From cbd925837e70363c0ebc2e1144cd2c0ee4e2d5f3 Mon Sep 17 00:00:00 2001 From: Ashish Sharma Date: Tue, 23 Dec 2025 10:51:02 +0800 Subject: [PATCH] feat: migrates mbedtls port layer to PSA APIs --- .../mbedtls/port/aes/dma/esp_aes_dma_core.c | 4 +- components/mbedtls/port/aes/esp_aes.c | 7 +- components/mbedtls/port/aes/esp_aes_common.c | 10 +- components/mbedtls/port/aes/esp_aes_gcm.c | 117 +-- components/mbedtls/port/aes/esp_aes_xts.c | 22 +- components/mbedtls/port/bignum/bignum_alt.c | 1 + components/mbedtls/port/bignum/esp_bignum.c | 178 ++--- .../port/dynamic/esp_mbedtls_dynamic_impl.c | 9 - .../port/dynamic/esp_mbedtls_dynamic_impl.h | 2 - components/mbedtls/port/dynamic/esp_ssl_cli.c | 1 - components/mbedtls/port/dynamic/esp_ssl_srv.c | 4 +- components/mbedtls/port/dynamic/esp_ssl_tls.c | 60 +- components/mbedtls/port/ecc/ecc_alt.c | 2 + components/mbedtls/port/ecdsa/ecdsa_alt.c | 304 +++++++- .../mbedtls/port/esp_ds/esp_ds_common.c | 18 +- .../mbedtls/port/esp_ds/esp_rsa_dec_alt.c | 19 +- .../mbedtls/port/esp_ds/esp_rsa_sign_alt.c | 132 +++- .../mbedtls/port/include/aes/esp_aes_gcm.h | 3 +- .../mbedtls/port/include/ecdsa/ecdsa_alt.h | 14 + .../mbedtls/port/include/entropy_poll.h | 1 - .../mbedtls/port/include/esp_ds/esp_ds_rsa.h | 38 +- .../mbedtls/port/include/mbedtls/bignum.h | 3 +- components/mbedtls/port/include/mbedtls/ecp.h | 3 +- .../mbedtls/port/include/mbedtls/esp_config.h | 700 ++++++------------ .../mbedtls/port/include/mbedtls/esp_debug.h | 20 +- components/mbedtls/port/include/mbedtls/gcm.h | 63 +- tools/ci/check_copyright_ignore.txt | 1 - 27 files changed, 871 insertions(+), 865 deletions(-) diff --git a/components/mbedtls/port/aes/dma/esp_aes_dma_core.c b/components/mbedtls/port/aes/dma/esp_aes_dma_core.c index a6bc769d11..0279510c59 100644 --- a/components/mbedtls/port/aes/dma/esp_aes_dma_core.c +++ b/components/mbedtls/port/aes/dma/esp_aes_dma_core.c @@ -24,7 +24,7 @@ #include "esp_aes_internal.h" #include "esp_crypto_dma.h" -#include "mbedtls/aes.h" +#include "psa/crypto.h" #include "mbedtls/platform_util.h" #if !ESP_TEE_BUILD @@ -37,6 +37,8 @@ #include "freertos/semphr.h" #endif +#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ + #if SOC_AES_SUPPORT_GCM #include "aes/esp_aes_gcm.h" #endif diff --git a/components/mbedtls/port/aes/esp_aes.c b/components/mbedtls/port/aes/esp_aes.c index e874102a52..9b73eac8bf 100644 --- a/components/mbedtls/port/aes/esp_aes.c +++ b/components/mbedtls/port/aes/esp_aes.c @@ -16,7 +16,6 @@ */ #include -#include "mbedtls/aes.h" #include "esp_log.h" #include "esp_crypto_lock.h" #include "hal/aes_hal.h" @@ -24,6 +23,7 @@ #include "esp_crypto_periph_clk.h" #include "soc/soc_caps.h" #include "sdkconfig.h" +#include "mbedtls/platform_util.h" #if SOC_AES_GDMA #define AES_LOCK() esp_crypto_sha_aes_lock_acquire() @@ -34,6 +34,10 @@ #include "hal/crypto_dma_ll.h" #endif +#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */ +#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ +#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ + static const char *TAG = "esp-aes"; #if CONFIG_MBEDTLS_AES_HW_SMALL_DATA_LEN_OPTIM @@ -132,6 +136,7 @@ static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output) */ if (ctx->key_in_hardware != ctx->key_bytes) { mbedtls_platform_zeroize(output, 16); + memset(output, 0, 16); return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; } i0 = input_words[0]; diff --git a/components/mbedtls/port/aes/esp_aes_common.c b/components/mbedtls/port/aes/esp_aes_common.c index 47da440727..106accfbce 100644 --- a/components/mbedtls/port/aes/esp_aes_common.c +++ b/components/mbedtls/port/aes/esp_aes_common.c @@ -6,7 +6,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. @@ -15,15 +15,17 @@ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ #include "sdkconfig.h" +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "esp_aes_internal.h" -#include "mbedtls/aes.h" #include "hal/aes_hal.h" #include "hal/aes_types.h" #include "soc/soc_caps.h" -#include "mbedtls/error.h" +#include "psa/crypto.h" #include +#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 + #if SOC_AES_SUPPORT_DMA #include "esp_aes_dma_priv.h" #endif @@ -65,7 +67,7 @@ int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, { #if !SOC_AES_SUPPORT_AES_192 if (keybits == 192) { - return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; } #endif if (keybits != 128 && keybits != 192 && keybits != 256) { diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index 839fb71a1f..ff40afbd3b 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -6,7 +6,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. @@ -15,14 +15,12 @@ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ #include - +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "aes/esp_aes.h" #include "aes/esp_aes_gcm.h" #include "esp_aes_internal.h" #include "hal/aes_hal.h" -#include "mbedtls/aes.h" -#include "mbedtls/error.h" #include "mbedtls/gcm.h" #include "esp_heap_caps.h" @@ -32,10 +30,14 @@ #include "sdkconfig.h" +#include "psa/crypto.h" + #if SOC_AES_SUPPORT_DMA #include "esp_aes_dma_priv.h" #endif +#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 + #define ESP_PUT_BE64(a, val) \ do { \ *(uint64_t*)(a) = __builtin_bswap64( (uint64_t)(val) ); \ @@ -252,34 +254,13 @@ static void gcm_mult( esp_gcm_context *ctx, const unsigned char x[16], /* Update the key value in gcm context */ int esp_aes_gcm_setkey( esp_gcm_context *ctx, - mbedtls_cipher_id_t cipher, + int cipher, const unsigned char *key, unsigned int keybits ) { - /* Fallback to software implementation of GCM operation when a non-AES - * cipher is selected, as we support hardware acceleration only for a - * GCM operation using AES cipher. - */ -#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) - if (ctx->ctx_soft != NULL) { - mbedtls_gcm_free_soft(ctx->ctx_soft); - free(ctx->ctx_soft); - ctx->ctx_soft = NULL; - } - - if (cipher != MBEDTLS_CIPHER_ID_AES) { - ctx->ctx_soft = (mbedtls_gcm_context_soft*) malloc(sizeof(mbedtls_gcm_context_soft)); - if (ctx->ctx_soft == NULL) { - return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; - } - mbedtls_gcm_init_soft(ctx->ctx_soft); - return mbedtls_gcm_setkey_soft(ctx->ctx_soft, cipher, key, keybits); - } -#endif - #if !SOC_AES_SUPPORT_AES_192 if (keybits == 192) { - return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; } #endif if (keybits != 128 && keybits != 192 && keybits != 256) { @@ -358,14 +339,6 @@ void esp_aes_gcm_free( esp_gcm_context *ctx) if (ctx == NULL) { return; } -#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) - if (ctx->ctx_soft != NULL) { - mbedtls_gcm_free_soft(ctx->ctx_soft); - free(ctx->ctx_soft); - /* Note that the value of ctx->ctx_soft should be NULL'ed out - and here it is taken care by the bzero call below */ - } -#endif bzero(ctx, sizeof(esp_gcm_context)); } @@ -377,25 +350,19 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, { if (!ctx) { ESP_LOGE(TAG, "No AES context supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } -#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) - if (ctx->ctx_soft != NULL) { - return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len); - } -#endif - /* IV is limited to 2^32 bits, so 2^29 bytes */ /* IV is not allowed to be zero length */ if ( iv_len == 0 || ( (uint32_t) iv_len ) >> 29 != 0 ) { - return ( MBEDTLS_ERR_GCM_BAD_INPUT ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } if (!iv) { ESP_LOGE(TAG, "No IV supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return -PSA_ERROR_INVALID_ARGUMENT; } /* Initialize AES-GCM context */ @@ -421,7 +388,7 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, esp_aes_release_hardware(); #else memset(ctx->H, 0, sizeof(ctx->H)); - int ret = esp_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->H, ctx->H); + int ret = esp_aes_crypt_ecb(&ctx->aes_ctx, ESP_AES_ENCRYPT, ctx->H, ctx->H); if (ret != 0) { return ret; } @@ -449,28 +416,22 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx, { if (!ctx) { ESP_LOGE(TAG, "No AES context supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } -#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) - if (ctx->ctx_soft != NULL) { - return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len); - } -#endif - /* AD are limited to 2^32 bits, so 2^29 bytes */ if ( ( (uint32_t) aad_len ) >> 29 != 0 ) { - return ( MBEDTLS_ERR_GCM_BAD_INPUT ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } if ( (aad_len > 0) && !aad) { ESP_LOGE(TAG, "No aad supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } if (ctx->gcm_state != ESP_AES_GCM_STATE_START) { ESP_LOGE(TAG, "AES context in invalid state!"); - return -1; + return PSA_ERROR_BAD_STATE; } /* Initialise associated data */ @@ -490,36 +451,30 @@ int esp_aes_gcm_update( esp_gcm_context *ctx, { if (!ctx) { ESP_LOGE(TAG, "No GCM context supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return -1; } -#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) - if (ctx->ctx_soft != NULL) { - return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length); - } -#endif - size_t nc_off = 0; uint8_t nonce_counter[AES_BLOCK_BYTES] = {0}; uint8_t stream[AES_BLOCK_BYTES] = {0}; if (!output_length) { ESP_LOGE(TAG, "No output length supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } *output_length = input_length; if (!input) { ESP_LOGE(TAG, "No input supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } if (!output) { ESP_LOGE(TAG, "No output supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } if ( output > input && (size_t) ( output - input ) < input_length ) { - return ( MBEDTLS_ERR_GCM_BAD_INPUT ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } /* If this is the first time esp_gcm_update is getting called * calculate GHASH on aad and preincrement the ICB @@ -565,17 +520,12 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx, size_t *output_length, unsigned char *tag, size_t tag_len ) { -#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) - if (ctx->ctx_soft != NULL) { - return mbedtls_gcm_finish_soft(ctx->ctx_soft, output, output_size, output_length, tag, tag_len); - } -#endif size_t nc_off = 0; uint8_t len_block[AES_BLOCK_BYTES] = {0}; uint8_t stream[AES_BLOCK_BYTES] = {0}; if ( tag_len > 16 || tag_len < 4 ) { - return ( MBEDTLS_ERR_GCM_BAD_INPUT ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } /* Calculate final GHASH on aad_len, data length */ @@ -663,14 +613,8 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, { if (!ctx) { ESP_LOGE(TAG, "No AES context supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } - -#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) - if (ctx->ctx_soft != NULL) { - return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag); - } -#endif #if CONFIG_MBEDTLS_HARDWARE_GCM int ret; size_t remainder_bit; @@ -687,24 +631,24 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, Maximum size of data in the buffer that a DMA descriptor can hold. */ if (aad_len > DMA_DESCRIPTOR_BUFFER_MAX_SIZE_4B_ALIGNED) { - return MBEDTLS_ERR_GCM_BAD_INPUT; + return -1; } /* IV and AD are limited to 2^32 bits, so 2^29 bytes */ /* IV is not allowed to be zero length */ if ( iv_len == 0 || ( (uint32_t) iv_len ) >> 29 != 0 || ( (uint32_t) aad_len ) >> 29 != 0 ) { - return ( MBEDTLS_ERR_GCM_BAD_INPUT ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } if (!iv) { ESP_LOGE(TAG, "No IV supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } if ( (aad_len > 0) && !aad) { ESP_LOGE(TAG, "No aad supplied"); - return MBEDTLS_ERR_GCM_BAD_INPUT; + return PSA_ERROR_INVALID_ARGUMENT; } /* Initialize AES-GCM context */ @@ -761,11 +705,6 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx, const unsigned char *input, unsigned char *output ) { -#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) - if (ctx->ctx_soft != NULL) { - return mbedtls_gcm_auth_decrypt_soft(ctx->ctx_soft, length, iv, iv_len, aad, aad_len, tag, tag_len, input, output); - } -#endif int ret; unsigned char check_tag[16]; size_t i; @@ -784,7 +723,7 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx, if ( diff != 0 ) { bzero( output, length ); - return ( MBEDTLS_ERR_GCM_AUTH_FAILED ); + return ( PSA_ERROR_INVALID_SIGNATURE ); } return ( 0 ); diff --git a/components/mbedtls/port/aes/esp_aes_xts.c b/components/mbedtls/port/aes/esp_aes_xts.c index 4b4663162f..29fd00f283 100644 --- a/components/mbedtls/port/aes/esp_aes_xts.c +++ b/components/mbedtls/port/aes/esp_aes_xts.c @@ -36,9 +36,9 @@ #include #include #include -#include "mbedtls/aes.h" - +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "aes/esp_aes.h" +#include "psa/crypto.h" void esp_aes_xts_init( esp_aes_xts_context *ctx ) { @@ -65,7 +65,7 @@ static int esp_aes_xts_decode_keys( const unsigned char *key, switch ( keybits ) { case 256: break; case 512: break; - default : return ( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + default : return ( PSA_ERROR_NOT_SUPPORTED ); } *key1bits = half_keybits; @@ -124,7 +124,7 @@ int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx, return esp_aes_setkey( &ctx->crypt, key1, key1bits ); } -/* Endianess with 64 bits values */ +/* Endianness with 64 bits values */ #ifndef GET_UINT64_LE #define GET_UINT64_LE(n,b,i) \ { \ @@ -158,7 +158,7 @@ int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx, * * This function multiplies a field element by x in the polynomial field * representation. It uses 64-bit word operations to gain speed but compensates - * for machine endianess and hence works correctly on both big and little + * for machine endianness and hence works correctly on both big and little * endian machines. */ static void esp_gf128mul_x_ble( unsigned char r[16], @@ -195,16 +195,16 @@ int esp_aes_crypt_xts( esp_aes_xts_context *ctx, /* Sectors must be at least 16 bytes. */ if ( length < 16 ) { - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; + return PSA_ERROR_DATA_INVALID; } /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */ if ( length > ( 1 << 20 ) * 16 ) { - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; + return PSA_ERROR_DATA_INVALID; } /* Compute the tweak. */ - ret = esp_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, + ret = esp_aes_crypt_ecb( &ctx->tweak, ESP_AES_ENCRYPT, data_unit, tweak ); if ( ret != 0 ) { return ( ret ); @@ -213,7 +213,7 @@ int esp_aes_crypt_xts( esp_aes_xts_context *ctx, while ( blocks-- ) { size_t i; - if ( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 ) { + if ( leftover && ( mode == ESP_AES_DECRYPT ) && blocks == 0 ) { /* We are on the last block in a decrypt operation that has * leftover bytes, so we need to use the next tweak for this block, * and this tweak for the lefover bytes. Save the current tweak for @@ -246,7 +246,7 @@ int esp_aes_crypt_xts( esp_aes_xts_context *ctx, if ( leftover ) { /* If we are on the leftover bytes in a decrypt operation, we need to * use the previous tweak for these bytes (as saved in prev_tweak). */ - unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak; + unsigned char *t = mode == ESP_AES_DECRYPT ? prev_tweak : tweak; /* We are now on the final part of the data unit, which doesn't divide * evenly by 16. It's time for ciphertext stealing. */ @@ -254,7 +254,7 @@ int esp_aes_crypt_xts( esp_aes_xts_context *ctx, unsigned char *prev_output = output - 16; /* Copy ciphertext bytes from the previous block to our output for each - * byte of cyphertext we won't steal. At the same time, copy the + * byte of ciphertext we won't steal. At the same time, copy the * remainder of the input for this final round (since the loop bounds * are the same). */ for ( i = 0; i < leftover; i++ ) { diff --git a/components/mbedtls/port/bignum/bignum_alt.c b/components/mbedtls/port/bignum/bignum_alt.c index 5717faf3b4..d85a428098 100644 --- a/components/mbedtls/port/bignum/bignum_alt.c +++ b/components/mbedtls/port/bignum/bignum_alt.c @@ -4,6 +4,7 @@ * SPDX-License-Identifier: Apache-2.0 */ #include +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "esp_crypto_lock.h" #include "bignum_impl.h" #include "mbedtls/bignum.h" diff --git a/components/mbedtls/port/bignum/esp_bignum.c b/components/mbedtls/port/bignum/esp_bignum.c index 1c799b3c2a..50b60bddeb 100644 --- a/components/mbedtls/port/bignum/esp_bignum.c +++ b/components/mbedtls/port/bignum/esp_bignum.c @@ -6,7 +6,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD */ #include #include @@ -28,7 +28,7 @@ #include "freertos/FreeRTOS.h" #include "freertos/semphr.h" - +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "bignum_impl.h" #include "mbedtls/bignum.h" @@ -54,89 +54,6 @@ static const __attribute__((unused)) char *TAG = "bignum"; #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ -#if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT) -static SemaphoreHandle_t op_complete_sem; -#if defined(CONFIG_PM_ENABLE) -static esp_pm_lock_handle_t s_pm_cpu_lock; -static esp_pm_lock_handle_t s_pm_sleep_lock; -#endif - -static IRAM_ATTR void esp_mpi_complete_isr(void *arg) -{ - BaseType_t higher_woken; - mpi_hal_clear_interrupt(); - - xSemaphoreGiveFromISR(op_complete_sem, &higher_woken); - if (higher_woken) { - portYIELD_FROM_ISR(); - } -} - - -static esp_err_t esp_mpi_isr_initialise(void) -{ - mpi_hal_clear_interrupt(); - mpi_hal_interrupt_enable(true); - if (op_complete_sem == NULL) { - static StaticSemaphore_t op_sem_buf; - op_complete_sem = xSemaphoreCreateBinaryStatic(&op_sem_buf); - if (op_complete_sem == NULL) { - ESP_LOGE(TAG, "Failed to create intr semaphore"); - return ESP_FAIL; - } - - const int isr_flags = esp_intr_level_to_flags(CONFIG_MBEDTLS_MPI_INTERRUPT_LEVEL); - - esp_err_t ret; - ret = esp_intr_alloc(ETS_RSA_INTR_SOURCE, isr_flags, esp_mpi_complete_isr, NULL, NULL); - if (ret != ESP_OK) { - ESP_LOGE(TAG, "Failed to allocate RSA interrupt %d", ret); - - // This should be treated as fatal error as this API would mostly - // be invoked within mbedTLS interface. There is no way for the system - // to proceed if the MPI interrupt allocation fails here. - abort(); - } - } - - /* MPI is clocked proportionally to CPU clock, take power management lock */ -#ifdef CONFIG_PM_ENABLE - if (s_pm_cpu_lock == NULL) { - if (esp_pm_lock_create(ESP_PM_NO_LIGHT_SLEEP, 0, "mpi_sleep", &s_pm_sleep_lock) != ESP_OK) { - ESP_LOGE(TAG, "Failed to create PM sleep lock"); - return ESP_FAIL; - } - if (esp_pm_lock_create(ESP_PM_CPU_FREQ_MAX, 0, "mpi_cpu", &s_pm_cpu_lock) != ESP_OK) { - ESP_LOGE(TAG, "Failed to create PM CPU lock"); - return ESP_FAIL; - } - } - esp_pm_lock_acquire(s_pm_cpu_lock); - esp_pm_lock_acquire(s_pm_sleep_lock); -#endif - - return ESP_OK; -} - -static int esp_mpi_wait_intr(void) -{ - if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) { - ESP_LOGE("MPI", "Timed out waiting for completion of MPI Interrupt"); - return -1; - } - -#ifdef CONFIG_PM_ENABLE - esp_pm_lock_release(s_pm_cpu_lock); - esp_pm_lock_release(s_pm_sleep_lock); -#endif // CONFIG_PM_ENABLE - - mpi_hal_interrupt_enable(false); - - return 0; -} - -#endif // CONFIG_MBEDTLS_MPI_USE_INTERRUPT - /* Convert bit count to word count */ static inline size_t bits_to_words(size_t bits) @@ -148,6 +65,15 @@ static inline size_t bits_to_words(size_t bits) number. */ #if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) + +#if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT) +static SemaphoreHandle_t op_complete_sem; +#if defined(CONFIG_PM_ENABLE) +static esp_pm_lock_handle_t s_pm_cpu_lock; +static esp_pm_lock_handle_t s_pm_sleep_lock; +#endif +#endif // CONFIG_MBEDTLS_MPI_USE_INTERRUPT + static size_t mpi_words(const mbedtls_mpi *mpi) { for (size_t i = mpi->MBEDTLS_PRIVATE(n); i > 0; i--) { @@ -262,6 +188,82 @@ cleanup: #if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) +#if defined (CONFIG_MBEDTLS_MPI_USE_INTERRUPT) + +static IRAM_ATTR void esp_mpi_complete_isr(void *arg) +{ + BaseType_t higher_woken; + mpi_hal_clear_interrupt(); + + xSemaphoreGiveFromISR(op_complete_sem, &higher_woken); + if (higher_woken) { + portYIELD_FROM_ISR(); + } +} + +static esp_err_t esp_mpi_isr_initialise(void) +{ + mpi_hal_clear_interrupt(); + mpi_hal_interrupt_enable(true); + if (op_complete_sem == NULL) { + static StaticSemaphore_t op_sem_buf; + op_complete_sem = xSemaphoreCreateBinaryStatic(&op_sem_buf); + if (op_complete_sem == NULL) { + ESP_LOGE(TAG, "Failed to create intr semaphore"); + return ESP_FAIL; + } + + const int isr_flags = esp_intr_level_to_flags(CONFIG_MBEDTLS_MPI_INTERRUPT_LEVEL); + + esp_err_t ret; + ret = esp_intr_alloc(ETS_RSA_INTR_SOURCE, isr_flags, esp_mpi_complete_isr, NULL, NULL); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "Failed to allocate RSA interrupt %d", ret); + + // This should be treated as fatal error as this API would mostly + // be invoked within mbedTLS interface. There is no way for the system + // to proceed if the MPI interrupt allocation fails here. + abort(); + } + } + + /* MPI is clocked proportionally to CPU clock, take power management lock */ +#ifdef CONFIG_PM_ENABLE + if (s_pm_cpu_lock == NULL) { + if (esp_pm_lock_create(ESP_PM_NO_LIGHT_SLEEP, 0, "mpi_sleep", &s_pm_sleep_lock) != ESP_OK) { + ESP_LOGE(TAG, "Failed to create PM sleep lock"); + return ESP_FAIL; + } + if (esp_pm_lock_create(ESP_PM_CPU_FREQ_MAX, 0, "mpi_cpu", &s_pm_cpu_lock) != ESP_OK) { + ESP_LOGE(TAG, "Failed to create PM CPU lock"); + return