++; + } + while( c != 0 ); +} + + +/* + * Helper for mbedtls_mpi subtraction + * Copied/adapter from mbedTLS bignum.c + */ +static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) +{ + size_t i; + mbedtls_mpi_uint c, z; + + for( i = c = 0; i < n; i++, s++, d++ ) + { + z = ( *d < c ); *d -= c; + c = ( *d < *s ) + z; *d -= *s; + } + + while( c != 0 ) + { + z = ( *d < c ); *d -= c; + c = z; i++; d++; + } +} + + +/* The following 3 Montgomery arithmetic function are + copied from mbedTLS bigint.c verbatim as they are static. + + TODO: find a way to support making the versions in mbedtls + non-static. +*/ + +/* + * Fast Montgomery initialization (thanks to Tom St Denis) + */ +static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) +{ + mbedtls_mpi_uint x, m0 = N->p[0]; + unsigned int i; + + x = m0; + x += ( ( m0 + 2 ) & 4 ) << 1; + + for( i = biL; i >= 8; i /= 2 ) + x *= ( 2 - ( m0 * x ) ); + + *mm = ~x + 1; +} + +/* + * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) + */ +static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, + const mbedtls_mpi *T ) +{ + size_t i, n, m; + mbedtls_mpi_uint u0, u1, *d; + + if( T->n < N->n + 1 || T->p == NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + memset( T->p, 0, T->n * ciL ); + + d = T->p; + n = N->n; + m = ( B->n < n ) ? B->n : n; + + for( i = 0; i < n; i++ ) + { + /* + * T = (T + u0*B + u1*N) / 2^biL + */ + u0 = A->p[i]; + u1 = ( d[0] + u0 * B->p[0] ) * mm; + + mpi_mul_hlp( m, B->p, d, u0 ); + mpi_mul_hlp( n, N->p, d, u1 ); + + *d++ = u0; d[n + 1] = 0; + } + + memcpy( A->p, d, ( n + 1 ) * ciL ); + + if( mbedtls_mpi_cmp_abs( A, N ) >= 0 ) + mpi_sub_hlp( n, N->p, A->p ); + else + /* prevent timing attacks */ + mpi_sub_hlp( n, A->p, T->p ); + + return( 0 ); +} + +/* + * Montgomery reduction: A = A * R^-1 mod N + */ +static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +{ + mbedtls_mpi_uint z = 1; + mbedtls_mpi U; + + U.n = U.s = (int) z; + U.p = &z; + + return( mpi_montmul( A, &U, N, mm, T ) ); +} + + +/* Allocate parameters used by hardware MPI multiply, + and copy mbedtls_mpi structures into them */ +static int mul_pram_alloc(const mbedtls_mpi *A, const mbedtls_mpi *B, char **pA, char **pB, char **pX, size_t *bites) +{ + char *sa, *sb, *sx; +// int algn; + int words, bytes; + int abytes, bbytes; + + if (A->n > B->n) + words = A->n; + else + words = B->n; + + bytes = (words / 16 + ((words % 16) ? 1 : 0 )) * 16 * 4 * 2; + + abytes = A->n * 4; + bbytes = B->n * 4; + + sa = malloc(bytes); + if (!sa) { + return -1; + } + + sb = malloc(bytes); + if (!sb) { + free(sa); + return -1; + } + + sx = malloc(bytes); + if (!sx) { + free(sa); + free(sb); + return -1; + } + + memcpy(sa, A->p, abytes); + memset(sa + abytes, 0, bytes - abytes); + + memcpy(sb, B->p, bbytes); + memset(sb + bbytes, 0, bytes - bbytes); + + *pA = sa; + *pB = sb; + + *pX = sx; + + *bites = bytes * 4; + + return 0; +} + +#if defined(MBEDTLS_MPI_MUL_MPI_ALT) + +int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +{ + int ret = -1; + size_t i, j; + char *s1 = NULL, *s2 = NULL, *dest = NULL; + size_t bites; + + mbedtls_mpi TA, TB; + + mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); + + if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; } + if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; } + + for( i = A->n; i > 0; i-- ) + if( A->p[i - 1] != 0 ) + break; + + for( j = B->n; j > 0; j-- ) + if( B->p[j - 1] != 0 ) + break; + + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + + if (mul_pram_alloc(A, B, &s1, &s2, &dest, &bites)) { + goto cleanup; + } + + esp_mpi_acquire_hardware(); + if (ets_bigint_mult_prepare((uint32_t *)s1, (uint32_t *)s2, bites)){ + ets_bigint_wait_finish(); + if (ets_bigint_mult_getz((uint32_t *)dest, bites) == true) { + memcpy(X->p, dest, (i + j) * 4); + ret = 0; + } else { + printf("ets_bigint_mult_getz failed\n"); + } + } else{ + printf("Baseline multiplication failed\n"); + } + esp_mpi_release_hardware(); + + X->s = A->s * B->s; + + free(s1); + free(s2); + free(dest); + +cleanup: + + mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA ); + + return( ret ); +} + +#endif /* MBEDTLS_MPI_MUL_MPI_ALT */ + +#if defined(MBEDTLS_MPI_EXP_MOD_ALT) +/* + * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) + */ +int mbedtls_mpi_exp_mod( mbedtls_mpi* X, const mbedtls_mpi* A, const mbedtls_mpi* E, const mbedtls_mpi* N, mbedtls_mpi* _RR ) +{ + int ret; + size_t wbits, wsize, one = 1; + size_t i, j, nblimbs; + size_t bufsize, nbits; + mbedtls_mpi_uint ei, mm, state; + mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; + int neg; + + if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( E, 0 ) < 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + /* + * Init temps and window size + */ + mpi_montg_init( &mm, N ); + mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T ); + mbedtls_mpi_init( &Apos ); + memset( W, 0, sizeof( W ) ); + + i = mbedtls_mpi_bitlen( E ); + + wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : + ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; + + if( wsize > MBEDTLS_MPI_WINDOW_SIZE ) + wsize = MBEDTLS_MPI_WINDOW_SIZE; + + j = N->n + 1; + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); + + /* + * Compensate for negative A (and correct at the end) + */ + neg = ( A->s == -1 ); + if( neg ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) ); + Apos.s = 1; + A = &Apos; + } + + /* + * If 1st call, pre-compute R^2 mod N + */ + if( _RR == NULL || _RR->p == NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) ); + + if( _RR != NULL ) + memcpy( _RR, &RR, sizeof( mbedtls_mpi) ); + } + else + memcpy( &RR, _RR, sizeof( mbedtls_mpi) ); + + /* + * W[1] = A * R^2 * R^-1 mod N = A * R mod N + */ + if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) ); + else + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); + + mpi_montmul( &W[1], &RR, N, mm, &T ); + + /* + * X = R^2 * R^-1 mod N = R mod N + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); + mpi_montred( X, N, mm, &T ); + + if( wsize > 1 ) + { + /* + * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1) + */ + j = one << ( wsize - 1 ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); + + for( i = 0; i < wsize - 1; i++ ) + mpi_montmul( &W[j], &W[j], N, mm, &T ); + + /* + * W[i] = W[i - 1] * W[1] + */ + for( i = j + 1; i < ( one << wsize ); i++ ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); + + mpi_montmul( &W[i], &W[1], N, mm, &T ); + } + } + + nblimbs = E->n; + bufsize = 0; + nbits = 0; + wbits = 0; + state = 0; + + while( 1 ) + { + if( bufsize == 0 ) + { + if( nblimbs == 0 ) + break; + + nblimbs--; + + bufsize = sizeof( mbedtls_mpi_uint ) << 3; + } + + bufsize--; + + ei = (E->p[nblimbs] >> bufsize) & 1; + + /* + * skip leading 0s + */ + if( ei == 0 && state == 0 ) + continue; + + if( ei == 0 && state == 1 ) + { + /* + * out of window, square X + */ + mpi_montmul( X, X, N, mm, &T ); + continue; + } + + /* + * add ei to current window + */ + state = 2; + + nbits++; + wbits |= ( ei << ( wsize - nbits ) ); + + if( nbits == wsize ) + { + /* + * X = X^wsize R^-1 mod N + */ + for( i = 0; i < wsize; i++ ) + mpi_montmul( X, X, N, mm, &T ); + + /* + * X = X * W[wbits] R^-1 mod N + */ + mpi_montmul( X, &W[wbits], N, mm, &T ); + + state--; + nbits = 0; + wbits = 0; + } + } + + /* + * process the remaining bits + */ + for( i = 0; i < nbits; i++ ) + { + mpi_montmul( X, X, N, mm, &T ); + + wbits <<= 1; + + if( ( wbits & ( one << wsize ) ) != 0 ) + mpi_montmul( X, &W[1], N, mm, &T ); + } + + /* + * X = A^E * R * R^-1 mod N = A^E mod N + */ + mpi_montred( X, N, mm, &T ); + + if( neg ) + { + X->s = -1; + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) ); + } + +cleanup: + + for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ ) + mbedtls_mpi_free( &W[i] ); + + mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos ); + + if( _RR == NULL || _RR->p == NULL ) + mbedtls_mpi_free( &RR ); + + return( ret ); +} + +#endif /* MBEDTLS_MPI_EXP_MOD_ALT */ + +#endif /* MBEDTLS_MPI_MUL_MPI_ALT || MBEDTLS_MPI_EXP_MOD_ALT */ + diff --git a/components/mbedtls/port/esp_hardware.c b/components/mbedtls/port/esp_hardware.c index b83c4d7aa9..9157662491 100644 --- a/components/mbedtls/port/esp_hardware.c +++ b/components/mbedtls/port/esp_hardware.c @@ -9,34 +9,8 @@ #include #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) -/** - * \brief Entropy poll callback for a hardware source - * - * \warning This is not provided by mbed TLS! - * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h. - * - * \note This must accept NULL as its first argument. - */ -static int os_get_random(unsigned char *buf, size_t len) -{ - int i, j; - unsigned long tmp; - - for (i = 0; i < ((len + 3) & ~3) / 4; i ++) { - tmp = rand(); - for (j = 0; j < 4; j ++) { - if ((i * 4 + j) < len) { - buf[i * 4 + j] = (unsigned char)(tmp >> (j * 8)); - } else { - break; - } - } - - } - - return 0; -} +extern int os_get_random(unsigned char *buf, size_t len); int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen ) { diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h index daf30d72b8..7161b282c2 100644 --- a/components/mbedtls/port/include/aes_alt.h +++ b/components/mbedtls/port/include/aes_alt.h @@ -29,9 +29,9 @@ extern "C" { #endif #if defined(MBEDTLS_AES_ALT) -#include "aes.h" +#include "hwcrypto/aes.h" -typedef AES_CTX mbedtls_aes_context; +typedef esp_aes_context mbedtls_aes_context; #define mbedtls_aes_init esp_aes_init #define mbedtls_aes_free esp_aes_free diff --git a/components/mbedtls/port/include/bignum_alt.h b/components/mbedtls/port/include/bignum_alt.h deleted file mode 100644 index f30d7d25cd..0000000000 --- a/components/mbedtls/port/include/bignum_alt.h +++ /dev/null @@ -1,77 +0,0 @@ -/** - * \file bignum_alt.h - * - * \brief Multi-precision integer library - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef BIGNUM_ALT_H -#define BIGNUM_ALT_H - -#include "bignum.h" - -#if defined(MBEDTLS_BIGNUM_ALT) - -typedef MPI_CTX mbedtls_mpi; - -#define mbedtls_mpi_init esp_mpi_init -#define mbedtls_mpi_free esp_mpi_free -#define mbedtls_mpi_grow esp_mpi_grow -#define mbedtls_mpi_shrink esp_mpi_shrink -#define mbedtls_mpi_copy esp_mpi_copy -#define mbedtls_mpi_swap esp_mpi_swap -#define mbedtls_mpi_safe_cond_assign esp_mpi_safe_cond_assign -#define mbedtls_mpi_safe_cond_swap esp_mpi_safe_cond_swap -#define mbedtls_mpi_lset esp_mpi_lset -#define mbedtls_mpi_get_bit esp_mpi_get_bit -#define mbedtls_mpi_set_bit esp_mpi_set_bit -#define mbedtls_mpi_lsb esp_mpi_lsb -#define mbedtls_mpi_bitlen esp_mpi_bitlen -#define mbedtls_mpi_size esp_mpi_size -#define mbedtls_mpi_read_string esp_mpi_read_string -#define mbedtls_mpi_write_string esp_mpi_write_string -#define mbedtls_mpi_read_binary esp_mpi_read_binary -#define mbedtls_mpi_write_binary esp_mpi_write_binary -#define mbedtls_mpi_shift_l esp_mpi_shift_l -#define mbedtls_mpi_shift_r esp_mpi_shift_r -#define mbedtls_mpi_cmp_abs esp_mpi_cmp_abs -#define mbedtls_mpi_cmp_mpi esp_mpi_cmp_mpi -#define mbedtls_mpi_cmp_int esp_mpi_cmp_int -#define mbedtls_mpi_add_abs esp_mpi_add_abs -#define mbedtls_mpi_sub_abs esp_mpi_sub_abs -#define mbedtls_mpi_add_mpi esp_mpi_add_mpi -#define mbedtls_mpi_sub_mpi esp_mpi_sub_mpi -#define mbedtls_mpi_add_int esp_mpi_add_int -#define mbedtls_mpi_sub_int esp_mpi_sub_int -#define mbedtls_mpi_mul_mpi esp_mpi_mul_mpi -#define mbedtls_mpi_mul_int esp_mpi_mul_int -#define mbedtls_mpi_div_mpi esp_mpi_div_mpi -#define mbedtls_mpi_div_int esp_mpi_div_int -#define mbedtls_mpi_mod_mpi esp_mpi_mod_mpi -#define mbedtls_mpi_mod_int esp_mpi_mod_int -#define mbedtls_mpi_exp_mod esp_mpi_exp_mod -#define mbedtls_mpi_fill_random