diff --git a/components/aws_iot/CMakeLists.txt b/components/aws_iot/CMakeLists.txt index b6c19800..8cb0d519 100644 --- a/components/aws_iot/CMakeLists.txt +++ b/components/aws_iot/CMakeLists.txt @@ -5,7 +5,7 @@ else() message(STATUS "Building empty aws_iot component due to configuration") endif() -set(COMPONENT_REQUIRES ssl) +set(COMPONENT_REQUIRES mbedtls) set(COMPONENT_PRIV_REQUIRES jsmn esp-tls) register_component() diff --git a/components/bootloader_support/CMakeLists.txt b/components/bootloader_support/CMakeLists.txt index 4e5cac76..eb10a5f3 100644 --- a/components/bootloader_support/CMakeLists.txt +++ b/components/bootloader_support/CMakeLists.txt @@ -8,7 +8,7 @@ else() set(COMPONENT_ADD_INCLUDEDIRS "include") set(COMPONENT_PRIV_INCLUDEDIRS "include_priv") set(COMPONENT_REQUIRES) - set(COMPONENT_PRIV_REQUIRES spi_flash util ssl) + set(COMPONENT_PRIV_REQUIRES spi_flash util mbedtls) endif() register_component() diff --git a/components/esp-tls/CMakeLists.txt b/components/esp-tls/CMakeLists.txt index 89c172bc..abb37239 100644 --- a/components/esp-tls/CMakeLists.txt +++ b/components/esp-tls/CMakeLists.txt @@ -1,7 +1,7 @@ set(COMPONENT_SRCS "esp_tls.c") set(COMPONENT_ADD_INCLUDEDIRS ".") -set(COMPONENT_REQUIRES ssl) +set(COMPONENT_REQUIRES mbedtls) set(COMPONENT_PRIV_REQUIRES lwip http_parser) register_component() diff --git a/components/esp8266/CMakeLists.txt b/components/esp8266/CMakeLists.txt index 0679138a..88de46d8 100644 --- a/components/esp8266/CMakeLists.txt +++ b/components/esp8266/CMakeLists.txt @@ -38,6 +38,7 @@ else() "source/system_api.c" "source/task_wdt.c" "source/rom.c" + "source/hw_random.c" "driver/adc.c" "driver/gpio.c" "driver/hw_timer.c" diff --git a/components/esp8266/include/esp_system.h b/components/esp8266/include/esp_system.h index 30c78033..ad4af4d8 100644 --- a/components/esp8266/include/esp_system.h +++ b/components/esp8266/include/esp_system.h @@ -183,6 +183,16 @@ uint32_t esp_get_minimum_free_heap_size( void ); */ uint32_t esp_random(void); +/** + * @brief Fill a buffer with random bytes from hardware RNG + * + * @note This function has the same restrictions regarding available entropy as esp_random() + * + * @param buf Pointer to buffer to fill with random numbers. + * @param len Length of buffer in bytes + */ +void esp_fill_random(void *buf, size_t len); + typedef enum { FLASH_SIZE_4M_MAP_256_256 = 0, /**< Flash size : 4Mbits. Map : 256KBytes + 256KBytes */ FLASH_SIZE_2M, /**< Flash size : 2Mbits. Map : 256KBytes */ diff --git a/components/esp8266/source/hw_random.c b/components/esp8266/source/hw_random.c new file mode 100644 index 00000000..5931e0a0 --- /dev/null +++ b/components/esp8266/source/hw_random.c @@ -0,0 +1,33 @@ +// Copyright 2019-2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +#include +#include +#include +#include +#include "esp_system.h" + +void esp_fill_random(void *buf, size_t len) +{ + assert(buf != NULL); + uint8_t *buf_bytes = (uint8_t *)buf; + while (len > 0) { + uint32_t word = esp_random(); + uint32_t to_copy = MIN(sizeof(word), len); + memcpy(buf_bytes, &word, to_copy); + buf_bytes += to_copy; + len -= to_copy; + } +} diff --git a/components/esp_http_client/CMakeLists.txt b/components/esp_http_client/CMakeLists.txt index e1ec658c..29861fdb 100644 --- a/components/esp_http_client/CMakeLists.txt +++ b/components/esp_http_client/CMakeLists.txt @@ -6,6 +6,6 @@ set(COMPONENT_ADD_INCLUDEDIRS "include") set(COMPONENT_PRIV_INCLUDEDIRS "lib/include") set(COMPONENT_REQUIRES "http_parser") -set(COMPONENT_PRIV_REQUIRES "ssl" "lwip" "esp-tls" "tcp_transport" "tcpip_adapter") +set(COMPONENT_PRIV_REQUIRES "mbedtls" "lwip" "esp-tls" "tcp_transport" "tcpip_adapter") register_component() diff --git a/components/heap/include/esp_heap_caps.h b/components/heap/include/esp_heap_caps.h index 144363fe..fb0623ec 100644 --- a/components/heap/include/esp_heap_caps.h +++ b/components/heap/include/esp_heap_caps.h @@ -34,6 +34,8 @@ extern "C" { #define MALLOC_CAP_32BIT (1 << 1) ///< Memory must allow for aligned 32-bit data accesses #define MALLOC_CAP_8BIT (1 << 2) ///< Memory must allow for 8-bit data accesses #define MALLOC_CAP_DMA (1 << 3) ///< Memory must be able to accessed by DMA +#define MALLOC_CAP_INTERNAL (1 << 11) ///< Just for code compatibility +#define MALLOC_CAP_SPIRAM (1 << 10) ///< Just for code compatibility #define MEM_HEAD_SIZE sizeof(mem_blk_t) ///< Size of first type memory block #define MEM2_HEAD_SIZE sizeof(mem2_blk_t) ///< Size of second type memory block diff --git a/components/libsodium/CMakeLists.txt b/components/libsodium/CMakeLists.txt index 17b9ebef..2c876852 100644 --- a/components/libsodium/CMakeLists.txt +++ b/components/libsodium/CMakeLists.txt @@ -1,6 +1,6 @@ set(SRC libsodium/src/libsodium) -set(COMPONENT_REQUIRES "ssl") +set(COMPONENT_REQUIRES "mbedtls") set(COMPONENT_SRCDIRS port diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index a2d08230..20133bea 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -1,12 +1,12 @@ -idf_component_register(INCLUDE_DIRS "port/include" "mbedtls/include" - REQUIRES lwip) +idf_component_register(INCLUDE_DIRS "port/include" "port/esp8266/include" "mbedtls/include" + REQUIRES lwip util) # Only build mbedtls libraries set(ENABLE_TESTING CACHE BOOL OFF) set(ENABLE_PROGRAMS CACHE BOOL OFF) # Needed to for include_next includes to work from within mbedtls -include_directories("${COMPONENT_DIR}/port/include") +include_directories("${COMPONENT_DIR}/port/include" "${COMPONENT_DIR}/port/esp8266/include") # Import mbedtls library targets add_subdirectory(mbedtls) @@ -22,19 +22,16 @@ set(mbedtls_targets mbedtls mbedcrypto mbedx509) target_sources(mbedtls PRIVATE "${COMPONENT_DIR}/port/mbedtls_debug.c" "${COMPONENT_DIR}/port/net_sockets.c") -target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_bignum.c" - "${COMPONENT_DIR}/port/esp_hardware.c" - "${COMPONENT_DIR}/port/esp_mem.c" - "${COMPONENT_DIR}/port/esp_sha.c" - "${COMPONENT_DIR}/port/esp_sha1.c" - "${COMPONENT_DIR}/port/esp_sha256.c" - "${COMPONENT_DIR}/port/esp_sha512.c" - "${COMPONENT_DIR}/port/esp_timing.c" - "${COMPONENT_DIR}/port/esp32/aes.c" - "${COMPONENT_DIR}/port/esp32/sha.c") +target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c" + "${COMPONENT_DIR}/port/esp_mem.c" + "${COMPONENT_DIR}/port/esp_timing.c" + "${COMPONENT_DIR}/port/esp8266/aes.c" + "${COMPONENT_DIR}/port/esp8266/sha1.c" + "${COMPONENT_DIR}/port/esp8266/sha256.c" + "${COMPONENT_DIR}/port/esp8266/sha512.c") foreach(target ${mbedtls_targets}) - target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h") + target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DCONFIG_SSL_USING_MBEDTLS) endforeach() # Link mbedtls libraries to component library diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index a9e7983b..a1c396cf 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -148,7 +148,7 @@ menu "mbedTLS" config MBEDTLS_HARDWARE_SHA bool "Enable hardware SHA acceleration" - default n + default y help Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS. diff --git a/components/mbedtls/component.mk b/components/mbedtls/component.mk index 09ce80c9..e6551fb6 100644 --- a/components/mbedtls/component.mk +++ b/components/mbedtls/component.mk @@ -2,9 +2,9 @@ # Component Makefile # -COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include +COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include port/esp8266/include -COMPONENT_SRCDIRS := mbedtls/library port port/esp32 +COMPONENT_SRCDIRS := mbedtls/library port port/esp8266 COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o diff --git a/components/mbedtls/port/esp32/aes.c b/components/mbedtls/port/esp32/aes.c deleted file mode 100644 index db8f1bf5..00000000 --- a/components/mbedtls/port/esp32/aes.c +++ /dev/null @@ -1,768 +0,0 @@ -/** - * \brief AES block cipher, ESP32 hardware accelerated version - * Based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. - * - * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf - * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf - */ -#include -#include "mbedtls/aes.h" -#include "mbedtls/platform_util.h" -#include "esp32/aes.h" -#include "soc/hwcrypto_periph.h" -#include - -#include - -#include "soc/cpu.h" -#include -#include "driver/periph_ctrl.h" - - -/* AES uses a spinlock mux not a lock as the underlying block operation - only takes 208 cycles (to write key & compute block), +600 cycles - for DPORT protection but +3400 cycles again if you use a full sized lock. - - For CBC, CFB, etc. this may mean that interrupts are disabled for a longer - period of time for bigger lengths. However at the moment this has to happen - anyway due to DPORT protection... -*/ -static portMUX_TYPE aes_spinlock = portMUX_INITIALIZER_UNLOCKED; - -static inline bool valid_key_length(const esp_aes_context *ctx) -{ - return ctx->key_bytes == 128/8 || ctx->key_bytes == 192/8 || ctx->key_bytes == 256/8; -} - -void esp_aes_acquire_hardware( void ) -{ - portENTER_CRITICAL(&aes_spinlock); - - /* Enable AES hardware */ - periph_module_enable(PERIPH_AES_MODULE); -} - -void esp_aes_release_hardware( void ) -{ - /* Disable AES hardware */ - periph_module_disable(PERIPH_AES_MODULE); - - portEXIT_CRITICAL(&aes_spinlock); -} - -void esp_aes_init( esp_aes_context *ctx ) -{ - bzero( ctx, sizeof( esp_aes_context ) ); -} - -void esp_aes_free( esp_aes_context *ctx ) -{ - if ( ctx == NULL ) { - return; - } - - bzero( ctx, sizeof( esp_aes_context ) ); -} - - - -/* - * AES key schedule (same for encryption or decryption, as hardware handles schedule) - * - */ -int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, - unsigned int keybits ) -{ - if (keybits != 128 && keybits != 192 && keybits != 256) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - ctx->key_bytes = keybits / 8; - memcpy(ctx->key, key, ctx->key_bytes); - ctx->key_in_hardware = 0; - return 0; -} - -/* - * Helper function to copy key from esp_aes_context buffer - * to hardware key registers. - * - * Call only while holding esp_aes_acquire_hardware(). - */ -static void esp_aes_setkey_hardware(esp_aes_context *ctx, int mode) -{ - const uint32_t MODE_DECRYPT_BIT = 4; - unsigned mode_reg_base = (mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT; - - ctx->key_in_hardware = 0; - - for (int i = 0; i < ctx->key_bytes/4; ++i) { - DPORT_REG_WRITE(AES_KEY_BASE + i * 4, *(((uint32_t *)ctx->key) + i)); - ctx->key_in_hardware += 4; - } - - DPORT_REG_WRITE(AES_MODE_REG, mode_reg_base + ((ctx->key_bytes / 8) - 2)); - - /* Fault injection check: all words of key data should have been written to hardware */ - if (ctx->key_in_hardware < 16 - || ctx->key_in_hardware != ctx->key_bytes) { - abort(); - } -} - -/* Run a single 16 byte block of AES, using the hardware engine. - * - * Call only while holding esp_aes_acquire_hardware(). - */ -static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output) -{ - const uint32_t *input_words = (const uint32_t *)input; - uint32_t i0, i1, i2, i3; - uint32_t *output_words = (uint32_t *)output; - - /* If no key is written to hardware yet, either the user hasn't called - mbedtls_aes_setkey_enc/mbedtls_aes_setkey_dec - meaning we also don't - know which mode to use - or a fault skipped the - key write to hardware. Treat this as a fatal error and zero the output block. - */ - if (ctx->key_in_hardware != ctx->key_bytes) { - bzero(output, 16); - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - } - - /* Storing i0,i1,i2,i3 in registers not an array - helps a lot with optimisations at -Os level */ - i0 = input_words[0]; - DPORT_REG_WRITE(AES_TEXT_BASE, i0); - - i1 = input_words[1]; - DPORT_REG_WRITE(AES_TEXT_BASE + 4, i1); - - i2 = input_words[2]; - DPORT_REG_WRITE(AES_TEXT_BASE + 8, i2); - - i3 = input_words[3]; - DPORT_REG_WRITE(AES_TEXT_BASE + 12, i3); - - DPORT_REG_WRITE(AES_START_REG, 1); - - while (DPORT_REG_READ(AES_IDLE_REG) != 1) { } - - esp_dport_access_read_buffer(output_words, AES_TEXT_BASE, 4); - - /* Physical security check: Verify the AES accelerator actually ran, and wasn't - skipped due to external fault injection while starting the peripheral. - - Note that i0,i1,i2,i3 are copied from input buffer in case input==output. - - Bypassing this check requires at least one additional fault. - */ - if(i0 == output_words[0] && i1 == output_words[1] && i2 == output_words[2] && i3 == output_words[3]) { - // calling zeroing functions to narrow the - // window for a double-fault of the abort step, here - memset(output, 0, 16); - mbedtls_platform_zeroize(output, 16); - abort(); - } - - return 0; -} - -/* - * AES-ECB block encryption - */ -int esp_internal_aes_encrypt( esp_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - int r; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - r = esp_aes_block(ctx, input, output); - esp_aes_release_hardware(); - return r; -} - -void esp_aes_encrypt( esp_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - esp_internal_aes_encrypt(ctx, input, output); -} - -/* - * AES-ECB block decryption - */ - -int esp_internal_aes_decrypt( esp_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - int r; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - esp_aes_setkey_hardware(ctx, ESP_AES_DECRYPT); - r = esp_aes_block(ctx, input, output); - esp_aes_release_hardware(); - return r; -} - -void esp_aes_decrypt( esp_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - esp_internal_aes_decrypt(ctx, input, output); -} - -/* - * AES-ECB block encryption/decryption - */ -int esp_aes_crypt_ecb( esp_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) -{ - int r; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - esp_aes_setkey_hardware(ctx, mode); - r = esp_aes_block(ctx, input, output); - esp_aes_release_hardware(); - - return r; -} - - -/* - * AES-CBC buffer encryption/decryption - */ -int esp_aes_crypt_cbc( esp_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - int i; - uint32_t *output_words = (uint32_t *)output; - const uint32_t *input_words = (const uint32_t *)input; - uint32_t *iv_words = (uint32_t *)iv; - unsigned char temp[16]; - - if ( length % 16 ) { - return ( ERR_ESP_AES_INVALID_INPUT_LENGTH ); - } - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - - esp_aes_setkey_hardware(ctx, mode); - - if ( mode == ESP_AES_DECRYPT ) { - while ( length > 0 ) { - memcpy(temp, input_words, 16); - esp_aes_block(ctx, input_words, output_words); - - for ( i = 0; i < 4; i++ ) { - output_words[i] = output_words[i] ^ iv_words[i]; - } - - memcpy( iv_words, temp, 16 ); - - input_words += 4; - output_words += 4; - length -= 16; - } - } else { // ESP_AES_ENCRYPT - while ( length > 0 ) { - - for ( i = 0; i < 4; i++ ) { - output_words[i] = input_words[i] ^ iv_words[i]; - } - - esp_aes_block(ctx, output_words, output_words); - memcpy( iv_words, output_words, 16 ); - - input_words += 4; - output_words += 4; - length -= 16; - } - } - - esp_aes_release_hardware(); - - return 0; -} - -/* - * AES-CFB128 buffer encryption/decryption - */ -int esp_aes_crypt_cfb128( esp_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - int c; - size_t n = *iv_off; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - - if ( mode == ESP_AES_DECRYPT ) { - while ( length-- ) { - if ( n == 0 ) { - esp_aes_block(ctx, iv, iv); - } - - c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); - iv[n] = (unsigned char) c; - - n = ( n + 1 ) & 0x0F; - } - } else { - while ( length-- ) { - if ( n == 0 ) { - esp_aes_block(ctx, iv, iv); - } - - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); - - n = ( n + 1 ) & 0x0F; - } - } - - *iv_off = n; - - esp_aes_release_hardware(); - - return 0; -} - -/* - * AES-CFB8 buffer encryption/decryption - */ -int esp_aes_crypt_cfb8( esp_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - unsigned char c; - unsigned char ov[17]; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - - while ( length-- ) { - memcpy( ov, iv, 16 ); - esp_aes_block(ctx, iv, iv); - - if ( mode == ESP_AES_DECRYPT ) { - ov[16] = *input; - } - - c = *output++ = (unsigned char)( iv[0] ^ *input++ ); - - if ( mode == ESP_AES_ENCRYPT ) { - ov[16] = c; - } - - memcpy( iv, ov + 1, 16 ); - } - - esp_aes_release_hardware(); - - return 0; -} - -/* - * AES-CTR buffer encryption/decryption - */ -int esp_aes_crypt_ctr( esp_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) -{ - int c, i; - size_t n = *nc_off; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - - while ( length-- ) { - if ( n == 0 ) { - esp_aes_block(ctx, nonce_counter, stream_block); - - for ( i = 16; i > 0; i-- ) - if ( ++nonce_counter[i - 1] != 0 ) { - break; - } - } - c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); - - n = ( n + 1 ) & 0x0F; - } - - *nc_off = n; - - esp_aes_release_hardware(); - - return 0; -} - -/* - * AES-OFB (Output Feedback Mode) buffer encryption/decryption - */ -int esp_aes_crypt_ofb( esp_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - int ret = 0; - size_t n; - - if ( ctx == NULL || iv_off == NULL || iv == NULL || - input == NULL || output == NULL ) { - return MBEDTLS_ERR_AES_BAD_INPUT_DATA; - } - - n = *iv_off; - - if( n > 15 ) { - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); - } - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - - while( length-- ) { - if( n == 0 ) { - esp_aes_block(ctx, iv, iv); - } - *output++ = *input++ ^ iv[n]; - - n = ( n + 1 ) & 0x0F; - } - - *iv_off = n; - - esp_aes_release_hardware(); - - return( ret ); -} - -/* Below XTS implementation is copied aes.c of mbedtls library. - * When MBEDTLS_AES_ALT is defined mbedtls expects alternate - * definition of XTS functions to be available. Even if this - * could have been avoided, it is done for consistency reason. - */ - -void esp_aes_xts_init( esp_aes_xts_context *ctx ) -{ - esp_aes_init( &ctx->crypt ); - esp_aes_init( &ctx->tweak ); -} - -void esp_aes_xts_free( esp_aes_xts_context *ctx ) -{ - esp_aes_free( &ctx->crypt ); - esp_aes_free( &ctx->tweak ); -} - -static int esp_aes_xts_decode_keys( const unsigned char *key, - unsigned int keybits, - const unsigned char **key1, - unsigned int *key1bits, - const unsigned char **key2, - unsigned int *key2bits ) -{ - const unsigned int half_keybits = keybits / 2; - const unsigned int half_keybytes = half_keybits / 8; - - switch( keybits ) - { - case 256: break; - case 512: break; - default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); - } - - *key1bits = half_keybits; - *key2bits = half_keybits; - *key1 = &key[0]; - *key2 = &key[half_keybytes]; - - return 0; -} - -int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ - int ret; - const unsigned char *key1, *key2; - unsigned int key1bits, key2bits; - - ret = esp_aes_xts_decode_keys( key, keybits, &key1, &key1bits, - &key2, &key2bits ); - if( ret != 0 ) - return( ret ); - - /* Set the tweak key. Always set tweak key for the encryption mode. */ - ret = esp_aes_setkey( &ctx->tweak, key2, key2bits ); - if( ret != 0 ) - return( ret ); - - /* Set crypt key for encryption. */ - return esp_aes_setkey( &ctx->crypt, key1, key1bits ); -} - -int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ - int ret; - const unsigned char *key1, *key2; - unsigned int key1bits, key2bits; - - ret = esp_aes_xts_decode_keys( key, keybits, &key1, &key1bits, - &key2, &key2bits ); - if( ret != 0 ) - return( ret ); - - /* Set the tweak key. Always set tweak key for encryption. */ - ret = esp_aes_setkey( &ctx->tweak, key2, key2bits ); - if( ret != 0 ) - return( ret ); - - /* Set crypt key for decryption. */ - return esp_aes_setkey( &ctx->crypt, key1, key1bits ); -} - -/* Endianess with 64 bits values */ -#ifndef GET_UINT64_LE -#define GET_UINT64_LE(n,b,i) \ -{ \ - (n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \ - | ( (uint64_t) (b)[(i) + 6] << 48 ) \ - | ( (uint64_t) (b)[(i) + 5] << 40 ) \ - | ( (uint64_t) (b)[(i) + 4] << 32 ) \ - | ( (uint64_t) (b)[(i) + 3] << 24 ) \ - | ( (uint64_t) (b)[(i) + 2] << 16 ) \ - | ( (uint64_t) (b)[(i) + 1] << 8 ) \ - | ( (uint64_t) (b)[(i) ] ); \ -} -#endif - -#ifndef PUT_UINT64_LE -#define PUT_UINT64_LE(n,b,i) \ -{ \ - (b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) ] = (unsigned char) ( (n) ); \ -} -#endif - -typedef unsigned char esp_be128[16]; - -/* - * GF(2^128) multiplication function - * - * This function multiplies a field element by x in the polynomial field - * representation. It uses 64-bit word operations to gain speed but compensates - * for machine endianess and hence works correctly on both big and little - * endian machines. - */ -static void esp_gf128mul_x_ble( unsigned char r[16], - const unsigned char x[16] ) -{ - uint64_t a, b, ra, rb; - - GET_UINT64_LE( a, x, 0 ); - GET_UINT64_LE( b, x, 8 ); - - ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) ); - rb = ( a >> 63 ) | ( b << 1 ); - - PUT_UINT64_LE( ra, r, 0 ); - PUT_UINT64_LE( rb, r, 8 ); -} - -/* - * AES-XTS buffer encryption/decryption - */ -int esp_aes_crypt_xts( esp_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ) -{ - int ret; - size_t blocks = length / 16; - size_t leftover = length % 16; - unsigned char tweak[16]; - unsigned char prev_tweak[16]; - unsigned char tmp[16]; - - /* Sectors must be at least 16 bytes. */ - if( length < 16 ) - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - - /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */ - if( length > ( 1 << 20 ) * 16 ) - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - - /* Compute the tweak. */ - ret = esp_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, - data_unit, tweak ); - if( ret != 0 ) - return( ret ); - - while( blocks-- ) - { - size_t i; - - if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 ) - { - /* We are on the last block in a decrypt operation that has - * leftover bytes, so we need to use the next tweak for this block, - * and this tweak for the lefover bytes. Save the current tweak for - * the leftovers and then update the current tweak for use on this, - * the last full block. */ - memcpy( prev_tweak, tweak, sizeof( tweak ) ); - esp_gf128mul_x_ble( tweak, tweak ); - } - - for( i = 0; i < 16; i++ ) - tmp[i] = input[i] ^ tweak[i]; - - ret = esp_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); - if( ret != 0 ) - return( ret ); - - for( i = 0; i < 16; i++ ) - output[i] = tmp[i] ^ tweak[i]; - - /* Update the tweak for the next block. */ - esp_gf128mul_x_ble( tweak, tweak ); - - output += 16; - input += 16; - } - - if( leftover ) - { - /* If we are on the leftover bytes in a decrypt operation, we need to - * use the previous tweak for these bytes (as saved in prev_tweak). */ - unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak; - - /* We are now on the final part of the data unit, which doesn't divide - * evenly by 16. It's time for ciphertext stealing. */ - size_t i; - unsigned char *prev_output = output - 16; - - /* Copy ciphertext bytes from the previous block to our output for each - * byte of cyphertext we won't steal. At the same time, copy the - * remainder of the input for this final round (since the loop bounds - * are the same). */ - for( i = 0; i < leftover; i++ ) - { - output[i] = prev_output[i]; - tmp[i] = input[i] ^ t[i]; - } - - /* Copy ciphertext bytes from the previous block for input in this - * round. */ - for( ; i < 16; i++ ) - tmp[i] = prev_output[i] ^ t[i]; - - ret = esp_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); - if( ret != 0 ) - return ret; - - /* Write the result back to the previous block, overriding the previous - * output we copied. */ - for( i = 0; i < 16; i++ ) - prev_output[i] = tmp[i] ^ t[i]; - } - - return( 0 ); -} diff --git a/components/mbedtls/port/esp32/sha.c b/components/mbedtls/port/esp32/sha.c deleted file mode 100644 index 35c52eee..00000000 --- a/components/mbedtls/port/esp32/sha.c +++ /dev/null @@ -1,314 +0,0 @@ -/* - * ESP32 hardware accelerated SHA1/256/512 implementation - * based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The SHA-1 standard was published by NIST in 1993. - * - * http://www.itl.nist.gov/fipspubs/fip180-1.htm - */ - -#include -#include -#include -#include - -#include "freertos/FreeRTOS.h" -#include "freertos/semphr.h" - -#include "esp32/sha.h" -#include "esp32/rom/ets_sys.h" -#include "soc/hwcrypto_periph.h" -#include "driver/periph_ctrl.h" - -inline static uint32_t SHA_LOAD_REG(esp_sha_type sha_type) { - return SHA_1_LOAD_REG + sha_type * 0x10; -} - -inline static uint32_t SHA_BUSY_REG(esp_sha_type sha_type) { - return SHA_1_BUSY_REG + sha_type * 0x10; -} - -inline static uint32_t SHA_START_REG(esp_sha_type sha_type) { - return SHA_1_START_REG + sha_type * 0x10; -} - -inline static uint32_t SHA_CONTINUE_REG(esp_sha_type sha_type) { - return SHA_1_CONTINUE_REG + sha_type * 0x10; -} - -/* Single spinlock for SHA engine memory block -*/ -static portMUX_TYPE memory_block_lock = portMUX_INITIALIZER_UNLOCKED; - - -/* Binary semaphore managing the state of each concurrent SHA engine. - - Available = noone is using this SHA engine - Taken = a SHA session is running on this SHA engine - - Indexes: - 0 = SHA1 - 1 = SHA2_256 - 2 = SHA2_384 or SHA2_512 -*/ -static SemaphoreHandle_t engine_states[3]; - -static uint8_t engines_in_use; - -/* Spinlock for engines_in_use counter -*/ -static portMUX_TYPE engines_in_use_lock = portMUX_INITIALIZER_UNLOCKED; - -/* Index into the engine_states array */ -inline static size_t sha_engine_index(esp_sha_type type) { - switch(type) { - case SHA1: - return 0; - case SHA2_256: - return 1; - default: - return 2; - } -} - -/* Return digest length (in bytes) for a given SHA type */ -inline static size_t sha_length(esp_sha_type type) { - switch(type) { - case SHA1: - return 20; - case SHA2_256: - return 32; - case SHA2_384: - return 48; - case SHA2_512: - return 64; - default: - return 0; - } -} - -/* Return block size (in bytes) for a given SHA type */ -inline static size_t block_length(esp_sha_type type) { - switch(type) { - case SHA1: - case SHA2_256: - return 64; - case SHA2_384: - case SHA2_512: - return 128; - default: - return 0; - } -} - -void esp_sha_lock_memory_block(void) -{ - portENTER_CRITICAL(&memory_block_lock); -} - -void esp_sha_unlock_memory_block(void) -{ - portEXIT_CRITICAL(&memory_block_lock); -} - -static SemaphoreHandle_t sha_get_engine_state(esp_sha_type sha_type) -{ - unsigned idx = sha_engine_index(sha_type); - volatile SemaphoreHandle_t *engine = &engine_states[idx]; - SemaphoreHandle_t result = *engine; - uint32_t set_engine = 0; - - if (result == NULL) { - // Create a new semaphore for 'in use' flag - SemaphoreHandle_t new_engine = xSemaphoreCreateBinary(); - assert(new_engine != NULL); - xSemaphoreGive(new_engine); // start available - - // try to atomically set the previously NULL *engine to new_engine - set_engine = (uint32_t)new_engine; - uxPortCompareSet((volatile uint32_t *)engine, 0, &set_engine); - - if (set_engine != 0) { // we lost a race setting *engine - vSemaphoreDelete(new_engine); - } - result = *engine; - } - return result; -} - -static bool esp_sha_lock_engine_common(esp_sha_type sha_type, TickType_t ticks_to_wait); - -bool esp_sha_try_lock_engine(esp_sha_type sha_type) -{ - return esp_sha_lock_engine_common(sha_type, 0); -} - -void esp_sha_lock_engine(esp_sha_type sha_type) -{ - esp_sha_lock_engine_common(sha_type, portMAX_DELAY); -} - -static bool esp_sha_lock_engine_common(esp_sha_type sha_type, TickType_t ticks_to_wait) -{ - SemaphoreHandle_t engine_state = sha_get_engine_state(sha_type); - BaseType_t result = xSemaphoreTake(engine_state, ticks_to_wait); - - if (result == pdFALSE) { - // failed to take semaphore - return false; - } - - portENTER_CRITICAL(&engines_in_use_lock); - - if (engines_in_use == 0) { - /* Just locked first engine, - so enable SHA hardware */ - periph_module_enable(PERIPH_SHA_MODULE); - } - - engines_in_use++; - assert(engines_in_use <= 3); - - portEXIT_CRITICAL(&engines_in_use_lock); - - return true; -} - - -void esp_sha_unlock_engine(esp_sha_type sha_type) -{ - SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type); - - portENTER_CRITICAL(&engines_in_use_lock); - - engines_in_use--; - - if (engines_in_use == 0) { - /* About to release last engine, so - disable SHA hardware */ - periph_module_disable(PERIPH_SHA_MODULE); - } - - portEXIT_CRITICAL(&engines_in_use_lock); - - xSemaphoreGive(engine_state); -} - -void esp_sha_wait_idle(void) -{ - while(1) { - if(DPORT_REG_READ(SHA_1_BUSY_REG) == 0 - && DPORT_REG_READ(SHA_256_BUSY_REG) == 0 - && DPORT_REG_READ(SHA_384_BUSY_REG) == 0 - && DPORT_REG_READ(SHA_512_BUSY_REG) == 0) { - break; - } - } -} - -void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) -{ - uint32_t *digest_state_words = NULL; - uint32_t *reg_addr_buf = NULL; - uint32_t word_len = sha_length(sha_type)/4; -#ifndef NDEBUG - { - SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type); - assert(uxSemaphoreGetCount(engine_state) == 0 && - "SHA engine should be locked" ); - } -#endif - - // preemptively do this before entering the critical section, then re-check once in it - esp_sha_wait_idle(); - - esp_sha_lock_memory_block(); - - esp_sha_wait_idle(); - - DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1); - while(DPORT_REG_READ(SHA_BUSY_REG(sha_type)) == 1) { } - digest_state_words = (uint32_t *)digest_state; - reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); - if(sha_type == SHA2_384 || sha_type == SHA2_512) { - /* for