Merge branch 'master' into feature/esp32s2beta_update

2025-09-25 09:42:35 +00:00 · 2019-08-08 13:44:24 +10:00
parent 1877a9fcd8 16b300bd7a
commit 24d26fccde
2414 changed files with 160787 additions and 45783 deletions
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@@ -1,75 +1,17 @@
 idf_build_get_property(idf_target IDF_TARGET)

-set(COMPONENT_ADD_INCLUDEDIRS "port/include" "mbedtls/include")
-set(COMPONENT_SRCS "mbedtls.c")
-set(COMPONENT_REQUIRES lwip)
-
-set(MBEDTLS_PRIV_REQUIRES ${IDF_COMPONENT_REQUIRES_COMMON} soc)
-
-register_component()
+idf_component_register(INCLUDE_DIRS "port/include" "mbedtls/include"
+    REQUIRES lwip
+    PRIV_REQUIRES ${IDF_COMPONENT_REQUIRES_COMMON} soc
+    )

 # Only build mbedtls libraries
 set(ENABLE_TESTING CACHE BOOL OFF)
 set(ENABLE_PROGRAMS CACHE BOOL OFF)

-# Use same policy between IDF and mbedtls build
-function(project)
-    set(_args ARGV)
-    _project(${${_args}})
-    cmake_policy(SET CMP0022 NEW)
-endfunction()
-
 # Needed to for include_next includes to work from within mbedtls
 include_directories("${COMPONENT_DIR}/port/include")

-# Workaround issue with creating symbolic links due to issues with native
-# path conversion (TO_NATIVE_PATH). The following summarizes what CMake invocations
-# this workaround is for:
-#
-# 1. CMake from command line + Ninja = No errors
-# 2. CMake from command line + MinGW Makefiles = Forward slash for paths, mklink mistakes path for a switch
-# 3. CMake from MSYS + Ninja = No errors
-# 4. CMake from MSYS + Unix Makefiles/MSYS Makefiles = Forward slash for paths, mklink mistakes path for a switch
-#
-# There are references to the issue in case (2) and (4) in https://github.com/ARMmbed/mbedtls/issues/1496,
-# https://cmake.org/pipermail/cmake/2006-July/010193.html, and https://cmake.org/Bug/view.php?id=5939.
-#
-# This workaround is meant to circumvent logic inside link_to_source() function in mbedtls/mbedtls/CMakeLists.txt.
-if(CMAKE_HOST_WIN32)
-    set(msystem $ENV{MSYSTEM})
-    if(MSYS OR msystem)
-        # Solves case (4). When in MSYS environment, instead opt to use the Unix equivalent of mklink.
-        set(CMAKE_HOST_UNIX 1)
-    else()
-        # Solves case (2). When invoked from command line, create the symbolic links ahead of link_to_source() invocations
-        # using a 'hybrid' path format resilient intermediary - in this case a Python wrapper for mklink. This is more unweildy
-        # than necessary, since string(REPLACE "/" "\\" ... does not actually work.
-        set(target_links "mbedtls/include/mbedtls"
-                        "mbedtls/scripts")
-        foreach(target_link ${target_links})
-            file(TO_NATIVE_PATH ${CMAKE_CURRENT_BINARY_DIR}/${target_link} link)
-            file(TO_NATIVE_PATH ${COMPONENT_DIR}/${target_link} target)
-
-            idf_build_get_property(python PYTHON)
-            if(NOT EXISTS ${link})
-                if(IS_DIRECTORY ${target})
-                    set(command ${python} ${COMPONENT_DIR}/mklink.py /j ${link} ${target})
-                else()
-                    set(command ${python} ${COMPONENT_DIR}/mklink.py /h ${link} ${target})
-                endif()
-
-                execute_process(COMMAND ${command}
-                    RESULT_VARIABLE result
-                    ERROR_VARIABLE output)
-
-                if(NOT ${result} EQUAL 0)
-                    message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
-                endif()
-            endif()
-        endforeach()
-    endif()
-endif()
-
 # Import mbedtls library targets
 add_subdirectory(mbedtls)

@@ -98,9 +40,4 @@ foreach(target ${mbedtls_targets})
 endforeach()

