espressif/ESP8266_RTOS_SDK
1
0
Fork 0
mirror of https://github.com/espressif/ESP8266_RTOS_SDK.git synced 2025-07-15 08:32:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(mbedtls): mbedtls using SHA/AES of util component instead of its raw algorithm

Browse Source
This commit is contained in:
Dong Heng
2019-12-24 13:23:57 +08:00
parent a3537856b2
commit 297294c5b9
7 changed files with 58 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/libsodium/Kconfig
View File

@ -3,7 +3,6 @@ menu "libsodium"
config LIBSODIUM_USE_MBEDTLS_SHA config LIBSODIUM_USE_MBEDTLS_SHA
bool "Use mbedTLS SHA256 & SHA512 implementations" bool "Use mbedTLS SHA256 & SHA512 implementations"
default y default y
depends on !MBEDTLS_HARDWARE_SHA
help help
If this option is enabled, libsodium will use thin wrappers If this option is enabled, libsodium will use thin wrappers
around mbedTLS for SHA256 & SHA512 operations. around mbedTLS for SHA256 & SHA512 operations.

10
components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha256_mbedtls.c
View File

@ -16,15 +16,6 @@
#include "mbedtls/sha256.h" #include "mbedtls/sha256.h"
#include <string.h> #include <string.h>
#ifdef MBEDTLS_SHA256_ALT
/* Wrapper only works if the libsodium context structure can be mapped
directly to the mbedTLS context structure.
See extended comments in crypto_hash_sha512_mbedtls.c
*/
#error "This wrapper only support standard software mbedTLS SHA"
#endif
/* Sanity check that all the context fields have identical sizes /* Sanity check that all the context fields have identical sizes
(this should be more or less given from the SHA256 algorithm) (this should be more or less given from the SHA256 algorithm)
@ -55,7 +46,6 @@ static void sha256_libsodium_to_mbedtls(mbedtls_sha256_context *mb_ctx, crypto_h
memcpy(mb_ctx->total, &ls_state->count, sizeof(mb_ctx->total)); memcpy(mb_ctx->total, &ls_state->count, sizeof(mb_ctx->total));
memcpy(mb_ctx->state, ls_state->state, sizeof(mb_ctx->state)); memcpy(mb_ctx->state, ls_state->state, sizeof(mb_ctx->state));
memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer)); memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer));
mb_ctx->is224 = 0;
} }
int int

13
components/libsodium/port/crypto_hash_mbedtls/crypto_hash_sha512_mbedtls.c
View File

@ -16,18 +16,6 @@
#include "mbedtls/sha512.h" #include "mbedtls/sha512.h"
#include <string.h> #include <string.h>
#ifdef MBEDTLS_SHA512_ALT
/* Wrapper only works if the libsodium context structure can be mapped
directly to the mbedTLS context structure.
For ESP8266 hardware SHA, the problems are fitting all the data in
the libsodium state structure, and also that libsodium doesn't
have mbedtls_sha512_free() or mbedtls_sha512_clone() so we can't
manage the hardware state in a clean way.
*/
#error "This wrapper only support standard software mbedTLS SHA"
#endif
/* Sanity check that all the context fields have identical sizes /* Sanity check that all the context fields have identical sizes
(this should be more or less given from the SHA512 algorithm) (this should be more or less given from the SHA512 algorithm)
@ -59,7 +47,6 @@ static void sha512_libsodium_to_mbedtls(mbedtls_sha512_context *mb_ctx, crypto_h
memcpy(mb_ctx->total, ls_state->count, sizeof(mb_ctx->total)); memcpy(mb_ctx->total, ls_state->count, sizeof(mb_ctx->total));
memcpy(mb_ctx->state, ls_state->state, sizeof(mb_ctx->state)); memcpy(mb_ctx->state, ls_state->state, sizeof(mb_ctx->state));
memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer)); memcpy(mb_ctx->buffer, ls_state->buf, sizeof(mb_ctx->buffer));
mb_ctx->is384 = 0;
} }
int int