these ciphers using 64-bit states, swap each pair of words */ - DPORT_INTERRUPT_DISABLE(); // Disable interrupt only on current CPU. - for(int i = 0; i < word_len; i += 2) { - digest_state_words[i+1] = DPORT_SEQUENCE_REG_READ((uint32_t)®_addr_buf[i]); - digest_state_words[i] = DPORT_SEQUENCE_REG_READ((uint32_t)®_addr_buf[i+1]); - } - DPORT_INTERRUPT_RESTORE(); // restore the previous interrupt level - } else { - esp_dport_access_read_buffer(digest_state_words, (uint32_t)®_addr_buf[0], word_len); - } - esp_sha_unlock_memory_block(); - - /* Fault injection check: verify SHA engine actually ran, - state is not all zeroes. - */ - for (int i = 0; i < word_len; i++) { - if (digest_state_words[i] != 0) { - return; - } - } - abort(); // SHA peripheral returned all zero state, probably due to fault injection -} - -void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) -{ - uint32_t *reg_addr_buf = NULL; - uint32_t *data_words = NULL; -#ifndef NDEBUG - { - SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type); - assert(uxSemaphoreGetCount(engine_state) == 0 && - "SHA engine should be locked" ); - } -#endif - - // preemptively do this before entering the critical section, then re-check once in it - esp_sha_wait_idle(); - - esp_sha_lock_memory_block(); - - esp_sha_wait_idle(); - - /* Fill the data block */ - reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); - data_words = (uint32_t *)data_block; - for (int i = 0; i < block_length(sha_type) / 4; i++) { - reg_addr_buf[i] = __builtin_bswap32(data_words[i]); - } - asm volatile ("memw"); - - if(is_first_block) { - DPORT_REG_WRITE(SHA_START_REG(sha_type), 1); - } else { - DPORT_REG_WRITE(SHA_CONTINUE_REG(sha_type), 1); - } - - esp_sha_unlock_memory_block(); - - /* Note: deliberately not waiting for this operation to complete, - as a performance tweak - delay waiting until the next time we need the SHA - unit, instead. - */ -} diff --git a/components/mbedtls/port/esp8266/aes.c b/components/mbedtls/port/esp8266/aes.c new file mode 100644 index 00000000..5ba2e283 --- /dev/null +++ b/components/mbedtls/port/esp8266/aes.c @@ -0,0 +1,181 @@ +/** + * \brief AES block cipher, ESP8266 accelerated version + * Based on mbedTLS FIPS-197 compliant version. + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include "mbedtls/aes.h" + +#if defined(MBEDTLS_AES_ALT) + +void mbedtls_aes_init(mbedtls_aes_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_aes_context)); +} + +void mbedtls_aes_free(mbedtls_aes_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_aes_context)); +} + +#if defined(MBEDTLS_CIPHER_MODE_XTS) +void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_aes_xts_context)); +} + +void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_aes_xts_context)); +} + +int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits) +{ + return esp_aes_xts_set_encrypt_key(ctx, key, keybits); +} + +int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits) +{ + return esp_aes_xts_set_decrypt_key(ctx, key, keybits); +} + +int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, + int mode, + size_t length, + const unsigned char data_unit[16], + const unsigned char *input, + unsigned char *output) +{ + return esp_aes_crypt_xts(ctx, MBEDTLS_AES_ENCRYPT == mode, length, data_unit, input, output); +} +#endif + +int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits) +{ + return esp_aes_set_encrypt_key(ctx, key, keybits); +} + +int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits) +{ + return esp_aes_set_decrypt_key(ctx, key, keybits); +} + +int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) +{ + if (MBEDTLS_AES_DECRYPT == mode) + return esp_aes_decrypt_ecb(ctx, input, output); + else + return esp_aes_encrypt_ecb(ctx, input, output); +} + +#if defined(MBEDTLS_CIPHER_MODE_CBC) +int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + if (MBEDTLS_AES_DECRYPT == mode) + return esp_aes_decrypt_cbc(ctx, input, length, output, length, iv); + else + return esp_aes_encrypt_cbc(ctx, input, length, output, length, iv); +} +#endif + +#if defined(MBEDTLS_CIPHER_MODE_CFB) +int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + if (MBEDTLS_AES_DECRYPT == mode) + return esp_aes_decrypt_cfb128(ctx, input, length, output, length, iv, iv_off); + else + return esp_aes_encrypt_cfb128(ctx, input, length, output, length, iv, iv_off); +} + +int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + if (MBEDTLS_AES_DECRYPT == mode) + return esp_aes_decrypt_cfb8(ctx, input, length, output, length, iv); + else + return esp_aes_encrypt_cfb8(ctx, input, length, output, length, iv); +} +#endif + +#if defined(MBEDTLS_CIPHER_MODE_OFB) +int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + return esp_aes_crypt_ofb(ctx, length, iv_off, iv, input, output); +} +#endif + +#if defined(MBEDTLS_CIPHER_MODE_CTR) +int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output) +{ + return esp_aes_encrypt_ctr(ctx, nc_off, nonce_counter, stream_block, input, + length, output, length); +} +#endif + +int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) +{ + return esp_aes_encrypt(ctx, input, 16, output, 16); +} + +int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) +{ + return esp_aes_decrypt(ctx, input, 16, output, 16); +} + +#endif /* MBEDTLS_AES_ALT */ diff --git a/components/mbedtls/port/esp8266/include/aes_alt.h b/components/mbedtls/port/esp8266/include/aes_alt.h new file mode 100644 index 00000000..5dd6b98e --- /dev/null +++ b/components/mbedtls/port/esp8266/include/aes_alt.h @@ -0,0 +1,45 @@ +/** + * \file aes_alt.h + * + * \brief AES block cipher + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + */ +#ifndef AES_ALT_H +#define AES_ALT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_AES_ALT) +#include "esp_aes.h" + +typedef esp_aes_t mbedtls_aes_context; + +#if defined(MBEDTLS_CIPHER_MODE_XTS) +typedef esp_aes_xts_t mbedtls_aes_xts_context; +#endif + +#ifdef __cplusplus +} +#endif + +#endif + +#endif /* MBEDTLS_AES_ALT */ diff --git a/components/mbedtls/port/esp8266/include/arc4_alt.h b/components/mbedtls/port/esp8266/include/arc4_alt.h new file mode 100644 index 00000000..1fe52e57 --- /dev/null +++ b/components/mbedtls/port/esp8266/include/arc4_alt.h @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + */ +#ifndef ARC4_ALT_H +#define ARC4_ALT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_ARC4_ALT) +#include "esp_arc4.h" + +typedef esp_arc4_context mbedtls_arc4_context; + +#define mbedtls_arc4_init(_ctx) { } + +#define mbedtls_arc4_free(_ctx) { } + +#define mbedtls_arc4_setup(_ctx, _s, _l) esp_arc4_setup(_ctx, _s, _l) + +#define mbedtls_arc4_crypt(_ctx, _l, _i, _o) esp_arc4_encrypt(_ctx, _l, _i, _o) + +#endif /* MBEDTLS_ARC4_ALT */ + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/components/mbedtls/port/esp8266/include/md5_alt.h b/components/mbedtls/port/esp8266/include/md5_alt.h new file mode 100644 index 00000000..8a0b808b --- /dev/null +++ b/components/mbedtls/port/esp8266/include/md5_alt.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + */ +#ifndef MD5_ALT_H +#define MD5_ALT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_MD5_ALT) +#include "esp_md5.h" + +typedef esp_md5_context_t mbedtls_md5_context; + +#define mbedtls_md5_init(_ctx) { } + +#define mbedtls_md5_free(_ctx) { } + +#define mbedtls_md5_clone(_d, _s) { *(_d) = *(_s); } + +#define mbedtls_md5_starts_ret(_ctx) esp_md5_init(_ctx) + +#define mbedtls_md5_update_ret(_ctx, _s, _l) esp_md5_update(_ctx, _s, _l) + +#define mbedtls_md5_finish_ret(_ctx, _d) esp_md5_final(_ctx, _d) + +#define mbedtls_internal_md5_process(_ctx, _s) esp_md5_update(_ctx, _s, 64) +#endif /* MBEDTLS_MD5_ALT */ + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/components/mbedtls/port/include/sha1_alt.h b/components/mbedtls/port/esp8266/include/sha1_alt.h similarity index 61% rename from components/mbedtls/port/include/sha1_alt.h rename to components/mbedtls/port/esp8266/include/sha1_alt.h index 54b77408..f0c86901 100644 --- a/components/mbedtls/port/include/sha1_alt.h +++ b/components/mbedtls/port/esp8266/include/sha1_alt.h @@ -1,5 +1,5 @@ /* - * SHA-1 implementation with hardware ESP32 support added. + * SHA-1 implementation with extra ESP8266 support added. * Uses mbedTLS software implementation for failover when concurrent * SHA operations are in use. * @@ -29,29 +29,14 @@ extern "C" { #if defined(MBEDTLS_SHA1_ALT) -typedef enum { - ESP_MBEDTLS_SHA1_UNUSED, /* first block hasn't been processed yet */ - ESP_MBEDTLS_SHA1_HARDWARE, /* using hardware SHA engine */ - ESP_MBEDTLS_SHA1_SOFTWARE, /* using software SHA */ -} esp_mbedtls_sha1_mode; +#include "esp_sha.h" -/** - * \brief SHA-1 context structure - */ -typedef struct -{ - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[5]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ - esp_mbedtls_sha1_mode mode; -} -mbedtls_sha1_context; +typedef esp_sha1_t mbedtls_sha1_context; -#endif +#endif /* MBEDTLS_SHA1_ALT */ #ifdef __cplusplus } #endif #endif - diff --git a/components/mbedtls/port/include/sha256_alt.h b/components/mbedtls/port/esp8266/include/sha256_alt.h similarity index 58% rename from components/mbedtls/port/include/sha256_alt.h rename to components/mbedtls/port/esp8266/include/sha256_alt.h index 436f5324..914ac89a 100644 --- a/components/mbedtls/port/include/sha256_alt.h +++ b/components/mbedtls/port/esp8266/include/sha256_alt.h @@ -1,5 +1,5 @@ /* - * SHA-256 implementation with hardware ESP32 support added. + * SHA-256 implementation with extra ESP8266 support added. * Uses mbedTLS software implementation for failover when concurrent * SHA operations are in use. * @@ -29,26 +29,11 @@ extern "C" { #if defined(MBEDTLS_SHA256_ALT) -typedef enum { - ESP_MBEDTLS_SHA256_UNUSED, /* first block hasn't been processed yet */ - ESP_MBEDTLS_SHA256_HARDWARE, /* using hardware SHA engine */ - ESP_MBEDTLS_SHA256_SOFTWARE, /* using software SHA */ -} esp_mbedtls_sha256_mode; +#include "esp_sha.h" -/** - * \brief SHA-256 context structure - */ -typedef struct -{ - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[8]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ - int is224; /*!< 0 => SHA-256, else SHA-224 */ - esp_mbedtls_sha256_mode mode; -} -mbedtls_sha256_context; +typedef esp_sha_t mbedtls_sha256_context; -#endif +#endif /* MBEDTLS_SHA256_ALT */ #ifdef __cplusplus } diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/esp8266/include/sha512_alt.h similarity index 58% rename from components/mbedtls/port/include/sha512_alt.h rename to components/mbedtls/port/esp8266/include/sha512_alt.h index 36b8fc9d..af2f5799 100644 --- a/components/mbedtls/port/include/sha512_alt.h +++ b/components/mbedtls/port/esp8266/include/sha512_alt.h @@ -1,5 +1,5 @@ /* - * SHA-512 implementation with hardware ESP32 support added. + * SHA-512 implementation with extra ESP8266 support added. * Uses mbedTLS software implementation for failover when concurrent * SHA operations are in use. * @@ -29,26 +29,11 @@ extern "C" { #if defined(MBEDTLS_SHA512_ALT) -typedef enum { - ESP_MBEDTLS_SHA512_UNUSED, /* first block hasn't been processed yet */ - ESP_MBEDTLS_SHA512_HARDWARE, /* using hardware SHA engine */ - ESP_MBEDTLS_SHA512_SOFTWARE, /* using software SHA */ -} esp_mbedtls_sha512_mode; +#include "esp_sha.h" -/** - * \brief SHA-512 context structure - */ -typedef struct -{ - uint64_t total[2]; /*!< number of bytes processed */ - uint64_t state[8]; /*!< intermediate digest state */ - unsigned char buffer[128]; /*!< data block being processed */ - int is384; /*!< 0 => SHA-512, else SHA-384 */ - esp_mbedtls_sha512_mode mode; -} -mbedtls_sha512_context; +typedef esp_sha512_t mbedtls_sha512_context; -#endif +#endif /* MBEDTLS_SHA512_ALT */ #ifdef __cplusplus } diff --git a/components/mbedtls/port/esp8266/sha1.c b/components/mbedtls/port/esp8266/sha1.c new file mode 100644 index 00000000..45a63d60 --- /dev/null +++ b/components/mbedtls/port/esp8266/sha1.c @@ -0,0 +1,68 @@ +/** + * \brief AES block cipher, ESP8266 accelerated version + * Based on mbedTLS FIPS-197 compliant version. + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include "mbedtls/sha1.h" + +#if defined(MBEDTLS_SHA1_ALT) + +void mbedtls_sha1_init(mbedtls_sha1_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_sha1_context)); +} + +void mbedtls_sha1_free(mbedtls_sha1_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_sha1_context)); +} + +void mbedtls_sha1_clone(mbedtls_sha1_context *dst, const mbedtls_sha1_context *src) +{ + memcpy(dst, src, sizeof(mbedtls_sha1_context)); +} + +int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx) +{ + return esp_sha1_init(ctx); +} + +int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen) +{ + return esp_sha1_update(ctx, input, ilen); +} + +int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx, unsigned char output[64]) +{ + return esp_sha1_finish(ctx, output); +} + +int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, const unsigned char data[128]) +{ + return esp_sha1_update(ctx, data, 64); +} + +// int mbedtls_sha512_ret(const unsigned char *input, size_t ilen, unsigned char output[64], int is384) +// { + +// } + +#endif /* MBEDTLS_AES_ALT */ diff --git a/components/mbedtls/port/esp8266/sha256.c b/components/mbedtls/port/esp8266/sha256.c new file mode 100644 index 00000000..2e8f8448 --- /dev/null +++ b/components/mbedtls/port/esp8266/sha256.c @@ -0,0 +1,75 @@ +/** + * \brief AES block cipher, ESP8266 accelerated version + * Based on mbedTLS FIPS-197 compliant version. + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include "mbedtls/sha256.h" + +#if defined(MBEDTLS_SHA256_ALT) + +void mbedtls_sha256_init(mbedtls_sha256_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_sha256_context)); +} + +void mbedtls_sha256_free(mbedtls_sha256_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_sha256_context)); +} + +void mbedtls_sha256_clone(mbedtls_sha256_context *dst, const mbedtls_sha256_context *src) +{ + memcpy(dst, src, sizeof(mbedtls_sha256_context)); +} + +int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224) +{ + int ret; + + if (is224) + ret = esp_sha224_init(ctx); + else + ret = esp_sha256_init(ctx); + + return ret; +} + +int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen) +{ + return esp_sha256_update(ctx, input, ilen); +} + +int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, unsigned char output[64]) +{ + return esp_sha256_finish(ctx, output); +} + +int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[128]) +{ + return esp_sha256_update(ctx, data, 64); +} + +// int mbedtls_sha512_ret(const unsigned char *input, size_t ilen, unsigned char output[64], int