 # Link mbedtls libraries to component library
-target_link_libraries(${COMPONENT_LIB} ${mbedtls_targets})
-
-# Catch usage of deprecated mbedTLS functions when building tests
-if(mbedtls_test IN_LIST BUILD_TEST_COMPONENTS)
-    add_definitions(-DMBEDTLS_DEPRECATED_WARNING)
-endif()
+target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
--- a/components/mbedtls/mbedtls
+++ b/components/mbedtls/mbedtls
--- a/components/mbedtls/mbedtls.c
+++ b/components/mbedtls/mbedtls.c
@@ -1 +0,0 @@
-// Empty file
--- a/components/mbedtls/mklink.py
+++ b/components/mbedtls/mklink.py
@@ -1,40 +0,0 @@
-#!/usr/bin/env python
-#
-# Wrapper for symbolic link creation on Windows that works around issues
-# with native path conversion. See the component CMakeLists.txt for more details.
-#
-# Copyright 2018 Espressif Systems (Shanghai) PTE LTD
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http:#www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-import os
-import argparse
-import subprocess
-
-parser = argparse.ArgumentParser()
-parser.add_argument("type")
-parser.add_argument("link")
-parser.add_argument("target")
-
-args = parser.parse_args()
-
-link = os.path.abspath(args.link)
-target = os.path.abspath(args.target)
-
-try:
-    os.makedirs(os.path.dirname(link))
-except WindowsError:
-    pass
-
-mklink_cmd = ["mklink", args.type, link, target]
-
-subprocess.call(mklink_cmd, shell=True)
--- a/components/mbedtls/port/esp32/aes.c
+++ b/components/mbedtls/port/esp32/aes.c
@@ -408,6 +408,50 @@ int esp_aes_crypt_ctr( esp_aes_context *ctx,
    return 0;
 }

+/*
+ * AES-OFB (Output Feedback Mode) buffer encryption/decryption
+ */
+int esp_aes_crypt_ofb( esp_aes_context *ctx,
+                           size_t length,
+                           size_t *iv_off,
+                           unsigned char iv[16],
+                           const unsigned char *input,
+                           unsigned char *output )
+{
+    int ret = 0;
+    size_t n;
+
+    if ( ctx == NULL || iv_off == NULL || iv == NULL ||
+        input == NULL || output == NULL ) {
+            return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
+    n = *iv_off;
+
+    if( n > 15 ) {
+        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+    }
+
+    esp_aes_acquire_hardware();
+
+    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
+
+    while( length-- ) {
+        if( n == 0 ) {
+            esp_aes_block( iv, iv );
+        }
+        *output++ =  *input++ ^ iv[n];
+
+        n = ( n + 1 ) & 0x0F;
+    }
+
+    *iv_off = n;
+
+    esp_aes_release_hardware();
+
+    return( ret );
+}
+
 /* Below XTS implementation is copied aes.c of mbedtls library. 
 * When MBEDTLS_AES_ALT is defined mbedtls expects alternate
 * definition of XTS functions to be available. Even if this 
--- a/components/mbedtls/port/esp32/esp_bignum.c
+++ b/components/mbedtls/port/esp32/esp_bignum.c
@@ -359,6 +359,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi* Z, const mbedtls_mpi* X, const mbedtls_mpi
    mbedtls_mpi *Rinv;    /* points to _Rinv (if not NULL) othwerwise &RR_new */
    mbedtls_mpi_uint Mprime;

+    if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+
+    if (mbedtls_mpi_cmp_int(Y, 0) < 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+
+    if (mbedtls_mpi_cmp_int(Y, 0) == 0) {
+        return mbedtls_mpi_lset(Z, 1);
+    }
+
    if (hw_words * 32 > 4096) {
        return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
    }
@@ -392,13 +404,24 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi* Z, const mbedtls_mpi* X, const mbedtls_mpi
    start_op(RSA_START_MODEXP_REG);

    /* X ^ Y may actually be shorter than M, but unlikely when used for crypto */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, m_words) );
+    if ((ret = mbedtls_mpi_grow(Z, m_words)) != 0) {
+        esp_mpi_release_hardware();
+        goto cleanup;
+    }

    wait_op_complete(RSA_START_MODEXP_REG);

    mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, m_words);
    esp_mpi_release_hardware();

