alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-09-30 19:19:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls: fix hardware MPI (bignum) related regression

Browse Source 
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
This commit is contained in:
Mahavir Jain
2021-11-18 17:40:09 +05:30
committed by bot
parent 1a390f4518
commit c097e6bcab
5 changed files with 76 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
components/mbedtls/port/esp_bignum.c
View File

@@ -64,12 +64,10 @@ static inline size_t bits_to_words(size_t bits)
return (bits + 31) / 32;
}
int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv );
extern int __real_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv );
/* Return the number of words actually used to represent an mpi
number.
*/
#if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
static size_t mpi_words(const mbedtls_mpi *mpi)
{
for (size_t i = mpi->n; i > 0; i--) {
@@ -80,6 +78,7 @@ static size_t mpi_words(const mbedtls_mpi *mpi)
return 0;
}
#endif //(MBEDTLS_MPI_EXP_MOD_ALT || MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
/**
*
@@ -182,6 +181,8 @@ cleanup:
return ret;
}
#if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
#ifdef ESP_MPI_USE_MONT_EXP
/*
* Return the most significant one-bit.
@@ -272,7 +273,7 @@ cleanup2:
* (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv)
*
*/
int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv )
static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv )
{
int ret = 0;
size_t x_words = mpi_words(X);
@@ -302,11 +303,7 @@ int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbed
}
if (num_words * 32 > SOC_RSA_MAX_BIT_LEN) {
#ifdef CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI
return __real_mbedtls_mpi_exp_mod(Z, X, Y, M, _Rinv);
#else
return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
#endif
}
/* Determine RR pointer, either _RR for cached value
@@ -355,6 +352,32 @@ cleanup:
return ret;
}
#endif /* (MBEDTLS_MPI_EXP_MOD_ALT || MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) */
/*
* Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
*/
int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *E, const mbedtls_mpi *N,
mbedtls_mpi *_RR )
{
int ret;
#if defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
/* Try hardware API first and then fallback to software */
ret = esp_mpi_exp_mod( X, A, E, N, _RR );
if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) {
ret = mbedtls_mpi_exp_mod_soft( X, A, E, N, _RR );
}
#else
/* Hardware approach */
ret = esp_mpi_exp_mod( X, A, E, N, _RR );
#endif
/* Note: For software only approach, it gets handled in mbedTLS library.
This file is not part of build objects for that case */
return ret;
}
#if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */
static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words);