esp_mpi_fill_random -#define mbedtls_mpi_gcd esp_mpi_gcd -#define mbedtls_mpi_inv_mod esp_mpi_inv_mod -#define mbedtls_mpi_is_prime esp_mpi_is_prime -#define mbedtls_mpi_gen_prime esp_mpi_gen_prime - -#endif - -#endif - diff --git a/components/mbedtls/port/include/sha1_alt.h b/components/mbedtls/port/include/sha1_alt.h index 3cf39d2ffb..60297b9fbf 100644 --- a/components/mbedtls/port/include/sha1_alt.h +++ b/components/mbedtls/port/include/sha1_alt.h @@ -1,7 +1,6 @@ /* * copyright (c) 2010 - 2012 Espressif System * - * esf Link List Descriptor */ #ifndef _SHA1_ALT_H_ #define _SHA1_ALT_H_ @@ -12,9 +11,9 @@ extern "C" { #if defined(MBEDTLS_SHA1_ALT) -#include "sha.h" +#include "hwcrypto/sha.h" -typedef SHA1_CTX mbedtls_sha1_context; +typedef esp_sha_context mbedtls_sha1_context; #define mbedtls_sha1_init esp_sha1_init #define mbedtls_sha1_starts esp_sha1_start @@ -22,7 +21,7 @@ typedef SHA1_CTX mbedtls_sha1_context; #define mbedtls_sha1_update esp_sha1_update #define mbedtls_sha1_finish esp_sha1_finish #define mbedtls_sha1_free esp_sha1_free -#define mbedtls_sha1_process esp_sha1_process +#define mbedtls_sha1_process(...) #endif diff --git a/components/mbedtls/port/include/sha256_alt.h b/components/mbedtls/port/include/sha256_alt.h index 15ea356acb..6d9986b3a1 100644 --- a/components/mbedtls/port/include/sha256_alt.h +++ b/components/mbedtls/port/include/sha256_alt.h @@ -1,7 +1,6 @@ /* * copyright (c) 2010 - 2012 Espressif System * - * esf Link List Descriptor */ #ifndef _SHA256_ALT_H_ @@ -13,9 +12,9 @@ extern "C" { #if defined(MBEDTLS_SHA256_ALT) -#include "sha.h" +#include "hwcrypto/sha.h" -typedef SHA256_CTX mbedtls_sha256_context; +typedef esp_sha_context mbedtls_sha256_context; #define mbedtls_sha256_init esp_sha256_init #define mbedtls_sha256_clone esp_sha256_clone @@ -23,7 +22,7 @@ typedef SHA256_CTX mbedtls_sha256_context; #define mbedtls_sha256_update esp_sha256_update #define mbedtls_sha256_finish esp_sha256_finish #define mbedtls_sha256_free esp_sha256_free -#define mbedtls_sha256_process esp_sha256_process +#define mbedtls_sha256_process(...) #endif diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h index 9e337c1b60..c9f6bdc850 100644 --- a/components/mbedtls/port/include/sha512_alt.h +++ b/components/mbedtls/port/include/sha512_alt.h @@ -12,9 +12,9 @@ extern "C" { #endif #if defined(MBEDTLS_SHA512_ALT) -#include "sha.h" +#include "hwcrypto/sha.h" -typedef SHA512_CTX mbedtls_sha512_context; +typedef esp_sha_context mbedtls_sha512_context; #define mbedtls_sha512_init esp_sha512_init #define mbedtls_sha512_process esp_sha512_process @@ -22,7 +22,7 @@ typedef SHA512_CTX mbedtls_sha512_context; #define mbedtls_sha512_starts esp_sha512_start #define mbedtls_sha512_update esp_sha512_update #define mbedtls_sha512_finish esp_sha512_finish -#define mbedtls_sha512_free esp_sha512_free +#define mbedtls_sha512_free(...) #endif From 7c58c1e06b9704d5c0dfea6248e2f1f1e2d10129 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 9 Sep 2016 10:14:38 +1000 Subject: [PATCH 19/28] Build system: Allow components to add to the global CFLAGS via Makefile.projbuild Used by mbedTLS to set MBEDTLS_CONFIG_FILE in all components. This change sets CFLAGS/etc at the project level and then exports those variables for components, rather than setting them independently each time a component Makefile is invoked. --- components/bootloader/Makefile.projbuild | 4 --- components/expat/Makefile | 2 +- components/lwip/component.mk | 2 +- components/mbedtls/Makefile.projbuild | 4 +++ components/mbedtls/component.mk | 2 -- components/tcpip_adapter/component.mk | 2 +- docs/build_system.rst | 35 ++++++++++++++++-------- make/common.mk | 26 ------------------ make/component_common.mk | 8 ++---- make/project.mk | 35 ++++++++++++++++++++++++ make/project_config.mk | 2 -- tools/kconfig/Makefile | 4 +++ 12 files changed, 73 insertions(+), 53 deletions(-) create mode 100644 components/mbedtls/Makefile.projbuild diff --git a/components/bootloader/Makefile.projbuild b/components/bootloader/Makefile.projbuild index 48c09d4816..c8f6e5e62e 100644 --- a/components/bootloader/Makefile.projbuild +++ b/components/bootloader/Makefile.projbuild @@ -17,15 +17,11 @@ BOOTLOADER_BIN=$(BOOTLOADER_BUILD_DIR)/bootloader.bin $(BOOTLOADER_BIN): $(COMPONENT_PATH)/src/sdkconfig $(Q) PROJECT_PATH= \ - LDFLAGS= \ - CFLAGS= \ BUILD_DIR_BASE=$(BOOTLOADER_BUILD_DIR) \ $(MAKE) -C $(BOOTLOADER_COMPONENT_PATH)/src MAKEFLAGS= V=$(V) TARGET_BIN_LAYOUT="$(BOOTLOADER_TARGET_BIN_LAYOUT)" $(BOOTLOADER_BIN) bootloader-clean: $(Q) PROJECT_PATH= \ - LDFLAGS= \ - CFLAGS= \ BUILD_DIR_BASE=$(BOOTLOADER_BUILD_DIR) \ $(MAKE) -C $(BOOTLOADER_COMPONENT_PATH)/src app-clean MAKEFLAGS= V=$(V) diff --git a/components/expat/Makefile b/components/expat/Makefile index 96b74ce25c..81990aa599 100644 --- a/components/expat/Makefile +++ b/components/expat/Makefile @@ -10,6 +10,6 @@ COMPONENT_ADD_INCLUDEDIRS := port/include include/expat COMPONENT_SRCDIRS := library port -EXTRA_CFLAGS := -Wno-error=address -Waddress -DHAVE_EXPAT_CONFIG_H +CFLAGS += -Wno-error=address -Waddress -DHAVE_EXPAT_CONFIG_H include $(IDF_PATH)/make/component.mk diff --git a/components/lwip/component.mk b/components/lwip/component.mk index a605355d2b..750c1cc0c1 100644 --- a/components/lwip/component.mk +++ b/components/lwip/component.mk @@ -6,6 +6,6 @@ COMPONENT_ADD_INCLUDEDIRS := include/lwip include/lwip/port include/lwip/posix COMPONENT_SRCDIRS := api apps/sntp apps core/ipv4 core/ipv6 core netif port/freertos port/netif port -EXTRA_CFLAGS := -Wno-error=address -Waddress -DLWIP_ESP8266 +CFLAGS += -Wno-error=address -Waddress -DLWIP_ESP8266 include $(IDF_PATH)/make/component_common.mk diff --git a/components/mbedtls/Makefile.projbuild b/components/mbedtls/Makefile.projbuild new file mode 100644 index 0000000000..51300efd11 --- /dev/null +++ b/components/mbedtls/Makefile.projbuild @@ -0,0 +1,4 @@ +# Anyone compiling mbedTLS code needs the name of the +# alternative config file +CFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"' + diff --git a/components/mbedtls/component.mk b/components/mbedtls/component.mk index ed8f117fff..98838d4d7b 100644 --- a/components/mbedtls/component.mk +++ b/components/mbedtls/component.mk @@ -6,6 +6,4 @@ COMPONENT_ADD_INCLUDEDIRS := port/include include COMPONENT_SRCDIRS := library port -EXTRA_CFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"' - include $(IDF_PATH)/make/component_common.mk diff --git a/components/tcpip_adapter/component.mk b/components/tcpip_adapter/component.mk index cb863d1b7d..14596443fb 100755 --- a/components/tcpip_adapter/component.mk +++ b/components/tcpip_adapter/component.mk @@ -2,6 +2,6 @@ # Component Makefile # -EXTRA_CFLAGS := -DLWIP_ESP8266 +CFLAGS += -DLWIP_ESP8266 include $(IDF_PATH)/make/component_common.mk diff --git a/docs/build_system.rst b/docs/build_system.rst index 24381019b5..43055a4787 100644 --- a/docs/build_system.rst +++ b/docs/build_system.rst @@ -60,7 +60,7 @@ influencing the build process of the component as well as the project it's used in. Components may also include a Kconfig file defining the compile-time options that are settable by means of the menu system. -Project makefile variables that can be set by the programmer:: +Project Makefile variables that can be set by the programmer:: PROJECT_NAME: Mandatory. Name for the project BUILD_DIR_BASE: Set the directory where all objects/libraries/binaries end up in. @@ -76,17 +76,20 @@ Project makefile variables that can be set by the programmer:: include directories that are passed to the compilation pass of all components and they do not have a Kconfig option. -Component makefile variables that can be set by the programmer:: +Component-specific component.mk variables that can be set by the programmer:: COMPONENT_ADD_INCLUDEDIRS: Relative path to include directories to be added to - the entire project + the entire project. If an include directory is only needed to compile this + specific component, don't add it here. COMPONENT_PRIV_INCLUDEDIRS: Relative path to include directories that are only used - when compiling this specific component + when compiling this specific component. COMPONENT_DEPENDS: Names of any components that need to be compiled before this component. - COMPONENT_ADD_LDFLAGS: Ld flags to add for this project. Defaults to -l$(COMPONENT_NAME). + COMPONENT_ADD_LDFLAGS: LD flags to add for the entire project. Defaults to -l$(COMPONENT_NAME). Add libraries etc in the current directory as $(abspath libwhatever.a) - COMPONENT_EXTRA_INCLUDES: Any extra include paths. These will be prefixed with '-I' and - passed to the compiler; please put absolute paths here. + COMPONENT_EXTRA_INCLUDES: Any extra include paths used when compiling the component's + source files. These will be prefixed with '-I' and passed to the compiler. + Similar to COMPONENT_PRIV_INCLUDEDIRS, but these paths are passed as-is instead of + expanded relative to the component directory. COMPONENT_SRCDIRS: Relative directories to look in for sources. Defaults to '.', the current directory (the root of the component) only. Use this to specify any subdirectories. Note that specifying this overwrites the default action of compiling everything in the @@ -114,6 +117,10 @@ be usable in component or project Makefiles:: COMPONENTS: Name of the components to be included CONFIG_*: All values set by 'make menuconfig' have corresponding Makefile variables. +Inside your component's component.mk makefile, you can override or add to these variables +as necessary. The changes are isolated from other components (see Makefile.projbuild below +if you want to share these changes with all other components.) + For components, there also are these defines:: COMPONENT_PATH: Absolute path to the root of the source tree of the component we're @@ -152,10 +159,16 @@ details to add to "menuconfig" for this component. Makefile.projbuild ------------------ -For components that have parts that need to be run when building of the -project is done, you can create a file called Makefile.projbuild in the -component root directory. This file will be included in the main -Makefile. +For components that have parts that need to be evaluated in the top-level +project context, you can create a file called Makefile.projbuild in the +component root directory. These files is included into the project's +top-level Makefile. + +For example, if your component needs to add to CFLAGS for the entire +project (not just for its own source files) then you can set +``CFLAGS +=`` in Makefile.projbuild. Note that this isn't necessary for +adding include directories to the project, you can set +``COMPONENT_ADD_INCLUDEDIRS`` (see above) in the component.mk. KConfig.projbuild diff --git a/make/common.mk b/make/common.mk index 7f372cc305..4965fa3523 100644 --- a/make/common.mk +++ b/make/common.mk @@ -8,32 +8,6 @@ # see project_config.mk for details.) -include $(PROJECT_PATH)/build/include/config/auto.conf -ifeq ("$(LDFLAGS)","") -LDFLAGS = -nostdlib \ - -L$(IDF_PATH)/lib \ - -L$(IDF_PATH)/ld \ - $(addprefix -L$(BUILD_DIR_BASE)/,$(COMPONENTS) $(SRCDIRS)) \ - -u call_user_start_cpu0 \ - -Wl,--gc-sections \ - -Wl,-static \ - -Wl,--start-group \ - $(COMPONENT_LDFLAGS) \ - -lgcc \ - -Wl,--end-group -endif - -ifeq ("$(CFLAGS)","") -CFLAGS = -DESP_PLATFORM -Og -std=gnu99 -g3 \ - -Wpointer-arith -Werror -Wno-error=unused-function -Wno-error=unused-but-set-variable -Wno-error=unused-variable \ - -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -Wall -ffunction-sections -fdata-sections $(EXTRA_CFLAGS) -endif - -ifeq ("$(CXXFLAGS)","") -CXXFLAGS = -DESP_PLATFORM -Og -std=gnu++11 -g3 \ - -Wpointer-arith -Werror -Wno-error=unused-function -Wno-error=unused-but-set-variable -Wno-error=unused-variable \ - -Wl,-EL -nostdlib -mlongcalls -Wall -ffunction-sections -fdata-sections $(EXTRA_CFLAGS) -fno-exceptions -endif - #Handling of V=1/VERBOSE=1 flag # # if V=1, $(summary) does nothing and $(details) will echo extra details diff --git a/make/component_common.mk b/make/component_common.mk index 1a3d9281c8..ebad525a76 100644 --- a/make/component_common.mk +++ b/make/component_common.mk @@ -25,7 +25,7 @@ export COMPONENT_PATH include $(IDF_PATH)/make/common.mk -#Some of these options are overridable by the components Makefile. +#Some of these options are overridable by the component's component.mk Makefile #Name of the component COMPONENT_NAME ?