+    // Compensate for negative X
+    if (X->s == -1 && (Y->p[0] & 1) != 0) {
+        Z->s = -1;
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z));
+    } else {
+        Z->s = 1;
+    }
+
 cleanup:
    if (_Rinv == NULL) {
        mbedtls_mpi_free(&Rinv_new);
--- a/components/mbedtls/port/include/aes_alt.h
+++ b/components/mbedtls/port/include/aes_alt.h
@@ -47,6 +47,9 @@ typedef esp_aes_context mbedtls_aes_context;
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
 #define mbedtls_aes_crypt_ctr       esp_aes_crypt_ctr
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+#define mbedtls_aes_crypt_ofb       esp_aes_crypt_ofb
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 typedef esp_aes_xts_context mbedtls_aes_xts_context;
 #define mbedtls_aes_xts_init            esp_aes_xts_init
--- a/components/mbedtls/port/include/esp32/aes.h
+++ b/components/mbedtls/port/include/esp32/aes.h
@@ -281,6 +281,31 @@ int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx,
                                const unsigned char *key,
                                unsigned int keybits );

+/**
+ * \brief       This function performs an AES-OFB (Output Feedback Mode)
+ *              encryption or decryption operation.
+ *
+ * \param ctx      The AES context to use for encryption or decryption.
+ *                 It must be initialized and bound to a key.
+ * \param length   The length of the input data.
+ * \param iv_off   The offset in IV (updated after use).
+ *                 It must point to a valid \c size_t.
+ * \param iv       The initialization vector (updated after use).
+ *                 It must be a readable and writeable buffer of \c 16 Bytes.
+ * \param input    The buffer holding the input data.
+ *                 It must be readable and of size \p length Bytes.
+ * \param output   The buffer holding the output data.
+ *                 It must be writeable and of size \p length Bytes.
+ *
+ * \return         \c 0 on success.
+ */
+int esp_aes_crypt_ofb( esp_aes_context *ctx,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
 /**
 * \brief          This function prepares an XTS context for decryption and
 *                 sets the decryption key.
--- a/components/mbedtls/port/include/mbedtls/config.h
+++ b/components/mbedtls/port/include/mbedtls/config.h
@@ -1,9 +0,0 @@
-/* This shim header is added so that any application code
-   which includes "mbedtls/config.h" directly gets the correct
-   config. */
-#pragma once
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include_next "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
--- a/components/mbedtls/test/CMakeLists.txt
+++ b/components/mbedtls/test/CMakeLists.txt
@@ -1,6 +1,9 @@
-set(COMPONENT_SRCDIRS ".")
-set(COMPONENT_ADD_INCLUDEDIRS ".")
+idf_component_register(SRC_DIRS "."
+                    INCLUDE_DIRS "."
+                    REQUIRES unity test_utils mbedtls)

-set(COMPONENT_REQUIRES unity test_utils mbedtls)
-
-register_component()
+idf_component_get_property(mbedtls mbedtls COMPONENT_LIB)
+target_compile_definitions(${mbedtls} INTERFACE "-DMBEDTLS_DEPRECATED_WARNING")
+target_compile_definitions(mbedtls PUBLIC "-DMBEDTLS_DEPRECATED_WARNING")
+target_compile_definitions(mbedcrypto PUBLIC "-DMBEDTLS_DEPRECATED_WARNING")
+target_compile_definitions(mbedx509 PUBLIC "-DMBEDTLS_DEPRECATED_WARNING")
--- a/components/mbedtls/test/test_mbedtls_mpi.c
+++ b/components/mbedtls/test/test_mbedtls_mpi.c
@@ -11,6 +11,7 @@
 #include "unity.h"
 #include "sdkconfig.h"

+#define MBEDTLS_OK 0

 /* Debugging function to print an MPI number to stdout. Happens to
   print output that can be copy-pasted directly into a Python shell.
@@ -116,11 +117,14 @@ TEST_CASE("test MPI multiplication", "[bignum]")
                     4096);
 }

-static void test_bignum_modexp(const char *z_str, const char *x_str, const char *y_str, const char *m_str)
+static bool test_bignum_modexp(const char *z_str, const char *x_str, const char *y_str, const char *m_str, int ret_error)
 {
    mbedtls_mpi Z, X, Y, M;
    char z_buf[400] = { 0 };
    size_t z_buf_len = 0;
+    bool fail = false;
+
+    printf("%s = (%s ^ %s) mod %s  ret=%d ... ", z_str, x_str, y_str, m_str, ret_error);

    mbedtls_mpi_init(&Z);
    mbedtls_mpi_init(&X);
@@ -136,38 +140,72 @@ static void test_bignum_modexp(const char *z_str, const char *x_str, const char
    //mbedtls_mpi_printf("M", &M);

