diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index ad0ca7151d..35af45851c 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -12,6 +12,10 @@ endif() set(mbedtls_srcs "") set(mbedtls_include_dirs "port/include" "mbedtls/include" "mbedtls/library") +if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL) + list(APPEND mbedtls_include_dirs "port/mbedtls_rom") +endif() + if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) list(APPEND mbedtls_srcs "esp_crt_bundle/esp_crt_bundle.c") list(APPEND mbedtls_include_dirs "esp_crt_bundle/include") @@ -94,6 +98,11 @@ set(Python3_EXECUTABLE ${python}) # Needed to for include_next includes to work from within mbedtls include_directories("${COMPONENT_DIR}/port/include") +# Needed to for mbedtls_rom includes to work from within mbedtls +if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL) + include_directories("${COMPONENT_DIR}/port/mbedtls_rom") +endif() + # Import mbedtls library targets add_subdirectory(mbedtls) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index cc25f80086..e3cef396d0 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -1130,6 +1130,7 @@ menu "mbedTLS" select MBEDTLS_ROM_MD5 select MBEDTLS_HARDWARE_SHA select MBEDTLS_ECP_RESTARTABLE + select MBEDTLS_THREADING_C help Enable this flag to use mbedtls crypto algorithm from ROM instead of ESP-IDF. diff --git a/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c b/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c index b02e098b3b..d29d03e966 100644 --- a/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c +++ b/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c @@ -19,9 +19,13 @@ void mbedtls_rom_osi_functions_init(void); static void mbedtls_rom_mutex_init( mbedtls_threading_mutex_t *mutex ) { -#if (!defined(CONFIG_MBEDTLS_THREADING_C)) - ((void) mutex); - return; + if (mutex == NULL) { + return; + } + +#if defined(MBEDTLS_THREADING_ALT) + mutex->mutex = xSemaphoreCreateMutex(); + assert(mutex->mutex != NULL); #else mbedtls_mutex_init(mutex); #endif @@ -29,9 +33,12 @@ static void mbedtls_rom_mutex_init( mbedtls_threading_mutex_t *mutex ) static void mbedtls_rom_mutex_free( mbedtls_threading_mutex_t *mutex ) { -#if (!defined(CONFIG_MBEDTLS_THREADING_C)) - ((void) mutex); - return; + if (mutex == NULL) { + return; + } + +#if defined(MBEDTLS_THREADING_ALT) + vSemaphoreDelete(mutex->mutex); #else mbedtls_mutex_free(mutex); #endif @@ -39,8 +46,14 @@ static void mbedtls_rom_mutex_free( mbedtls_threading_mutex_t *mutex ) static int mbedtls_rom_mutex_lock( mbedtls_threading_mutex_t *mutex ) { -#if (!defined(CONFIG_MBEDTLS_THREADING_C)) - ((void) mutex); + if (mutex == NULL) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } + +#if defined(MBEDTLS_THREADING_ALT) + if (xSemaphoreTake(mutex->mutex, portMAX_DELAY) != pdTRUE) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } return 0; #else return mbedtls_mutex_lock(mutex); @@ -49,8 +62,14 @@ static int mbedtls_rom_mutex_lock( mbedtls_threading_mutex_t *mutex ) static int mbedtls_rom_mutex_unlock( mbedtls_threading_mutex_t *mutex ) { -#if (!defined(CONFIG_MBEDTLS_THREADING_C)) - ((void) mutex); + if (mutex == NULL) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } + +#if defined(MBEDTLS_THREADING_ALT) + if (xSemaphoreGive(mutex->mutex) != pdTRUE) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } return 0; #else return mbedtls_mutex_unlock(mutex); @@ -430,11 +449,15 @@ __attribute__((constructor)) void mbedtls_rom_osi_functions_init(void) /* Export the rom mbedtls functions table pointer */ extern void *mbedtls_rom_osi_funcs_ptr; +#if defined(MBEDTLS_THREADING_ALT) + mbedtls_threading_set_alt(mbedtls_rom_mutex_init, mbedtls_rom_mutex_free, mbedtls_rom_mutex_lock, mbedtls_rom_mutex_unlock); +#endif + unsigned chip_version = efuse_hal_chip_revision(); if ( ESP_CHIP_REV_ABOVE(chip_version, 200) ) { /* Initialize the rom function mbedtls_threading_set_alt on chip rev2.0 with rom eco4 */ - mbedtls_threading_set_alt_t mbedtls_threading_set_alt = (mbedtls_threading_set_alt_t)0x40002c0c; - mbedtls_threading_set_alt(mbedtls_rom_mutex_init, mbedtls_rom_mutex_free, mbedtls_rom_mutex_lock, mbedtls_rom_mutex_unlock); + _rom_mbedtls_threading_set_alt_t rom_mbedtls_threading_set_alt = (_rom_mbedtls_threading_set_alt_t)0x40002c0c; + rom_mbedtls_threading_set_alt(mbedtls_rom_mutex_init, mbedtls_rom_mutex_free, mbedtls_rom_mutex_lock, mbedtls_rom_mutex_unlock); /* Initialize the pointer of rom eco4 mbedtls functions table. */ mbedtls_rom_osi_funcs_ptr = (mbedtls_rom_eco4_funcs_t *)&mbedtls_rom_eco4_funcs_table; diff --git a/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h b/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h index 1d84d13fde..b612adfa55 100644 --- a/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h +++ b/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h @@ -44,12 +44,10 @@ extern "C" { #endif #if (!defined(CONFIG_MBEDTLS_THREADING_C)) -typedef struct mbedtls_threading_mutex_t { - int dummy; -} mbedtls_threading_mutex_t; +#error CONFIG_MBEDTLS_THREADING_C #endif -typedef void (*mbedtls_threading_set_alt_t)(void (*mutex_init)(mbedtls_threading_mutex_t *), +typedef void (*_rom_mbedtls_threading_set_alt_t)(void (*mutex_init)(mbedtls_threading_mutex_t *), void (*mutex_free)(mbedtls_threading_mutex_t *), int (*mutex_lock)(mbedtls_threading_mutex_t *), int (*mutex_unlock)(mbedtls_threading_mutex_t *)); diff --git a/components/mbedtls/port/mbedtls_rom/threading_alt.h b/components/mbedtls/port/mbedtls_rom/threading_alt.h new file mode 100644 index 0000000000..6dc3349da1 --- /dev/null +++ b/components/mbedtls/port/mbedtls_rom/threading_alt.h @@ -0,0 +1,22 @@ +/* + * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#pragma once + +#include "freertos/FreeRTOS.h" +#include "freertos/semphr.h" + +typedef struct mbedtls_threading_mutex_t { + SemaphoreHandle_t mutex; + /* is_valid is 0 after a failed init or a free, and nonzero after a + * successful init. This field is not considered part of the public + * API of Mbed TLS and may change without notice. */ + char is_valid; +} mbedtls_threading_mutex_t; + +extern void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), + void (*mutex_free)(mbedtls_threading_mutex_t *), + int (*mutex_lock)(mbedtls_threading_mutex_t *), + int (*mutex_unlock)(mbedtls_threading_mutex_t *));