is384) +// { + +// } + +#endif /* MBEDTLS_AES_ALT */ diff --git a/components/mbedtls/port/esp8266/sha512.c b/components/mbedtls/port/esp8266/sha512.c new file mode 100644 index 00000000..db1ec919 --- /dev/null +++ b/components/mbedtls/port/esp8266/sha512.c @@ -0,0 +1,75 @@ +/** + * \brief AES block cipher, ESP8266 accelerated version + * Based on mbedTLS FIPS-197 compliant version. + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include "mbedtls/sha512.h" + +#if defined(MBEDTLS_SHA512_ALT) + +void mbedtls_sha512_init(mbedtls_sha512_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_sha512_context)); +} + +void mbedtls_sha512_free(mbedtls_sha512_context *ctx) +{ + memset(ctx, 0, sizeof(mbedtls_sha512_context)); +} + +void mbedtls_sha512_clone(mbedtls_sha512_context *dst, const mbedtls_sha512_context *src) +{ + memcpy(dst, src, sizeof(mbedtls_sha512_context)); +} + +int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384) +{ + int ret; + + if (is384) + ret = esp_sha384_init(ctx); + else + ret = esp_sha512_init(ctx); + + return ret; +} + +int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen) +{ + return esp_sha512_update(ctx, input, ilen); +} + +int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx, unsigned char output[64]) +{ + return esp_sha512_finish(ctx, output); +} + +int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned char data[128]) +{ + return esp_sha512_update(ctx, data, 128); +} + +// int mbedtls_sha512_ret(const unsigned char *input, size_t ilen, unsigned char output[64], int is384) +// { + +// } + +#endif /* MBEDTLS_AES_ALT */ diff --git a/components/mbedtls/port/esp_bignum.c b/components/mbedtls/port/esp_bignum.c deleted file mode 100644 index 09bb774b..00000000 --- a/components/mbedtls/port/esp_bignum.c +++ /dev/null @@ -1,683 +0,0 @@ -/** - * \brief Multi-precision integer library, ESP32 hardware accelerated parts - * - * based on mbedTLS implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#include -#include -#include -#include -#include -#include -#include -#include "esp32/rom/bigint.h" -#include "soc/hwcrypto_periph.h" -#include "esp_system.h" -#include "esp_log.h" -#include "esp_intr_alloc.h" -#include "esp_attr.h" - -#include - -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/semphr.h" -#include "driver/periph_ctrl.h" - -/* Some implementation notes: - * - * - Naming convention x_words, y_words, z_words for number of words (limbs) used in a particular - * bignum. This number may be less than the size of the bignum - * - * - Naming convention hw_words for the hardware length of the operation. This number is always - * rounded up to a 512 bit multiple, and may be larger than any of the numbers involved in the - * calculation. - * - * - Timing behaviour of these functions will depend on the length of the inputs. This is fundamentally - * the same constraint as the software mbedTLS implementations, and relies on the same - * countermeasures (exponent blinding, etc) which are used in mbedTLS. - */ - -static const __attribute__((unused)) char *TAG = "bignum"; - -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ - -#if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT) -static SemaphoreHandle_t op_complete_sem; - -static IRAM_ATTR void rsa_complete_isr(void *arg) -{ - BaseType_t higher_woken; - DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1); - xSemaphoreGiveFromISR(op_complete_sem, &higher_woken); - if (higher_woken) { - portYIELD_FROM_ISR(); - } -} - -static void rsa_isr_initialise(void) -{ - if (op_complete_sem == NULL) { - op_complete_sem = xSemaphoreCreateBinary(); - esp_intr_alloc(ETS_RSA_INTR_SOURCE, 0, rsa_complete_isr, NULL, NULL); - } -} - -#endif /* CONFIG_MBEDTLS_MPI_USE_INTERRUPT */ - -static _lock_t mpi_lock; - -void esp_mpi_acquire_hardware( void ) -{ - /* newlib locks lazy initialize on ESP-IDF */ - _lock_acquire(&mpi_lock); - - /* Enable RSA hardware */ - periph_module_enable(PERIPH_RSA_MODULE); - DPORT_REG_CLR_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD); - - while(DPORT_REG_READ(RSA_CLEAN_REG) != 1); - // Note: from enabling RSA clock to here takes about 1.3us - -#ifdef CONFIG_MBEDTLS_MPI_USE_INTERRUPT - rsa_isr_initialise(); -#endif -} - -void esp_mpi_release_hardware( void ) -{ - DPORT_REG_SET_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD); - - /* Disable RSA hardware */ - periph_module_disable(PERIPH_RSA_MODULE); - - _lock_release(&mpi_lock); -} - -/* Convert bit count to word count - */ -static inline size_t bits_to_words(size_t bits) -{ - return (bits + 31) / 32; -} - -/* Round up number of words to nearest - 512 bit (16 word) block count. -*/ -static inline size_t hardware_words(size_t words) -{ - return (words + 0xF) & ~0xF; -} - -/* Number of words used to hold 'mpi'. - - Equivalent of bits_to_words(mbedtls_mpi_bitlen(mpi)), but uses less cycles if the - exact bit count is not needed. - - Note that mpi->n (size of memory buffer) may be higher than this - number, if the high bits are mostly zeroes. -*/ -static inline size_t word_length(const mbedtls_mpi *mpi) -{ - for(size_t i = mpi->n; i > 0; i--) { - if( mpi->p[i - 1] != 0 ) { - return i; - } - } - return 0; -} - -/* Copy mbedTLS MPI bignum 'mpi' to hardware memory block at 'mem_base'. - - If hw_words is higher than the number of words in the bignum then - these additional words will be zeroed in the memory buffer. - -*/ -static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t hw_words) -{ - uint32_t *pbase = (uint32_t *)mem_base; - uint32_t copy_words = hw_words < mpi->n ? hw_words : mpi->n; - - /* Copy MPI data to memory block registers */ - for (int i = 0; i < copy_words; i++) { - pbase[i] = mpi->p[i]; - } - - /* Zero any remaining memory block data */ - for (int i = copy_words; i < hw_words; i++) { - pbase[i] = 0; - } - - /* Note: not executing memw here, can do it before we start a bignum operation */ -} - -/* Read mbedTLS MPI bignum back from hardware memory block. - - Reads num_words words from block. - - Bignum 'x' should already be grown to at least num_words by caller (can be done while - calculation is in progress, to save some cycles) -*/ -static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_words) -{ - assert(x->n >= num_words); - - /* Copy data from memory block registers */ - esp_dport_access_read_buffer(x->p, mem_base, num_words); - - /* Zero any remaining limbs in the bignum, if the buffer is bigger - than num_words */ - for(size_t i = num_words; i < x->n; i++) { - x->p[i] = 0; - } -} - - -/** - * - * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, - * where B^-1(B-1) mod N=1. Actually, only the least significant part of - * N' is needed, hence the definition N0'=N' mod b. We reproduce below the - * simple algorithm from an article by Dusse and Kaliski to efficiently - * find N0' from N0 and b - */ -static mbedtls_mpi_uint modular_inverse(const mbedtls_mpi *M) -{ - int i; - uint64_t t = 1; - uint64_t two_2_i_minus_1 = 2; /* 2^(i-1) */ - uint64_t two_2_i = 4; /* 2^i */ - uint64_t N = M->p[0]; - - for (i = 2; i <= 32; i++) { - if ((mbedtls_mpi_uint) N * t % two_2_i >= two_2_i_minus_1) { - t += two_2_i_minus_1; - } - - two_2_i_minus_1 <<= 1; - two_2_i <<= 1; - } - - return (mbedtls_mpi_uint)(UINT32_MAX - t + 1); -} - -/* Calculate Rinv = RR^2 mod M, where: - * - * R = b^n where b = 2^32, n=num_words, - * R = 2^N (where N=num_bits) - * RR = R^2 = 2^(2*N) (where N=num_bits=num_words*32) - * - * This calculation is computationally expensive (mbedtls_mpi_mod_mpi) - * so caller should cache the result where possible. - * - * DO NOT call this function while holding esp_mpi_acquire_hardware(). - * - */ -static int calculate_rinv(mbedtls_mpi *Rinv, const mbedtls_mpi *M, int num_words) -{ - int ret; - size_t num_bits = num_words * 32; - mbedtls_mpi RR; - mbedtls_mpi_init(&RR); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&RR, num_bits * 2, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(Rinv, &RR, M)); - - cleanup: - mbedtls_mpi_free(&RR); - return ret; -} - - -/* Begin an RSA operation. op_reg specifies which 'START' register - to write to. -*/ -static inline void start_op(uint32_t op_reg) -{ - /* Clear interrupt status */ - DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1); - - /* Note: above REG_WRITE includes a memw, so we know any writes - to the memory blocks are also complete. */ - - DPORT_REG_WRITE(op_reg, 1); -} - -/* Wait for an RSA operation to complete. -*/ -static inline void wait_op_complete(uint32_t op_reg) -{ -#ifdef CONFIG_MBEDTLS_MPI_USE_INTERRUPT - if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) { - ESP_LOGE(TAG, "Timed out waiting for RSA operation (op_reg 0x%x int_reg 0x%x)", - op_reg, DPORT_REG_READ(RSA_INTERRUPT_REG)); - abort(); /* indicates a fundamental problem with driver */ - } -#else - while(DPORT_REG_READ(RSA_INTERRUPT_REG) != 1) - { } - - /* clear the interrupt */ - DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1); -#endif - -} - -/* Sub-stages of modulo multiplication/exponentiation operations */ -inline static int modular_multiply_finish(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t hw_words, size_t z_words); - -/* Z = (X * Y) mod M - - Not an mbedTLS function -*/ -int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M) -{ - int ret; - size_t x_bits = mbedtls_mpi_bitlen(X); - size_t y_bits = mbedtls_mpi_bitlen(Y); - size_t m_bits = mbedtls_mpi_bitlen(M); - size_t z_bits = MIN(m_bits, x_bits + y_bits); - size_t x_words = bits_to_words(x_bits); - size_t y_words = bits_to_words(y_bits); - size_t m_words = bits_to_words(m_bits); - size_t z_words = bits_to_words(z_bits); - size_t hw_words = hardware_words(MAX(x_words, MAX(y_words, m_words))); /* longest operand */ - mbedtls_mpi Rinv; - mbedtls_mpi_uint Mprime; - - /* Calculate and load the first stage montgomery multiplication */ - mbedtls_mpi_init(&Rinv); - MBEDTLS_MPI_CHK(calculate_rinv(&Rinv, M, hw_words)); - Mprime = modular_inverse(M); - - esp_mpi_acquire_hardware(); - - /* Load M, X, Rinv, Mprime (Mprime is mod 2^32) */ - mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, hw_words); - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words); - mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, &Rinv, hw_words); - DPORT_REG_WRITE(RSA_M_DASH_REG, (uint32_t)Mprime); - - /* "mode" register loaded with number of 512-bit blocks, minus 1 */ - DPORT_REG_WRITE(RSA_MULT_MODE_REG, (hw_words / 16) - 1); - - /* Execute first stage montgomery multiplication */ - start_op(RSA_MULT_START_REG); - - wait_op_complete(RSA_MULT_START_REG); - - /* execute second stage */ - ret = modular_multiply_finish(Z, X, Y, hw_words, z_words); - - esp_mpi_release_hardware(); - - cleanup: - mbedtls_mpi_free(&Rinv); - return ret; -} - -#if defined(MBEDTLS_MPI_EXP_MOD_ALT) - -/* - * Sliding-window exponentiation: Z = X^Y mod M (HAC 14.85) - * - * _Rinv is optional pre-calculated version of Rinv (via calculate_rinv()). - * - * (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv) - * - */ -int mbedtls_mpi_exp_mod( mbedtls_mpi* Z, const mbedtls_mpi* X, const mbedtls_mpi* Y, const mbedtls_mpi* M, mbedtls_mpi* _Rinv ) -{ - int ret = 0; - size_t x_words = word_length(X); - size_t y_words = word_length(Y); - size_t m_words = word_length(M); - - /* "all numbers must be the same length", so choose longest number - as cardinal length of operation... - */ - size_t hw_words = hardware_words(MAX(m_words, MAX(x_words, y_words))); - - mbedtls_mpi Rinv_new; /* used if _Rinv == NULL */ - mbedtls_mpi *Rinv; /* points to _Rinv (if not NULL) othwerwise &RR_new */ - mbedtls_mpi_uint Mprime; - - if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - if (mbedtls_mpi_cmp_int(Y, 0) < 0) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - if (mbedtls_mpi_cmp_int(Y, 0) == 0) { - return mbedtls_mpi_lset(Z, 1); - } - - if (hw_words * 32 > 4096) { - return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; - } - - /* Determine RR pointer, either _RR for cached value - or local RR_new */ - if (_Rinv == NULL) { - mbedtls_mpi_init(&Rinv_new); - Rinv = &Rinv_new; - } else { - Rinv = _Rinv; - } - if (Rinv->p == NULL) { - MBEDTLS_MPI_CHK(calculate_rinv(Rinv, M, hw_words)); - } - - Mprime = modular_inverse(M); - - esp_mpi_acquire_hardware(); - - /* "mode" register loaded with number of 512-bit blocks, minus 1 */ - DPORT_REG_WRITE(RSA_MODEXP_MODE_REG, (hw_words / 16) - 1); - - /* Load M, X, Rinv, M-prime (M-prime is mod 2^32) */ - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words); - mpi_to_mem_block(RSA_MEM_Y_BLOCK_BASE, Y, hw_words); - mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, hw_words); - mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Rinv, hw_words); - DPORT_REG_WRITE(RSA_M_DASH_REG, Mprime); - - start_op(RSA_START_MODEXP_REG); - - /* X ^ Y may actually be shorter than M, but unlikely when used for crypto */ - if ((ret = mbedtls_mpi_grow(Z, m_words)) != 0) { - esp_mpi_release_hardware(); - goto cleanup; - } - - wait_op_complete(RSA_START_MODEXP_REG); - - mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, m_words); - esp_mpi_release_hardware(); - - // Compensate for negative X - if (X->s == -1 && (Y->p[0] & 1) != 0) { - Z->s = -1; - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z)); - } else { - Z->s = 1; - } - - cleanup: - if (_Rinv == NULL) { - mbedtls_mpi_free(&Rinv_new); - } - - return ret; -} - -#endif /* MBEDTLS_MPI_EXP_MOD_ALT */ - -/* Second & final step of a modular multiply - load second multiplication - * factor Y, run the operation (modular inverse), read back the result - * into Z. - * - * Called from both mbedtls_mpi_exp_mod and mbedtls_mpi_mod_mpi. - * - * @param Z result value - * @param X first multiplication factor (used to set sign of result). - * @param Y second multiplication factor. - * @param hw_words Size of the hardware operation, in words - * @param z_words Size of the expected result, in words (may be less than hw_words). - * Z will be grown to at least this length. - * - * Caller must have already called esp_mpi_acquire_hardware(). - */ -static int modular_multiply_finish(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t hw_words, size_t z_words) -{ - int ret = 0; - - /* Load Y to X input memory block, rerun */ - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, Y, hw_words); - - start_op(RSA_MULT_START_REG); - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); - - wait_op_complete(RSA_MULT_START_REG); - - mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words); - - Z->s = X->s * Y->s; - - cleanup: - return ret; -} - -#if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */ - -static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words); -static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t Y_bits, size_t z_words); - -/* Z = X * Y */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y ) -{ - int ret = 0; - size_t x_bits = mbedtls_mpi_bitlen(X); - size_t y_bits = mbedtls_mpi_bitlen(Y); - size_t x_words = bits_to_words(x_bits); - size_t y_words = bits_to_words(y_bits); - size_t z_words = bits_to_words(x_bits + y_bits); - size_t hw_words = hardware_words(MAX(x_words, y_words)); // length of one operand in hardware - - /* Short-circuit eval if either argument is 0 or 1. - - This is needed as the mpi modular division - argument will sometimes call in here when one - argument is too large for the hardware unit, but the other - argument is zero or one. - */ - if (x_bits == 0 || y_bits == 0) { - mbedtls_mpi_lset(Z, 0); - return 0; - } - if (x_bits == 1) { - ret = mbedtls_mpi_copy(Z, Y); - Z->s *= X->s; - return ret; - } - if (y_bits == 1) { - ret = mbedtls_mpi_copy(Z, X); - Z->s *= Y->s; - return ret; - } - - /* If either factor is over 2048 bits, we can't use the standard hardware multiplier - (it assumes result is double longest factor, and result is max 4096 bits.) - - However, we can fail over to mod_mult for up to 4096 bits of result (modulo - multiplication doesn't have the same restriction, so result is simply the - number of bits in X plus number of bits in in Y.) - */ - if (hw_words * 32 > 2048) { - if (z_words * 32 <= 4096) { - /* Note: it's possible to use mpi_mult_mpi_overlong - for this case as well, but it's very slightly - slower and requires a memory allocation. - */ - return mpi_mult_mpi_failover_mod_mult(Z, X, Y, z_words); - } else { - /* Still too long for the hardware unit... */ - if(y_words > x_words) { - return mpi_mult_mpi_overlong(Z, X, Y, y_words, z_words); - } else { - return mpi_mult_mpi_overlong(Z, Y, X, x_words, z_words); - } - } - } - - /* Otherwise, we can use the (faster) multiply hardware unit */ - - esp_mpi_acquire_hardware(); - - /* Copy X (right-extended) & Y (left-extended) to memory block */ - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words); - mpi_to_mem_block(RSA_MEM_Z_BLOCK_BASE + hw_words * 4, Y, hw_words); - /* NB: as Y is left-extended, we don't zero the bottom words_mult words of Y block. - This is OK for now because zeroing is done by hardware when we do esp_mpi_acquire_hardware(). - */ - - DPORT_REG_WRITE(RSA_M_DASH_REG, 0); - - /* "mode" register loaded with number of 512-bit blocks in result, - plus 7 (for range 9-12). (this is ((N~ / 32) - 1) + 8)) - */ - DPORT_REG_WRITE(RSA_MULT_MODE_REG, ((hw_words * 2) / 16) + 7); - - start_op(RSA_MULT_START_REG); - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); - - wait_op_complete(RSA_MULT_START_REG); - - /* Read back the result */ - mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words); - - Z->s = X->s * Y->s; - - cleanup: - esp_mpi_release_hardware(); - - return ret; -} - -/* Special-case of mbedtls_mpi_mult_mpi(), where we use hardware montgomery mod - multiplication to calculate an mbedtls_mpi_mult_mpi result where either - A or B are >2048 bits so can't use the standard multiplication method. - - Result (z_words, based on A bits + B bits) must still be less than 4096 bits. - - This case is simpler than the general case modulo multiply of - esp_mpi_mul_mpi_mod() because we can control the other arguments: - - * Modulus is chosen with M=(2^num_bits - 1) (ie M=R-1), so output - isn't actually modulo anything. - * Mprime and Rinv are therefore predictable as follows: - Mprime = 1 - Rinv = 1 - - (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv) -*/ -static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words) -{ - int ret = 0; - size_t hw_words = hardware_words(z_words); - - /* Load coefficients to hardware */ - esp_mpi_acquire_hardware(); - - /* M = 2^num_words - 1, so block is entirely FF */ - for(int i = 0; i < hw_words; i++) { - DPORT_REG_WRITE(RSA_MEM_M_BLOCK_BASE + i * 4, UINT32_MAX); - } - /* Mprime = 1 */ - DPORT_REG_WRITE(RSA_M_DASH_REG, 1); - - /* "mode" register loaded with number of 512-bit blocks, minus 1 */ - DPORT_REG_WRITE(RSA_MULT_MODE_REG, (hw_words / 16) - 1); - - /* Load X */ - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words); - - /* Rinv = 1 */ - DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE, 1); - for(int i = 1; i < hw_words; i++) { - DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE + i * 4, 0); - } - - start_op(RSA_MULT_START_REG); - - wait_op_complete(RSA_MULT_START_REG); - - /* finish the modular multiplication */ - ret = modular_multiply_finish(Z, X, Y, hw_words, z_words); - - esp_mpi_release_hardware(); - - return ret; -} - -/* Deal with the case when X & Y are too long for the hardware unit, by splitting one operand - into two halves. - - Y must be the longer operand - - Slice Y into Yp, Ypp such that: - Yp = lower 'b' bits of Y - Ypp = upper 'b' bits of Y (right shifted) - - Such that - Z = X * Y - Z = X * (Yp + Ypp<p, - .n = words_slice, - .s = Y->s - }; - /* Ypp holds upper bits of Y, right shifted (also reuses Y's array contents) */ - const mbedtls_mpi Ypp = { - .p = Y->p + words_slice, - .n = y_words - words_slice, - .s = Y->s - }; - mbedtls_mpi_init(&Ztemp); - - /* Grow Z to result size early, avoid interim allocations */ - mbedtls_mpi_grow(Z, z_words); - - /* Get result Ztemp = Yp * X (need temporary variable Ztemp) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) ); - - /* Z = Ypp * Y */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(Z, X, &Ypp) ); - - /* Z = Z << b */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l(Z, words_slice * 32) ); - - /* Z += Ztemp */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(Z, Z, &Ztemp) ); - - cleanup: - mbedtls_mpi_free(&Ztemp); - - return ret; -} - -#endif /* MBEDTLS_MPI_MUL_MPI_ALT */ - diff --git a/components/mbedtls/port/esp_mem.c b/components/mbedtls/port/esp_mem.c index c7b8e706..794991fe 100644 --- a/components/mbedtls/port/esp_mem.c +++ b/components/mbedtls/port/esp_mem.c @@ -19,18 +19,12 @@ #ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC -IRAM_ATTR void *esp_mbedtls_mem_calloc(size_t n, size_t size) +void *esp_mbedtls_mem_calloc(size_t n, size_t size) { -#ifdef CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC - return heap_caps_calloc(n, size, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT); -#elif CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC - return heap_caps_calloc(n, size, MALLOC_CAP_SPIRAM|MALLOC_CAP_8BIT); -#else return calloc(n, size); -#endif } -IRAM_ATTR void esp_mbedtls_mem_free(void *ptr) +void esp_mbedtls_mem_free(void *ptr) { return heap_caps_free(ptr); } diff --git a/components/mbedtls/port/esp_sha.c b/components/mbedtls/port/esp_sha.c deleted file mode 100644 index 2c40f2c5..00000000 --- a/components/mbedtls/port/esp_sha.c +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include -#include -#include - -#include "esp32/sha.h" -#include -#include -#include - -void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output) -{ - int ret; - assert(input != NULL && output != NULL); - - if (sha_type == SHA1) { - - mbedtls_sha1_context *ctx1 = (mbedtls_sha1_context *)malloc(sizeof(mbedtls_sha1_context)); - assert(ctx1 != NULL); - mbedtls_sha1_starts_ret(ctx1); - ret = mbedtls_sha1_update_ret(ctx1, input, ilen); - assert(ret == 0); - ret = mbedtls_sha1_finish_ret(ctx1, output); - assert(ret == 0); - mbedtls_sha1_free(ctx1); - free(ctx1); - - } else if (sha_type == SHA2_256) { - - mbedtls_sha256_context *ctx256 = (mbedtls_sha256_context *)malloc(sizeof(mbedtls_sha256_context)); - assert(ctx256 != NULL); - mbedtls_sha256_starts_ret(ctx256, 0); - ret = mbedtls_sha256_update_ret(ctx256, input, ilen); - assert(ret == 0); - ret = mbedtls_sha256_finish_ret(ctx256, output); - assert(ret == 0); - mbedtls_sha256_free(ctx256); - free(ctx256); - - } else if (sha_type == SHA2_384) { - - mbedtls_sha512_context *ctx384 = (mbedtls_sha512_context *)malloc(sizeof(mbedtls_sha512_context)); - assert(ctx384 != NULL); - mbedtls_sha512_starts_ret(ctx384, 1); - ret = mbedtls_sha512_update_ret(ctx384, input, ilen); - assert(ret == 0); - ret = mbedtls_sha512_finish_ret(ctx384, output); - assert(ret == 0); - mbedtls_sha512_free(ctx384); - free(ctx384); - - } else if (sha_type == SHA2_512) { - - mbedtls_sha512_context *ctx512 = (mbedtls_sha512_context *)malloc(sizeof(mbedtls_sha512_context)); - assert(ctx512 != NULL); - mbedtls_sha512_starts_ret(ctx512, 0); - ret = mbedtls_sha512_update_ret(ctx512, input, ilen); - assert(ret == 0); - ret = mbedtls_sha512_finish_ret(ctx512, output); - assert(ret == 0); - mbedtls_sha512_free(ctx512); - free(ctx512); - - } - -} diff --git a/components/mbedtls/port/esp_sha1.c b/components/mbedtls/port/esp_sha1.c deleted file mode 100644 index ba5231b9..00000000 --- a/components/mbedtls/port/esp_sha1.c +++ /dev/null @@ -1,451 +0,0 @@ -/* - * SHA-1 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The SHA-1 standard was published by NIST in 1993. - * - * http://www.itl.nist.gov/fipspubs/fip180-1.htm - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) - -#include "mbedtls/sha1.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "esp32/sha.h" - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) -{ - if( ctx == NULL ) - return; - - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_unlock_engine(SHA1); - } - mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ) -{ - *dst = *src; - - if (src->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - /* Copy hardware digest state out to cloned state, - which will be a software digest. - */ - esp_sha_read_digest_state(SHA1, dst->state); - dst->mode = ESP_MBEDTLS_SHA1_SOFTWARE; - } -} - - -/* - * SHA-1 context setup - */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xEFCDAB89; - ctx->state[2] = 0x98BADCFE; - ctx->state[3] = 0x10325476; - ctx->state[4] = 0xC3D2E1F0; - - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_unlock_engine(SHA1); - } - ctx->mode = ESP_MBEDTLS_SHA1_UNUSED; - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) -{ - mbedtls_sha1_starts_ret( ctx ); -} -#endif - -static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); - -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) -{ - bool first_block = false; - if (ctx->mode == ESP_MBEDTLS_SHA1_UNUSED) { - /* try to use hardware for this digest */ - if (esp_sha_try_lock_engine(SHA1)) { - ctx->mode = ESP_MBEDTLS_SHA1_HARDWARE; - first_block = true; - } else { - ctx->mode = ESP_MBEDTLS_SHA1_SOFTWARE; - } - } - - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_block(SHA1, data, first_block); - } else { - mbedtls_sha1_software_process(ctx, data); - } - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha1_process( ctx, data ); -} -#endif - - -static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) -{ - uint32_t temp, W[16], A, B, C, D, E; - - GET_UINT32_BE( W[ 0], data, 0 ); - GET_UINT32_BE( W[ 1], data, 4 ); - GET_UINT32_BE( W[ 2], data, 8 ); - GET_UINT32_BE( W[ 3], data, 12 ); - GET_UINT32_BE( W[ 4], data, 16 ); - GET_UINT32_BE( W[ 5], data, 20 ); - GET_UINT32_BE( W[ 6], data, 24 ); - GET_UINT32_BE( W[ 7], data, 28 ); - GET_UINT32_BE( W[ 8], data, 32 ); - GET_UINT32_BE( W[ 9], data, 36 ); - GET_UINT32_BE( W[10], data, 40 ); - GET_UINT32_BE( W[11], data, 44 ); - GET_UINT32_BE( W[12], data, 48 ); - GET_UINT32_BE( W[13], data, 52 ); - GET_UINT32_BE( W[14], data, 56 ); - GET_UINT32_BE( W[15], data, 60 ); - -#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) - -#define R(t) \ -( \ - temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \ - W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \ - ( W[t & 0x0F] = S(temp,1) ) \ -) - -#define P(a,b,c,d,e,x) \ -{ \ - e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ -} - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - E = ctx->state[4]; - -#define F(x,y,z) (z ^ (x & (y ^ z))) -#define K 0x5A827999 - - P( A, B, C, D, E, W[0] ); - P( E, A, B, C, D, W[1] ); - P( D, E, A, B, C, W[2] ); - P( C, D, E, A, B, W[3] ); - P( B, C, D, E, A, W[4] ); - P( A, B, C, D, E, W[5] ); - P( E, A, B, C, D, W[6] ); - P( D, E, A, B, C, W[7] ); - P( C, D, E, A, B, W[8] ); - P( B, C, D, E, A, W[9] ); - P( A, B, C, D, E, W[10] ); - P( E, A, B, C, D, W[11] ); - P( D, E, A, B, C, W[12] ); - P( C, D, E, A, B, W[13] ); - P( B, C, D, E, A, W[14] ); - P( A, B, C, D, E, W[15] ); - P( E, A, B, C, D, R(16) ); - P( D, E, A, B, C, R(17) ); - P( C, D, E, A, B, R(18) ); - P( B, C, D, E, A, R(19) ); - -#undef K -#undef F - -#define F(x,y,z) (x ^ y ^ z) -#define K 0x6ED9EBA1 - - P( A, B, C, D, E, R(20) ); - P( E, A, B, C, D, R(21) ); - P( D, E, A, B, C, R(22) ); - P( C, D, E, A, B, R(23) ); - P( B, C, D, E, A, R(24) ); - P( A, B, C, D, E, R(25) ); - P( E, A, B, C, D, R(26) ); - P( D, E, A, B, C, R(27) ); - P( C, D, E, A, B, R(28) ); - P( B, C, D, E, A, R(29) ); - P( A, B, C, D, E, R(30) ); - P( E, A, B, C, D, R(31) ); - P( D, E, A, B, C, R(32) ); - P( C, D, E, A, B, R(33) ); - P( B, C, D, E, A, R(34) ); - P( A, B, C, D, E, R(35) ); - P( E, A, B, C, D, R(36) ); - P( D, E, A, B, C, R(37) ); - P( C, D, E, A, B, R(38) ); - P( B, C, D, E, A, R(39) ); - -#undef K -#undef F - -#define F(x,y,z) ((x & y) | (z & (x | y))) -#define K 0x8F1BBCDC - - P( A, B, C, D, E, R(40) ); - P( E, A, B, C, D, R(41) ); - P( D, E, A, B, C, R(42) ); - P( C, D, E, A, B, R(43) ); - P( B, C, D, E, A, R(44) ); - P( A, B, C, D, E, R(45) ); - P( E, A, B, C, D, R(46) ); - P( D, E, A, B, C, R(47) ); - P( C, D, E, A, B, R(48) ); - P( B, C, D, E, A, R(49) ); - P( A, B, C, D, E, R(50) ); - P( E, A, B, C, D, R(51) ); - P( D, E, A, B, C, R(52) ); - P( C, D, E, A, B, R(53) ); - P( B, C, D, E, A, R(54) ); - P( A, B, C, D, E, R(55) ); - P( E, A, B, C, D, R(56) ); - P( D, E, A, B, C, R(57) ); - P( C, D, E, A, B, R(58) ); - P( B, C, D, E, A, R(59) ); - -#undef K -#undef F - -#define F(x,y,z) (x ^ y ^ z) -#define K 0xCA62C1D6 - - P( A, B, C, D, E, R(60) ); - P( E, A, B, C, D, R(61) ); - P( D, E, A, B, C, R(62) ); - P( C, D, E, A, B, R(63) ); - P( B, C, D, E, A, R(64) ); - P( A, B, C, D, E, R(65) ); - P( E, A, B, C, D, R(66) ); - P( D, E, A, B, C, R(67) ); - P( C, D, E, A, B, R(68) ); - P( B, C, D, E, A, R(69) ); - P( A, B, C, D, E, R(70) ); - P( E, A, B, C, D, R(71) ); - P( D, E, A, B, C, R(72) ); - P( C, D, E, A, B, R(73) ); - P( B, C, D, E, A, R(74) ); - P( A, B, C, D, E, R(75) ); - P( E, A, B, C, D, R(76) ); - P( D, E, A, B, C, R(77) ); - P( C, D, E, A, B, R(78) ); - P( B, C, D, E, A, R(79) ); - -#undef K -#undef F - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; - ctx->state[4] += E; -} - -/* - * SHA-1 process buffer - */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) -{ - int ret; - size_t fill; - uint32_t left; - - if( ilen == 0 ) - return 0; - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - - if ( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) { - return ret; - } - - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - if ( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 ) { - return ret; - } - - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha1_update_ret( ctx, input, ilen ); -} -#endif - -static const unsigned char sha1_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* -* SHA-1 final digest - */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) -{ - int ret; - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_BE( high, msglen, 0 ); - PUT_UINT32_BE( low, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) { - goto out; - } - if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) { - goto out; - } - - /* if state is in hardware, read it out */ - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_read_digest_state(SHA1, ctx->state); - } - - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); - -out: - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_unlock_engine(SHA1); - ctx->mode = ESP_MBEDTLS_SHA1_SOFTWARE; - } - - return ret; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ - mbedtls_sha1_finish_ret( ctx, output ); -} -#endif - -#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ diff --git a/components/mbedtls/port/esp_sha256.c b/components/mbedtls/port/esp_sha256.c deleted file mode 100644 index 7a1e2a14..00000000 --- a/components/mbedtls/port/esp_sha256.c +++ /dev/null @@ -1,422 +0,0 @@ -/* - * SHA-256 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/* - * The SHA-256 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT) - -#include "mbedtls/sha256.