alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-01-20 00:08:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: migrates mbedtls port layer to PSA APIs

Browse Source
This commit is contained in:
Ashish Sharma
2025-12-23 10:51:02 +08:00
committed by Mahavir Jain
parent 65a21d4511
commit cbd925837e
27 changed files with 871 additions and 865 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
components/mbedtls/port/aes/dma/esp_aes_dma_core.c
View File

@@ -24,7 +24,7 @@
#include "esp_aes_internal.h"
#include "esp_crypto_dma.h"
#include "mbedtls/aes.h"
#include "psa/crypto.h"
#include "mbedtls/platform_util.h"
#if !ESP_TEE_BUILD
@@ -37,6 +37,8 @@
#include "freertos/semphr.h"
#endif
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
#if SOC_AES_SUPPORT_GCM
#include "aes/esp_aes_gcm.h"
#endif

7
components/mbedtls/port/aes/esp_aes.c
View File

@@ -16,7 +16,6 @@
*/
#include <string.h>
#include "mbedtls/aes.h"
#include "esp_log.h"
#include "esp_crypto_lock.h"
#include "hal/aes_hal.h"
@@ -24,6 +23,7 @@
#include "esp_crypto_periph_clk.h"
#include "soc/soc_caps.h"
#include "sdkconfig.h"
#include "mbedtls/platform_util.h"
#if SOC_AES_GDMA
#define AES_LOCK() esp_crypto_sha_aes_lock_acquire()
@@ -34,6 +34,10 @@
#include "hal/crypto_dma_ll.h"
#endif
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
static const char *TAG = "esp-aes";
#if CONFIG_MBEDTLS_AES_HW_SMALL_DATA_LEN_OPTIM
@@ -132,6 +136,7 @@ static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
*/
if (ctx->key_in_hardware != ctx->key_bytes) {
mbedtls_platform_zeroize(output, 16);
memset(output, 0, 16);
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
}
i0 = input_words[0];

10
components/mbedtls/port/aes/esp_aes_common.c
View File

@@ -6,7 +6,7 @@
*
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD
*/
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@@ -15,15 +15,17 @@
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
#include "sdkconfig.h"
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "esp_aes_internal.h"
#include "mbedtls/aes.h"
#include "hal/aes_hal.h"
#include "hal/aes_types.h"
#include "soc/soc_caps.h"
#include "mbedtls/error.h"
#include "psa/crypto.h"
#include <string.h>
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
#if SOC_AES_SUPPORT_DMA
#include "esp_aes_dma_priv.h"
#endif
@@ -65,7 +67,7 @@ int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key,
{
#if !SOC_AES_SUPPORT_AES_192
if (keybits == 192) {
return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif
if (keybits != 128 && keybits != 192 && keybits != 256) {

117
components/mbedtls/port/aes/esp_aes_gcm.c
View File

@@ -6,7 +6,7 @@
*
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD
*/
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@@ -15,14 +15,12 @@
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
#include <string.h>
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "aes/esp_aes.h"
#include "aes/esp_aes_gcm.h"
#include "esp_aes_internal.h"
#include "hal/aes_hal.h"
#include "mbedtls/aes.h"
#include "mbedtls/error.h"
#include "mbedtls/gcm.h"
#include "esp_heap_caps.h"
@@ -32,10 +30,14 @@
#include "sdkconfig.h"
#include "psa/crypto.h"
#if SOC_AES_SUPPORT_DMA
#include "esp_aes_dma_priv.h"
#endif
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
#define ESP_PUT_BE64(a, val) \
do { \
*(uint64_t*)(a) = __builtin_bswap64( (uint64_t)(val) ); \
@@ -252,34 +254,13 @@ static void gcm_mult( esp_gcm_context *ctx, const unsigned char x[16],
/* Update the key value in gcm context */
int esp_aes_gcm_setkey( esp_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
int cipher,
const unsigned char *key,
unsigned int keybits )
{
/* Fallback to software implementation of GCM operation when a non-AES
* cipher is selected, as we support hardware acceleration only for a
* GCM operation using AES cipher.
*/
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
if (ctx->ctx_soft != NULL) {
mbedtls_gcm_free_soft(ctx->ctx_soft);
free(ctx->ctx_soft);
ctx->ctx_soft = NULL;
}
if (cipher != MBEDTLS_CIPHER_ID_AES) {
ctx->ctx_soft = (mbedtls_gcm_context_soft*) malloc(sizeof(mbedtls_gcm_context_soft));
if (ctx->ctx_soft == NULL) {
return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
}
mbedtls_gcm_init_soft(ctx->ctx_soft);
return mbedtls_gcm_setkey_soft(ctx->ctx_soft, cipher, key, keybits);
}
#endif
#if !SOC_AES_SUPPORT_AES_192
if (keybits == 192) {
return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif
if (keybits != 128 && keybits != 192 && keybits != 256) {
@@ -358,14 +339,6 @@ void esp_aes_gcm_free( esp_gcm_context *ctx)
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
if (ctx->ctx_soft != NULL) {
mbedtls_gcm_free_soft(ctx->ctx_soft);
free(ctx->ctx_soft);
/* Note that the value of ctx->ctx_soft should be NULL'ed out
and here it is taken care by the bzero call below */
}
#endif
bzero(ctx, sizeof(esp_gcm_context));
}
@@ -377,25 +350,19 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
{
if (!ctx) {
ESP_LOGE(TAG, "No AES context supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
if (ctx->ctx_soft != NULL) {
return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len);
}
#endif
/* IV is limited to 2^32 bits, so 2^29 bytes */
/* IV is not allowed to be zero length */
if ( iv_len == 0 ||
( (uint32_t) iv_len ) >> 29 != 0 ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return -PSA_ERROR_INVALID_ARGUMENT;
}
/* Initialize AES-GCM context */
@@ -421,7 +388,7 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
esp_aes_release_hardware();
#else
memset(ctx->H, 0, sizeof(ctx->H));
int ret = esp_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->H, ctx->H);
int ret = esp_aes_crypt_ecb(&ctx->aes_ctx, ESP_AES_ENCRYPT, ctx->H, ctx->H);
if (ret != 0) {
return ret;
}
@@ -449,28 +416,22 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
{
if (!ctx) {
ESP_LOGE(TAG, "No AES context supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
if (ctx->ctx_soft != NULL) {
return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len);
}
#endif
/* AD are limited to 2^32 bits, so 2^29 bytes */
if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
if ( (aad_len > 0) && !aad) {
ESP_LOGE(TAG, "No aad supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
if (ctx->gcm_state != ESP_AES_GCM_STATE_START) {
ESP_LOGE(TAG, "AES context in invalid state!");
return -1;
return PSA_ERROR_BAD_STATE;
}
/* Initialise associated data */
@@ -490,36 +451,30 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
{
if (!ctx) {
ESP_LOGE(TAG, "No GCM context supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return -1;
}
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
if (ctx->ctx_soft != NULL) {
return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length);
}
#endif
size_t nc_off = 0;
uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
uint8_t stream[AES_BLOCK_BYTES] = {0};
if (!output_length) {
ESP_LOGE(TAG, "No output length supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
*output_length = input_length;
if (!input) {
ESP_LOGE(TAG, "No input supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
if (!output) {
ESP_LOGE(TAG, "No output supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
if ( output > input && (size_t) ( output - input ) < input_length ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
/* If this is the first time esp_gcm_update is getting called
* calculate GHASH on aad and preincrement the ICB
@@ -565,17 +520,12 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx,
size_t *output_length,
unsigned char *tag, size_t tag_len )
{
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
if (ctx->ctx_soft != NULL) {
return mbedtls_gcm_finish_soft(ctx->ctx_soft, output, output_size, output_length, tag, tag_len);
}
#endif
size_t nc_off = 0;
uint8_t len_block[AES_BLOCK_BYTES] = {0};
uint8_t stream[AES_BLOCK_BYTES] = {0};
if ( tag_len > 16 || tag_len < 4 ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
/* Calculate final GHASH on aad_len, data length */
@@ -663,14 +613,8 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
{
if (!ctx) {
ESP_LOGE(TAG, "No AES context supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
if (ctx->ctx_soft != NULL) {
return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
}
#endif
#if CONFIG_MBEDTLS_HARDWARE_GCM
int ret;
size_t remainder_bit;
@@ -687,24 +631,24 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
Maximum size of data in the buffer that a DMA descriptor can hold.
*/
if (aad_len > DMA_DESCRIPTOR_BUFFER_MAX_SIZE_4B_ALIGNED) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
return -1;
}
/* IV and AD are limited to 2^32 bits, so 2^29 bytes */
/* IV is not allowed to be zero length */
if ( iv_len == 0 ||
( (uint32_t) iv_len ) >> 29 != 0 ||
( (uint32_t) aad_len ) >> 29 != 0 ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
if (!iv) {
ESP_LOGE(TAG, "No IV supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
if ( (aad_len > 0) && !aad) {
ESP_LOGE(TAG, "No aad supplied");
return MBEDTLS_ERR_GCM_BAD_INPUT;
return PSA_ERROR_INVALID_ARGUMENT;
}
/* Initialize AES-GCM context */
@@ -761,11 +705,6 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx,
const unsigned char *input,
unsigned char *output )
{
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
if (ctx->ctx_soft != NULL) {
return mbedtls_gcm_auth_decrypt_soft(ctx->ctx_soft, length, iv, iv_len, aad, aad_len, tag, tag_len, input, output);
}
#endif
int ret;
unsigned char check_tag[16];
size_t i;
@@ -784,7 +723,7 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx,
if ( diff != 0 ) {
bzero( output, length );
return ( MBEDTLS_ERR_GCM_AUTH_FAILED );
return ( PSA_ERROR_INVALID_SIGNATURE );
}
return ( 0 );

