From de22f3a4e5cdb9d7d40c74a191f5f0061a7d7d94 Mon Sep 17 00:00:00 2001 From: "kapil.gupta" Date: Tue, 12 Jan 2021 11:19:11 +0530 Subject: [PATCH] MbedTLS: Add software fallback implementation for exp mod Add configuration option to fallback to software implementation for exponential mod incase of hardware is not supporting it for larger MPI value. Usecase: ESP32C3 only supports till RSA3072 in hardware. This config option will help to support 4k certificates for WPA enterprise connection. --- components/mbedtls/CMakeLists.txt | 4 ++++ components/mbedtls/Kconfig | 11 +++++++++++ components/mbedtls/component.mk | 15 +++++++++------ components/mbedtls/port/esp_bignum.c | 17 ++++++++--------- .../mbedtls/port/include/mbedtls/esp_config.h | 10 +++++----- 5 files changed, 37 insertions(+), 20 deletions(-) diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index 75702bb9de..38434ff5ca 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -149,6 +149,10 @@ if(CONFIG_MBEDTLS_DYNAMIC_BUFFER) endforeach() endif() +if(CONFIG_MBEDTLS_HARDWARE_MPI) + target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_mpi_exp_mod") +endif() + set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls) # Link mbedtls libraries to component library diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 78d49fc2d5..be7ebb1612 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -827,6 +827,17 @@ menu "mbedTLS" help Enable the pthread wrapper layer for the threading layer. + config MBEDTLS_LARGE_KEY_SOFTWARE_MPI + bool "Fallback to software implementation for larger MPI values" + depends on MBEDTLS_HARDWARE_MPI + default y if IDF_TARGET_ESP32C3 # HW max 3072 bits + default n + help + Fallback to software implementation for RSA key lengths + larger than SOC_RSA_MAX_BIT_LEN. If this is not active + then the ESP will be unable to process keys greater + than SOC_RSA_MAX_BIT_LEN. + menuconfig MBEDTLS_SECURITY_RISKS bool "Show configurations with potential security risks" default n diff --git a/components/mbedtls/component.mk b/components/mbedtls/component.mk index d160d9effa..502bf94fa6 100644 --- a/components/mbedtls/component.mk +++ b/components/mbedtls/component.mk @@ -62,7 +62,6 @@ COMPONENT_EMBED_FILES := $(X509_CERTIFICATE_BUNDLE) endif ifdef CONFIG_MBEDTLS_DYNAMIC_BUFFER - WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \ mbedtls_ssl_handshake_server_step \ mbedtls_ssl_read \ @@ -73,10 +72,14 @@ WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \ mbedtls_ssl_send_alert_message \ mbedtls_ssl_close_notify -WRAP_ARGUMENT := -Wl,--wrap= - -COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS)) - COMPONENT_SRCDIRS += port/dynamic - +endif + +ifdef CONFIG_MBEDTLS_HARDWARE_MPI +WRAP_FUNCTIONS += mbedtls_mpi_exp_mod +endif + +ifneq ($(origin WRAP_FUNCTIONS),undefined) +WRAP_ARGUMENT := -Wl,--wrap= +COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS)) endif diff --git a/components/mbedtls/port/esp_bignum.c b/components/mbedtls/port/esp_bignum.c index d16b2d5859..ab78978246 100644 --- a/components/mbedtls/port/esp_bignum.c +++ b/components/mbedtls/port/esp_bignum.c @@ -67,7 +67,9 @@ static inline size_t bits_to_words(size_t bits) /* Return the number of words actually used to represent an mpi number. */ -#if defined(MBEDTLS_MPI_EXP_MOD_ALT) +int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv ); +extern int __real_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv ); + static size_t mpi_words(const mbedtls_mpi *mpi) { for (size_t i = mpi->n; i > 0; i--) { @@ -78,7 +80,6 @@ static size_t mpi_words(const mbedtls_mpi *mpi) return 0; } -#endif //MBEDTLS_MPI_EXP_MOD_ALT /** * @@ -181,8 +182,6 @@ cleanup: return ret; } -#if defined(MBEDTLS_MPI_EXP_MOD_ALT) - #ifdef ESP_MPI_USE_MONT_EXP /* * Return the most significant one-bit. @@ -273,7 +272,7 @@ cleanup2: * (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv) * */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv ) +int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv ) { int ret = 0; size_t x_words = mpi_words(X); @@ -303,7 +302,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi } if (num_words * 32 > SOC_RSA_MAX_BIT_LEN) { +#ifdef CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI + return __real_mbedtls_mpi_exp_mod(Z, X, Y, M, _Rinv); +#else return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; +#endif } /* Determine RR pointer, either _RR for cached value @@ -352,10 +355,6 @@ cleanup: return ret; } -#endif /* MBEDTLS_MPI_EXP_MOD_ALT */ - - - #if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */ static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words); diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index d1e6a910ed..844d3f1eb5 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -144,15 +144,15 @@ #undef MBEDTLS_SHA512_ALT #endif -/* The following MPI (bignum) functions have ESP32 hardware support, - Uncommenting these macros will use the hardware-accelerated - implementations. +/* The following MPI (bignum) functions have ESP32 hardware support. + For exponential mod, both software and hardware implementation + will be compiled. If CONFIG_MBEDTLS_HARDWARE_MPI is enabled, mod APIs + will be wrapped to use hardware implementation. */ +#undef MBEDTLS_MPI_EXP_MOD_ALT #ifdef CONFIG_MBEDTLS_HARDWARE_MPI -#define MBEDTLS_MPI_EXP_MOD_ALT #define MBEDTLS_MPI_MUL_MPI_ALT #else -#undef MBEDTLS_MPI_EXP_MOD_ALT #undef MBEDTLS_MPI_MUL_MPI_ALT #endif