ESP_FAIL; + } + } + esp_pm_lock_acquire(s_pm_cpu_lock); + esp_pm_lock_acquire(s_pm_sleep_lock); +#endif + + return ESP_OK; +} + +static int esp_mpi_wait_intr(void) +{ + if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) { + ESP_LOGE("MPI", "Timed out waiting for completion of MPI Interrupt"); + return -1; + } + +#ifdef CONFIG_PM_ENABLE + esp_pm_lock_release(s_pm_cpu_lock); + esp_pm_lock_release(s_pm_sleep_lock); +#endif // CONFIG_PM_ENABLE + + mpi_hal_interrupt_enable(false); + + return 0; +} +#endif // CONFIG_MBEDTLS_MPI_USE_INTERRUPT + #ifdef ESP_MPI_USE_MONT_EXP /* * Return the most significant one-bit. @@ -452,8 +454,6 @@ cleanup: return ret; } -#endif /* (MBEDTLS_MPI_EXP_MOD_ALT || MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) */ - /* * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) */ @@ -463,7 +463,6 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, { int ret; #if defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) - /* Try hardware API first and then fallback to software */ ret = esp_mpi_exp_mod( X, A, E, N, _RR ); if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) { ret = mbedtls_mpi_exp_mod_soft( X, A, E, N, _RR ); @@ -478,6 +477,8 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, return ret; } +#endif /* (MBEDTLS_MPI_EXP_MOD_ALT || MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) */ + #if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */ static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words); @@ -493,7 +494,6 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi size_t y_words = bits_to_words(y_bits); size_t z_words = bits_to_words(x_bits + y_bits); size_t hw_words = mpi_hal_calc_hardware_words(MAX(x_words, y_words)); // length of one operand in hardware - /* Short-circuit eval if either argument is 0 or 1. This is needed as the mpi modular division diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c index c2aff10532..c101f4e30c 100644 --- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c +++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c @@ -523,15 +523,6 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num) } #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA -void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl) -{ -#ifdef CONFIG_MBEDTLS_DHM_C - const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl); - mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_P)); - mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_G)); -#endif /* CONFIG_MBEDTLS_DHM_C */ -} - void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl) { mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl); diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h index 54409766f5..ce52f05d5f 100644 --- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h +++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h @@ -88,8 +88,6 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl); size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num); #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA -void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl); - void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl); void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl); diff --git a/components/mbedtls/port/dynamic/esp_ssl_cli.c b/components/mbedtls/port/dynamic/esp_ssl_cli.c index 376f104780..f7aacca85e 100644 --- a/components/mbedtls/port/dynamic/esp_ssl_cli.c +++ b/components/mbedtls/port/dynamic/esp_ssl_cli.c @@ -153,7 +153,6 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add) CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len)); } else { #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA - esp_mbedtls_free_dhm(ssl); esp_mbedtls_free_keycert_key(ssl); esp_mbedtls_free_keycert(ssl); #endif diff --git a/components/mbedtls/port/dynamic/esp_ssl_srv.c b/components/mbedtls/port/dynamic/esp_ssl_srv.c index 5a657b56c7..d200009226 100644 --- a/components/mbedtls/port/dynamic/esp_ssl_srv.c +++ b/components/mbedtls/port/dynamic/esp_ssl_srv.c @@ -21,8 +21,7 @@ static bool ssl_ciphersuite_uses_rsa_key_ex(mbedtls_ssl_context *ssl) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->MBEDTLS_PRIVATE(handshake)->ciphersuite_info; - if (ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_RSA || - ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { + if (ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA) { return true; } else { return false; @@ -101,7 +100,6 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add) CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len)); } else { #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA - esp_mbedtls_free_dhm(ssl); /** * Not free keycert->key and keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods. * For ssl server will use keycert->key to parse client key exchange. diff --git a/components/mbedtls/port/dynamic/esp_ssl_tls.c b/components/mbedtls/port/dynamic/esp_ssl_tls.c index 04f9ce1053..7036e66913 100644 --- a/components/mbedtls/port/dynamic/esp_ssl_tls.c +++ b/components/mbedtls/port/dynamic/esp_ssl_tls.c @@ -47,52 +47,48 @@ static int ssl_update_checksum_start( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_SHA256_C) - ret = mbedtls_md_update( &ssl->handshake->fin_sha256, buf, len ); + psa_status_t status; +#if defined(PSA_WANT_ALG_SHA_256) + status = psa_hash_update( + &ssl->handshake->fin_sha256_psa, buf, len); + if (status != PSA_SUCCESS) { + ret = psa_status_to_mbedtls(status, psa_to_md_errors, ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls); + return ret; + } #endif -#if defined(MBEDTLS_SHA512_C) - ret = mbedtls_md_update( &ssl->handshake->fin_sha384, buf, len ); +#if defined(PSA_WANT_ALG_SHA_384) + status = psa_hash_update( + &ssl->handshake->fin_sha384_psa, buf, len); + if (status != PSA_SUCCESS) { + ret = psa_status_to_mbedtls(status, psa_to_md_errors, ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls); + return ret; + } #endif - return ret; + return 0; } static int ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) { memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); - -#if defined(MBEDTLS_SHA256_C) - mbedtls_md_init( &handshake->fin_sha256 ); - int ret = mbedtls_md_setup( &handshake->fin_sha256, - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - 0 ); - if (ret != 0) { - return ret; - } - ret = mbedtls_md_starts( &handshake->fin_sha256 ); - if (ret != 0) { - return ret; + psa_status_t status; +#if defined(PSA_WANT_ALG_SHA_256) + handshake->fin_sha256_psa = psa_hash_operation_init(); + status = psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); + if (status != PSA_SUCCESS) { + return psa_status_to_mbedtls(status, psa_to_md_errors, ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls); } #endif -#if defined(MBEDTLS_SHA512_C) - mbedtls_md_init( &handshake->fin_sha384 ); - ret = mbedtls_md_setup( &handshake->fin_sha384, - mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), - 0 ); - if (ret != 0) { - return ret; - } - ret = mbedtls_md_starts( &handshake->fin_sha384 ); - if (ret != 0) { - return ret; +#if defined(PSA_WANT_ALG_SHA_384) + handshake->fin_sha384_psa = psa_hash_operation_init(); + status = psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); + if (status != PSA_SUCCESS) { + return psa_status_to_mbedtls(status, psa_to_md_errors, ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls); } #endif handshake->update_checksum = ssl_update_checksum_start; -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_init( &handshake->dhm_ctx ); -#endif -#if defined(MBEDTLS_ECDH_C) && \ +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) mbedtls_ecdh_init( &handshake->ecdh_ctx ); #endif diff --git a/components/mbedtls/port/ecc/ecc_alt.c b/components/mbedtls/port/ecc/ecc_alt.c index 7b70da59cf..b9bae3204d 100644 --- a/components/mbedtls/port/ecc/ecc_alt.c +++ b/components/mbedtls/port/ecc/ecc_alt.c @@ -9,8 +9,10 @@ #include "ecc_impl.h" #include "hal/ecc_ll.h" +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" +#include "mbedtls/bignum.h" #if defined(MBEDTLS_ECP_MUL_ALT) || defined(MBEDTLS_ECP_MUL_ALT_SOFT_FALLBACK) diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index 3bf0740e41..fdfea32e04 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -9,17 +9,23 @@ #include "esp_log.h" #include "hal/ecdsa_types.h" -#include "ecdsa/ecdsa_alt.h" + #include "soc/soc_caps.h" #include "esp_crypto_lock.h" #include "esp_crypto_periph_clk.h" -#include "mbedtls/error.h" -#include "mbedtls/ecdsa.h" +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS +#include "mbedtls/private/ecdsa.h" +#include "mbedtls/private/pk_private.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/platform_util.h" +#include "mbedtls/bignum.h" +#include "ecdsa/ecdsa_alt.h" +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY +#include "pk_wrap.h" +#endif // CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY #if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN #include "esp_tee_sec_storage.h" #endif @@ -83,6 +89,46 @@ __attribute__((unused)) static const char *TAG = "ecdsa_alt"; +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY +/* Forward declaration of custom PK info structure for ESP hardware ECDSA */ +extern const mbedtls_pk_info_t esp_ecdsa_pk_info; +#endif + +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN +/* Forward declarations for wrapped functions */ +int __wrap_mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + +/* Forward declaration for ASN.1 conversion helper */ +static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, + unsigned char *sig, size_t sig_size, + size_t *slen); +#endif + +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY +int __wrap_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, + const mbedtls_mpi *s); + +/* Forward declaration for hardware verify function */ +static int esp_ecdsa_verify(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, + const mbedtls_mpi *s); +#else +/* Forward declaration for software verify when hardware verify is disabled */ +int __real_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, + const mbedtls_mpi *s); +#endif + + #if SOC_ECDSA_SUPPORTED /** * @brief Check if the extracted efuse blocks are valid @@ -391,11 +437,29 @@ int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk } mbedtls_pk_init(key_ctx); +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY + /* Use our custom pk_info that routes to hardware ECDSA for signing and/or verification */ + pk_info = &esp_ecdsa_pk_info; +#else pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA); +#endif if (mbedtls_pk_setup(key_ctx, pk_info) != 0) { return -1; } - keypair = mbedtls_pk_ec(*key_ctx); + + /* In mbedtls v4.0, MBEDTLS_PK_ECDSA doesn't allocate