= $(lastword $(subst /, ,$(realpath $(COMPONENT_PATH)))) @@ -58,7 +58,8 @@ COMPONENT_ADD_LDFLAGS ?= -l$(COMPONENT_NAME) OWN_INCLUDES:=$(abspath $(addprefix $(COMPONENT_PATH)/,$(COMPONENT_ADD_INCLUDEDIRS) $(COMPONENT_PRIV_INCLUDEDIRS))) COMPONENT_INCLUDES := $(OWN_INCLUDES) $(filter-out $(OWN_INCLUDES),$(COMPONENT_INCLUDES)) -#This target is used to collect variable values from inside the main makefile +#This target is used to collect variable values from inside project.mk +# see project.mk GetVariable macro for details. get_variable: @echo "$(GET_VARIABLE)=$(call $(GET_VARIABLE)) " @@ -82,9 +83,6 @@ clean: $(Q) rm -f $(COMPONENT_LIBRARY) $(COMPONENT_OBJS) $(COMPONENT_OBJS:.o=.d) $(COMPONENT_EXTRA_CLEAN) endif -#Also generate dependency files -CFLAGS+=-MMD -MP -CXXFLAGS+=-MMD -MP #Include all dependency files already generated -include $(COMPONENT_OBJS:.o=.d) diff --git a/make/project.mk b/make/project.mk index ca80697cb6..7526774bdb 100644 --- a/make/project.mk +++ b/make/project.mk @@ -133,6 +133,41 @@ export PROJECT_PATH #Include functionality common to both project & component -include $(IDF_PATH)/make/common.mk +# Set default LDFLAGS + +LDFLAGS ?= -nostdlib \ + -L$(IDF_PATH)/lib \ + -L$(IDF_PATH)/ld \ + $(addprefix -L$(BUILD_DIR_BASE)/,$(COMPONENTS) $(SRCDIRS)) \ + -u call_user_start_cpu0 \ + -Wl,--gc-sections \ + -Wl,-static \ + -Wl,--start-group \ + $(COMPONENT_LDFLAGS) \ + -lgcc \ + -Wl,--end-group \ + -Wl,-EL + +# Set default CPPFLAGS, CFLAGS, CXXFLAGS +# +# These are exported so that components can use them when compiling. +# +# If you need your component to add CFLAGS/etc for it's own source compilation only, set CFLAGS += in your component's Makefile. +# +# If you need your component to add CFLAGS/etc globally for all source +# files, set CFLAGS += in your component's Makefile.projbuild + +# CPPFLAGS used by an compile pass that uses the C preprocessor +CPPFLAGS = -DESP_PLATFORM -Og -g3 -Wpointer-arith -Werror -Wno-error=unused-function -Wno-error=unused-but-set-variable -Wno-error=unused-variable -Wall -ffunction-sections -fdata-sections -mlongcalls -nostdlib -MMD -MP + +# C flags use by C only +CFLAGS = $(CPPFLAGS) -std=gnu99 -g3 -fno-inline-functions + +# CXXFLAGS uses by C++ only +CXXFLAGS = $(CPPFLAGS) -Og -std=gnu++11 -g3 -fno-exceptions + +export CFLAGS CPPFLAGS CXXFLAGS + #Set host compiler and binutils HOSTCC := $(CC) HOSTLD := $(LD) diff --git a/make/project_config.mk b/make/project_config.mk index e39fdac3bb..d2909bb308 100644 --- a/make/project_config.mk +++ b/make/project_config.mk @@ -10,8 +10,6 @@ KCONFIG_TOOL_DIR=$(IDF_PATH)/tools/kconfig # clear MAKEFLAGS as the menuconfig makefile uses implicit compile rules $(KCONFIG_TOOL_DIR)/mconf $(KCONFIG_TOOL_DIR)/conf: MAKEFLAGS="" \ - CFLAGS="" \ - LDFLAGS="" \ CC=$(HOSTCC) LD=$(HOSTLD) \ $(MAKE) -C $(KCONFIG_TOOL_DIR) diff --git a/tools/kconfig/Makefile b/tools/kconfig/Makefile index b265e9b381..2df04f3f27 100644 --- a/tools/kconfig/Makefile +++ b/tools/kconfig/Makefile @@ -18,6 +18,10 @@ endif # We need this, in case the user has it in its environment unexport CONFIG_ +# Unset some environment variables set in the project environment +CFLAGS := +CPPFLAGS := +LDFLAGS := default: mconf conf From f605e0334490c85f0ea0fd2dbbd8b7cf48122063 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 9 Sep 2016 10:49:35 +1000 Subject: [PATCH 20/28] make debugging: With V=1, output when including each Makefile.projbuild also enable V=1 on CI builds --- .gitlab-ci.yml | 2 +- make/project.mk | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 15a1db2fc0..c222ca2fd2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,7 +23,7 @@ build_template_app: # branch - git checkout ${CI_BUILD_REF_NAME} || echo "Using esp-idf-template default branch..." - make defconfig - - make all + - make all V=1 test_nvs_on_host: stage: test diff --git a/make/project.mk b/make/project.mk index 7526774bdb..b86470bf62 100644 --- a/make/project.mk +++ b/make/project.mk @@ -193,6 +193,7 @@ APP_BIN:=$(APP_ELF:.elf=.bin) # Include any Makefile.projbuild file letting components add # configuration at the project level define includeProjBuildMakefile +$(if $(V),$(if $(wildcard $(1)/Makefile.projbuild),$(info including $(1)/Makefile.projbuild...))) COMPONENT_PATH := $(1) -include $(1)/Makefile.projbuild endef From a939c15723282b84356596822d2fe0196a518812 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 9 Sep 2016 11:24:35 +1000 Subject: [PATCH 21/28] mbedtls networking: Remove WIN32 parts, minor cleanup --- components/mbedtls/port/net.c | 83 +---------------------------------- 1 file changed, 1 insertion(+), 82 deletions(-) diff --git a/components/mbedtls/port/net.c b/components/mbedtls/port/net.c index 390513c17e..482a11f970 100644 --- a/components/mbedtls/port/net.c +++ b/components/mbedtls/port/net.c @@ -32,19 +32,13 @@ #include "mbedtls/net.h" #include - #include #include -//#include #include #include -//#include - #include #include - #include - #include /* @@ -52,19 +46,6 @@ */ static int net_prepare( void ) { -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - WSADATA wsaData; - - if ( wsa_init_done == 0 ) { - if ( WSAStartup( MAKEWORD(2, 0), &wsaData ) != 0 ) { - return ( MBEDTLS_ERR_NET_SOCKET_FAILED ); - } - - wsa_init_done = 1; - } -#else -#endif return ( 0 ); } @@ -137,7 +118,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char */ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ) { - int n, ret; + int ret; struct addrinfo hints, *addr_list, *cur; if ( ( ret = net_prepare() ) != 0 ) { @@ -204,18 +185,6 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char } -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) -/* - * Check if the requested operation would be blocking on a non-blocking socket - * and thus 'failed' with a negative return value. - */ -static int net_would_block( const mbedtls_net_context *ctx ) -{ - ((void) ctx); - return ( WSAGetLastError() == WSAEWOULDBLOCK ); -} -#else /* * Check if the requested operation would be blocking on a non-blocking socket * and thus 'failed' with a negative return value. @@ -244,7 +213,6 @@ static int net_would_block( const mbedtls_net_context *ctx ) } return ( 0 ); } -#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* * Accept a connection from a remote client @@ -279,13 +247,6 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK, (struct sockaddr *) &client_addr, &n ); -#if defined(_WIN32) - if ( ret == SOCKET_ERROR && - WSAGetLastError() == WSAEMSGSIZE ) { - /* We know buf is too small, thanks, just peeking here */ - ret = 0; - } -#endif } if ( ret < 0 ) { @@ -343,24 +304,12 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, */ int mbedtls_net_set_block( mbedtls_net_context *ctx ) { -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - u_long n = 0; - return ( ioctlsocket( ctx->fd, FIONBIO, &n ) ); -#else return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) ); -#endif } int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) { -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - u_long n = 1; - return ( ioctlsocket( ctx->fd, FIONBIO, &n ) ); -#else return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) ); -#endif } /* @@ -368,19 +317,10 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) */ void mbedtls_net_usleep( unsigned long usec ) { -#if defined(_WIN32) - Sleep( ( usec + 999 ) / 1000 ); -#else struct timeval tv; tv.tv_sec = usec / 1000000; -#if defined(__unix__) || defined(__unix) || \ - ( defined(__APPLE__) && defined(__MACH__) ) - tv.tv_usec = (suseconds_t) usec % 1000000; -#else tv.tv_usec = usec % 1000000; -#endif select( 0, NULL, NULL, NULL, &tv ); -#endif } /* @@ -404,12 +344,6 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) } error = mbedtls_net_errno(fd); -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - if ( WSAGetLastError() == WSAECONNRESET ) { - return ( MBEDTLS_ERR_NET_CONN_RESET ); - } -#else if ( error == EPIPE || error == ECONNRESET ) { return ( MBEDTLS_ERR_NET_CONN_RESET ); } @@ -417,7 +351,6 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) if ( error == EINTR ) { return ( MBEDTLS_ERR_SSL_WANT_READ ); } -#endif return ( MBEDTLS_ERR_NET_RECV_FAILED ); } @@ -454,16 +387,9 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, } if ( ret < 0 ) { -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - if ( WSAGetLastError() == WSAEINTR ) { - return ( MBEDTLS_ERR_SSL_WANT_READ ); - } -#else if ( errno == EINTR ) { return ( MBEDTLS_ERR_SSL_WANT_READ ); } -#endif return ( MBEDTLS_ERR_NET_RECV_FAILED ); } @@ -494,12 +420,6 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) } error = mbedtls_net_errno(fd); -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - if ( WSAGetLastError() == WSAECONNRESET ) { - return ( MBEDTLS_ERR_NET_CONN_RESET ); - } -#else if ( error == EPIPE || error == ECONNRESET ) { return ( MBEDTLS_ERR_NET_CONN_RESET ); } @@ -507,7 +427,6 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) if ( error == EINTR ) { return ( MBEDTLS_ERR_SSL_WANT_WRITE ); } -#endif return ( MBEDTLS_ERR_NET_SEND_FAILED ); } From 264b115eb047dd2a3c06d14f25d3ddbd32408c77 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 9 Sep 2016 14:06:14 +1000 Subject: [PATCH 22/28] mbedtls: Move esp_config.h file to port directory --- components/mbedtls/{ => port}/include/mbedtls/esp_config.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) rename components/mbedtls/{ => port}/include/mbedtls/esp_config.h (99%) diff --git a/components/mbedtls/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h similarity index 99% rename from components/mbedtls/include/mbedtls/esp_config.h rename to components/mbedtls/port/include/mbedtls/esp_config.h index 6d52294b72..8ef44c00cb 100644 --- a/components/mbedtls/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -1,7 +1,6 @@ /** - * \file config.h * - * \brief Configuration options (set of defines) + * \brief Default mbedTLS configuration options for esp-idf * * This set of compile-time options may be used to enable * or disable features selectively, and reduce the global @@ -2518,6 +2517,6 @@ #include MBEDTLS_USER_CONFIG_FILE #endif -#include "check_config.h" +#include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ From 6f006c25fb5a2b83361c670faf0865aa2d3ee8f2 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 9 Sep 2016 14:07:45 +1000 Subject: [PATCH 23/28] json & expat: Update component.mk after merging from master --- components/expat/{Makefile => component.mk} | 2 +- components/json/{Makefile => component.mk} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename components/expat/{Makefile => component.mk} (91%) rename components/json/{Makefile => component.mk} (90%) diff --git a/components/expat/Makefile b/components/expat/component.mk similarity index 91% rename from components/expat/Makefile rename to components/expat/component.mk index 