45
components/mbedtls/Kconfig
View File

@ -116,51 +116,6 @@ menu "mbedTLS"
default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG
default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE
config MBEDTLS_HARDWARE_AES
bool "Enable hardware AES acceleration"
default y
help
Enable hardware accelerated AES encryption & decryption.
Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
offer any speed boost over software AES.
config MBEDTLS_HARDWARE_MPI
bool "Enable hardware MPI (bignum) acceleration"
default n
help
Enable hardware accelerated multiple precision integer operations.
Hardware accelerated multiplication, modulo multiplication,
and modular exponentiation for up to 4096 bit results.
These operations are used by RSA.
config MBEDTLS_MPI_USE_INTERRUPT
bool "Use interrupt for MPI operations"
depends on MBEDTLS_HARDWARE_MPI
default n
help
Use an interrupt to coordinate MPI operations.
This allows other code to run on the CPU while an MPI operation is pending.
Otherwise the CPU busy-waits.
config MBEDTLS_HARDWARE_SHA
bool "Enable hardware SHA acceleration"
default y
help
Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
Due to a hardware limitation, hardware acceleration is only
guaranteed if SHA digests are calculated one at a time. If more
than one SHA digest is calculated at the same time, one will
be calculated fully in hardware and the rest will be calculated
(at least partially calculated) in software. This happens automatically.
SHA hardware acceleration is faster than software in some situations but
slower in others. You should benchmark to find the best setting for you.
config MBEDTLS_HAVE_TIME config MBEDTLS_HAVE_TIME
bool "Enable mbedtls time" bool "Enable mbedtls time"
depends on !ESP32_TIME_SYSCALL_USE_NONE depends on !ESP32_TIME_SYSCALL_USE_NONE

19
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@ -108,40 +108,21 @@
* within the modules that are enabled. * within the modules that are enabled.
* \{ * \{
*/ */
/* The following units have ESP32 hardware support,
uncommenting each _ALT macro will use the
hardware-accelerated implementation. */
#ifdef CONFIG_MBEDTLS_HARDWARE_AES
#define MBEDTLS_AES_ALT #define MBEDTLS_AES_ALT
#else
#undef MBEDTLS_AES_ALT
#endif
/* MBEDTLS_SHAxx_ALT to enable hardware SHA support /* MBEDTLS_SHAxx_ALT to enable hardware SHA support
with software fallback. with software fallback.
*/ */
#ifdef CONFIG_MBEDTLS_HARDWARE_SHA
#define MBEDTLS_SHA1_ALT #define MBEDTLS_SHA1_ALT
#define MBEDTLS_SHA256_ALT #define MBEDTLS_SHA256_ALT
#define MBEDTLS_SHA512_ALT #define MBEDTLS_SHA512_ALT
#else
#undef MBEDTLS_SHA1_ALT
#undef MBEDTLS_SHA256_ALT
#undef MBEDTLS_SHA512_ALT
#endif
/* The following MPI (bignum) functions have ESP32 hardware support, /* The following MPI (bignum) functions have ESP32 hardware support,
Uncommenting these macros will use the hardware-accelerated Uncommenting these macros will use the hardware-accelerated
implementations. implementations.
*/ */
#ifdef CONFIG_MBEDTLS_HARDWARE_MPI
#define MBEDTLS_MPI_EXP_MOD_ALT
#define MBEDTLS_MPI_MUL_MPI_ALT
#else
#undef MBEDTLS_MPI_EXP_MOD_ALT #undef MBEDTLS_MPI_EXP_MOD_ALT
#undef MBEDTLS_MPI_MUL_MPI_ALT #undef MBEDTLS_MPI_MUL_MPI_ALT
#endif
/** /**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT * \def MBEDTLS_ENTROPY_HARDWARE_ALT

5
components/util/include/esp_sha.h
View File

@ -28,10 +28,9 @@ typedef struct {
} esp_sha1_t; } esp_sha1_t;
typedef struct { typedef struct {
uint64_t length; uint32_t total[2];
uint32_t curlen;
uint32_t state[8]; uint32_t state[8];
uint8_t buf[64]; uint8_t buffer[64];
} esp_sha256_t; } esp_sha256_t;
typedef struct { typedef struct {