22
components/mbedtls/port/aes/esp_aes_xts.c
View File

@@ -36,9 +36,9 @@
#include <stdio.h>
#include <string.h>
#include <sys/lock.h>
#include "mbedtls/aes.h"
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "aes/esp_aes.h"
#include "psa/crypto.h"
void esp_aes_xts_init( esp_aes_xts_context *ctx )
{
@@ -65,7 +65,7 @@ static int esp_aes_xts_decode_keys( const unsigned char *key,
switch ( keybits ) {
case 256: break;
case 512: break;
default : return ( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
default : return ( PSA_ERROR_NOT_SUPPORTED );
}
*key1bits = half_keybits;
@@ -124,7 +124,7 @@ int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx,
return esp_aes_setkey( &ctx->crypt, key1, key1bits );
}
/* Endianess with 64 bits values */
/* Endianness with 64 bits values */
#ifndef GET_UINT64_LE
#define GET_UINT64_LE(n,b,i) \
{ \
@@ -158,7 +158,7 @@ int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx,
*
* This function multiplies a field element by x in the polynomial field
* representation. It uses 64-bit word operations to gain speed but compensates
* for machine endianess and hence works correctly on both big and little
* for machine endianness and hence works correctly on both big and little
* endian machines.
*/
static void esp_gf128mul_x_ble( unsigned char r[16],
@@ -195,16 +195,16 @@ int esp_aes_crypt_xts( esp_aes_xts_context *ctx,
/* Sectors must be at least 16 bytes. */
if ( length < 16 ) {
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
return PSA_ERROR_DATA_INVALID;
}
/* NIST SP 80-38E disallows data units larger than 2**20 blocks. */
if ( length > ( 1 << 20 ) * 16 ) {
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
return PSA_ERROR_DATA_INVALID;
}
/* Compute the tweak. */
ret = esp_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT,
ret = esp_aes_crypt_ecb( &ctx->tweak, ESP_AES_ENCRYPT,
data_unit, tweak );
if ( ret != 0 ) {
return ( ret );
@@ -213,7 +213,7 @@ int esp_aes_crypt_xts( esp_aes_xts_context *ctx,
while ( blocks-- ) {
size_t i;
if ( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 ) {
if ( leftover && ( mode == ESP_AES_DECRYPT ) && blocks == 0 ) {
/* We are on the last block in a decrypt operation that has
* leftover bytes, so we need to use the next tweak for this block,
* and this tweak for the lefover bytes. Save the current tweak for
@@ -246,7 +246,7 @@ int esp_aes_crypt_xts( esp_aes_xts_context *ctx,
if ( leftover ) {
/* If we are on the leftover bytes in a decrypt operation, we need to
* use the previous tweak for these bytes (as saved in prev_tweak). */
unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak;
unsigned char *t = mode == ESP_AES_DECRYPT ? prev_tweak : tweak;
/* We are now on the final part of the data unit, which doesn't divide
* evenly by 16. It's time for ciphertext stealing. */
@@ -254,7 +254,7 @@ int esp_aes_crypt_xts( esp_aes_xts_context *ctx,
unsigned char *prev_output = output - 16;
/* Copy ciphertext bytes from the previous block to our output for each
* byte of cyphertext we won't steal. At the same time, copy the
* byte of ciphertext we won't steal. At the same time, copy the
* remainder of the input for this final round (since the loop bounds
* are the same). */
for ( i = 0; i < leftover; i++ ) {

1
components/mbedtls/port/bignum/bignum_alt.c
View File

@@ -4,6 +4,7 @@
* SPDX-License-Identifier: Apache-2.0
*/
#include <assert.h>
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "esp_crypto_lock.h"
#include "bignum_impl.h"
#include "mbedtls/bignum.h"