81990aa599..69595d7b27 100644 --- a/components/expat/Makefile +++ b/components/expat/component.mk @@ -12,4 +12,4 @@ COMPONENT_SRCDIRS := library port CFLAGS += -Wno-error=address -Waddress -DHAVE_EXPAT_CONFIG_H -include $(IDF_PATH)/make/component.mk +include $(IDF_PATH)/make/component_common.mk diff --git a/components/json/Makefile b/components/json/component.mk similarity index 90% rename from components/json/Makefile rename to components/json/component.mk index ebddafdd1c..311a902f99 100644 --- a/components/json/Makefile +++ b/components/json/component.mk @@ -10,4 +10,4 @@ COMPONENT_ADD_INCLUDEDIRS := include port/include COMPONENT_SRCDIRS := library port -include $(IDF_PATH)/make/component.mk +include $(IDF_PATH)/make/component_common.mk From eb47a25012ae66c09cc73f03211ec284dffdbdfc Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 9 Sep 2016 14:10:44 +1000 Subject: [PATCH 24/28] mbedtls: Revert changes to upstream library sources. This reverts part of commit 0f83831c743801960242525bc19ed15383e091e7. --- components/mbedtls/library/aes.c | 24 +++--------------------- components/mbedtls/library/sha1.c | 9 +++------ components/mbedtls/library/sha256.c | 9 +++------ components/mbedtls/library/sha512.c | 10 +++------- 4 files changed, 12 insertions(+), 40 deletions(-) diff --git a/components/mbedtls/library/aes.c b/components/mbedtls/library/aes.c index 6903585194..a186dee981 100644 --- a/components/mbedtls/library/aes.c +++ b/components/mbedtls/library/aes.c @@ -1237,8 +1237,9 @@ int mbedtls_aes_self_test( int verbose ) unsigned char stream_block[16]; #endif mbedtls_aes_context ctx; - - memset( key, 0, 32 ); + + memset( key, 0, 32 ); + mbedtls_aes_init( &ctx ); /* * ECB mode @@ -1254,8 +1255,6 @@ int mbedtls_aes_self_test( int verbose ) memset( buf, 0, 16 ); - mbedtls_aes_init( &ctx ); - if( v == MBEDTLS_AES_DECRYPT ) { mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 ); @@ -1268,7 +1267,6 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - mbedtls_aes_free( &ctx ); ret = 1; goto exit; } @@ -1285,8 +1283,6 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - mbedtls_aes_free( &ctx ); - ret = 1; goto exit; } @@ -1294,8 +1290,6 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); - - mbedtls_aes_free( &ctx ); } if( verbose != 0 ) @@ -1318,8 +1312,6 @@ int mbedtls_aes_self_test( int verbose ) memset( prv, 0, 16 ); memset( buf, 0, 16 ); - mbedtls_aes_init( &ctx ); - if( v == MBEDTLS_AES_DECRYPT ) { mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 ); @@ -1332,8 +1324,6 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - mbedtls_aes_free( &ctx ); - ret = 1; goto exit; } @@ -1358,8 +1348,6 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - mbedtls_aes_free( &ctx ); - ret = 1; goto exit; } @@ -1367,8 +1355,6 @@ int mbedtls_aes_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); - - mbedtls_aes_free( &ctx ); } if( verbose != 0 ) @@ -1391,8 +1377,6 @@ int mbedtls_aes_self_test( int verbose ) memcpy( iv, aes_test_cfb128_iv, 16 ); memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 ); - mbedtls_aes_init( &ctx ); - offset = 0; mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 ); @@ -1449,8 +1433,6 @@ int mbedtls_aes_self_test( int verbose ) memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); memcpy( key, aes_test_ctr_key[u], 16 ); - mbedtls_aes_init( &ctx ); - offset = 0; mbedtls_aes_setkey_enc( &ctx, key, 128 ); diff --git a/components/mbedtls/library/sha1.c b/components/mbedtls/library/sha1.c index 46ed34f943..2ccf2a2f52 100644 --- a/components/mbedtls/library/sha1.c +++ b/components/mbedtls/library/sha1.c @@ -396,13 +396,13 @@ int mbedtls_sha1_self_test( int verbose ) unsigned char sha1sum[20]; mbedtls_sha1_context ctx; + mbedtls_sha1_init( &ctx ); + /* * SHA-1 */ for( i = 0; i < 3; i++ ) { - mbedtls_sha1_init( &ctx ); - if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); @@ -426,22 +426,19 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - mbedtls_sha1_free( &ctx ); - ret = 1; goto exit; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); - - mbedtls_sha1_free( &ctx ); } if( verbose != 0 ) mbedtls_printf( "\n" ); exit: + mbedtls_sha1_free( &ctx ); return( ret ); } diff --git a/components/mbedtls/library/sha256.c b/components/mbedtls/library/sha256.c index cc6bd335df..4e82c0b793 100644 --- a/components/mbedtls/library/sha256.c +++ b/components/mbedtls/library/sha256.c @@ -393,13 +393,13 @@ int mbedtls_sha256_self_test( int verbose ) unsigned char sha256sum[32]; mbedtls_sha256_context ctx; + mbedtls_sha256_init( &ctx ); + for( i = 0; i < 6; i++ ) { j = i % 3; k = i < 3; - mbedtls_sha256_init( &ctx ); - if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); @@ -423,22 +423,19 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - mbedtls_sha256_free( &ctx ); - ret = 1; goto exit; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); - - mbedtls_sha256_free( &ctx ); } if( verbose != 0 ) mbedtls_printf( "\n" ); exit: + mbedtls_sha256_free( &ctx ); return( ret ); } diff --git a/components/mbedtls/library/sha512.c b/components/mbedtls/library/sha512.c index 245ede0eb2..0f9e1e5352 100644 --- a/components/mbedtls/library/sha512.c +++ b/components/mbedtls/library/sha512.c @@ -449,13 +449,13 @@ int mbedtls_sha512_self_test( int verbose ) unsigned char sha512sum[64]; mbedtls_sha512_context ctx; + mbedtls_sha512_init( &ctx ); + for( i = 0; i < 6; i++ ) { j = i % 3; k = i < 3; - mbedtls_sha512_init( &ctx ); - if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); @@ -479,23 +479,19 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - mbedtls_sha512_free( &ctx ); - ret = 1; goto exit; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); - - mbedtls_sha512_free( &ctx ); } if( verbose != 0 ) mbedtls_printf( "\n" ); exit: - + mbedtls_sha512_free( &ctx ); return( ret ); } From 46a9754b8ef6756ba2697b2a36910bd6b4d8ba12 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 9 Sep 2016 14:27:34 +1000 Subject: [PATCH 25/28] hwcrypto sha: Fix initialisation of SHA hardware in esp_shaX_start functions Problem exposed by previous commit. --- components/esp32/hwcrypto/sha.