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "esp32/sha.h" - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -do { \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} while( 0 ) -#endif - -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); -} - -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) -{ - if( ctx == NULL ) - return; - - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_unlock_engine(SHA2_256); - } - mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); -} - -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ) -{ - *dst = *src; - - if (src->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - /* Copy hardware digest state out to cloned state, - which will become a software digest. - */ - esp_sha_read_digest_state(SHA2_256, dst->state); - dst->mode = ESP_MBEDTLS_SHA256_SOFTWARE; - } -} - -/* - * SHA-256 context setup - */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - if( is224 == 0 ) - { - /* SHA-256 */ - ctx->state[0] = 0x6A09E667; - ctx->state[1] = 0xBB67AE85; - ctx->state[2] = 0x3C6EF372; - ctx->state[3] = 0xA54FF53A; - ctx->state[4] = 0x510E527F; - ctx->state[5] = 0x9B05688C; - ctx->state[6] = 0x1F83D9AB; - ctx->state[7] = 0x5BE0CD19; - } - else - { - /* SHA-224 */ - ctx->state[0] = 0xC1059ED8; - ctx->state[1] = 0x367CD507; - ctx->state[2] = 0x3070DD17; - ctx->state[3] = 0xF70E5939; - ctx->state[4] = 0xFFC00B31; - ctx->state[5] = 0x68581511; - ctx->state[6] = 0x64F98FA7; - ctx->state[7] = 0xBEFA4FA4; - } - - ctx->is224 = is224; - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_unlock_engine(SHA2_256); - } - ctx->mode = ESP_MBEDTLS_SHA256_UNUSED; - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, - int is224 ) -{ - mbedtls_sha256_starts_ret( ctx, is224 ); -} -#endif - -static const uint32_t K[] = -{ - 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, - 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, - 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, - 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, - 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, - 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, - 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, - 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, - 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, - 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, - 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, - 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, - 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, - 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, - 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, - 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, -}; - -#define SHR(x,n) ((x & 0xFFFFFFFF) >> n) -#define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) - -#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) -#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) - -#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) -#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) - -#define F0(x,y,z) ((x & y) | (z & (x | y))) -#define F1(x,y,z) (z ^ (x & (y ^ z))) - -#define R(t) \ -( \ - W[t] = S1(W[t - 2]) + W[t - 7] + \ - S0(W[t - 15]) + W[t - 16] \ -) - -#define P(a,b,c,d,e,f,g,h,x,K) \ -{ \ - temp1 = h + S3(e) + F1(e,f,g) + K + x; \ - temp2 = S2(a) + F0(a,b,c); \ - d += temp1; h = temp1 + temp2; \ -} - -static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); - -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) -{ - bool first_block = false; - - if (ctx->mode == ESP_MBEDTLS_SHA256_UNUSED) { - /* try to use hardware for this digest */ - if (!ctx->is224 && esp_sha_try_lock_engine(SHA2_256)) { - ctx->mode = ESP_MBEDTLS_SHA256_HARDWARE; - first_block = true; - } else { - ctx->mode = ESP_MBEDTLS_SHA256_SOFTWARE; - } - } - - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_block(SHA2_256, data, first_block); - } else { - mbedtls_sha256_software_process(ctx, data); - } - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha256_process( ctx, data ); -} -#endif - -static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) -{ - uint32_t temp1, temp2, W[64]; - uint32_t A[8]; - unsigned int i; - - for( i = 0; i < 8; i++ ) - A[i] = ctx->state[i]; - -#if defined(MBEDTLS_SHA256_SMALLER) - for( i = 0; i < 64; i++ ) - { - if( i < 16 ) - GET_UINT32_BE( W[i], data, 4 * i ); - else - R( i ); - - P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] ); - - temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3]; - A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1; - } -#else /* MBEDTLS_SHA256_SMALLER */ - for( i = 0; i < 16; i++ ) - GET_UINT32_BE( W[i], data, 4 * i ); - - for( i = 0; i < 16; i += 8 ) - { - P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] ); - P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] ); - P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] ); - P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] ); - P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] ); - P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] ); - P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] ); - P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] ); - } - - for( i = 16; i < 64; i += 8 ) - { - P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] ); - P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] ); - P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] ); - P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] ); - P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] ); - P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] ); - P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] ); - P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] ); - } -#endif /* MBEDTLS_SHA256_SMALLER */ - - for( i = 0; i < 8; i++ ) - ctx->state[i] += A[i]; -} - -/* - * SHA-256 process buffer - */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ) -{ - int ret; - size_t fill; - uint32_t left; - - if( ilen == 0 ) - return 0; - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - - if ( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) { - return ret; - } - - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - if ( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) { - return ret; - } - - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha256_update_ret( ctx, input, ilen ); -} -#endif - -static const unsigned char sha256_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-256 final digest - */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) -{ - int ret; - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_BE( high, msglen, 0 ); - PUT_UINT32_BE( low, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) { - goto out; - } - - if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) { - goto out; - } - - /* if state is in hardware, read it out */ - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_read_digest_state(SHA2_256, ctx->state); - } - - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); - PUT_UINT32_BE( ctx->state[5], output, 20 ); - PUT_UINT32_BE( ctx->state[6], output, 24 ); - - if( ctx->is224 == 0 ) - PUT_UINT32_BE( ctx->state[7], output, 28 ); - -out: - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_unlock_engine(SHA2_256); - ctx->mode = ESP_MBEDTLS_SHA256_SOFTWARE; - } - - return ret; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ - mbedtls_sha256_finish_ret( ctx, output ); -} -#endif - -#endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */ diff --git a/components/mbedtls/port/esp_sha512.c b/components/mbedtls/port/esp_sha512.c deleted file mode 100644 index 58cd7909..00000000 --- a/components/mbedtls/port/esp_sha512.c +++ /dev/null @@ -1,469 +0,0 @@ -/* - * SHA-512 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/* - * The SHA-512 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT) - -#include "mbedtls/sha512.h" - -#if defined(_MSC_VER) || defined(__WATCOMC__) - #define UL64(x) x##ui64 -#else - #define UL64(x) x##ULL -#endif - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "esp32/sha.h" - -inline static esp_sha_type sha_type(const mbedtls_sha512_context *ctx) -{ - return ctx->is384 ? SHA2_384 : SHA2_512; -} - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * 64-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT64_BE -#define GET_UINT64_BE(n,b,i) \ -{ \ - (n) = ( (uint64_t) (b)[(i) ] << 56 ) \ - | ( (uint64_t) (b)[(i) + 1] << 48 ) \ - | ( (uint64_t) (b)[(i) + 2] << 40 ) \ - | ( (uint64_t) (b)[(i) + 3] << 32 ) \ - | ( (uint64_t) (b)[(i) + 4] << 24 ) \ - | ( (uint64_t) (b)[(i) + 5] << 16 ) \ - | ( (uint64_t) (b)[(i) + 6] << 8 ) \ - | ( (uint64_t) (b)[(i) + 7] ); \ -} -#endif /* GET_UINT64_BE */ - -#ifndef PUT_UINT64_BE -#define PUT_UINT64_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 7] = (unsigned char) ( (n) ); \ -} -#endif /* PUT_UINT64_BE */ - -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) -{ - if( ctx == NULL ) - return; - - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_unlock_engine(sha_type(ctx)); - } - mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ) -{ - *dst = *src; - - if (src->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - /* Copy hardware digest state out to cloned state, - which will be a software digest. - - Always read 512 bits of state, even for SHA-384 - (SHA-384 state is identical to SHA-512, only - digest is truncated.) - */ - esp_sha_read_digest_state(SHA2_512, dst->state); - dst->mode = ESP_MBEDTLS_SHA512_SOFTWARE; - } -} - - -/* - * SHA-512 context setup - */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - if( is384 == 0 ) - { - /* SHA-512 */ - ctx->state[0] = UL64(0x6A09E667F3BCC908); - ctx->state[1] = UL64(0xBB67AE8584CAA73B); - ctx->state[2] = UL64(0x3C6EF372FE94F82B); - ctx->state[3] = UL64(0xA54FF53A5F1D36F1); - ctx->state[4] = UL64(0x510E527FADE682D1); - ctx->state[5] = UL64(0x9B05688C2B3E6C1F); - ctx->state[6] = UL64(0x1F83D9ABFB41BD6B); - ctx->state[7] = UL64(0x5BE0CD19137E2179); - } - else - { - /* SHA-384 */ - ctx->state[0] = UL64(0xCBBB9D5DC1059ED8); - ctx->state[1] = UL64(0x629A292A367CD507); - ctx->state[2] = UL64(0x9159015A3070DD17); - ctx->state[3] = UL64(0x152FECD8F70E5939); - ctx->state[4] = UL64(0x67332667FFC00B31); - ctx->state[5] = UL64(0x8EB44A8768581511); - ctx->state[6] = UL64(0xDB0C2E0D64F98FA7); - ctx->state[7] = UL64(0x47B5481DBEFA4FA4); - } - - ctx->is384 = is384; - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_unlock_engine(sha_type(ctx)); - } - ctx->mode = ESP_MBEDTLS_SHA512_UNUSED; - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, - int is384 ) -{ - mbedtls_sha512_starts_ret( ctx, is384 ); -} -#endif - -/* - * Round constants - */ -static const uint64_t K[80] = -{ - UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), - UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), - UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), - UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), - UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), - UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), - UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), - UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), - UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), - UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), - UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), - UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), - UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), - UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), - UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), - UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), - UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), - UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), - UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), - UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), - UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), - UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), - UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), - UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), - UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), - UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), - UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), - UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), - UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), - UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), - UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), - UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), - UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), - UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), - UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), - UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), - UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), - UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), - UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), - UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) -}; - -static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); - -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) -{ - bool first_block = false; - - if (ctx->mode == ESP_MBEDTLS_SHA512_UNUSED) { - /* try to use hardware for this digest */ - if (esp_sha_try_lock_engine(sha_type(ctx))) { - ctx->mode = ESP_MBEDTLS_SHA512_HARDWARE; - first_block = true; - } else { - ctx->mode = ESP_MBEDTLS_SHA512_SOFTWARE; - } - } - - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_block(sha_type(ctx), data, first_block); - } else { - mbedtls_sha512_software_process(ctx, data); - } - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ - mbedtls_internal_sha512_process( ctx, data ); -} -#endif - - -static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) -{ - int i; - uint64_t temp1, temp2, W[80]; - uint64_t A, B, C, D, E, F, G, H; - -#define SHR(x,n) (x >> n) -#define ROTR(x,n) (SHR(x,n) | (x << (64 - n))) - -#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) -#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6)) - -#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) -#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) - -#define F0(x,y,z) ((x & y) | (z & (x | y))) -#define F1(x,y,z) (z ^ (x & (y ^ z))) - -#define P(a,b,c,d,e,f,g,h,x,K) \ -{ \ - temp1 = h + S3(e) + F1(e,f,g) + K + x; \ - temp2 = S2(a) + F0(a,b,c); \ - d += temp1; h = temp1 + temp2; \ -} - - for( i = 0; i < 16; i++ ) - { - GET_UINT64_BE( W[i], data, i << 3 ); - } - - for( ; i < 80; i++ ) - { - W[i] = S1(W[i - 2]) + W[i - 7] + - S0(W[i - 15]) + W[i - 16]; - } - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - E = ctx->state[4]; - F = ctx->state[5]; - G = ctx->state[6]; - H = ctx->state[7]; - i = 0; - - do - { - P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++; - P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++; - P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++; - P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++; - P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++; - P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++; - P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++; - P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++; - } - while( i < 80 ); - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; - ctx->state[4] += E; - ctx->state[5] += F; - ctx->state[6] += G; - ctx->state[7] += H; -} - -/* - * SHA-512 process buffer - */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ) -{ - int ret; - size_t fill; - unsigned int left; - - if( ilen == 0 ) - return 0; - - left = (unsigned int) (ctx->total[0] & 0x7F); - fill = 128 - left; - - ctx->total[0] += (uint64_t) ilen; - - if( ctx->total[0] < (uint64_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - if ( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) { - return ret; - } - - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 128 ) - { - if ( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) { - return ret; - } - - input += 128; - ilen -= 128; - } - - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha512_update_ret( ctx, input, ilen ); -} -#endif - - -static const unsigned char sha512_padding[128] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-512 final digest - */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) -{ - int ret; - size_t last, padn; - uint64_t high, low; - unsigned char msglen[16]; - - high = ( ctx->total[0] >> 61 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT64_BE( high, msglen, 0 ); - PUT_UINT64_BE( low, msglen, 8 ); - - last = (size_t)( ctx->total[0] & 0x7F ); - padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - - if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) { - goto out; - } - - if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) { - goto out; - } - - /* if state is in hardware, read it out */ - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_read_digest_state(sha_type(ctx), ctx->state); - } - - PUT_UINT64_BE( ctx->state[0], output, 0 ); - PUT_UINT64_BE( ctx->state[1], output, 8 ); - PUT_UINT64_BE( ctx->state[2], output, 16 ); - PUT_UINT64_BE( ctx->state[3], output, 24 ); - PUT_UINT64_BE( ctx->state[4], output, 32 ); - PUT_UINT64_BE( ctx->state[5], output, 40 ); - - if( ctx->is384 == 0 ) - { - PUT_UINT64_BE( ctx->state[6], output, 48 ); - PUT_UINT64_BE( ctx->state[7], output, 56 ); - } - -out: - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_unlock_engine(sha_type(ctx)); - ctx->mode = ESP_MBEDTLS_SHA512_SOFTWARE; - } - - return ret; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ - mbedtls_sha512_finish_ret( ctx, output ); -} -#endif - -#endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */ diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h deleted file mode 100644 index 993d0689..00000000 --- a/components/mbedtls/port/include/aes_alt.h +++ /dev/null @@ -1,69 +0,0 @@ -/** - * \file aes_alt.h - * - * \brief AES block cipher - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * - */ -#ifndef AES_ALT_H -#define AES_ALT_H - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_AES_ALT) -#include "esp32/aes.h" - -typedef esp_aes_context mbedtls_aes_context; - -#define mbedtls_aes_init esp_aes_init -#define mbedtls_aes_free esp_aes_free -#define mbedtls_aes_setkey_enc esp_aes_setkey -#define mbedtls_aes_setkey_dec esp_aes_setkey -#define mbedtls_aes_crypt_ecb esp_aes_crypt_ecb -#if defined(MBEDTLS_CIPHER_MODE_CBC) -#define mbedtls_aes_crypt_cbc esp_aes_crypt_cbc -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) -#define mbedtls_aes_crypt_cfb128 esp_aes_crypt_cfb128 -#define mbedtls_aes_crypt_cfb8 esp_aes_crypt_cfb8 -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) -#define mbedtls_aes_crypt_ctr esp_aes_crypt_ctr -#endif -#if defined(MBEDTLS_CIPHER_MODE_OFB) -#define mbedtls_aes_crypt_ofb esp_aes_crypt_ofb -#endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) -typedef esp_aes_xts_context mbedtls_aes_xts_context; -#define mbedtls_aes_xts_init esp_aes_xts_init -#define mbedtls_aes_xts_free esp_aes_xts_free -#define mbedtls_aes_xts_setkey_enc esp_aes_xts_setkey_enc -#define mbedtls_aes_xts_setkey_dec esp_aes_xts_setkey_dec -#define mbedtls_aes_crypt_xts esp_aes_crypt_xts -#endif -#define mbedtls_internal_aes_encrypt esp_internal_aes_encrypt -#define mbedtls_internal_aes_decrypt esp_internal_aes_decrypt -#endif /* MBEDTLS_AES_ALT */ - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/mbedtls/port/include/esp32/aes.h b/components/mbedtls/port/include/esp32/aes.h deleted file mode 100644 index 10719301..00000000 --- a/components/mbedtls/port/include/esp32/aes.h +++ /dev/null @@ -1,359 +0,0 @@ -/** - * \brief AES block cipher, ESP32 hardware accelerated version - * Based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * - */ - -#ifndef ESP_AES_H -#define ESP_AES_H - -#include "esp_types.h" -#include "esp32/rom/aes.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* padlock.c and aesni.c rely on these values! */ -#define ESP_AES_ENCRYPT 1 -#define ESP_AES_DECRYPT 0 - -#define ERR_ESP_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ -#define ERR_ESP_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ - -/** - * \brief AES context structure - * - */ -typedef struct { - uint8_t key_bytes; - volatile uint8_t key_in_hardware; /* This variable is used for fault injection checks, so marked volatile to avoid optimisation */ - uint8_t key[32]; -} esp_aes_context; - -/** - * \brief The AES XTS context-type definition. - */ -typedef struct -{ - esp_aes_context crypt; /*!< The AES context to use for AES block - encryption or decryption. */ - esp_aes_context tweak; /*!< The AES context used for tweak - computation. */ -} esp_aes_xts_context; - - -/** - * \brief Lock access to AES hardware unit - * - * AES hardware unit can only be used by one - * consumer at a time. - * - * esp_aes_xxx API calls automatically manage locking & unlocking of - * hardware, this function is only needed if you want to call - * ets_aes_xxx functions directly. - */ -void esp_aes_acquire_hardware( void ); - -/** - * \brief Unlock access to AES hardware unit - * - * esp_aes_xxx API calls automatically manage locking & unlocking of - * hardware, this function is only needed if you want to call - * ets_aes_xxx functions directly. - */ -void esp_aes_release_hardware( void ); - -/** - * \brief Initialize AES context - * - * \param ctx AES context to be initialized - */ -void esp_aes_init( esp_aes_context *ctx ); - -/** - * \brief Clear AES context - * - * \param ctx AES context to be cleared - */ -void esp_aes_free( esp_aes_context *ctx ); - -/** - * \brief This function initializes the specified AES XTS context. - * - * It must be the first API called before using - * the context. - * - * \param ctx The AES XTS context to initialize. - */ -void esp_aes_xts_init( esp_aes_xts_context *ctx ); - -/** - * \brief This function releases and clears the specified AES XTS context. - * - * \param ctx The AES XTS context to clear. - */ -void esp_aes_xts_free( esp_aes_xts_context *ctx ); - -/** - * \brief AES set key schedule (encryption or decryption) - * - * \param ctx AES context to be initialized - * \param key encryption key - * \param keybits must be 128, 192 or 256 - * - * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH - */ -int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits ); - -/** - * \brief AES-ECB block encryption/decryption - * - * \param ctx AES context - * \param mode AES_ENCRYPT or AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block - * - * \return 0 if successful - */ -int esp_aes_crypt_ecb( esp_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] ); - -/** - * \brief AES-CBC buffer encryption/decryption - * Length should be a multiple of the block - * size (16 bytes) - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode AES_ENCRYPT or AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful, or ERR_AES_INVALID_INPUT_LENGTH - */ -int esp_aes_crypt_cbc( esp_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - - -/** - * \brief AES-CFB128 buffer encryption/decryption. - * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode AES_ENCRYPT or AES_DECRYPT - * \param length length of the input data - * \param iv_off offset in IV (updated after use) - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful - */ -int esp_aes_crypt_cfb128( esp_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief AES-CFB8 buffer encryption/decryption. - * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode AES_ENCRYPT or AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful - */ -int esp_aes_crypt_cfb8( esp_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief AES-CTR buffer encryption/decryption - * - * Warning: You have to keep the maximum use of your counter in mind! - * - * Note: Due to the nature of CTR you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. - * - * \param ctx AES context - * \param length The length of the data - * \param nc_off The offset in the current stream_block (for resuming - * within current cipher stream). The offset pointer to - * should be 0 at the start of a stream. - * \param nonce_counter The 128-bit nonce and counter. - * \param stream_block The saved stream-block for resuming. Is overwritten - * by the function. - * \param input The input data stream - * \param output The output data stream - * - * \return 0 if successful - */ -int esp_aes_crypt_ctr( esp_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function prepares an XTS context for encryption and - * sets the encryption key. - * - * \param ctx The AES XTS context to which the key should be bound. - * \param key The encryption key. This is comprised of the XTS key1 - * concatenated with the XTS key2. - * \param keybits The size of \p key passed in bits. Valid options are: - *
  • 256 bits (each of key1 and key2 is a 128-bit key)
    • - *
  • 512 bits (each of key1 and key2 is a 256-bit key)
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief This function performs an AES-OFB (Output Feedback Mode) - * encryption or decryption operation. - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param length The length of the input data. - * \param iv_off The offset in IV (updated after use). - * It must point to a valid \c size_t. - * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of \c 16 Bytes. - * \param input The buffer holding the input data. - * It must be readable and of size \p length Bytes. - * \param output The buffer holding the output data. - * It must be writeable and of size \p length Bytes. - * - * \return \c 0 on success. - */ -int esp_aes_crypt_ofb( esp_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function prepares an XTS context for decryption and - * sets the decryption key. - * - * \param ctx The AES XTS context to which the key should be bound. - * \param key The decryption key. This is comprised of the XTS key1 - * concatenated with the XTS key2. - * \param keybits The size of \p key passed in bits. Valid options are: - *
  • 256 bits (each of key1 and key2 is a 128-bit key)
    • - *
  • 512 bits (each of key1 and key2 is a 256-bit key)