178
components/mbedtls/port/bignum/esp_bignum.c
View File

@@ -6,7 +6,7 @@
*
* SPDX-License-Identifier: Apache-2.0
*
* SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD
*/
#include <stdio.h>
#include <string.h>
@@ -28,7 +28,7 @@
#include "freertos/FreeRTOS.h"
#include "freertos/semphr.h"
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "bignum_impl.h"
#include "mbedtls/bignum.h"
@@ -54,89 +54,6 @@ static const __attribute__((unused)) char *TAG = "bignum";
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */
#if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT)
static SemaphoreHandle_t op_complete_sem;
#if defined(CONFIG_PM_ENABLE)
static esp_pm_lock_handle_t s_pm_cpu_lock;
static esp_pm_lock_handle_t s_pm_sleep_lock;
#endif
static IRAM_ATTR void esp_mpi_complete_isr(void *arg)
{
BaseType_t higher_woken;
mpi_hal_clear_interrupt();
xSemaphoreGiveFromISR(op_complete_sem, &higher_woken);
if (higher_woken) {
portYIELD_FROM_ISR();
}
}
static esp_err_t esp_mpi_isr_initialise(void)
{
mpi_hal_clear_interrupt();
mpi_hal_interrupt_enable(true);
if (op_complete_sem == NULL) {
static StaticSemaphore_t op_sem_buf;
op_complete_sem = xSemaphoreCreateBinaryStatic(&op_sem_buf);
if (op_complete_sem == NULL) {
ESP_LOGE(TAG, "Failed to create intr semaphore");
return ESP_FAIL;
}
const int isr_flags = esp_intr_level_to_flags(CONFIG_MBEDTLS_MPI_INTERRUPT_LEVEL);
esp_err_t ret;
ret = esp_intr_alloc(ETS_RSA_INTR_SOURCE, isr_flags, esp_mpi_complete_isr, NULL, NULL);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "Failed to allocate RSA interrupt %d", ret);
// This should be treated as fatal error as this API would mostly
// be invoked within mbedTLS interface. There is no way for the system
// to proceed if the MPI interrupt allocation fails here.
abort();
}
}
/* MPI is clocked proportionally to CPU clock, take power management lock */
#ifdef CONFIG_PM_ENABLE
if (s_pm_cpu_lock == NULL) {
if (esp_pm_lock_create(ESP_PM_NO_LIGHT_SLEEP, 0, "mpi_sleep", &s_pm_sleep_lock) != ESP_OK) {
ESP_LOGE(TAG, "Failed to create PM sleep lock");
return ESP_FAIL;
}
if (esp_pm_lock_create(ESP_PM_CPU_FREQ_MAX, 0, "mpi_cpu", &s_pm_cpu_lock) != ESP_OK) {
ESP_LOGE(TAG, "Failed to create PM CPU lock");
return ESP_FAIL;
}
}
esp_pm_lock_acquire(s_pm_cpu_lock);
esp_pm_lock_acquire(s_pm_sleep_lock);
#endif
return ESP_OK;
}
static int esp_mpi_wait_intr(void)
{
if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) {
ESP_LOGE("MPI", "Timed out waiting for completion of MPI Interrupt");
return -1;
}
#ifdef CONFIG_PM_ENABLE
esp_pm_lock_release(s_pm_cpu_lock);
esp_pm_lock_release(s_pm_sleep_lock);
#endif // CONFIG_PM_ENABLE
mpi_hal_interrupt_enable(false);
return 0;
}
#endif // CONFIG_MBEDTLS_MPI_USE_INTERRUPT
/* Convert bit count to word count
*/
static inline size_t bits_to_words(size_t bits)
@@ -148,6 +65,15 @@ static inline size_t bits_to_words(size_t bits)
number.
*/
#if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
#if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT)
static SemaphoreHandle_t op_complete_sem;
#if defined(CONFIG_PM_ENABLE)
static esp_pm_lock_handle_t s_pm_cpu_lock;
static esp_pm_lock_handle_t s_pm_sleep_lock;
#endif
#endif // CONFIG_MBEDTLS_MPI_USE_INTERRUPT
static size_t mpi_words(const mbedtls_mpi *mpi)
{
for (size_t i = mpi->MBEDTLS_PRIVATE(n); i > 0; i--) {
@@ -262,6 +188,82 @@ cleanup:
#if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
#if defined (CONFIG_MBEDTLS_MPI_USE_INTERRUPT)
static IRAM_ATTR void esp_mpi_complete_isr(void *arg)
{
BaseType_t higher_woken;
mpi_hal_clear_interrupt();
xSemaphoreGiveFromISR(op_complete_sem, &higher_woken);
if (higher_woken) {
portYIELD_FROM_ISR();
}
}
static esp_err_t esp_mpi_isr_initialise(void)
{
mpi_hal_clear_interrupt();
mpi_hal_interrupt_enable(true);
if (op_complete_sem == NULL) {
static StaticSemaphore_t op_sem_buf;
op_complete_sem = xSemaphoreCreateBinaryStatic(&op_sem_buf);
if (op_complete_sem == NULL) {
ESP_LOGE(TAG, "Failed to create intr semaphore");
return ESP_FAIL;
}
const int isr_flags = esp_intr_level_to_flags(CONFIG_MBEDTLS_MPI_INTERRUPT_LEVEL);
esp_err_t ret;
ret = esp_intr_alloc(ETS_RSA_INTR_SOURCE, isr_flags, esp_mpi_complete_isr, NULL, NULL);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "Failed to allocate RSA interrupt %d", ret);
// This should be treated as fatal error as this API would mostly
// be invoked within mbedTLS interface. There is no way for the system
// to proceed if the MPI interrupt allocation fails here.
abort();
}
}
/* MPI is clocked proportionally to CPU clock, take power management lock */
#ifdef CONFIG_PM_ENABLE
if (s_pm_cpu_lock == NULL) {
if (esp_pm_lock_create(ESP_PM_NO_LIGHT_SLEEP, 0, "mpi_sleep", &s_pm_sleep_lock) != ESP_OK) {
ESP_LOGE(TAG, "Failed to create PM sleep lock");
return ESP_FAIL;
}
if (esp_pm_lock_create(ESP_PM_CPU_FREQ_MAX, 0, "mpi_cpu", &s_pm_cpu_lock) != ESP_OK) {
ESP_LOGE(TAG, "Failed to create PM CPU lock");
return ESP_FAIL;
}
}
esp_pm_lock_acquire(s_pm_cpu_lock);
esp_pm_lock_acquire(s_pm_sleep_lock);
#endif
return ESP_OK;
}
static int esp_mpi_wait_intr(void)
{
if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) {
ESP_LOGE("MPI", "Timed out waiting for completion of MPI Interrupt");
return -1;
}
#ifdef CONFIG_PM_ENABLE
esp_pm_lock_release(s_pm_cpu_lock);
esp_pm_lock_release(s_pm_sleep_lock);
#endif // CONFIG_PM_ENABLE
mpi_hal_interrupt_enable(false);
return 0;
}
#endif // CONFIG_MBEDTLS_MPI_USE_INTERRUPT
#ifdef ESP_MPI_USE_MONT_EXP
/*
* Return the most significant one-bit.
@@ -452,8 +454,6 @@ cleanup:
return ret;
}
#endif /* (MBEDTLS_MPI_EXP_MOD_ALT || MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) */
/*
* Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
*/
@@ -463,7 +463,6 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
{
int ret;
#if defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
/* Try hardware API first and then fallback to software */
ret = esp_mpi_exp_mod( X, A, E, N, _RR );
if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) {
ret = mbedtls_mpi_exp_mod_soft( X, A, E, N, _RR );
@@ -478,6 +477,8 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
return ret;
}
#endif /* (MBEDTLS_MPI_EXP_MOD_ALT || MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) */
#if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */
static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words);
@@ -493,7 +494,6 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
size_t y_words = bits_to_words(y_bits);
size_t z_words = bits_to_words(x_bits + y_bits);
size_t hw_words = mpi_hal_calc_hardware_words(MAX(x_words, y_words)); // length of one operand in hardware
/* Short-circuit eval if either argument is 0 or 1.
This is needed as the mpi modular division

9
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
View File

@@ -523,15 +523,6 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num)
}
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl)
{
#ifdef CONFIG_MBEDTLS_DHM_C
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_P));
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_G));
#endif /* CONFIG_MBEDTLS_DHM_C */
}
void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);

2
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
View File

@@ -88,8 +88,6 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl);
size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num);
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl);
void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl);
void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl);

1
components/mbedtls/port/dynamic/esp_ssl_cli.c
View File

@@ -153,7 +153,6 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
} else {
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
esp_mbedtls_free_dhm(ssl);
esp_mbedtls_free_keycert_key(ssl);
esp_mbedtls_free_keycert(ssl);
#endif

4
components/mbedtls/port/dynamic/esp_ssl_srv.c
View File

@@ -21,8 +21,7 @@ static bool ssl_ciphersuite_uses_rsa_key_ex(mbedtls_ssl_context *ssl)
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->MBEDTLS_PRIVATE(handshake)->ciphersuite_info;
if (ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_RSA ||
ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
if (ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA) {
return true;
} else {
return false;
@@ -101,7 +100,6 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
} else {
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
esp_mbedtls_free_dhm(ssl);
/**
* Not free keycert->key and keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods.
* For ssl server will use keycert->key to parse client key exchange.