pk_ctx (ctx_alloc_func = NULL) + * because EC keys are managed through PSA. For hardware ECDSA, we need to manually + * allocate an mbedtls_ecp_keypair structure to store the magic values. */ + keypair = calloc(1, sizeof(mbedtls_ecp_keypair)); + if (keypair == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } + + /* Initialize the keypair structure */ + mbedtls_ecp_keypair_init(keypair); + + /* Manually assign to pk_ctx since mbedtls_pk_setup didn't do it */ + key_ctx->MBEDTLS_PRIVATE(pk_ctx) = keypair; return esp_ecdsa_privkey_load_mpi(&(keypair->MBEDTLS_PRIVATE(d)), efuse_blk); } @@ -438,7 +502,6 @@ int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *c return 0; } - static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s, const mbedtls_mpi *d, const unsigned char* msg, size_t msg_len, ecdsa_sign_type_t k_type) @@ -559,7 +622,213 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s return 0; } +#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */ + +void esp_ecdsa_free_pk_context(mbedtls_pk_context *key_ctx) +{ + if (key_ctx == NULL) { + return; + } + + /* In mbedtls v4.0, we manually allocated the keypair structure for hardware ECDSA. + * We need to free it manually since ctx_free_func is NULL for MBEDTLS_PK_ECDSA. */ + mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*key_ctx); + if (keypair != NULL) { + mbedtls_ecp_keypair_free(keypair); + free(keypair); + key_ctx->MBEDTLS_PRIVATE(pk_ctx) = NULL; + } + + mbedtls_pk_free(key_ctx); +} + +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY +/* Custom PK wrapper functions for ESP hardware ECDSA + * + * Flow: mbedtls_pk_sign() → esp_ecdsa_pk_sign_wrap() → esp_ecdsa_sign() → Hardware ECDSA + * + * This bypasses the PSA opaque key path and routes directly to hardware ECDSA + * by using a custom pk_info structure that doesn't require PSA key IDs. + */ +static int esp_ecdsa_pk_can_do(mbedtls_pk_type_t type) +{ + return type == MBEDTLS_PK_ECKEY || + type == MBEDTLS_PK_ECDSA; +} + +static size_t esp_ecdsa_pk_get_bitlen(mbedtls_pk_context *pk) +{ + mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*pk); + if (keypair == NULL) { + return 0; + } + return keypair->MBEDTLS_PRIVATE(grp).nbits; +} +#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY */ + +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY +static int esp_ecdsa_pk_verify_wrap(mbedtls_pk_context *pk, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) +{ + mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*pk); + int ret; + unsigned char *p = (unsigned char *) sig; + const unsigned char *end = sig + sig_len; + size_t len; + mbedtls_mpi r, s; + + (void) md_alg; /* Not used for hardware ECDSA verification */ + + if (keypair == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + /* Check if public key is loaded */ + if (mbedtls_mpi_cmp_int(&keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 0) == 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); + + /* Parse the DER signature */ + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + ret += MBEDTLS_ERR_PK_BAD_INPUT_DATA; + goto cleanup; + } + + if (p + len != end) { + ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + goto cleanup; + } + + if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 || + (ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) { + ret += MBEDTLS_ERR_PK_BAD_INPUT_DATA; + goto cleanup; + } + + /* Call verification function directly - wrapper doesn't work from same compilation unit */ + ret = esp_ecdsa_verify(&keypair->MBEDTLS_PRIVATE(grp), + hash, hash_len, + &keypair->MBEDTLS_PRIVATE(Q), + &r, &s); + + if (ret == 0 && p != end) { + ESP_LOGW(TAG, "Extra data after signature"); + ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + +cleanup: + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); + return ret; +} +#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY */ + +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN +static int esp_ecdsa_pk_sign_wrap(mbedtls_pk_context *pk, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len) +{ + mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*pk); + int ret; + mbedtls_mpi r, s; + + (void) md_alg; /* Not used for hardware ECDSA signing */ + + if (keypair == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + /* Check if this is a hardware-backed key by checking the magic value */ + signed short key_magic = keypair->MBEDTLS_PRIVATE(d).MBEDTLS_PRIVATE(s); + if (key_magic != ECDSA_KEY_MAGIC && key_magic != ECDSA_KEY_MAGIC_TEE) { + /* Not a hardware key, this shouldn't happen with our setup */ + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); + + /* Call esp_ecdsa_sign directly - wrapper doesn't work from same compilation unit */ + ret = esp_ecdsa_sign(&keypair->MBEDTLS_PRIVATE(grp), + &r, &s, + &keypair->MBEDTLS_PRIVATE(d), + hash, hash_len, + ECDSA_K_TYPE_TRNG); + if (ret != 0) { + goto cleanup; + } + + /* Convert r and s to DER format */ + ret = ecdsa_signature_to_asn1(&r, &s, sig, sig_size, sig_len); + +cleanup: + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); + return ret; +} +#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */ + +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY +static int esp_ecdsa_pk_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv) +{ + /* For hardware-backed keys, we cannot easily verify the pair + * since the private key never leaves the eFuse. + * We'll do a basic check that both contexts are valid. */ + if (pub == NULL || prv == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + mbedtls_ecp_keypair *pub_keypair = mbedtls_pk_ec(*pub); + mbedtls_ecp_keypair *prv_keypair = mbedtls_pk_ec(*prv); + + if (pub_keypair == NULL || prv_keypair == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + /* Check that both use the same curve */ + if (pub_keypair->MBEDTLS_PRIVATE(grp).id != prv_keypair->MBEDTLS_PRIVATE(grp).id) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + return 0; +} + +/* Custom pk_info structure for ESP hardware ECDSA */ +const mbedtls_pk_info_t esp_ecdsa_pk_info = { + .type = MBEDTLS_PK_ECDSA, + .name = "ESP_ECDSA", + .get_bitlen = esp_ecdsa_pk_get_bitlen, + .can_do = esp_ecdsa_pk_can_do, +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY + .verify_func = esp_ecdsa_pk_verify_wrap, +#else + .verify_func = NULL, #endif +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN + .sign_func = esp_ecdsa_pk_sign_wrap, +#else + .sign_func = NULL, +#endif +#if defined(MBEDTLS_ECP_RESTARTABLE) + .verify_rs_func = NULL, + .sign_rs_func = NULL, + .rs_alloc_func = NULL, + .rs_free_func = NULL, +#endif /* MBEDTLS_ECP_RESTARTABLE */ + .check_pair_func = esp_ecdsa_pk_check_pair_wrap, + .ctx_alloc_func = NULL, + .ctx_free_func = NULL, + .debug_func = NULL, +}; +#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY */ #if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN @@ -638,7 +907,15 @@ int esp_ecdsa_tee_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_ ESP_LOGE(TAG, "Failed to setup pk context, mbedtls_pk_setup() returned %d", ret); return ret; } - keypair = mbedtls_pk_ec(*key_ctx); + keypair = calloc(1, sizeof(mbedtls_ecp_keypair)); + if (keypair == NULL) { + ESP_LOGE(TAG, "Failed to allocate memory for ecp_keypair"); + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } + + mbedtls_ecp_keypair_init(keypair); + + key_ctx->MBEDTLS_PRIVATE(pk_ctx) = keypair; mbedtls_mpi_init(&(keypair->MBEDTLS_PRIVATE(d))); keypair->MBEDTLS_PRIVATE(d).MBEDTLS_PRIVATE(s) = ECDSA_KEY_MAGIC_TEE; @@ -722,8 +999,8 @@ static int esp_ecdsa_tee_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mp return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - mbedtls_mpi_read_binary(r, sign.sign_r, len); - mbedtls_mpi_read_binary(s, sign.sign_s, len); + mbedtls_mpi_read_binary(r, sign.signature, len); + mbedtls_mpi_read_binary(s, sign.signature + len, len); return 0; } @@ -935,7 +1212,7 @@ static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, unsigned char *sig, size_t sig_size, size_t *slen) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = PSA_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = { 0 }; // Setting the pointer p to the end of the buffer as the functions used afterwards write in backwards manner in the given buffer. unsigned char *p = buf + sizeof(buf); @@ -973,7 +1250,7 @@ int __wrap_mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, return __real_mbedtls_ecdsa_write_signature_restartable(ctx, md_alg, hash, hlen, sig, sig_size, slen, f_rng, p_rng, rs_ctx); } - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi r, s; mbedtls_mpi_init(&r); @@ -1190,7 +1467,7 @@ int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, const unsigned char *sig, size_t slen, mbedtls_ecdsa_restart_ctx *rs_ctx) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = PSA_ERROR_CORRUPTION_DETECTED; unsigned char *p = (unsigned char *) sig; const unsigned char *end = sig + slen; size_t len; @@ -1205,8 +1482,7 @@ int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, } if (p + len != end) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; goto cleanup; } @@ -1225,7 +1501,7 @@ int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, * Return 0 if the buffer just contains the signature, and a specific * error code if the valid signature is followed by more data. */ if (p != end) { - ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH; + ret = PSA_ERROR_INVALID_SIGNATURE; } cleanup: diff --git a/components/mbedtls/port/esp_ds/esp_ds_common.c b/components/mbedtls/port/esp_ds/esp_ds_common.c index f56f8bb063..9dcaaba004 100644 --- a/components/mbedtls/port/esp_ds/esp_ds_common.c +++ b/components/mbedtls/port/esp_ds/esp_ds_common.c @@ -12,7 +12,7 @@ #include "esp_ds/esp_ds_rsa.h" #include "freertos/FreeRTOS.h" #include "freertos/semphr.h" -#include "mbedtls/rsa.h" +#include "psa/crypto.h" #ifdef SOC_DIG_SIGN_SUPPORTED #include "rom/digital_signature.h" @@ -49,6 +49,16 @@ size_t esp_ds_get_keylen(void *ctx) return ((s_ds_data->rsa_length + 1) * FACTOR_KEYLEN_IN_BYTES); } +size_t esp_ds_get_keylen_alt(mbedtls_pk_context *ctx) +{ + if (s_ds_data == NULL) { + ESP_LOGE(TAG, "s_ds_data is NULL, cannot get key length"); + return 0; + } + /* calculating the rsa_length in bytes */ + return ((s_ds_data->rsa_length + 1) * FACTOR_KEYLEN_IN_BYTES); +} + /* Lock for the DS session, other TLS connections trying to use the DS peripheral will be blocked * till this DS session is completed (i.e. TLS handshake for this connection is completed) */ static void __attribute__((constructor)) esp_ds_conn_lock(void) @@ -134,7 +144,7 @@ int esp_ds_mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, mbedtls_md_init(&md_ctx); md_info = mbedtls_md_info_from_type(md_alg); if (md_info == NULL) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) { @@ -191,11 +201,11 @@ int esp_ds_hash_mprime(const unsigned char *hash, size_t hlen, const unsigned char zeros[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; mbedtls_md_context_t md_ctx; - int ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + int ret = PSA_ERROR_INVALID_ARGUMENT; const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); if (md_info == NULL) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } mbedtls_md_init(&md_ctx); diff --git a/components/mbedtls/port/esp_ds/esp_rsa_dec_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_dec_alt.c index 9ef5071a75..55b60497a3 100644 --- a/components/mbedtls/port/esp_ds/esp_rsa_dec_alt.c +++ b/components/mbedtls/port/esp_ds/esp_rsa_dec_alt.c @@ -9,7 +9,8 @@ #include "sdkconfig.h" #include "esp_ds.h" #include "rsa_dec_alt.