103
components/util/src/sha256.c
View File

@ -79,7 +79,7 @@ static const uint32_t K[64] = {
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
}; };
static void esp_sha256_transform(esp_sha256_t *ctx, uint8_t *buf) static void esp_sha256_transform(esp_sha256_t *ctx, const uint8_t *buf)
{ {
uint32_t S[8], W[64], t0, t1; uint32_t S[8], W[64], t0, t1;
uint32_t t; uint32_t t;
@ -108,8 +108,8 @@ int esp_sha256_init(esp_sha256_t *ctx)
{ {
util_assert(ctx); util_assert(ctx);
ctx->curlen = 0; ctx->total[0] = 0;
ctx->length = 0; ctx->total[1] = 0;
ctx->state[0] = 0x6A09E667UL; ctx->state[0] = 0x6A09E667UL;
ctx->state[1] = 0xBB67AE85UL; ctx->state[1] = 0xBB67AE85UL;
@ -127,8 +127,8 @@ int esp_sha224_init(esp_sha224_t *ctx)
{ {
util_assert(ctx); util_assert(ctx);
ctx->curlen = 0; ctx->total[0] = 0;
ctx->length = 0; ctx->total[1] = 0;
ctx->state[0] = 0xC1059ED8; ctx->state[0] = 0xC1059ED8;
ctx->state[1] = 0x367CD507; ctx->state[1] = 0x367CD507;
@ -144,39 +144,43 @@ int esp_sha224_init(esp_sha224_t *ctx)
int esp_sha256_update(esp_sha256_t *ctx, const void *src, size_t size) int esp_sha256_update(esp_sha256_t *ctx, const void *src, size_t size)
{ {
const uint8_t *in = (const uint8_t *)src; size_t fill;
uint32_t n; uint32_t left;
const uint8_t *input = (const uint8_t *)src;
util_assert(ctx); util_assert(ctx);
util_assert(src); util_assert(src);
util_assert(size); util_assert(size);
if (ctx->curlen >= sizeof(ctx->buf)) left = ctx->total[0] & 0x3F;
return -1; fill = 64 - left;
while (size > 0) { ctx->total[0] += size;
if (ctx->curlen == 0 && size >= 64) { ctx->total[0] &= 0xFFFFFFFF;
esp_sha256_transform(ctx, (uint8_t *) in);
ctx->length += 64 * 8;
in += 64;
size -= 64;
} else {
n = MIN(size, (64 - ctx->curlen));
memcpy(ctx->buf + ctx->curlen, in, n);
ctx->curlen += n;
in += n;
size -= n;
if (ctx->curlen == 64) { if (ctx->total[0] < size)
esp_sha256_transform(ctx, ctx->buf); ctx->total[1]++;
ctx->length += 8 * 64; if (left && size >= fill) {
ctx->curlen = 0; memcpy(ctx->buffer + left, input, fill);
}
} esp_sha256_transform(ctx, ctx->buffer);
input += fill;
size -= fill;
left = 0;
} }
while (size >= 64) {
esp_sha256_transform(ctx, input);
input += 64;
size -= 64;
}
if (size > 0)
memcpy(ctx->buffer + left, input, size);
return 0; return 0;
} }
@ -191,37 +195,42 @@ int esp_sha224_update(esp_sha224_t *ctx, const void *src, size_t size)
int esp_sha224_finish(esp_sha224_t *ctx, void *dest) int esp_sha224_finish(esp_sha224_t *ctx, void *dest)
{ {
int i; uint32_t used;
uint32_t high, low;
uint8_t *out = (uint8_t *)dest; uint8_t *out = (uint8_t *)dest;
util_assert(ctx); util_assert(ctx);
util_assert(dest); util_assert(dest);
if (ctx->curlen >= sizeof(ctx->buf)) used = ctx->total[0] & 0x3F;
return -1;
ctx->length += ctx->curlen * 8; ctx->buffer[used++] = 0x80;
ctx->buf[ctx->curlen++] = 0x80; if (used <= 56) {
memset(ctx->buffer + used, 0, 56 - used);
if (ctx->curlen > 56) { } else {
while (ctx->curlen < 64) memset(ctx->buffer + used, 0, 64 - used);
ctx->buf[ctx->curlen++] = 0; esp_sha256_transform(ctx, ctx->buffer);
memset(ctx->buffer, 0, 56);
esp_sha256_transform(ctx, ctx->buf);
ctx->curlen = 0;
} }
while (ctx->curlen < 56) high = (ctx->total[0] >> 29) | (ctx->total[1] << 3);
ctx->buf[ctx->curlen++] = 0; low = (ctx->total[0] << 3);
ESP_PUT_BE64(ctx->buf + 56, ctx->length); ESP_PUT_BE32(ctx->buffer + 56, high);
esp_sha256_transform(ctx, ctx->buf); ESP_PUT_BE32(ctx->buffer + 60, low);
for (i = 0; i < 7; i++) esp_sha256_transform(ctx, ctx->buffer);
ESP_PUT_BE32(out + (4 * i), ctx->state[i]);
return 0; ESP_PUT_BE32(out + 0, ctx->state[0]);
ESP_PUT_BE32(out + 4, ctx->state[1]);
ESP_PUT_BE32(out + 8, ctx->state[2]);
ESP_PUT_BE32(out + 12, ctx->state[3]);
ESP_PUT_BE32(out + 16, ctx->state[4]);
ESP_PUT_BE32(out + 20, ctx->state[5]);
ESP_PUT_BE32(out + 24, ctx->state[6]);
return( 0 );
} }
int esp_sha256_finish(esp_sha256_t *ctx, void *dest) int esp_sha256_finish(esp_sha256_t *ctx, void *dest)