60
components/mbedtls/port/dynamic/esp_ssl_tls.c
View File

@@ -47,52 +47,48 @@ static int ssl_update_checksum_start( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_SHA256_C)
ret = mbedtls_md_update( &ssl->handshake->fin_sha256, buf, len );
psa_status_t status;
#if defined(PSA_WANT_ALG_SHA_256)
status = psa_hash_update(
&ssl->handshake->fin_sha256_psa, buf, len);
if (status != PSA_SUCCESS) {
ret = psa_status_to_mbedtls(status, psa_to_md_errors, ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls);
return ret;
}
#endif
#if defined(MBEDTLS_SHA512_C)
ret = mbedtls_md_update( &ssl->handshake->fin_sha384, buf, len );
#if defined(PSA_WANT_ALG_SHA_384)
status = psa_hash_update(
&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
ret = psa_status_to_mbedtls(status, psa_to_md_errors, ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls);
return ret;
}
#endif
return ret;
return 0;
}
static int ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
{
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
#if defined(MBEDTLS_SHA256_C)
mbedtls_md_init( &handshake->fin_sha256 );
int ret = mbedtls_md_setup( &handshake->fin_sha256,
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
0 );
if (ret != 0) {
return ret;
}
ret = mbedtls_md_starts( &handshake->fin_sha256 );
if (ret != 0) {
return ret;
psa_status_t status;
#if defined(PSA_WANT_ALG_SHA_256)
handshake->fin_sha256_psa = psa_hash_operation_init();
status = psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
if (status != PSA_SUCCESS) {
return psa_status_to_mbedtls(status, psa_to_md_errors, ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls);
}
#endif
#if defined(MBEDTLS_SHA512_C)
mbedtls_md_init( &handshake->fin_sha384 );
ret = mbedtls_md_setup( &handshake->fin_sha384,
mbedtls_md_info_from_type(MBEDTLS_MD_SHA384),
0 );
if (ret != 0) {
return ret;
}
ret = mbedtls_md_starts( &handshake->fin_sha384 );
if (ret != 0) {
return ret;
#if defined(PSA_WANT_ALG_SHA_384)
handshake->fin_sha384_psa = psa_hash_operation_init();
status = psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
if (status != PSA_SUCCESS) {
return psa_status_to_mbedtls(status, psa_to_md_errors, ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls);
}
#endif
handshake->update_checksum = ssl_update_checksum_start;
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_init( &handshake->dhm_ctx );
#endif
#if defined(MBEDTLS_ECDH_C) && \
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
mbedtls_ecdh_init( &handshake->ecdh_ctx );
#endif

2
components/mbedtls/port/ecc/ecc_alt.c
View File

@@ -9,8 +9,10 @@
#include "ecc_impl.h"
#include "hal/ecc_ll.h"
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/bignum.h"
#if defined(MBEDTLS_ECP_MUL_ALT) || defined(MBEDTLS_ECP_MUL_ALT_SOFT_FALLBACK)