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" +#include "psa/crypto.h" #include "esp_ds_common.h" #include "esp_log.h" @@ -24,7 +25,7 @@ static int esp_ds_rsaes_pkcs1_v15_unpadding(unsigned char *input, size_t *olen) { if (ilen < MIN_V15_PADDING_LEN) { - return MBEDTLS_ERR_RSA_INVALID_PADDING; + return MBEDTLS_ERR_CIPHER_INVALID_PADDING; } unsigned char bad = 0; @@ -39,7 +40,7 @@ static int esp_ds_rsaes_pkcs1_v15_unpadding(unsigned char *input, bad |= input[0]; /* Check the padding type */ - bad |= input[1] ^ MBEDTLS_RSA_CRYPT; + bad |= input[1] ^ 2; // MBEDTLS_RSA_CRYPT; /* Scan for separator (0x00) and count padding bytes in constant time */ for (size_t i = 2; i < ilen; i++) { @@ -72,7 +73,7 @@ static int esp_ds_rsaes_pkcs1_v15_unpadding(unsigned char *input, } if (bad) { - return MBEDTLS_ERR_RSA_INVALID_PADDING; + return PSA_ERROR_INVALID_ARGUMENT; } *olen = msg_len; @@ -88,7 +89,7 @@ static int esp_ds_compute_hash(mbedtls_md_type_t md_alg, { const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); if (md_info == NULL) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } return mbedtls_md(md_info, input, ilen, output); } @@ -165,7 +166,7 @@ static int esp_ds_rsaes_pkcs1_v21_unpadding(unsigned char *input, bad |= (output_max_len < msg_len); if (bad) { - return MBEDTLS_ERR_RSA_INVALID_PADDING; + return PSA_ERROR_INVALID_ARGUMENT; } /* Copy message in constant time */ @@ -181,7 +182,7 @@ int esp_ds_rsa_decrypt(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) { - int padding = MBEDTLS_RSA_PKCS_V15; + int padding = MBEDTLS_PK_RSA_PKCS_V15; if (ctx != NULL) { mbedtls_rsa_context *rsa_ctx = (mbedtls_rsa_context *)ctx; @@ -256,12 +257,12 @@ int esp_ds_rsa_decrypt(void *ctx, size_t *olen, } // Unpad the decrypted data - if (padding == MBEDTLS_RSA_PKCS_V15) { + if (padding == MBEDTLS_PK_RSA_PKCS_V15) { if (esp_ds_rsaes_pkcs1_v15_unpadding((uint8_t *)output_tmp, ilen, (uint8_t *)output_tmp, ilen, olen) != 0) { ESP_LOGE(TAG, "Error in v15 unpadding"); goto exit; } - } else if (padding == MBEDTLS_RSA_PKCS_V21) { + } else if (padding == MBEDTLS_PK_RSA_PKCS_V21) { if (esp_ds_rsaes_pkcs1_v21_unpadding((uint8_t *)output_tmp, ilen, (uint8_t *)output_tmp, ilen, olen) != 0) { ESP_LOGE(TAG, "Error in v21 unpadding"); goto exit; diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c index a595e8f3b7..ff273287d7 100644 --- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c +++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c @@ -14,14 +14,74 @@ #include "esp_heap_caps.h" #include "freertos/FreeRTOS.h" #include "freertos/semphr.h" -#include "mbedtls/build_info.h" -#include "mbedtls/rsa.h" -#include "mbedtls/oid.h" +#include "psa/crypto.h" +#include "mbedtls/psa_util.h" +#include "mbedtls/private/rsa.h" +#include "mbedtls/pk.h" #include "mbedtls/platform_util.h" +#include "mbedtls/asn1.h" +#include "mbedtls/md.h" #include static const char *TAG = "ESP_RSA_SIGN_ALT"; +/* + * Local OID lookup table for hash algorithms + * This replicates the OID data needed for PKCS#1 v1.5 DigestInfo encoding + * Since OID access has moved to internal driver headers in PSA transition, + * we maintain this local table for the hardware accelerator implementation. + */ +typedef struct { + mbedtls_md_type_t md_alg; + const char *oid; + size_t oid_len; +} oid_md_mapping_t; + +static const oid_md_mapping_t oid_md_table[] = { +#if defined(PSA_WANT_ALG_MD5) + { MBEDTLS_MD_MD5, "\x2a\x86\x48\x86\xf7\x0d\x02\x05", 8 }, +#endif +#if defined(PSA_WANT_ALG_SHA_1) + { MBEDTLS_MD_SHA1, "\x2b\x0e\x03\x02\x1a", 5 }, +#endif +#if defined(PSA_WANT_ALG_SHA_224) + { MBEDTLS_MD_SHA224, "\x60\x86\x48\x01\x65\x03\x04\x02\x04", 9 }, +#endif +#if defined(PSA_WANT_ALG_SHA_256) + { MBEDTLS_MD_SHA256, "\x60\x86\x48\x01\x65\x03\x04\x02\x01", 9 }, +#endif +#if defined(PSA_WANT_ALG_SHA_384) + { MBEDTLS_MD_SHA384, "\x60\x86\x48\x01\x65\x03\x04\x02\x02", 9 }, +#endif +#if defined(PSA_WANT_ALG_SHA_512) + { MBEDTLS_MD_SHA512, "\x60\x86\x48\x01\x65\x03\x04\x02\x03", 9 }, +#endif +#if defined(PSA_WANT_ALG_RIPEMD160) + { MBEDTLS_MD_RIPEMD160, "\x2b\x24\x03\x02\x01", 5 }, +#endif + { MBEDTLS_MD_NONE, NULL, 0 } +}; + +/** + * @brief Get OID for hash algorithm (local implementation) + * + * @param md_alg Hash algorithm type + * @param oid Output pointer for OID string + * @param olen Output pointer for OID length + * @return 0 on success, PSA_ERROR_NOT_SUPPORTED if not found + */ +static int esp_ds_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen) +{ + for (size_t i = 0; oid_md_table[i].md_alg != MBEDTLS_MD_NONE; i++) { + if (oid_md_table[i].md_alg == md_alg) { + *oid = oid_md_table[i].oid; + *olen = oid_md_table[i].oid_len; + return 0; + } + } + return PSA_ERROR_NOT_SUPPORTED; +} + static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -37,11 +97,11 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, if ( md_alg != MBEDTLS_MD_NONE ) { const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); if ( md_info == NULL ) { - return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } - if ( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) { - return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if ( esp_ds_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) { + return ( PSA_ERROR_INVALID_ARGUMENT ); } hashlen = mbedtls_md_get_size( md_info ); @@ -51,7 +111,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, if ( 8 + hashlen + oid_size >= 0x80 || 10 + hashlen < hashlen || 10 + hashlen + oid_size < 10 + hashlen ) { - return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } /* @@ -63,12 +123,12 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * - Need oid_size bytes for hash alg OID. */ if ( nb_pad < 10 + hashlen + oid_size ) { - return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } nb_pad -= 10 + hashlen + oid_size; } else { if ( nb_pad < hashlen ) { - return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } nb_pad -= hashlen; @@ -77,7 +137,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, /* Need space for signature header and padding delimiter (3 bytes), * and 8 bytes for the minimal padding */ if ( nb_pad < 3 + 8 ) { - return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } nb_pad -= 3; @@ -86,7 +146,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, /* Write signature header and padding */ *p++ = 0; - *p++ = MBEDTLS_RSA_SIGN; + *p++ = 1; //MBEDTLS_RSA_SIGN; memset( p, 0xFF, nb_pad ); p += nb_pad; *p++ = 0; @@ -129,7 +189,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * after the initial bounds check. */ if ( p != dst + dst_len ) { mbedtls_platform_zeroize( dst, dst_len ); - return ( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + return ( PSA_ERROR_INVALID_ARGUMENT ); } return ( 0 ); @@ -147,15 +207,15 @@ static int rsa_rsassa_pss_pkcs1_v21_encode( int (*f_rng)(void *, unsigned char * unsigned char *p = sig; unsigned char *salt = NULL; size_t slen, min_slen, hlen, offset = 0; - int ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + int ret = PSA_ERROR_INVALID_ARGUMENT; size_t msb; if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } if (f_rng == NULL) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } olen = dst_len; @@ -164,20 +224,20 @@ static int rsa_rsassa_pss_pkcs1_v21_encode( int (*f_rng)(void *, unsigned char * /* Gather length of hash to sign */ size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg); if (exp_hashlen == 0) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } if (hashlen != exp_hashlen) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } } hlen = mbedtls_md_get_size_from_type(md_alg); if (hlen == 0) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } - if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY) { + if (saltlen == -1) { /* Calculate the largest possible salt length, up to the hash size. * Normally this is the hash length, which is the maximum salt length * according to FIPS 185-4 �5.5 (e) and common practice. If there is not @@ -187,14 +247,14 @@ static int rsa_rsassa_pss_pkcs1_v21_encode( int (*f_rng)(void *, unsigned char * * (PKCS#1 v2.2) �9.1.1 step 3. */ min_slen = hlen - 2; if (olen < hlen + min_slen + 2) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } else if (olen >= hlen + hlen + 2) { slen = hlen; } else { slen = olen - hlen - 2; } } else if ((saltlen < 0) || (saltlen + hlen + 2 > olen)) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } else { slen = (size_t) saltlen; } @@ -210,7 +270,7 @@ static int rsa_rsassa_pss_pkcs1_v21_encode( int (*f_rng)(void *, unsigned char * /* Generate salt of length slen in place in the encoded message */ salt = p; if ((ret = f_rng(p_rng, salt, slen)) != 0) { - return MBEDTLS_ERR_RSA_RNG_FAILED; + return PSA_ERROR_INVALID_ARGUMENT; } p += slen; @@ -246,7 +306,7 @@ static int rsa_rsassa_pkcs1_v21_encode(int (*f_rng)(void *, unsigned char *, siz size_t dst_len, unsigned char *dst ) { - return rsa_rsassa_pss_pkcs1_v21_encode(f_rng, p_rng, md_alg, hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, dst, dst_len); + return rsa_rsassa_pss_pkcs1_v21_encode(f_rng, p_rng, md_alg, hashlen, hash, -1, dst, dst_len); } #endif /* CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -254,6 +314,15 @@ int esp_ds_rsa_sign( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) +{ + mbedtls_pk_context *pk = (mbedtls_pk_context *)ctx; + size_t sig_len = 0; + return esp_ds_rsa_sign_alt(pk, md_alg, hash, hashlen, sig, 0, &sig_len); +} + +int esp_ds_rsa_sign_alt(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len) { esp_ds_context_t *esp_ds_ctx = NULL; esp_err_t ds_r; @@ -263,7 +332,11 @@ int esp_ds_rsa_sign( void *ctx, * which allows NULL ctx. If ctx is NULL, then the default padding * MBEDTLS_RSA_PKCS_V15 is used. */ - int padding = MBEDTLS_RSA_PKCS_V15; + int padding = MBEDTLS_PK_RSA_PKCS_V15; + void *ctx = NULL; + if (pk != NULL) { + ctx = pk->MBEDTLS_PRIVATE(pk_ctx); + } if (ctx != NULL) { mbedtls_rsa_context *rsa_ctx = (mbedtls_rsa_context *)ctx; padding = rsa_ctx->MBEDTLS_PRIVATE(padding); @@ -274,11 +347,11 @@ int esp_ds_rsa_sign( void *ctx, return -1; } const size_t data_len = s_ds_data->rsa_length + 1; - const size_t sig_len = data_len * FACTOR_KEYLEN_IN_BYTES; + const size_t _sig_len = data_len * FACTOR_KEYLEN_IN_BYTES; - if (padding == MBEDTLS_RSA_PKCS_V21) { + if (padding == MBEDTLS_PK_RSA_PKCS_V21) { #ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 - if ((ret = (rsa_rsassa_pkcs1_v21_encode(f_rng, p_rng ,md_alg, hashlen, hash, sig_len, sig ))) != 0) { + if ((ret = (rsa_rsassa_pkcs1_v21_encode(mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ,md_alg, hash_len, hash, _sig_len, sig ))) != 0) { ESP_LOGE(TAG, "Error in pkcs1_v21 encoding, returned %d", ret); return -1; } @@ -287,13 +360,13 @@ int esp_ds_rsa_sign( void *ctx, return -1; #endif /* CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 */ } else { - if ((ret = (rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, sig_len, sig ))) != 0) { + if ((ret = (rsa_rsassa_pkcs1_v15_encode(md_alg, hash_len, hash, _sig_len, sig ))) != 0) { ESP_LOGE(TAG, "Error in pkcs1_v15 encoding, returned %d", ret); return -1; } } - uint32_t *signature = heap_caps_malloc_prefer(sig_len, 2, MALLOC_CAP_32BIT | MALLOC_CAP_INTERNAL, MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL); + uint32_t *signature = heap_caps_malloc_prefer(_sig_len, 2, MALLOC_CAP_32BIT | MALLOC_CAP_INTERNAL, MALLOC_CAP_DEFAULT | MALLOC_CAP_INTERNAL); if (signature == NULL) { ESP_LOGE(TAG, "Could not allocate memory for internal DS operations"); return -1; @@ -330,5 +403,6 @@ int esp_ds_rsa_sign( void *ctx, ((uint32_t *)sig)[i] = SWAP_INT32(((uint32_t *)signature)[(data_len) - (i + 1)]); } heap_caps_free(signature); + *sig_len = _sig_len; return 0; } diff --git a/components/mbedtls/port/include/aes/esp_aes_gcm.h b/components/mbedtls/port/include/aes/esp_aes_gcm.h index c270c9f97b..dd89f39205 100644 --- a/components/mbedtls/port/include/aes/esp_aes_gcm.h +++ b/components/mbedtls/port/include/aes/esp_aes_gcm.h @@ -11,7 +11,6 @@ #pragma once #include "aes/esp_aes.h" -#include "mbedtls/cipher.h" #ifdef __cplusplus extern "C" { @@ -69,7 +68,7 @@ void esp_aes_gcm_init( esp_gcm_context *ctx); * \return A cipher-specific error code on failure. */ int esp_aes_gcm_setkey( esp_gcm_context *ctx, - mbedtls_cipher_id_t cipher, + int cipher, const unsigned char *key, unsigned int keybits ); diff --git a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h index 3fe1145b2d..58ca85713e 100644 --- a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h +++ b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h @@ -110,6 +110,20 @@ int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *c #endif // CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || __DOXYGEN__ +/** + * @brief Free the PK context initialized with hardware ECDSA key. + * This function properly cleans up the manually allocated mbedtls_ecp_keypair + * structure and then frees the PK context. + * + * Note: In mbedtls v4.0, ECDSA keys are managed through PSA, so the standard + * mbedtls_pk_free() does not deallocate the manually created keypair structure. + * Always use this function instead of mbedtls_pk_free() for contexts initialized + * with esp_ecdsa_set_pk_context(). + * + * @param key_ctx The PK context to free (initialized with esp_ecdsa_set_pk_context) + */ +void esp_ecdsa_free_pk_context(mbedtls_pk_context *key_ctx); + #if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN || __DOXYGEN__ /** diff --git a/components/mbedtls/port/include/entropy_poll.h b/components/mbedtls/port/include/entropy_poll.h index 4bae4d1db3..3bdaf8357f 100644 --- a/components/mbedtls/port/include/entropy_poll.h +++ b/components/mbedtls/port/include/entropy_poll.h @@ -6,7 +6,6 @@ */ #ifndef MBEDTLS_ENTROPY_POLL_H #define MBEDTLS_ENTROPY_POLL_H -#include "mbedtls/build_info.h" #include #ifdef __cplusplus extern "C" { diff --git a/components/mbedtls/port/include/esp_ds/esp_ds_rsa.h b/components/mbedtls/port/include/esp_ds/esp_ds_rsa.h index 7f126d546b..d33875bd62 100644 --- a/components/mbedtls/port/include/esp_ds/esp_ds_rsa.h +++ b/components/mbedtls/port/include/esp_ds/esp_ds_rsa.h @@ -12,7 +12,7 @@ extern "C" { #include "esp_ds.h" #include "mbedtls/md.h" - +#include "mbedtls/pk.h" /** * @brief ESP-DS data context * @@ -68,6 +68,30 @@ int esp_ds_rsa_sign( void *ctx, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ); +/** + * @brief Alternate implementation for mbedtls_pk_sign, uses DS module for hardware accelerated RSA sign operation + * + * This function is an alternate implementation compatible with mbedtls_pk_sign interface. + * It internally makes use of the DS (Digital Signature) peripheral to perform hardware + * accelerated RSA signature operations. + * + * @param pk Pointer to the mbedtls_pk_context structure containing the public key context + * @param md_alg Message digest algorithm type used for hashing (e.g., MBEDTLS_MD_SHA256) + * @param hash Pointer to the hash value to be signed + * @param hash_len Length of the hash value in bytes + * @param sig Buffer to hold the generated signature + * @param sig_size Maximum size of the signature buffer in bytes + * @param sig_len Pointer to store the actual length of the generated signature in bytes + * + * @return + * - 0 on success + * - MBEDTLS_ERR_PK_BAD_INPUT_DATA if input parameters are invalid + * - MBEDTLS_ERR_PK_ALLOC_FAILED if memory allocation fails + * - Other mbedtls error codes on failure + */ +int esp_ds_rsa_sign_alt(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len); /* * @brief Get RSA key length in bytes from internal DS context * @@ -75,6 +99,18 @@ int esp_ds_rsa_sign( void *ctx, */ size_t esp_ds_get_keylen(void *ctx); +/** + * @brief Get RSA key length in bytes from mbedtls_pk_context + * + * This function retrieves the RSA key length from an mbedtls_pk_context structure. + * It is an alternate implementation compatible with mbedtls PK interface. + * + * @param ctx Pointer to the mbedtls_pk_context structure + * + * @return RSA key length in bytes, or 0 if the context is invalid + */ +size_t esp_ds_get_keylen_alt(mbedtls_pk_context *ctx); + /* * @brief Set timeout (equal to TLS session timeout), so that DS module usage can be synchronized in case of multiple TLS connections using DS module, */ diff --git a/components/mbedtls/port/include/mbedtls/bignum.h b/components/mbedtls/port/include/mbedtls/bignum.h index 4f84bed740..6867fbb761 100644 --- a/components/mbedtls/port/include/mbedtls/bignum.h +++ b/components/mbedtls/port/include/mbedtls/bignum.h @@ -5,7 +5,8 @@ */ #pragma once -#include_next "mbedtls/bignum.h" +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS +#include_next "mbedtls/private/bignum.h" #include "sdkconfig.h" /** diff --git a/components/mbedtls/port/include/mbedtls/ecp.h b/components/mbedtls/port/include/mbedtls/ecp.h index 28ccd5c79c..3e8733e95a 100644 --- a/components/mbedtls/port/include/mbedtls/ecp.h +++ b/components/mbedtls/port/include/mbedtls/ecp.h @@ -5,7 +5,8 @@ */ #pragma once -#include_next "mbedtls/ecp.h" +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS +#include_next "mbedtls/private/ecp.h" #include "sdkconfig.h" #ifdef __cplusplus diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index c71e31c306..8e5b5b2ec3 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -25,23 +25,49 @@ #ifndef ESP_CONFIG_H #define ESP_CONFIG_H +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "sdkconfig.h" +#if (defined(MBEDTLS_MAJOR_VERSION) && (MBEDTLS_MAJOR_VERSION < 4)) #include "mbedtls/mbedtls_config.h" +#endif // MBEDTLS_MAJOR_VERSION < 4 #include "soc/soc_caps.h" + +#ifndef CONFIG_IDF_TARGET_LINUX +#undef MBEDTLS_PSA_BUILTIN_GET_ENTROPY +#define MBEDTLS_PSA_DRIVER_GET_ENTROPY +#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG +#endif // !CONFIG_IDF_TARGET_LINUX + +/** + * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + * + * Assume all buffers passed to PSA functions are owned exclusively by the + * PSA function and are not stored in shared memory. + * + * This option may be enabled if all buffers passed to any PSA function reside + * in memory that is accessible only to the PSA function during its execution. + * + * This option MUST be disabled whenever buffer arguments are in memory shared + * with an untrusted party, for example where arguments to PSA calls are passed + * across a trust boundary. + * + * \note Enabling this option reduces memory usage and code size. + * + * \note Enabling this option causes overlap of input and output buffers + * not to be supported by PSA functions. + */ +#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + +#define PSA_WANT_ECC_SECP_R1_192 1 + /** * \name SECTION: System support * * This section sets system specific settings. * \{ */ - -#ifndef CONFIG_IDF_TARGET_LINUX -#define MBEDTLS_PLATFORM_GET_ENTROPY_ALT -#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG -#endif // !CONFIG_IDF_TARGET_LINUX -#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS - /** * \def MBEDTLS_HAVE_TIME * @@ -136,6 +162,8 @@ /** Override calloc(), free() except for case where memory allocation scheme is not set to custom */ #ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC #include "esp_mem.h" +#undef MBEDTLS_PLATFORM_STD_CALLOC +#undef MBEDTLS_PLATFORM_STD_FREE #define MBEDTLS_PLATFORM_STD_CALLOC esp_mbedtls_mem_calloc #define MBEDTLS_PLATFORM_STD_FREE esp_mbedtls_mem_free #endif @@ -150,17 +178,7 @@ * \{ */ -/* The following units have ESP32 hardware support, - uncommenting each _ALT macro will use the - hardware-accelerated implementation. */ #ifdef CONFIG_MBEDTLS_HARDWARE_AES -#define MBEDTLS_AES_ALT -#else -#undef MBEDTLS_AES_ALT -#endif - -#ifdef CONFIG_MBEDTLS_HARDWARE_AES -#define MBEDTLS_GCM_ALT #ifdef CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER /* Prefer hardware and fallback to software */ #define MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK @@ -173,11 +191,14 @@ with software fallback. */ #ifdef CONFIG_MBEDTLS_HARDWARE_SHA -#define MBEDTLS_SHA1_ALT -#define MBEDTLS_SHA256_ALT - +#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 +#if SOC_SHA_SUPPORT_SHA512 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 +#endif #if SOC_SHA_SUPPORT_SHA512 -#define MBEDTLS_SHA512_ALT #else #undef MBEDTLS_SHA512_ALT #endif @@ -191,11 +212,12 @@ /* MBEDTLS_MDx_ALT to enable ROM MD support with software fallback. */ -#ifdef CONFIG_MBEDTLS_ROM_MD5 -#define MBEDTLS_MD5_ALT -#else -#undef MBEDTLS_MD5_ALT -#endif +/* TODO: IDF-15029 */ +// #ifdef CONFIG_MBEDTLS_ROM_MD5 +// #define MBEDTLS_MD5_ALT +// #else +// #undef MBEDTLS_MD5_ALT +// #endif /* The following MPI (bignum) functions have hardware support. * Uncommenting these macros will use the hardware-accelerated @@ -205,6 +227,7 @@ #ifdef CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI /* Prefer hardware and fallback to software */ #define MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK + #define MBEDTLS_MPI_EXP_MOD_ALT #else /* Hardware only mode */ #define MBEDTLS_MPI_EXP_MOD_ALT @@ -244,21 +267,6 @@ #undef MBEDTLS_ECP_VERIFY_ALT_SOFT_FALLBACK #endif -#ifndef CONFIG_IDF_TARGET_LINUX -/** - * \def MBEDTLS_ENTROPY_HARDWARE_ALT - * - * Uncomment this macro to let mbed TLS use your own implementation of a - * hardware entropy collector. - * - * Your function must be called \c mbedtls_hardware_poll(), have the same - * prototype as declared in entropy_poll.h, and accept NULL as first argument. - * - * Uncomment to use your own hardware entropy collector. - */ -#define MBEDTLS_ENTROPY_HARDWARE_ALT -#endif // !CONFIG_IDF_TARGET_LINUX - /** * \def MBEDTLS_AES_ROM_TABLES * @@ -320,9 +328,11 @@ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. */ #ifdef CONFIG_MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_CIPHER_MODE_CBC +#define PSA_WANT_ALG_CBC_NO_PADDING 1 +#define PSA_WANT_ALG_CBC_PKCS7 1 #else -#undef MBEDTLS_CIPHER_MODE_CBC +#undef PSA_WANT_ALG_CBC_NO_PADDING +#undef PSA_WANT_ALG_CBC_PKCS7 #endif /** @@ -331,9 +341,9 @@ * Enable Cipher Feedback mode (CFB) for symmetric ciphers. */ #ifdef CONFIG_MBEDTLS_CIPHER_MODE_CFB -#define MBEDTLS_CIPHER_MODE_CFB +#define PSA_WANT_ALG_CFB 1 #else -#undef MBEDTLS_CIPHER_MODE_CFB +#undef PSA_WANT_ALG_CFB #endif /** @@ -342,9 +352,9 @@ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. */ #ifdef CONFIG_MBEDTLS_CIPHER_MODE_CTR -#define MBEDTLS_CIPHER_MODE_CTR +#define PSA_WANT_ALG_CTR 1 #else -#undef MBEDTLS_CIPHER_MODE_CTR +#undef PSA_WANT_ALG_CTR #endif /** * \def MBEDTLS_CIPHER_MODE_OFB @@ -352,9 +362,9 @@ * Enable Output Feedback mode (OFB) for symmetric ciphers. */ #ifdef CONFIG_MBEDTLS_CIPHER_MODE_OFB -#define MBEDTLS_CIPHER_MODE_OFB +#define PSA_WANT_ALG_OFB 1 #else -#undef MBEDTLS_CIPHER_MODE_OFB +#undef PSA_WANT_ALG_OFB #endif /** @@ -368,41 +378,6 @@ #undef MBEDTLS_CIPHER_MODE_XTS #endif -/** - * \def MBEDTLS_CIPHER_PADDING_PKCS7 - * - * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for - * specific padding modes in the cipher layer with cipher modes that support - * padding (e.g. CBC) - * - * If you disable all padding modes, only full blocks can be used with CBC. - * - * Enable padding modes in the cipher layer. - */ -#ifdef CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#else -#undef MBEDTLS_CIPHER_PADDING_PKCS7 -#endif - -#ifdef CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#else -#undef MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#endif - -#ifdef CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#else -#undef MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#endif - -#ifdef CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS -#else -#undef MBEDTLS_CIPHER_PADDING_ZEROS -#endif - /** * \def MBEDTLS_ECP_RESTARTABLE * @@ -499,11 +474,11 @@ * * Module: library/cmac.c * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C + * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C * */ #ifdef CONFIG_MBEDTLS_CMAC_C -#define MBEDTLS_CMAC_C +#define PSA_WANT_ALG_CMAC 1 #else #ifdef CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL /* The mbedtls present in ROM is built with the MBEDTLS_CMAC_C symbol being enabled, @@ -511,7 +486,7 @@ */ #error "CONFIG_MBEDTLS_CMAC_C cannot be disabled when CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL is enabled" #endif -#undef MBEDTLS_CMAC_C +#undef PSA_WANT_ALG_CMAC #endif /** @@ -523,16 +498,6 @@ * Comment macros to disable the curve and functions for it */ /* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */ -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP192R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP224R1_ENABLED -#endif #ifdef CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #else @@ -542,22 +507,13 @@ #define MBEDTLS_ECP_DP_SECP384R1_ENABLED #else #undef MBEDTLS_ECP_DP_SECP384R1_ENABLED +#undef PSA_WANT_ECC_SECP_R1_384 #endif #ifdef CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED #define MBEDTLS_ECP_DP_SECP521R1_ENABLED #else #undef MBEDTLS_ECP_DP_SECP521R1_ENABLED #endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP192K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP224K1_ENABLED -#endif #ifdef CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_ECP_DP_SECP256K1_ENABLED #else @@ -629,9 +585,9 @@ * Comment this macro to disable deterministic ECDSA. */ #ifdef CONFIG_MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_ECDSA_DETERMINISTIC +#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 #else -#undef MBEDTLS_ECDSA_DETERMINISTIC +#undef PSA_WANT_ALG_DETERMINISTIC_ECDSA #endif /** @@ -659,33 +615,6 @@ #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #endif -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#endif - /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED * @@ -709,94 +638,6 @@ #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #endif -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#endif - /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED * @@ -852,60 +693,6 @@ #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #endif -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#endif - /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED * @@ -983,19 +770,6 @@ #undef MBEDTLS_ERROR_STRERROR_DUMMY #endif -/** - * \def MBEDTLS_GENPRIME - * - * Enable the prime-number generation code. - * - * Requires: MBEDTLS_BIGNUM_C - */ -#ifdef CONFIG_MBEDTLS_GENPRIME -#define MBEDTLS_GENPRIME -#else -#undef MBEDTLS_GENPRIME -#endif - /** * \def MBEDTLS_FS_IO * @@ -1010,16 +784,25 @@ #endif #ifndef CONFIG_IDF_TARGET_LINUX + /** - * \def MBEDTLS_NO_PLATFORM_ENTROPY + * \def MBEDTLS_PSA_ITS_FILE_C * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. + * ESP-IDF: PSA Internal Trusted Storage (ITS) implementation. + * + * ESP-IDF does NOT use the file-based implementation (MBEDTLS_PSA_ITS_FILE_C) + * when the ESP-IDF NVS-based implementation is available. + * Instead, ESP-IDF provides its own NVS (Non-Volatile Storage) based implementation + * in port/psa_crypto_storage/esp_psa_its.c + * + * If ESP_PSA_ITS_AVAILABLE is defined, it means the ESP-IDF NVS-based implementation + * is available and we should undefine MBEDTLS_PSA_ITS_FILE_C to use it. + * Otherwise, keep MBEDTLS_PSA_ITS_FILE_C defined to use the file-based implementation. * - * Uncomment this macro to disable the built-in platform entropy functions. */ -#define MBEDTLS_NO_PLATFORM_ENTROPY +#ifdef ESP_PSA_ITS_AVAILABLE +#undef MBEDTLS_PSA_ITS_FILE_C +#endif #endif // !CONFIG_IDF_TARGET_LINUX /** @@ -1042,19 +825,6 @@ #undef MBEDTLS_ENTROPY_FORCE_SHA256 #endif -/** - * \def MBEDTLS_PK_RSA_ALT_SUPPORT - * - * Support external private RSA keys (eg from a HSM) in the PK layer. - * - * Comment this macro to disable support for external private RSA keys. - */ -#ifdef CONFIG_MBEDTLS_PK_RSA_ALT_SUPPORT -#define MBEDTLS_PK_RSA_ALT_SUPPORT -#else -#undef MBEDTLS_PK_RSA_ALT_SUPPORT -#endif - /** * \def MBEDTLS_PKCS1_V15 * @@ -1065,9 +835,11 @@ * This enables support for PKCS#1 v1.5 operations. */ #ifdef CONFIG_MBEDTLS_PKCS1_V15 -#define MBEDTLS_PKCS1_V15 +#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 #else -#undef MBEDTLS_PKCS1_V15 +#undef PSA_WANT_ALG_RSA_PKCS1V15_CRYPT +#undef PSA_WANT_ALG_RSA_PKCS1V15_SIGN #endif /** @@ -1080,9 +852,9 @@ * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ #ifdef CONFIG_MBEDTLS_PKCS1_V21 -#define MBEDTLS_PKCS1_V21 +#define PSA_WANT_ALG_RSA_OAEP 1 #else -#undef MBEDTLS_PKCS1_V21 +#undef PSA_WANT_ALG_RSA_OAEP #endif /** @@ -1936,9 +1708,32 @@ * PEM_PARSE uses AES for decrypting encrypted keys. */ #ifdef CONFIG_MBEDTLS_AES_C -#define MBEDTLS_AES_C +#define PSA_WANT_KEY_TYPE_AES 1 #else +#undef PSA_WANT_KEY_TYPE_AES +#endif + +/* The following units have ESP32 hardware support, + uncommenting each _ALT macro will use the + hardware-accelerated implementation. */ +#ifdef CONFIG_MBEDTLS_HARDWARE_AES +#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING +#undef MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING +#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 +#define MBEDTLS_PSA_ACCEL_ALG_CCM +#undef MBEDTLS_PSA_BUILTIN_ALG_CCM +#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG +#undef MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG +#define MBEDTLS_PSA_ACCEL_ALG_CMAC +#undef MBEDTLS_PSA_BUILTIN_ALG_CMAC +#define MBEDTLS_PSA_ACCEL_ALG_CFB +#undef MBEDTLS_PSA_BUILTIN_ALG_CFB #undef MBEDTLS_AES_C +#define MBEDTLS_PSA_ACCEL_ALG_CTR +#undef MBEDTLS_PSA_BUILTIN_ALG_CTR +#else +#undef MBEDTLS_AES_ALT #endif /** @@ -2087,6 +1882,7 @@ #define MBEDTLS_CAMELLIA_C #else #undef MBEDTLS_CAMELLIA_C +#undef PSA_WANT_KEY_TYPE_CAMELLIA #endif /** @@ -2140,9 +1936,9 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ #ifdef CONFIG_MBEDTLS_ARIA_C -#define MBEDTLS_ARIA_C +#define PSA_WANT_KEY_TYPE_ARIA 1 #else -#undef MBEDTLS_ARIA_C +#undef PSA_WANT_KEY_TYPE_ARIA #endif /** @@ -2152,16 +1948,16 @@ * * Module: library/ccm.c * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or * MBEDTLS_ARIA_C * * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ #ifdef CONFIG_MBEDTLS_CCM_C -#define MBEDTLS_CCM_C +#define PSA_WANT_ALG_CCM 1 #else -#undef MBEDTLS_CCM_C +#undef PSA_WANT_ALG_CCM #endif /** @@ -2204,32 +2000,6 @@ #undef MBEDTLS_CHACHAPOLY_C #endif -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ccm.c - * library/cmac.c - * library/gcm.c - * library/nist_kw.c - * library/pkcs12.c - * library/pkcs5.c - * library/psa_crypto_aead.c - * library/psa_crypto_mac.c - * library/ssl_ciphersuites.c - * library/ssl_msg.c - * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled) - * - * Uncomment to enable generic cipher wrappers. - */ -#ifdef CONFIG_MBEDTLS_CIPHER_C -#define MBEDTLS_CIPHER_C -#else -#undef MBEDTLS_CIPHER_C -#endif - /** * \def MBEDTLS_CTR_DRBG_C * @@ -2297,25 +2067,6 @@ #undef MBEDTLS_DES_C #endif -/** - * \def MBEDTLS_DHM_C - * - * Enable the Diffie-Hellman-Merkle module. - * - * Module: library/dhm.c - * Caller: library/ssl_tls.c - * library/ssl*_client.c - * library/ssl*_server.c - * - * This module is used by the following key exchanges: - * DHE-RSA, DHE-PSK - */ -#ifdef CONFIG_MBEDTLS_DHM_C -#define MBEDTLS_DHM_C -#else -#undef MBEDTLS_DHM_C -#endif - /** * \def MBEDTLS_ECDH_C * @@ -2401,24 +2152,6 @@ #undef MBEDTLS_ECP_C #endif -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#ifdef CONFIG_MBEDTLS_ENTROPY_C -#define MBEDTLS_ENTROPY_C -#else -#undef MBEDTLS_ENTROPY_C -#endif - /** * \def MBEDTLS_ERROR_C * @@ -2457,35 +2190,16 @@ * * Module: library/gcm.c * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or * MBEDTLS_ARIA_C * * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ #ifdef CONFIG_MBEDTLS_GCM_C -#define MBEDTLS_GCM_C +#define PSA_WANT_ALG_GCM 1 #else -#undef MBEDTLS_GCM_C -#endif - -/** - * \def MBEDTLS_HKDF_C - * - * Enable the HKDF algorithm (RFC 5869). - * - * Module: library/hkdf.