    /* Z = (X ^ Y) mod M */
-    TEST_ASSERT_FALSE(mbedtls_mpi_exp_mod(&Z, &X, &Y, &M, NULL));
-
-    mbedtls_mpi_write_string(&Z, 16, z_buf, sizeof(z_buf)-1, &z_buf_len);
-    TEST_ASSERT_EQUAL_STRING_MESSAGE(z_str, z_buf, "mbedtls_mpi_exp_mod incorrect");
+    if (ret_error != mbedtls_mpi_exp_mod(&Z, &X, &Y, &M, NULL)) {
+        fail = true;
+    }
    
+    if (ret_error == MBEDTLS_OK) {
+        mbedtls_mpi_write_string(&Z, 16, z_buf, sizeof(z_buf)-1, &z_buf_len);
+        if (memcmp(z_str, z_buf, strlen(z_str)) != 0) {
+            printf("\n Expected '%s' Was '%s' \n", z_str, z_buf);
+            fail = true;
+        }
+    }
+
    mbedtls_mpi_free(&Z);
    mbedtls_mpi_free(&X);
    mbedtls_mpi_free(&Y);
    mbedtls_mpi_free(&M);
+
+    if (fail == true) {
+        printf(" FAIL\n");
+    } else {
+        printf(" PASS\n");
+    }
+    return fail;
 }

 TEST_CASE("test MPI modexp", "[bignum]")
 {
-    test_bignum_modexp("01000000", "1000", "2", "FFFFFFFF");
-    test_bignum_modexp("014B5A90", "1234", "2", "FFFFFFF");
-    test_bignum_modexp("01234321", "1111", "2", "FFFFFFFF");
-    test_bignum_modexp("02", "5", "1", "3");
-    test_bignum_modexp("22", "55", "1", "33");
-    test_bignum_modexp("0222", "555", "1", "333");
-    test_bignum_modexp("2222", "5555", "1", "3333");
-    test_bignum_modexp("11", "5555", "1", "33");
+    bool test_error = false;
+    printf("Z = (X ^ Y) mod M \n");
+    // test_bignum_modexp(Z, X, Y, M, ret_error);
+    test_error |= test_bignum_modexp("01000000", "1000", "2", "FFFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("014B5A90", "1234", "2", "FFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01234321", "1111", "2", "FFFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("02", "5", "1", "3", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("22", "55", "1", "33", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("0222", "555", "1", "333", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("2222", "5555", "1", "3333", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("11", "5555", "1", "33", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("55", "1111", "1", "77", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("88", "1111", "2", "BB", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01000000", "2", "128", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("0ABCDEF12345", "ABCDEF12345", "1", "FFFFFFFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("0ABCDE", "ABCDE", "1", "FFFFF", MBEDTLS_OK);

-    test_bignum_modexp("55", "1111", "1", "77");
-    test_bignum_modexp("88", "1111", "2", "BB");
+    test_error |= test_bignum_modexp("04",  "2",  "2",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("04",  "2", "-2",  "9",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+    test_error |= test_bignum_modexp("04",  "2",  "2", "-9",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+    test_error |= test_bignum_modexp("04",  "2", "-2", "-9",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);

-    test_bignum_modexp("01000000", "2", "128",
-                       "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+    test_error |= test_bignum_modexp("01",  "2",  "0",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("04",  "2",  "0",  "0",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+    test_error |= test_bignum_modexp("04",  "2",  "2",  "0",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+    test_error |= test_bignum_modexp("00",  "0",  "2",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01",  "0",  "0",  "9",  MBEDTLS_OK);

-    /* failures below here... */
-    test_bignum_modexp("0ABCDEF12345", "ABCDEF12345", "1", "FFFFFFFFFFFF");
-    test_bignum_modexp("0ABCDE", "ABCDE", "1", "FFFFF");
+    test_error |= test_bignum_modexp("04", "-2",  "2",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01", "-2",  "0",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("07", "-2",  "7",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("07", "-2",  "1",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("02",  "2",  "1",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01",  "2",  "0",  "9",  MBEDTLS_OK);

-    test_bignum_modexp("04", "2", "2", "9");
+    test_error |= test_bignum_modexp("05",  "5",  "7",  "7",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("02", "-5",  "7",  "7",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01", "-5",  "7",  "3",  MBEDTLS_OK);
+
+    TEST_ASSERT_FALSE_MESSAGE(test_error, "mbedtls_mpi_exp_mod incorrect for some tests\n");
 }