MbedTLS: Add software fallback implementation for exp mod

Add configuration option to fallback to software implementation for exponential mod incase of hardware is not supporting it for larger MPI value. Usecase: ESP32C3 only supports till RSA3072 in hardware. This config option will help to support 4k certificates for WPA enterprise connection.
2021-01-12 11:19:11 +05:30 · 2021-01-12 11:19:11 +05:30 · de22f3a4e5
commit de22f3a4e5
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@ -149,6 +149,10 @@ if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
    endforeach()
 endif()

+if(CONFIG_MBEDTLS_HARDWARE_MPI)
+    target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_mpi_exp_mod")
+endif()
+
 set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls)

 # Link mbedtls libraries to component library
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@ -827,6 +827,17 @@ menu "mbedTLS"
        help
            Enable the pthread wrapper layer for the threading layer.

+    config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
+        bool "Fallback to software implementation for larger MPI values"
+        depends on MBEDTLS_HARDWARE_MPI
+        default y if IDF_TARGET_ESP32C3  # HW max 3072 bits
+        default n
+        help
+            Fallback to software implementation for RSA key lengths
+            larger than SOC_RSA_MAX_BIT_LEN. If this is not active
+            then the ESP will be unable to process keys greater
+            than SOC_RSA_MAX_BIT_LEN.
+
    menuconfig MBEDTLS_SECURITY_RISKS
        bool "Show configurations with potential security risks"
        default n
--- a/components/mbedtls/component.mk
+++ b/components/mbedtls/component.mk
@ -62,7 +62,6 @@ COMPONENT_EMBED_FILES := $(X509_CERTIFICATE_BUNDLE)
 endif

 ifdef CONFIG_MBEDTLS_DYNAMIC_BUFFER
-
 WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \
                 mbedtls_ssl_handshake_server_step \
                 mbedtls_ssl_read \
@ -73,10 +72,14 @@ WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \
                 mbedtls_ssl_send_alert_message \
                 mbedtls_ssl_close_notify

-WRAP_ARGUMENT := -Wl,--wrap=
-
-COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS))
-
 COMPONENT_SRCDIRS += port/dynamic
-
+endif
+
+ifdef CONFIG_MBEDTLS_HARDWARE_MPI
+WRAP_FUNCTIONS += mbedtls_mpi_exp_mod
+endif
+
+ifneq ($(origin WRAP_FUNCTIONS),undefined)
+WRAP_ARGUMENT := -Wl,--wrap=
+COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS))
 endif
--- a/components/mbedtls/port/esp_bignum.c
+++ b/components/mbedtls/port/esp_bignum.c
@ -67,7 +67,9 @@ static inline size_t bits_to_words(size_t bits)
 /* Return the number of words actually used to represent an mpi
   number.
 */
-#if defined(MBEDTLS_MPI_EXP_MOD_ALT)
+int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv );
+extern int __real_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv );
+
 static size_t mpi_words(const mbedtls_mpi *mpi)
 {
    for (size_t i = mpi->n; i > 0; i--) {
@ -78,7 +80,6 @@ static size_t mpi_words(const mbedtls_mpi *mpi)
    return 0;
 }

-#endif //MBEDTLS_MPI_EXP_MOD_ALT

 /**
 *
@ -181,8 +182,6 @@ cleanup:
    return ret;
 }

-#if defined(MBEDTLS_MPI_EXP_MOD_ALT)
-
 #ifdef ESP_MPI_USE_MONT_EXP
 /*
 * Return the most significant one-bit.
@ -273,7 +272,7 @@ cleanup2:
 * (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv)
 *
 */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv )
+int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv )
 {
    int ret = 0;
    size_t x_words = mpi_words(X);
@ -303,7 +302,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
    }

    if (num_words * 32 > SOC_RSA_MAX_BIT_LEN) {
+#ifdef CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI
+        return __real_mbedtls_mpi_exp_mod(Z, X, Y, M, _Rinv);
+#else
        return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+#endif
    }

    /* Determine RR pointer, either _RR for cached value
@ -352,10 +355,6 @@ cleanup:
    return ret;
 }

-#endif /* MBEDTLS_MPI_EXP_MOD_ALT */
-
-
-
 #if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */

 static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words);
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@ -144,15 +144,15 @@
 #undef MBEDTLS_SHA512_ALT
 #endif

-/* The following MPI (bignum) functions have ESP32 hardware support,
-   Uncommenting these macros will use the hardware-accelerated
-   implementations.
+/* The following MPI (bignum) functions have ESP32 hardware support.
+   For exponential mod, both software and hardware implementation
+   will be compiled. If CONFIG_MBEDTLS_HARDWARE_MPI is enabled, mod APIs
+   will be wrapped to use hardware implementation.
 */
+#undef MBEDTLS_MPI_EXP_MOD_ALT
 #ifdef CONFIG_MBEDTLS_HARDWARE_MPI
-#define MBEDTLS_MPI_EXP_MOD_ALT
 #define MBEDTLS_MPI_MUL_MPI_ALT
 #else
-#undef MBEDTLS_MPI_EXP_MOD_ALT
 #undef MBEDTLS_MPI_MUL_MPI_ALT
 #endif