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/components/esp32/hwcrypto/sha.c b/components/esp32/hwcrypto/sha.c index 78ecbf7714..06b00c54ab 100644 --- a/components/esp32/hwcrypto/sha.c +++ b/components/esp32/hwcrypto/sha.c @@ -86,8 +86,9 @@ void esp_sha1_clone( esp_sha_context *dst, const esp_sha_context *src ) */ void esp_sha1_start( esp_sha_context *ctx ) { - esp_sha_acquire_hardware(); ctx->context_type = SHA1; + esp_sha_acquire_hardware(); + ets_sha_init(&ctx->context); } /* @@ -143,12 +144,11 @@ void esp_sha256_clone( esp_sha_context *dst, const esp_sha_context *src ) */ void esp_sha256_start( esp_sha_context *ctx, int is224 ) { - esp_sha_acquire_hardware(); - ets_sha_init(&ctx->context); - if ( is224 == 0 ) { /* SHA-256 */ ctx->context_type = SHA2_256; + esp_sha_acquire_hardware(); + ets_sha_init(&ctx->context); } else { /* SHA-224 is not supported! */ ctx->context_type = SHA_INVALID; @@ -160,7 +160,10 @@ void esp_sha256_start( esp_sha_context *ctx, int is224 ) */ void esp_sha256_update( esp_sha_context *ctx, const unsigned char *input, size_t ilen ) { - esp_sha_update(ctx, input, ilen, 64); + if( ctx->context_type == SHA2_256 ) { + esp_sha_update(ctx, input, ilen, 64); + } + /* SHA-224 is a no-op */ } /* @@ -170,12 +173,12 @@ void esp_sha256_finish( esp_sha_context *ctx, unsigned char output[32] ) { if ( ctx->context_type == SHA2_256 ) { ets_sha_finish(&ctx->context, ctx->context_type, output); + esp_sha_release_hardware(); } else { /* No hardware SHA-224 support, but mbedTLS API doesn't allow failure. For now, zero the output to make it clear it's not valid. */ bzero( output, 28 ); } - esp_sha_release_hardware(); } /* @@ -218,9 +221,6 @@ void esp_sha512_clone( esp_sha_context *dst, const esp_sha_context *src ) */ void esp_sha512_start( esp_sha_context *ctx, int is384 ) { - esp_sha_acquire_hardware(); - ets_sha_init(&ctx->context); - if ( is384 == 0 ) { /* SHA-512 */ ctx->context_type = SHA2_512; @@ -228,6 +228,8 @@ void esp_sha512_start( esp_sha_context *ctx, int is384 ) /* SHA-384 */ ctx->context_type = SHA2_384; } + esp_sha_acquire_hardware(); + ets_sha_init(&ctx->context); } /* From 126a68ca1ff31f6c3724c4150865aae27f90ee36 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Wed, 14 Sep 2016 17:51:27 +1000 Subject: [PATCH 26/28] mbedtls upstream tweak: Move mbedtls_sha512_process in sha512.h Function declaration should only be included if MBEDTLS_SHA512_ALT is not set. This matches sha1.h and sha256.h This change should be contributed back upstream to mbedTLS project. --- components/mbedtls/include/mbedtls/sha512.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/components/mbedtls/include/mbedtls/sha512.h b/components/mbedtls/include/mbedtls/sha512.h index 627694f425..12f4fab4f1 100644 --- a/components/mbedtls/include/mbedtls/sha512.h +++ b/components/mbedtls/include/mbedtls/sha512.h @@ -101,6 +101,9 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *in */ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ); +/* Internal use */ +void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); + #ifdef __cplusplus } #endif @@ -131,9 +134,6 @@ void mbedtls_sha512( const unsigned char *input, size_t ilen, */ int mbedtls_sha512_self_test( int verbose ); -/* Internal use */ -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); - #ifdef __cplusplus } #endif From f01cabf71d5f2a26c4bdd8a944e79b181f1761f5 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Wed, 14 Sep 2016 17:52:24 +1000 Subject: [PATCH 27/28] mbedtls hwcrypto sha512: Fix redirection of function names --- components/mbedtls/port/include/sha512_alt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h index c9f6bdc850..241f2be3b3 100644 --- a/components/mbedtls/port/include/sha512_alt.h +++ b/components/mbedtls/port/include/sha512_alt.h @@ -17,12 +17,12 @@ extern "C" { typedef esp_sha_context mbedtls_sha512_context; #define mbedtls_sha512_init esp_sha512_init -#define mbedtls_sha512_process esp_sha512_process #define mbedtls_sha512_clone esp_sha512_clone #define mbedtls_sha512_starts esp_sha512_start #define mbedtls_sha512_update esp_sha512_update #define mbedtls_sha512_finish esp_sha512_finish -#define mbedtls_sha512_free(...) +#define mbedtls_sha512_free esp_sha512_free +#define mbedtls_sha512_process(...) #endif From 67a26d52ac05826e0eaf6a69af9966b36c9beb4e Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Wed, 14 Sep 2016 17:52:39 +1000 Subject: [PATCH 28/28] mbedtls: Temporarily disable default hardware crypto SHA & bignum Due to limitations referenced in the comments of the changes. --- .../mbedtls/port/include/mbedtls/esp_config.h | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 8ef44c00cb..68be319c35 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -238,16 +238,21 @@ uncommenting each _ALT macro will use the hardware-accelerated implementation. */ #define MBEDTLS_AES_ALT -#define MBEDTLS_SHA1_ALT -#define MBEDTLS_SHA256_ALT -#define MBEDTLS_SHA512_ALT + +/* Currently hardware SHA does not work with TLS handshake, + due to concurrency issue. Internal TW#7111. */ +//#define MBEDTLS_SHA1_ALT +//#define MBEDTLS_SHA256_ALT +//#define MBEDTLS_SHA512_ALT /* The following MPI (bignum) functions have ESP32 hardware support, Uncommenting these macros will use the hardware-accelerated implementations. + + Disabled as number of limbs limited by bug. Internal TW#7112. */ -#define MBEDTLS_MPI_EXP_MOD_ALT -#define MBEDTLS_MPI_MUL_MPI_ALT +//#define MBEDTLS_MPI_EXP_MOD_ALT +//#define MBEDTLS_MPI_MUL_MPI_ALT /** * \def MBEDTLS_MD2_PROCESS_ALT