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * This module enables support for the Hashed Message Authentication Code - * (HMAC)-based key derivation function (HKDF). - */ -#ifdef CONFIG_MBEDTLS_HKDF_C -#define MBEDTLS_HKDF_C -#else -#undef MBEDTLS_HKDF_C +#undef PSA_WANT_ALG_GCM #endif /** @@ -2573,9 +2287,10 @@ * PEM_PARSE uses MD5 for decrypting encrypted keys. */ #ifdef CONFIG_MBEDTLS_MD5_C -#define MBEDTLS_MD5_C +#define PSA_WANT_ALG_MD5 1 #else #undef MBEDTLS_MD5_C +#undef PSA_WANT_ALG_MD5 #endif /** @@ -2599,33 +2314,6 @@ #undef MBEDTLS_NET_C #endif -/** - * \def MBEDTLS_OID_C - * - * Enable the OID database. - * - * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - * - * This modules translates between OIDs and internal values. - */ -#ifdef CONFIG_MBEDTLS_OID_C -#define MBEDTLS_OID_C -#else -#undef MBEDTLS_OID_C -#endif - /** * \def MBEDTLS_PADLOCK_C * @@ -2750,7 +2438,7 @@ * * Module: library/pkcs5.c * - * Requires: MBEDTLS_CIPHER_C and MBEDTLS_MD_C + * Requires: MBEDTLS_MD_C * * This module adds support for the PKCS#5 functions. */ @@ -2784,25 +2472,6 @@ #undef MBEDTLS_PKCS7_C #endif -/** - * \def MBEDTLS_PKCS12_C - * - * Enable PKCS#12 PBE functions. - * Adds algorithms for parsing PKCS#8 encrypted private keys - * - * Module: library/pkcs12.c - * Caller: library/pkparse.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * - * This module enables PKCS#12 functions. - */ -#ifdef CONFIG_MBEDTLS_PKCS12_C -#define MBEDTLS_PKCS12_C -#else -#undef MBEDTLS_PKCS12_C -#endif - /** * \def MBEDTLS_PLATFORM_C * @@ -2850,6 +2519,7 @@ #define MBEDTLS_RIPEMD160_C #else #undef MBEDTLS_RIPEMD160_C +#undef PSA_WANT_ALG_RIPEMD160 #endif /** @@ -2871,9 +2541,11 @@ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C */ #ifdef CONFIG_MBEDTLS_RSA_C -#define MBEDTLS_RSA_C +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 #else -#undef MBEDTLS_RSA_C +#undef PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +#undef PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY #endif /** @@ -2894,9 +2566,9 @@ * */ #if CONFIG_MBEDTLS_SHA1_C -#define MBEDTLS_SHA1_C +#define PSA_WANT_ALG_SHA_1 1 #else -#undef MBEDTLS_SHA1_C +#undef PSA_WANT_ALG_SHA_1 #endif /** * \def MBEDTLS_SHA224_C @@ -2919,24 +2591,22 @@ #endif /** - * \def MBEDTLS_SHA256_C + * \def MBEDTLS_SHA512_C * - * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. + * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * - * Module: library/mbedtls_sha256.c + * Module: library/sha512.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_tls.c - * library/ssl*_client.c - * library/ssl*_server.c= + * library/ssl_cookie.c * - * This module adds support for SHA-224 and SHA-256. - * This module is required for the SSL/TLS 1.2 PRF function. + * This module adds support for SHA-384 and SHA-512. */ -#ifdef CONFIG_MBEDTLS_SHA256_C -#define MBEDTLS_SHA256_C +#ifdef CONFIG_MBEDTLS_SHA512_C +#define PSA_WANT_ALG_SHA_512 1 #else -#undef MBEDTLS_SHA256_C +#undef PSA_WANT_ALG_SHA_512 #endif /** @@ -2954,28 +2624,85 @@ * Comment to disable SHA-384 */ #ifdef CONFIG_MBEDTLS_SHA384_C -#define MBEDTLS_SHA384_C +#define PSA_WANT_ALG_SHA_384 1 #else -#undef MBEDTLS_SHA384_C +#undef PSA_WANT_ALG_SHA_384 #endif /** - * \def MBEDTLS_SHA512_C + * \def MBEDTLS_SHA256_C * - * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. + * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * - * Module: library/sha512.c + * Module: library/mbedtls_sha256.c * Caller: library/entropy.c - * library/md.c + * library/mbedtls_md.c * library/ssl_tls.c - * library/ssl_cookie.c + * library/ssl*_client.c + * library/ssl*_server.c= * - * This module adds support for SHA-384 and SHA-512. + * This module adds support for SHA-224 and SHA-256. + * This module is required for the SSL/TLS 1.2 PRF function. */ -#ifdef CONFIG_MBEDTLS_SHA512_C -#define MBEDTLS_SHA512_C +#ifdef CONFIG_MBEDTLS_SHA256_C +#define MBEDTLS_SHA256_C +#define PSA_WANT_ALG_SHA_256 1 +#define PSA_WANT_ALG_SHA_224 1 #else -#undef MBEDTLS_SHA512_C +#undef PSA_WANT_ALG_SHA_256 +#undef PSA_WANT_ALG_SHA_224 +#endif + +/* MBEDTLS_SHAxx_ALT to enable hardware SHA support + with software fallback. +*/ +#ifdef CONFIG_MBEDTLS_HARDWARE_SHA + #define MBEDTLS_PSA_ACCEL_ALG_SHA_1 + #undef MBEDTLS_PSA_BUILTIN_ALG_SHA_1 + #define MBEDTLS_PSA_ACCEL_ALG_SHA_224 + #undef MBEDTLS_PSA_BUILTIN_ALG_SHA_224 + #define MBEDTLS_PSA_ACCEL_ALG_SHA_256 + #undef MBEDTLS_PSA_BUILTIN_ALG_SHA_256 + #undef MBEDTLS_SHA1_C + #undef MBEDTLS_SHA224_C + #if SOC_SHA_SUPPORT_SHA512 + #define MBEDTLS_PSA_ACCEL_ALG_SHA_512 + #undef MBEDTLS_PSA_BUILTIN_ALG_SHA_512 + #define MBEDTLS_PSA_ACCEL_ALG_SHA_384 + #undef MBEDTLS_PSA_BUILTIN_ALG_SHA_384 + #undef MBEDTLS_SHA512_C + #undef MBEDTLS_SHA384_C + #else + #undef MBEDTLS_SHA512_ALT + #endif +#else + #undef MBEDTLS_SHA1_ALT + #undef MBEDTLS_SHA256_ALT + #undef MBEDTLS_SHA512_ALT +#endif + +/* MBEDTLS_MD_CAN_SHA* macros indicate whether a hash algorithm is available + * either via legacy implementation (MBEDTLS_SHA*_C) or via PSA (PSA_WANT_ALG_SHA_*). + * These are used for TLS 1.3 signature algorithm configuration. + */ +#if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1) +#define MBEDTLS_MD_CAN_SHA1 +#endif + +#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224) +#define MBEDTLS_MD_CAN_SHA224 +#endif + +#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256) +#define MBEDTLS_MD_CAN_SHA256 +#endif + +#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384) +#define MBEDTLS_MD_CAN_SHA384 +#endif + +#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512) +#define MBEDTLS_MD_CAN_SHA512 #endif /** @@ -2988,9 +2715,15 @@ * This module adds support for SHA3. */ #ifdef CONFIG_MBEDTLS_SHA3_C -#define MBEDTLS_SHA3_C +#define PSA_WANT_ALG_SHA3_224 1 +#define PSA_WANT_ALG_SHA3_256 1 +#define PSA_WANT_ALG_SHA3_384 1 +#define PSA_WANT_ALG_SHA3_512 1 #else -#undef MBEDTLS_SHA3_C +#undef PSA_WANT_ALG_SHA3_224 +#undef PSA_WANT_ALG_SHA3_256 +#undef PSA_WANT_ALG_SHA3_384 +#undef PSA_WANT_ALG_SHA3_512 #endif /** @@ -3031,8 +2764,7 @@ * Module: library/ssl_ticket.c * Caller: * - * Requires: (MBEDTLS_CIPHER_C) && - * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) + * Requires: (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) */ #ifdef CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS #define MBEDTLS_SSL_TICKET_C @@ -3085,7 +2817,7 @@ * Caller: library/ssl*_client.c * library/ssl*_server.c * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * Requires: MBEDTLS_MD_C * and at least one of the MBEDTLS_SSL_PROTO_XXX defines * * This module is required for SSL/TLS. diff --git a/components/mbedtls/port/include/mbedtls/esp_debug.h b/components/mbedtls/port/include/mbedtls/esp_debug.h index ecd4688f9c..a74361c002 100644 --- a/components/mbedtls/port/include/mbedtls/esp_debug.h +++ b/components/mbedtls/port/include/mbedtls/esp_debug.h @@ -1,16 +1,8 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifndef _ESP_DEBUG_H_ #define _ESP_DEBUG_H_ @@ -40,7 +32,7 @@ extern "C" { * enough in menuconfig, or some messages may be filtered at compile time. * * @param conf mbedtls_ssl_config structure - * @param mbedTLS debug threshold, 0-4. Messages are filtered at runtime. + * @param threshold mbedTLS debug threshold, 0-4. Messages are filtered at runtime. */ void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold); diff --git a/components/mbedtls/port/include/mbedtls/gcm.h b/components/mbedtls/port/include/mbedtls/gcm.h index d50527d4df..a2c9009d0d 100644 --- a/components/mbedtls/port/include/mbedtls/gcm.h +++ b/components/mbedtls/port/include/mbedtls/gcm.h @@ -1,11 +1,10 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ #pragma once -#include_next "mbedtls/gcm.h" #include "sdkconfig.h" #ifdef __cplusplus @@ -14,66 +13,6 @@ extern "C" { #if defined(MBEDTLS_GCM_ALT) && defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) -/** - * When the MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK is defined, for non-AES GCM - * operations we need to fallback to the software function definitions of the - * mbedtls GCM layer. - * Thus in this case we need declarations for the software funtions. - * Please refer mbedtls/include/mbedtls/gcm.h for function documentations - */ - -void mbedtls_gcm_init_soft(mbedtls_gcm_context_soft *ctx); - - -int mbedtls_gcm_setkey_soft(mbedtls_gcm_context_soft *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits); - -int mbedtls_gcm_starts_soft(mbedtls_gcm_context_soft *ctx, - int mode, - const unsigned char *iv, size_t iv_len); - -int mbedtls_gcm_update_ad_soft(mbedtls_gcm_context_soft *ctx, - const unsigned char *add, size_t add_len); - -int mbedtls_gcm_update_soft(mbedtls_gcm_context_soft *ctx, - const unsigned char *input, size_t input_length, - unsigned char *output, size_t output_size, - size_t *output_length); - -int mbedtls_gcm_finish_soft(mbedtls_gcm_context_soft *ctx, - unsigned char *output, size_t output_size, - size_t *output_length, - unsigned char *tag, size_t tag_len); - - -int mbedtls_gcm_crypt_and_tag_soft(mbedtls_gcm_context_soft *ctx, - int mode, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *input, - unsigned char *output, - size_t tag_len, - unsigned char *tag); - - -int mbedtls_gcm_auth_decrypt_soft(mbedtls_gcm_context_soft *ctx, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *tag, - size_t tag_len, - const unsigned char *input, - unsigned char *output); - -void mbedtls_gcm_free_soft(mbedtls_gcm_context_soft *ctx); - #endif /* MBEDTLS_GCM_ALT && MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK*/ #ifdef __cplusplus diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 8420a51c2f..4e42c7b4be 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -467,7 +467,6 @@ components/mbedtls/port/aes/esp_aes_xts.c components/mbedtls/port/include/aes/esp_aes.h components/mbedtls/port/include/aes_alt.h components/mbedtls/port/include/bignum_impl.h -components/mbedtls/port/include/mbedtls/esp_debug.h components/mbedtls/port/include/sha1_alt.h components/mbedtls/port/include/sha256_alt.h components/mbedtls/port/include/sha512_alt.h