304
components/mbedtls/port/ecdsa/ecdsa_alt.c
View File

@@ -9,17 +9,23 @@
#include "esp_log.h"
#include "hal/ecdsa_types.h"
#include "ecdsa/ecdsa_alt.h"
#include "soc/soc_caps.h"
#include "esp_crypto_lock.h"
#include "esp_crypto_periph_clk.h"
#include "mbedtls/error.h"
#include "mbedtls/ecdsa.h"
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/private/ecdsa.h"
#include "mbedtls/private/pk_private.h"
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/bignum.h"
#include "ecdsa/ecdsa_alt.h"
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
#include "pk_wrap.h"
#endif // CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
#if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN
#include "esp_tee_sec_storage.h"
#endif
@@ -83,6 +89,46 @@
__attribute__((unused)) static const char *TAG = "ecdsa_alt";
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
/* Forward declaration of custom PK info structure for ESP hardware ECDSA */
extern const mbedtls_pk_info_t esp_ecdsa_pk_info;
#endif
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
/* Forward declarations for wrapped functions */
int __wrap_mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/* Forward declaration for ASN.1 conversion helper */
static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t sig_size,
size_t *slen);
#endif
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
int __wrap_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *r,
const mbedtls_mpi *s);
/* Forward declaration for hardware verify function */
static int esp_ecdsa_verify(mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *r,
const mbedtls_mpi *s);
#else
/* Forward declaration for software verify when hardware verify is disabled */
int __real_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *r,
const mbedtls_mpi *s);
#endif
#if SOC_ECDSA_SUPPORTED
/**
* @brief Check if the extracted efuse blocks are valid
@@ -391,11 +437,29 @@ int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk
}
mbedtls_pk_init(key_ctx);
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
/* Use our custom pk_info that routes to hardware ECDSA for signing and/or verification */
pk_info = &esp_ecdsa_pk_info;
#else
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA);
#endif
if (mbedtls_pk_setup(key_ctx, pk_info) != 0) {
return -1;
}
keypair = mbedtls_pk_ec(*key_ctx);
/* In mbedtls v4.0, MBEDTLS_PK_ECDSA doesn't allocate pk_ctx (ctx_alloc_func = NULL)
* because EC keys are managed through PSA. For hardware ECDSA, we need to manually
* allocate an mbedtls_ecp_keypair structure to store the magic values. */
keypair = calloc(1, sizeof(mbedtls_ecp_keypair));
if (keypair == NULL) {
return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
/* Initialize the keypair structure */
mbedtls_ecp_keypair_init(keypair);
/* Manually assign to pk_ctx since mbedtls_pk_setup didn't do it */
key_ctx->MBEDTLS_PRIVATE(pk_ctx) = keypair;
return esp_ecdsa_privkey_load_mpi(&(keypair->MBEDTLS_PRIVATE(d)), efuse_blk);
}
@@ -438,7 +502,6 @@ int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *c
return 0;
}
static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s,
const mbedtls_mpi *d, const unsigned char* msg, size_t msg_len,
ecdsa_sign_type_t k_type)
@@ -559,7 +622,213 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
return 0;
}
#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */
void esp_ecdsa_free_pk_context(mbedtls_pk_context *key_ctx)
{
if (key_ctx == NULL) {
return;
}
/* In mbedtls v4.0, we manually allocated the keypair structure for hardware ECDSA.
* We need to free it manually since ctx_free_func is NULL for MBEDTLS_PK_ECDSA. */
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*key_ctx);
if (keypair != NULL) {
mbedtls_ecp_keypair_free(keypair);
free(keypair);
key_ctx->MBEDTLS_PRIVATE(pk_ctx) = NULL;
}
mbedtls_pk_free(key_ctx);
}
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
/* Custom PK wrapper functions for ESP hardware ECDSA
*
* Flow: mbedtls_pk_sign() → esp_ecdsa_pk_sign_wrap() → esp_ecdsa_sign() → Hardware ECDSA
*
* This bypasses the PSA opaque key path and routes directly to hardware ECDSA
* by using a custom pk_info structure that doesn't require PSA key IDs.
*/
static int esp_ecdsa_pk_can_do(mbedtls_pk_type_t type)
{
return type == MBEDTLS_PK_ECKEY ||
type == MBEDTLS_PK_ECDSA;
}
static size_t esp_ecdsa_pk_get_bitlen(mbedtls_pk_context *pk)
{
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*pk);
if (keypair == NULL) {
return 0;
}
return keypair->MBEDTLS_PRIVATE(grp).nbits;
}
#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY */
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
static int esp_ecdsa_pk_verify_wrap(mbedtls_pk_context *pk,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len)
{
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*pk);
int ret;
unsigned char *p = (unsigned char *) sig;
const unsigned char *end = sig + sig_len;
size_t len;
mbedtls_mpi r, s;
(void) md_alg; /* Not used for hardware ECDSA verification */
if (keypair == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
/* Check if public key is loaded */
if (mbedtls_mpi_cmp_int(&keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 0) == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
/* Parse the DER signature */
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
ret += MBEDTLS_ERR_PK_BAD_INPUT_DATA;
goto cleanup;
}
if (p + len != end) {
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
goto cleanup;
}
if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
(ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
ret += MBEDTLS_ERR_PK_BAD_INPUT_DATA;
goto cleanup;
}
/* Call verification function directly - wrapper doesn't work from same compilation unit */
ret = esp_ecdsa_verify(&keypair->MBEDTLS_PRIVATE(grp),
hash, hash_len,
&keypair->MBEDTLS_PRIVATE(Q),
&r, &s);
if (ret == 0 && p != end) {
ESP_LOGW(TAG, "Extra data after signature");
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
return ret;
}
#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY */
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
static int esp_ecdsa_pk_sign_wrap(mbedtls_pk_context *pk,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size,
size_t *sig_len)
{
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*pk);
int ret;
mbedtls_mpi r, s;
(void) md_alg; /* Not used for hardware ECDSA signing */
if (keypair == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
/* Check if this is a hardware-backed key by checking the magic value */
signed short key_magic = keypair->MBEDTLS_PRIVATE(d).MBEDTLS_PRIVATE(s);
if (key_magic != ECDSA_KEY_MAGIC && key_magic != ECDSA_KEY_MAGIC_TEE) {
/* Not a hardware key, this shouldn't happen with our setup */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
/* Call esp_ecdsa_sign directly - wrapper doesn't work from same compilation unit */
ret = esp_ecdsa_sign(&keypair->MBEDTLS_PRIVATE(grp),
&r, &s,
&keypair->MBEDTLS_PRIVATE(d),
hash, hash_len,
ECDSA_K_TYPE_TRNG);
if (ret != 0) {
goto cleanup;
}
/* Convert r and s to DER format */
ret = ecdsa_signature_to_asn1(&r, &s, sig, sig_size, sig_len);
cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
return ret;
}
#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
static int esp_ecdsa_pk_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv)
{
/* For hardware-backed keys, we cannot easily verify the pair
* since the private key never leaves the eFuse.
* We'll do a basic check that both contexts are valid. */
if (pub == NULL || prv == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
mbedtls_ecp_keypair *pub_keypair = mbedtls_pk_ec(*pub);
mbedtls_ecp_keypair *prv_keypair = mbedtls_pk_ec(*prv);
if (pub_keypair == NULL || prv_keypair == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
/* Check that both use the same curve */
if (pub_keypair->MBEDTLS_PRIVATE(grp).id != prv_keypair->MBEDTLS_PRIVATE(grp).id) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
return 0;
}
/* Custom pk_info structure for ESP hardware ECDSA */
const mbedtls_pk_info_t esp_ecdsa_pk_info = {
.type = MBEDTLS_PK_ECDSA,
.name = "ESP_ECDSA",
.get_bitlen = esp_ecdsa_pk_get_bitlen,
.can_do = esp_ecdsa_pk_can_do,
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY
.verify_func = esp_ecdsa_pk_verify_wrap,
#else
.verify_func = NULL,
#endif
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
.sign_func = esp_ecdsa_pk_sign_wrap,
#else
.sign_func = NULL,
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
.verify_rs_func = NULL,
.sign_rs_func = NULL,
.rs_alloc_func = NULL,
.rs_free_func = NULL,
#endif /* MBEDTLS_ECP_RESTARTABLE */
.check_pair_func = esp_ecdsa_pk_check_pair_wrap,
.ctx_alloc_func = NULL,
.ctx_free_func = NULL,
.debug_func = NULL,
};
#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY */
#if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN
@@ -638,7 +907,15 @@ int esp_ecdsa_tee_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_
ESP_LOGE(TAG, "Failed to setup pk context, mbedtls_pk_setup() returned %d", ret);
return ret;
}
keypair = mbedtls_pk_ec(*key_ctx);
keypair = calloc(1, sizeof(mbedtls_ecp_keypair));
if (keypair == NULL) {
ESP_LOGE(TAG, "Failed to allocate memory for ecp_keypair");
return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
mbedtls_ecp_keypair_init(keypair);
key_ctx->MBEDTLS_PRIVATE(pk_ctx) = keypair;
mbedtls_mpi_init(&(keypair->MBEDTLS_PRIVATE(d)));
keypair->MBEDTLS_PRIVATE(d).MBEDTLS_PRIVATE(s) = ECDSA_KEY_MAGIC_TEE;
@@ -722,8 +999,8 @@ static int esp_ecdsa_tee_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mp
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
mbedtls_mpi_read_binary(r, sign.sign_r, len);
mbedtls_mpi_read_binary(s, sign.sign_s, len);
mbedtls_mpi_read_binary(r, sign.signature, len);
mbedtls_mpi_read_binary(s, sign.signature + len, len);
return 0;
}
@@ -935,7 +1212,7 @@ static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t sig_size,
size_t *slen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int ret = PSA_ERROR_CORRUPTION_DETECTED;
unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = { 0 };
// Setting the pointer p to the end of the buffer as the functions used afterwards write in backwards manner in the given buffer.
unsigned char *p = buf + sizeof(buf);
@@ -973,7 +1250,7 @@ int __wrap_mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
return __real_mbedtls_ecdsa_write_signature_restartable(ctx, md_alg, hash, hlen, sig, sig_size, slen, f_rng, p_rng, rs_ctx);
}
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int ret = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
mbedtls_mpi_init(&r);
@@ -1190,7 +1467,7 @@ int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
const unsigned char *sig, size_t slen,
mbedtls_ecdsa_restart_ctx *rs_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int ret = PSA_ERROR_CORRUPTION_DETECTED;
unsigned char *p = (unsigned char *) sig;
const unsigned char *end = sig + slen;
size_t len;
@@ -1205,8 +1482,7 @@ int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
}
if (p + len != end) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
goto cleanup;
}
@@ -1225,7 +1501,7 @@ int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
* Return 0 if the buffer just contains the signature, and a specific
* error code if the valid signature is followed by more data. */
if (p != end) {
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
ret = PSA_ERROR_INVALID_SIGNATURE;
}
cleanup:

18
components/mbedtls/port/esp_ds/esp_ds_common.c
View File

@@ -12,7 +12,7 @@
#include "esp_ds/esp_ds_rsa.h"
#include "freertos/FreeRTOS.h"
#include "freertos/semphr.h"
#include "mbedtls/rsa.h"
#include "psa/crypto.h"
#ifdef SOC_DIG_SIGN_SUPPORTED
#include "rom/digital_signature.h"
@@ -49,6 +49,16 @@ size_t esp_ds_get_keylen(void *ctx)
return ((s_ds_data->rsa_length + 1) * FACTOR_KEYLEN_IN_BYTES);
}
size_t esp_ds_get_keylen_alt(mbedtls_pk_context *ctx)
{
if (s_ds_data == NULL) {
ESP_LOGE(TAG, "s_ds_data is NULL, cannot get key length");
return 0;
}
/* calculating the rsa_length in bytes */
return ((s_ds_data->rsa_length + 1) * FACTOR_KEYLEN_IN_BYTES);
}
/* Lock for the DS session, other TLS connections trying to use the DS peripheral will be blocked
* till this DS session is completed (i.e. TLS handshake for this connection is completed) */
static void __attribute__((constructor)) esp_ds_conn_lock(void)
@@ -134,7 +144,7 @@ int esp_ds_mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
mbedtls_md_init(&md_ctx);
md_info = mbedtls_md_info_from_type(md_alg);
if (md_info == NULL) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
@@ -191,11 +201,11 @@ int esp_ds_hash_mprime(const unsigned char *hash, size_t hlen,
const unsigned char zeros[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
mbedtls_md_context_t md_ctx;
int ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
int ret = PSA_ERROR_INVALID_ARGUMENT;
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
if (md_info == NULL) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
mbedtls_md_init(&md_ctx);

19
components/mbedtls/port/esp_ds/esp_rsa_dec_alt.c
View File

@@ -9,7 +9,8 @@
#include "sdkconfig.h"
#include "esp_ds.h"
#include "rsa_dec_alt.h"
#include "mbedtls/rsa.h"
#include "mbedtls/private/rsa.h"
#include "psa/crypto.h"
#include "esp_ds_common.h"
#include "esp_log.h"
@@ -24,7 +25,7 @@ static int esp_ds_rsaes_pkcs1_v15_unpadding(unsigned char *input,
size_t *olen)
{
if (ilen < MIN_V15_PADDING_LEN) {
return MBEDTLS_ERR_RSA_INVALID_PADDING;
return MBEDTLS_ERR_CIPHER_INVALID_PADDING;
}
unsigned char bad = 0;
@@ -39,7 +40,7 @@ static int esp_ds_rsaes_pkcs1_v15_unpadding(unsigned char *input,
bad |= input[0];
/* Check the padding type */
bad |= input[1] ^ MBEDTLS_RSA_CRYPT;
bad |= input[1] ^ 2; // MBEDTLS_RSA_CRYPT;
/* Scan for separator (0x00) and count padding bytes in constant time */
for (size_t i = 2; i < ilen; i++) {
@@ -72,7 +73,7 @@ static int esp_ds_rsaes_pkcs1_v15_unpadding(unsigned char *input,
}
if (bad) {
return MBEDTLS_ERR_RSA_INVALID_PADDING;
return PSA_ERROR_INVALID_ARGUMENT;
}
*olen = msg_len;
@@ -88,7 +89,7 @@ static int esp_ds_compute_hash(mbedtls_md_type_t md_alg,
{
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
if (md_info == NULL) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
return mbedtls_md(md_info, input, ilen, output);
}
@@ -165,7 +166,7 @@ static int esp_ds_rsaes_pkcs1_v21_unpadding(unsigned char *input,
bad |= (output_max_len < msg_len);
if (bad) {
return MBEDTLS_ERR_RSA_INVALID_PADDING;
return PSA_ERROR_INVALID_ARGUMENT;
}
/* Copy message in constant time */
@@ -181,7 +182,7 @@ int esp_ds_rsa_decrypt(void *ctx, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len)
{
int padding = MBEDTLS_RSA_PKCS_V15;
int padding = MBEDTLS_PK_RSA_PKCS_V15;
if (ctx != NULL) {
mbedtls_rsa_context *rsa_ctx = (mbedtls_rsa_context *)ctx;
@@ -256,12 +257,12 @@ int esp_ds_rsa_decrypt(void *ctx, size_t *olen,
}
// Unpad the decrypted data
if (padding == MBEDTLS_RSA_PKCS_V15) {
if (padding == MBEDTLS_PK_RSA_PKCS_V15) {
if (esp_ds_rsaes_pkcs1_v15_unpadding((uint8_t *)output_tmp, ilen, (uint8_t *)output_tmp, ilen, olen) != 0) {
ESP_LOGE(TAG, "Error in v15 unpadding");
goto exit;
}
} else if (padding == MBEDTLS_RSA_PKCS_V21) {
} else if (padding == MBEDTLS_PK_RSA_PKCS_V21) {
if (esp_ds_rsaes_pkcs1_v21_unpadding((uint8_t *)output_tmp, ilen, (uint8_t *)output_tmp, ilen, olen) != 0) {
ESP_LOGE(TAG, "Error in v21 unpadding");
goto exit;