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); - - -/** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see AES_ENCRYPT_ALT) - * - * \param ctx AES context - * \param input Plaintext block - * \param output Output (ciphertext) block - */ -int esp_internal_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); - -/** Deprecated, see esp_aes_internal_encrypt */ -void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated)); - -/** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see AES_DECRYPT_ALT) - * - * \param ctx AES context - * \param input Ciphertext block - * \param output Output (plaintext) block - */ -int esp_internal_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); - -/** Deprecated, see esp_aes_internal_decrypt */ -void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated)); - -/** AES-XTS buffer encryption/decryption */ -int esp_aes_crypt_xts( esp_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output ); - -#ifdef __cplusplus -} -#endif - -#endif /* aes.h */ diff --git a/components/mbedtls/port/include/esp32/sha.h b/components/mbedtls/port/include/esp32/sha.h deleted file mode 100644 index 2009d198..00000000 --- a/components/mbedtls/port/include/esp32/sha.h +++ /dev/null @@ -1,211 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -#ifndef _ESP_SHA_H_ -#define _ESP_SHA_H_ - -#include "esp32/rom/sha.h" -#include "esp_types.h" - -/** @brief Low-level support functions for the hardware SHA engine - * - * @note If you're looking for a SHA API to use, try mbedtls component - * mbedtls/shaXX.h. That API supports hardware acceleration. - * - * The API in this header provides some building blocks for implementing a - * full SHA API such as the one in mbedtls, and also a basic SHA function esp_sha(). - * - * Some technical details about the hardware SHA engine: - * - * - SHA accelerator engine calculates one digest at a time, per SHA - * algorithm type. It initialises and maintains the digest state - * internally. It is possible to read out an in-progress SHA digest - * state, but it is not possible to restore a SHA digest state - * into the engine. - * - * - The memory block SHA_TEXT_BASE is shared between all SHA digest - * engines, so all engines must be idle before this memory block is - * modified. - * - */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* Defined in esp32/rom/sha.h */ -typedef enum SHA_TYPE esp_sha_type; - -/** @brief Calculate SHA1 or SHA2 sum of some data, using hardware SHA engine - * - * @note For more versatile SHA calculations, where data doesn't need - * to be passed all at once, try the mbedTLS mbedtls/shaX.h APIs. The - * hardware-accelerated mbedTLS implementation is also faster when - * hashing large amounts of data. - * - * @note It is not necessary to lock any SHA hardware before calling - * this function, thread safety is managed internally. - * - * @note If a TLS connection is open then this function may block - * indefinitely waiting for a SHA engine to become available. Use the - * mbedTLS SHA API to avoid this problem. - * - * @param sha_type SHA algorithm to use. - * - * @param input Input data buffer. - * - * @param ilen Length of input data in bytes. - * - * @param output Buffer for output SHA digest. Output is 20 bytes for - * sha_type SHA1, 32 bytes for sha_type SHA2_256, 48 bytes for - * sha_type SHA2_384, 64 bytes for sha_type SHA2_512. - */ -void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); - -/* @brief Begin to execute a single SHA block operation - * - * @note This is a piece of a SHA algorithm, rather than an entire SHA - * algorithm. - * - * @note Call esp_sha_try_lock_engine() before calling this - * function. Do not call esp_sha_lock_memory_block() beforehand, this - * is done inside the function. - * - * @param sha_type SHA algorithm to use. - * - * @param data_block Pointer to block of data. Block size is - * determined by algorithm (SHA1/SHA2_256 = 64 bytes, - * SHA2_384/SHA2_512 = 128 bytes) - * - * @param is_first_block If this parameter is true, the SHA state will - * be initialised (with the initial state of the given SHA algorithm) - * before the block is calculated. If false, the existing state of the - * SHA engine will be used. - * - * @return As a performance optimisation, this function returns before - * the SHA block operation is complete. Both this function and - * esp_sha_read_state() will automatically wait for any previous - * operation to complete before they begin. If using the SHA registers - * directly in another way, call esp_sha_wait_idle() after calling this - * function but before accessing the SHA registers. - */ -void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block); - -/** @brief Read out the current state of the SHA digest loaded in the engine. - * - * @note This is a piece of a SHA algorithm, rather than an entire SHA algorithm. - * - * @note Call esp_sha_try_lock_engine() before calling this - * function. Do not call esp_sha_lock_memory_block() beforehand, this - * is done inside the function. - * - * If the SHA suffix padding block has been executed already, the - * value that is read is the SHA digest (in big endian - * format). Otherwise, the value that is read is an interim SHA state. - * - * @note If sha_type is SHA2_384, only 48 bytes of state will be read. - * This is enough for the final SHA2_384 digest, but if you want the - * interim SHA-384 state (to continue digesting) then pass SHA2_512 instead. - * - * @param sha_type SHA algorithm in use. - * - * @param state Pointer to a memory buffer to hold the SHA state. Size - * is 20 bytes (SHA1), 32 bytes (SHA2_256), 48 bytes (SHA2_384) or 64 bytes (SHA2_512). - * - */ -void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state); - -/** - * @brief Obtain exclusive access to a particular SHA engine - * - * @param sha_type Type of SHA engine to use. - * - * Blocks until engine is available. Note: Can block indefinitely - * while a TLS connection is open, suggest using - * esp_sha_try_lock_engine() and failing over to software SHA. - */ -void esp_sha_lock_engine(esp_sha_type sha_type); - -/** - * @brief Try and obtain exclusive access to a particular SHA engine - * - * @param sha_type Type of SHA engine to use. - * - * @return Returns true if the SHA engine is locked for exclusive - * use. Call esp_sha_unlock_sha_engine() when done. Returns false if - * the SHA engine is already in use, caller should use software SHA - * algorithm for this digest. - */ -bool esp_sha_try_lock_engine(esp_sha_type sha_type); - -/** - * @brief Unlock an engine previously locked with esp_sha_lock_engine() or esp_sha_try_lock_engine() - * - * @param sha_type Type of engine to release. - */ -void esp_sha_unlock_engine(esp_sha_type sha_type); - -/** - * @brief Acquire exclusive access to the SHA shared memory block at SHA_TEXT_BASE - * - * This memory block is shared across all the SHA algorithm types. - * - * Caller should have already locked a SHA engine before calling this function. - * - * Note that it is possible to obtain exclusive access to the memory block even - * while it is in use by the SHA engine. Caller should use esp_sha_wait_idle() - * to ensure the SHA engine is not reading from the memory block in hardware. - * - * @note This function enters a critical section. Do not block while holding this lock. - * - * @note You do not need to lock the memory block before calling esp_sha_block() or esp_sha_read_digest_state(), these functions handle memory block locking internally. - * - * Call esp_sha_unlock_memory_block() when done. - */ -void esp_sha_lock_memory_block(void); - -/** - * @brief Release exclusive access to the SHA register memory block at SHA_TEXT_BASE - * - * Caller should have already locked a SHA engine before calling this function. - * - * This function releases the critical section entered by esp_sha_lock_memory_block(). - * - * Call following esp_sha_lock_memory_block(). - */ -void esp_sha_unlock_memory_block(void); - -/** @brief Wait for the SHA engine to finish any current operation - * - * @note This function does not ensure exclusive access to any SHA - * engine. Caller should use esp_sha_try_lock_engine() and - * esp_sha_lock_memory_block() as required. - * - * @note Functions declared in this header file wait for SHA engine - * completion automatically, so you don't need to use this API for - * these. However if accessing SHA registers directly, you will need - * to call this before accessing SHA registers if using the - * esp_sha_block() function. - * - * @note This function busy-waits, so wastes CPU resources. - * Best to delay calling until you are about to need it. - * - */ -void esp_sha_wait_idle(void); - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/components/mbedtls/port/include/mbedtls/bignum.h b/components/mbedtls/port/include/mbedtls/bignum.h deleted file mode 100644 index 23cd5634..00000000 --- a/components/mbedtls/port/include/mbedtls/bignum.h +++ /dev/null @@ -1,78 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -#ifndef __ESP_MBEDTLS_BIGNUM_H__ -#define __ESP_MBEDTLS_BIGNUM_H__ - -#include_next "mbedtls/bignum.h" - -/** - * This is a wrapper for the main mbedtls/bignum.h. This wrapper - * provides a few additional ESP32-only functions. - * - * This is because we don't set MBEDTLS_BIGNUM_ALT in the same way we - * do for AES, SHA, etc. Because we still use most of the bignum.h - * implementation and just replace a few hardware accelerated - * functions (see MBEDTLS_MPI_EXP_MOD_ALT & MBEDTLS_MPI_MUL_MPI_ALT in - * esp_config.h). - * - * @note Unlike the other hardware accelerator support functions in esp32/hwcrypto, there is no - * generic "hwcrypto/bignum.h" header for using these functions without mbedTLS. The reason for this - * is that all of the function implementations depend strongly upon the mbedTLS MPI implementation. - */ - -/** - * @brief Lock access to RSA Accelerator (MPI/bignum operations) - * - * RSA Accelerator hardware unit can only be used by one - * consumer at a time. - * - * @note This function is non-recursive (do not call it twice from the - * same task.) - * - * @note You do not need to call this if you are using the mbedTLS bignum.h - * API or esp_mpi_xxx functions. This function is only needed if you - * want to call ROM RSA functions or access the registers directly. - * - */ -void esp_mpi_acquire_hardware(void); - -/** - * @brief Unlock access to RSA Accelerator (MPI/bignum operations) - * - * Has to be called once for each call to esp_mpi_acquire_hardware(). - * - * @note You do not need to call this if you are using the mbedTLS bignum.h - * API or esp_mpi_xxx functions. This function is only needed if you - * want to call ROM RSA functions or access the registers directly. - */ -void esp_mpi_release_hardware(void); - -/* @brief MPI modular mupltiplication function - * - * Calculates Z = (X * Y) mod M using MPI hardware acceleration. - * - * This is not part of the standard mbedTLS bignum API. - * - * @note All of X, Y & Z should be less than 4096 bit long or an error is returned. - * - * @param Z Result bignum, should be pre-initialised with mbedtls_mpi_init(). - * @param X First multiplication argument. - * @param Y Second multiplication argument. - * @param M Modulus value for result. - * - * @return 0 on success, mbedTLS MPI error codes on failure. - */ -int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M); - -#endif diff --git a/components/mdns/CMakeLists.txt b/components/mdns/CMakeLists.txt index 99bb43a0..7e61b6e8 100644 --- a/components/mdns/CMakeLists.txt +++ b/components/mdns/CMakeLists.txt @@ -6,7 +6,7 @@ set(COMPONENT_PRIV_INCLUDEDIRS "private_include") endif() set(COMPONENT_ADD_INCLUDEDIRS "include") -set(COMPONENT_REQUIRES "lwip" "ssl" "tcpip_adapter") +set(COMPONENT_REQUIRES "lwip" "mbedtls" "tcpip_adapter") if(CONFIG_ENABLE_MDNS_CONSOLE) set(COMPONENT_SRCS "${COMPONENT_SRCS}" diff --git a/components/mqtt/CMakeLists.txt b/components/mqtt/CMakeLists.txt index 02c40550..d3b86454 100644 --- a/components/mqtt/CMakeLists.txt +++ b/components/mqtt/CMakeLists.txt @@ -21,7 +21,7 @@ set(COMPONENT_SRCS "esp-mqtt/mqtt_client.c" endif() -set(COMPONENT_REQUIRES lwip http_parser ssl tcp_transport freertos lwip ssl) +set(COMPONENT_REQUIRES lwip http_parser tcp_transport freertos lwip mbedtls openssl) register_component() diff --git a/components/mqtt/ibm-mqtt/MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c b/components/mqtt/ibm-mqtt/MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c index 059b5a26..c36ee950 100644 --- a/components/mqtt/ibm-mqtt/MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c +++ b/components/mqtt/ibm-mqtt/MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c @@ -382,14 +382,6 @@ int NetworkConnectSSL(Network *n, char *addr, int port, ssl_ca_crt_key_t *ssl_cc goto exit; } - if (ssl_cck->cacrt) { - retVal = SSL_CTX_load_verify_buffer(n->ctx, ssl_cck->cacrt, ssl_cck->cacrt_len); - - if (retVal != 1) { - goto exit1; - } - } - if (ssl_cck->cert && ssl_cck->key) { retVal = SSL_CTX_use_certificate_ASN1(n->ctx, ssl_cck->cert_len, ssl_cck->cert); diff --git a/components/protocomm/CMakeLists.txt b/components/protocomm/CMakeLists.txt index b2261de9..fb7f4dad 100644 --- a/components/protocomm/CMakeLists.txt +++ b/components/protocomm/CMakeLists.txt @@ -13,6 +13,6 @@ set(COMPONENT_SRCS "src/common/protocomm.c" "src/transports/protocomm_httpd.c") endif() -set(COMPONENT_PRIV_REQUIRES protobuf-c ssl esp_http_server http_parser) +set(COMPONENT_PRIV_REQUIRES protobuf-c mbedtls esp_http_server http_parser) register_component() diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 593cf204..3329f6a8 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -1,7 +1,7 @@ set(COMPONENT_SRCDIRS "src/crypto" "src/fast_crypto" "src/wps" "port" "src") set(COMPONENT_ADD_INCLUDEDIRS "include" "port/include") -set(COMPONENT_PRIV_REQUIRES "ssl" "freertos" "heap" "newlib" "util") +set(COMPONENT_PRIV_REQUIRES "mbedtls" "freertos" "heap" "newlib" "util") register_component() diff --git a/examples/protocols/openssl_client/main/openssl_client_example_main.c b/examples/protocols/openssl_client/main/openssl_client_example_main.c index ec798df8..b9458a5c 100644 --- a/examples/protocols/openssl_client/main/openssl_client_example_main.c +++ b/examples/protocols/openssl_client/main/openssl_client_example_main.c @@ -196,16 +196,6 @@ static void openssl_client_task(void* p) printf("OK\n"); - printf("load ca crt ......"); - ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start); - - if (ret) { - printf("OK\n"); - } else { - printf("failed\n"); - goto failed2; - } - printf("load client crt ......"); ret = SSL_CTX_use_certificate_ASN1(ctx, client_pem_end - client_pem_start, client_pem_start); diff --git a/examples/protocols/openssl_server/main/openssl_server_example_main.c b/examples/protocols/openssl_server/main/openssl_server_example_main.c index 4eef63c3..f26edce6 100644 --- a/examples/protocols/openssl_server/main/openssl_server_example_main.c +++ b/examples/protocols/openssl_server/main/openssl_server_example_main.c @@ -194,16 +194,6 @@ static void openssl_server_task(void* p) printf("OK\n"); - printf("load ca crt ......"); - ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start); - - if (ret) { - printf("OK\n"); - } else { - printf("failed\n"); - goto failed2; - } - printf("load server crt ......"); ret = SSL_CTX_use_certificate_ASN1(ctx, server_pem_end - server_pem_start, server_pem_start); diff --git a/tools/cmake/build.cmake b/tools/cmake/build.cmake index be672835..2ff4b335 100644 --- a/tools/cmake/build.cmake +++ b/tools/cmake/build.cmake @@ -154,7 +154,7 @@ function(__build_init idf_path) endforeach() # Set components required by all other components in the build - set(requires_common newlib freertos heap log) + set(requires_common newlib freertos heap log lwip util) idf_build_set_property(__COMPONENT_REQUIRES_COMMON "${requires_common}") __build_get_idf_git_revision()