Merge branch 'bugfix/hardware_mpi_fallback_issue' into 'master'

mbedtls: fix hardware MPI (bignum) related regression

See merge request espressif/esp-idf!15854
This commit is contained in:
Mahavir Jain 2021-11-29 11:19:51 +00:00
commit 92b1ea2199
7 changed files with 86 additions and 42 deletions

View File

@ -198,10 +198,6 @@ if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
endforeach()
endif()
if(CONFIG_MBEDTLS_HARDWARE_MPI)
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_mpi_exp_mod")
endif()
set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls)
set_property(TARGET mbedcrypto APPEND PROPERTY LINK_LIBRARIES idf::driver idf::${target})
set_property(TARGET mbedcrypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES idf::driver idf::${target})

View File

@ -276,7 +276,7 @@ menu "mbedTLS"
Enable hardware accelerated multiple precision integer operations.
Hardware accelerated multiplication, modulo multiplication,
and modular exponentiation for up to 4096 bit results.
and modular exponentiation for up to SOC_RSA_MAX_BIT_LEN bit results.
These operations are used by RSA.

@ -1 +1 @@
Subproject commit 6465247f67167518b8813ae2faaf422704e4b1a3
Subproject commit 73cfa42bd39a704fa2706e3c1b1b532be5f19eed

View File

@ -64,12 +64,10 @@ static inline size_t bits_to_words(size_t bits)
return (bits + 31) / 32;
}
int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv );
extern int __real_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv );
/* Return the number of words actually used to represent an mpi
number.
*/
#if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
static size_t mpi_words(const mbedtls_mpi *mpi)
{
for (size_t i = mpi->n; i > 0; i--) {
@ -80,6 +78,7 @@ static size_t mpi_words(const mbedtls_mpi *mpi)
return 0;
}
#endif //(MBEDTLS_MPI_EXP_MOD_ALT || MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
/**
*
@ -182,6 +181,8 @@ cleanup:
return ret;
}
#if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
#ifdef ESP_MPI_USE_MONT_EXP
/*
* Return the most significant one-bit.
@ -272,22 +273,26 @@ cleanup2:
* (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv)
*
*/
int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv )
static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv )
{
int ret = 0;
mbedtls_mpi Rinv_new; /* used if _Rinv == NULL */
mbedtls_mpi *Rinv; /* points to _Rinv (if not NULL) othwerwise &RR_new */
mbedtls_mpi_uint Mprime;
size_t x_words = mpi_words(X);
size_t y_words = mpi_words(Y);
size_t m_words = mpi_words(M);
/* "all numbers must be the same length", so choose longest number
as cardinal length of operation...
*/
size_t num_words = esp_mpi_hardware_words(MAX(m_words, MAX(x_words, y_words)));
mbedtls_mpi Rinv_new; /* used if _Rinv == NULL */
mbedtls_mpi *Rinv; /* points to _Rinv (if not NULL) othwerwise &RR_new */
mbedtls_mpi_uint Mprime;
if (num_words * 32 > SOC_RSA_MAX_BIT_LEN) {
return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
}
if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@ -301,14 +306,6 @@ int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbed
return mbedtls_mpi_lset(Z, 1);
}
if (num_words * 32 > SOC_RSA_MAX_BIT_LEN) {
#ifdef CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI
return __real_mbedtls_mpi_exp_mod(Z, X, Y, M, _Rinv);
#else
return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
#endif
}
/* Determine RR pointer, either _RR for cached value
or local RR_new */
if (_Rinv == NULL) {
@ -355,6 +352,32 @@ cleanup:
return ret;
}
#endif /* (MBEDTLS_MPI_EXP_MOD_ALT || MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) */
/*
* Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
*/
int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *E, const mbedtls_mpi *N,
mbedtls_mpi *_RR )
{
int ret;
#if defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
/* Try hardware API first and then fallback to software */
ret = esp_mpi_exp_mod( X, A, E, N, _RR );
if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) {
ret = mbedtls_mpi_exp_mod_soft( X, A, E, N, _RR );
}
#else
/* Hardware approach */
ret = esp_mpi_exp_mod( X, A, E, N, _RR );
#endif
/* Note: For software only approach, it gets handled in mbedTLS library.
This file is not part of build objects for that case */
return ret;
}
#if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */
static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words);

View File

@ -1,16 +1,8 @@
// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include_next "mbedtls/bignum.h"
@ -77,4 +69,31 @@ void esp_mpi_release_hardware(void);
*/
int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M);
#if CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI
/**
* @brief Perform a sliding-window exponentiation: X = A^E mod N
*
* @param X The destination MPI. This must point to an initialized MPI.
* @param A The base of the exponentiation.
* This must point to an initialized MPI.
* @param E The exponent MPI. This must point to an initialized MPI.
* @param N The base for the modular reduction. This must point to an
* initialized MPI.
* @param _RR A helper MPI depending solely on \p N which can be used to
* speed-up multiple modular exponentiations for the same value
* of \p N. This may be \c NULL. If it is not \c NULL, it must
* point to an initialized MPI.
*
* @return \c 0 if successful.
* @return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* @return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
* even, or if \c E is negative.
* @return Another negative error code on different kinds of failures.
*
*/
int mbedtls_mpi_exp_mod_soft(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR);
#endif // CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI
#endif // CONFIG_MBEDTLS_HARDWARE_MPI

View File

@ -153,15 +153,22 @@
#undef MBEDTLS_MD5_ALT
#endif
/* The following MPI (bignum) functions have ESP32 hardware support.
For exponential mod, both software and hardware implementation
will be compiled. If CONFIG_MBEDTLS_HARDWARE_MPI is enabled, mod APIs
will be wrapped to use hardware implementation.
*/
#undef MBEDTLS_MPI_EXP_MOD_ALT
/* The following MPI (bignum) functions have hardware support.
* Uncommenting these macros will use the hardware-accelerated
* implementations.
*/
#ifdef CONFIG_MBEDTLS_HARDWARE_MPI
#ifdef CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI
/* Prefer hardware and fallback to software */
#define MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK
#else
/* Hardware only mode */
#define MBEDTLS_MPI_EXP_MOD_ALT
#endif
#define MBEDTLS_MPI_MUL_MPI_ALT
#else
#undef MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK
#undef MBEDTLS_MPI_EXP_MOD_ALT
#undef MBEDTLS_MPI_MUL_MPI_ALT
#endif

View File

@ -1484,7 +1484,6 @@ components/mbedtls/port/include/esp_crypto_shared_gdma.h
components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h
components/mbedtls/port/include/esp_mem.h
components/mbedtls/port/include/gcm_alt.h
components/mbedtls/port/include/mbedtls/bignum.h
components/mbedtls/port/include/mbedtls/esp_config.h
components/mbedtls/port/include/mbedtls/esp_debug.h
components/mbedtls/port/include/md/esp_md.h