132
components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
View File

@@ -14,14 +14,74 @@
#include "esp_heap_caps.h"
#include "freertos/FreeRTOS.h"
#include "freertos/semphr.h"
#include "mbedtls/build_info.h"
#include "mbedtls/rsa.h"
#include "mbedtls/oid.h"
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#include "mbedtls/private/rsa.h"
#include "mbedtls/pk.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/asn1.h"
#include "mbedtls/md.h"
#include <string.h>
static const char *TAG = "ESP_RSA_SIGN_ALT";
/*
* Local OID lookup table for hash algorithms
* This replicates the OID data needed for PKCS#1 v1.5 DigestInfo encoding
* Since OID access has moved to internal driver headers in PSA transition,
* we maintain this local table for the hardware accelerator implementation.
*/
typedef struct {
mbedtls_md_type_t md_alg;
const char *oid;
size_t oid_len;
} oid_md_mapping_t;
static const oid_md_mapping_t oid_md_table[] = {
#if defined(PSA_WANT_ALG_MD5)
{ MBEDTLS_MD_MD5, "\x2a\x86\x48\x86\xf7\x0d\x02\x05", 8 },
#endif
#if defined(PSA_WANT_ALG_SHA_1)
{ MBEDTLS_MD_SHA1, "\x2b\x0e\x03\x02\x1a", 5 },
#endif
#if defined(PSA_WANT_ALG_SHA_224)
{ MBEDTLS_MD_SHA224, "\x60\x86\x48\x01\x65\x03\x04\x02\x04", 9 },
#endif
#if defined(PSA_WANT_ALG_SHA_256)
{ MBEDTLS_MD_SHA256, "\x60\x86\x48\x01\x65\x03\x04\x02\x01", 9 },
#endif
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_MD_SHA384, "\x60\x86\x48\x01\x65\x03\x04\x02\x02", 9 },
#endif
#if defined(PSA_WANT_ALG_SHA_512)
{ MBEDTLS_MD_SHA512, "\x60\x86\x48\x01\x65\x03\x04\x02\x03", 9 },
#endif
#if defined(PSA_WANT_ALG_RIPEMD160)
{ MBEDTLS_MD_RIPEMD160, "\x2b\x24\x03\x02\x01", 5 },
#endif
{ MBEDTLS_MD_NONE, NULL, 0 }
};
/**
* @brief Get OID for hash algorithm (local implementation)
*
* @param md_alg Hash algorithm type
* @param oid Output pointer for OID string
* @param olen Output pointer for OID length
* @return 0 on success, PSA_ERROR_NOT_SUPPORTED if not found
*/
static int esp_ds_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen)
{
for (size_t i = 0; oid_md_table[i].md_alg != MBEDTLS_MD_NONE; i++) {
if (oid_md_table[i].md_alg == md_alg) {
*oid = oid_md_table[i].oid;
*olen = oid_md_table[i].oid_len;
return 0;
}
}
return PSA_ERROR_NOT_SUPPORTED;
}
static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -37,11 +97,11 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
if ( md_alg != MBEDTLS_MD_NONE ) {
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
if ( md_info == NULL ) {
return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
if ( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) {
return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if ( esp_ds_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) {
return ( PSA_ERROR_INVALID_ARGUMENT );
}
hashlen = mbedtls_md_get_size( md_info );
@@ -51,7 +111,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
if ( 8 + hashlen + oid_size >= 0x80 ||
10 + hashlen < hashlen ||
10 + hashlen + oid_size < 10 + hashlen ) {
return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
/*
@@ -63,12 +123,12 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
* - Need oid_size bytes for hash alg OID.
*/
if ( nb_pad < 10 + hashlen + oid_size ) {
return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
nb_pad -= 10 + hashlen + oid_size;
} else {
if ( nb_pad < hashlen ) {
return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
nb_pad -= hashlen;
@@ -77,7 +137,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
/* Need space for signature header and padding delimiter (3 bytes),
* and 8 bytes for the minimal padding */
if ( nb_pad < 3 + 8 ) {
return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
nb_pad -= 3;
@@ -86,7 +146,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
/* Write signature header and padding */
*p++ = 0;
*p++ = MBEDTLS_RSA_SIGN;
*p++ = 1; //MBEDTLS_RSA_SIGN;
memset( p, 0xFF, nb_pad );
p += nb_pad;
*p++ = 0;
@@ -129,7 +189,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
* after the initial bounds check. */
if ( p != dst + dst_len ) {
mbedtls_platform_zeroize( dst, dst_len );
return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return ( PSA_ERROR_INVALID_ARGUMENT );
}
return ( 0 );
@@ -147,15 +207,15 @@ static int rsa_rsassa_pss_pkcs1_v21_encode( int (*f_rng)(void *, unsigned char *
unsigned char *p = sig;
unsigned char *salt = NULL;
size_t slen, min_slen, hlen, offset = 0;
int ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
int ret = PSA_ERROR_INVALID_ARGUMENT;
size_t msb;
if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
if (f_rng == NULL) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
olen = dst_len;
@@ -164,20 +224,20 @@ static int rsa_rsassa_pss_pkcs1_v21_encode( int (*f_rng)(void *, unsigned char *
/* Gather length of hash to sign */
size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg);
if (exp_hashlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
if (hashlen != exp_hashlen) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
}
hlen = mbedtls_md_get_size_from_type(md_alg);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY) {
if (saltlen == -1) {
/* Calculate the largest possible salt length, up to the hash size.
* Normally this is the hash length, which is the maximum salt length
* according to FIPS 185-4 <20>5.5 (e) and common practice. If there is not
@@ -187,14 +247,14 @@ static int rsa_rsassa_pss_pkcs1_v21_encode( int (*f_rng)(void *, unsigned char *
* (PKCS#1 v2.2) <20>9.1.1 step 3. */
min_slen = hlen - 2;
if (olen < hlen + min_slen + 2) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
} else if (olen >= hlen + hlen + 2) {
slen = hlen;
} else {
slen = olen - hlen - 2;
}
} else if ((saltlen < 0) || (saltlen + hlen + 2 > olen)) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
} else {
slen = (size_t) saltlen;
}
@@ -210,7 +270,7 @@ static int rsa_rsassa_pss_pkcs1_v21_encode( int (*f_rng)(void *, unsigned char *
/* Generate salt of length slen in place in the encoded message */
salt = p;
if ((ret = f_rng(p_rng, salt, slen)) != 0) {
return MBEDTLS_ERR_RSA_RNG_FAILED;
return PSA_ERROR_INVALID_ARGUMENT;
}
p += slen;
@@ -246,7 +306,7 @@ static int rsa_rsassa_pkcs1_v21_encode(int (*f_rng)(void *, unsigned char *, siz
size_t dst_len,
unsigned char *dst )
{
return rsa_rsassa_pss_pkcs1_v21_encode(f_rng, p_rng, md_alg, hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, dst, dst_len);
return rsa_rsassa_pss_pkcs1_v21_encode(f_rng, p_rng, md_alg, hashlen, hash, -1, dst, dst_len);
}
#endif /* CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -254,6 +314,15 @@ int esp_ds_rsa_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
mbedtls_pk_context *pk = (mbedtls_pk_context *)ctx;
size_t sig_len = 0;
return esp_ds_rsa_sign_alt(pk, md_alg, hash, hashlen, sig, 0, &sig_len);
}
int esp_ds_rsa_sign_alt(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len)
{
esp_ds_context_t *esp_ds_ctx = NULL;
esp_err_t ds_r;
@@ -263,7 +332,11 @@ int esp_ds_rsa_sign( void *ctx,
* which allows NULL ctx. If ctx is NULL, then the default padding
* MBEDTLS_RSA_PKCS_V15 is used.
*/
int padding = MBEDTLS_RSA_PKCS_V15;
int padding = MBEDTLS_PK_RSA_PKCS_V15;
void *ctx = NULL;
if (pk != NULL) {
ctx = pk->MBEDTLS_PRIVATE(pk_ctx);
}
if (ctx != NULL) {
mbedtls_rsa_context *rsa_ctx = (mbedtls_rsa_context *)ctx;
padding = rsa_ctx->MBEDTLS_PRIVATE(padding);
@@ -274,11 +347,11 @@ int esp_ds_rsa_sign( void *ctx,
return -1;
}
const size_t data_len = s_ds_data->rsa_length + 1;
const size_t sig_len = data_len * FACTOR_KEYLEN_IN_BYTES;
const size_t _sig_len = data_len * FACTOR_KEYLEN_IN_BYTES;
if (padding == MBEDTLS_RSA_PKCS_V21) {
if (padding == MBEDTLS_PK_RSA_PKCS_V21) {
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
if ((ret = (rsa_rsassa_pkcs1_v21_encode(f_rng, p_rng ,md_alg, hashlen, hash, sig_len, sig ))) != 0) {
if ((ret = (rsa_rsassa_pkcs1_v21_encode(mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ,md_alg, hash_len, hash, _sig_len, sig ))) != 0) {
ESP_LOGE(TAG, "Error in pkcs1_v21 encoding, returned %d", ret);
return -1;
}
@@ -287,13 +360,13 @@ int esp_ds_rsa_sign( void *ctx,
return -1;
#endif /* CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 */
} else {
if ((ret = (rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, sig_len, sig ))) != 0) {
if ((ret = (rsa_rsassa_pkcs1_v15_encode(md_alg, hash_len, hash, _sig_len, sig ))) != 0) {
ESP_LOGE(TAG, "Error in pkcs1_v15 encoding, returned %d", ret);
return -1;
}
}
uint32_t *signature = heap_caps_malloc_prefer(sig_len, 2, MALLOC_CAP_32BIT | MALLOC_CAP_INTERNAL, MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL);
uint32_t *signature = heap_caps_malloc_prefer(_sig_len, 2, MALLOC_CAP_32BIT | MALLOC_CAP_INTERNAL, MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL);
if (signature == NULL) {
ESP_LOGE(TAG, "Could not allocate memory for internal DS operations");
return -1;
@@ -330,5 +403,6 @@ int esp_ds_rsa_sign( void *ctx,
((uint32_t *)sig)[i] = SWAP_INT32(((uint32_t *)signature)[(data_len) - (i + 1)]);
}
heap_caps_free(signature);
*sig_len = _sig_len;
return 0;
}

3
components/mbedtls/port/include/aes/esp_aes_gcm.h
View File

@@ -11,7 +11,6 @@
#pragma once
#include "aes/esp_aes.h"
#include "mbedtls/cipher.h"
#ifdef __cplusplus
extern "C" {
@@ -69,7 +68,7 @@ void esp_aes_gcm_init( esp_gcm_context *ctx);
* \return A cipher-specific error code on failure.
*/
int esp_aes_gcm_setkey( esp_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
int cipher,
const unsigned char *key,
unsigned int keybits );

14
components/mbedtls/port/include/ecdsa/ecdsa_alt.h
View File

@@ -110,6 +110,20 @@ int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *c
#endif // CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || __DOXYGEN__
/**
* @brief Free the PK context initialized with hardware ECDSA key.
* This function properly cleans up the manually allocated mbedtls_ecp_keypair
* structure and then frees the PK context.
*
* Note: In mbedtls v4.0, ECDSA keys are managed through PSA, so the standard
* mbedtls_pk_free() does not deallocate the manually created keypair structure.
* Always use this function instead of mbedtls_pk_free() for contexts initialized
* with esp_ecdsa_set_pk_context().
*
* @param key_ctx The PK context to free (initialized with esp_ecdsa_set_pk_context)
*/
void esp_ecdsa_free_pk_context(mbedtls_pk_context *key_ctx);
#if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN || __DOXYGEN__
/**

1
components/mbedtls/port/include/entropy_poll.h
View File

@@ -6,7 +6,6 @@
*/
#ifndef MBEDTLS_ENTROPY_POLL_H
#define MBEDTLS_ENTROPY_POLL_H
#include "mbedtls/build_info.h"
#include <stddef.h>
#ifdef __cplusplus
extern "C" {

38
components/mbedtls/port/include/esp_ds/esp_ds_rsa.h
View File

@@ -12,7 +12,7 @@ extern "C" {
#include "esp_ds.h"
#include "mbedtls/md.h"
#include "mbedtls/pk.h"
/**
* @brief ESP-DS data context
*
@@ -68,6 +68,30 @@ int esp_ds_rsa_sign( void *ctx,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
/**
* @brief Alternate implementation for mbedtls_pk_sign, uses DS module for hardware accelerated RSA sign operation
*
* This function is an alternate implementation compatible with mbedtls_pk_sign interface.
* It internally makes use of the DS (Digital Signature) peripheral to perform hardware
* accelerated RSA signature operations.
*
* @param pk Pointer to the mbedtls_pk_context structure containing the public key context
* @param md_alg Message digest algorithm type used for hashing (e.g., MBEDTLS_MD_SHA256)
* @param hash Pointer to the hash value to be signed
* @param hash_len Length of the hash value in bytes
* @param sig Buffer to hold the generated signature
* @param sig_size Maximum size of the signature buffer in bytes
* @param sig_len Pointer to store the actual length of the generated signature in bytes
*
* @return
* - 0 on success
* - MBEDTLS_ERR_PK_BAD_INPUT_DATA if input parameters are invalid
* - MBEDTLS_ERR_PK_ALLOC_FAILED if memory allocation fails
* - Other mbedtls error codes on failure
*/
int esp_ds_rsa_sign_alt(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len);
/*
* @brief Get RSA key length in bytes from internal DS context
*
@@ -75,6 +99,18 @@ int esp_ds_rsa_sign( void *ctx,
*/
size_t esp_ds_get_keylen(void *ctx);
/**
* @brief Get RSA key length in bytes from mbedtls_pk_context
*
* This function retrieves the RSA key length from an mbedtls_pk_context structure.
* It is an alternate implementation compatible with mbedtls PK interface.
*
* @param ctx Pointer to the mbedtls_pk_context structure
*
* @return RSA key length in bytes, or 0 if the context is invalid
*/
size_t esp_ds_get_keylen_alt(mbedtls_pk_context *ctx);
/*
* @brief Set timeout (equal to TLS session timeout), so that DS module usage can be synchronized in case of multiple TLS connections using DS module,
*/

3
components/mbedtls/port/include/mbedtls/bignum.h
View File

@@ -5,7 +5,8 @@
*/
#pragma once
#include_next "mbedtls/bignum.h"
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include_next "mbedtls/private/bignum.h"
#include "sdkconfig.h"
/**

3
components/mbedtls/port/include/mbedtls/ecp.h
View File

@@ -5,7 +5,8 @@
*/
#pragma once
#include_next "mbedtls/ecp.h"
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include_next "mbedtls/private/ecp.h"
#include "sdkconfig.h"
#ifdef __cplusplus

700
components/mbedtls/port/include/mbedtls/esp_config.h
View File

File diff suppressed because it is too large Load Diff

20
components/mbedtls/port/include/mbedtls/esp_debug.h
View File

@@ -1,16 +1,8 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_DEBUG_H_
#define _ESP_DEBUG_H_
@@ -40,7 +32,7 @@ extern "C" {
* enough in menuconfig, or some messages may be filtered at compile time.
*
* @param conf mbedtls_ssl_config structure
* @param mbedTLS debug threshold, 0-4. Messages are filtered at runtime.
* @param threshold mbedTLS debug threshold, 0-4. Messages are filtered at runtime.
*/
void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold);

63
components/mbedtls/port/include/mbedtls/gcm.h
View File

@@ -1,11 +1,10 @@
/*
* SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include_next "mbedtls/gcm.h"
#include "sdkconfig.h"
#ifdef __cplusplus
@@ -14,66 +13,6 @@ extern "C" {
#if defined(MBEDTLS_GCM_ALT) && defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
/**
* When the MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK is defined, for non-AES GCM
* operations we need to fallback to the software function definitions of the
* mbedtls GCM layer.
* Thus in this case we need declarations for the software funtions.
* Please refer mbedtls/include/mbedtls/gcm.h for function documentations
*/
void mbedtls_gcm_init_soft(mbedtls_gcm_context_soft *ctx);
int mbedtls_gcm_setkey_soft(mbedtls_gcm_context_soft *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits);
int mbedtls_gcm_starts_soft(mbedtls_gcm_context_soft *ctx,
int mode,
const unsigned char *iv, size_t iv_len);
int mbedtls_gcm_update_ad_soft(mbedtls_gcm_context_soft *ctx,
const unsigned char *add, size_t add_len);
int mbedtls_gcm_update_soft(mbedtls_gcm_context_soft *ctx,
const unsigned char *input, size_t input_length,
unsigned char *output, size_t output_size,
size_t *output_length);
int mbedtls_gcm_finish_soft(mbedtls_gcm_context_soft *ctx,
unsigned char *output, size_t output_size,
size_t *output_length,
unsigned char *tag, size_t tag_len);
int mbedtls_gcm_crypt_and_tag_soft(mbedtls_gcm_context_soft *ctx,
int mode,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len,
const unsigned char *input,
unsigned char *output,
size_t tag_len,
unsigned char *tag);
int mbedtls_gcm_auth_decrypt_soft(mbedtls_gcm_context_soft *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len,
const unsigned char *tag,
size_t tag_len,
const unsigned char *input,
unsigned char *output);
void mbedtls_gcm_free_soft(mbedtls_gcm_context_soft *ctx);
#endif /* MBEDTLS_GCM_ALT && MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK*/
#ifdef __cplusplus

1
tools/ci/check_copyright_ignore.txt
View File

@@ -467,7 +467,6 @@ components/mbedtls/port/aes/esp_aes_xts.c
components/mbedtls/port/include/aes/esp_aes.h
components/mbedtls/port/include/aes_alt.h
components/mbedtls/port/include/bignum_impl.h
components/mbedtls/port/include/mbedtls/esp_debug.h
components/mbedtls/port/include/sha1_alt.h
components/mbedtls/port/include/sha256_alt.h
components/mbedtls/port/include/sha512_alt.h