mirror
/
esp-idf
kopia lustrzana https://github.com/espressif/esp-idf
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS

pull/6974/head
liuhan 2021-04-06 14:21:28 +08:00 zatwierdzone przez bot
rodzic 1f54d17503
commit e87c64dc44
7 zmienionych plików z 302 dodań i 1 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

4
components/mbedtls/CMakeLists.txt
Wyświetl plik

@ -152,6 +152,10 @@ if(CONFIG_MBEDTLS_HARDWARE_GCM)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
endif()
if(CONFIG_MBEDTLS_ROM_MD5)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/md/esp_md.c")
endif()
foreach(target ${mbedtls_targets})
target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h")
endforeach()

6
components/mbedtls/Kconfig
Wyświetl plik

@ -293,6 +293,12 @@ menu "mbedTLS"
SHA hardware acceleration is faster than software in some situations but
slower in others. You should benchmark to find the best setting for you.
config MBEDTLS_ROM_MD5
bool "Use MD5 implementation in ROM"
default y
help
Use ROM MD5 in mbedTLS.
config MBEDTLS_ATCA_HW_ECDSA_SIGN
bool "Enable hardware ECDSA sign acceleration when using ATECC608A"
default n

2
components/mbedtls/component.mk
Wyświetl plik

@ -5,7 +5,7 @@
COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include esp_crt_bundle/include
COMPONENT_SRCDIRS := mbedtls/library port port/$(IDF_TARGET) port/sha port/sha/parallel_engine port/aes port/aes/block esp_crt_bundle
COMPONENT_SRCDIRS := mbedtls/library port port/$(IDF_TARGET) port/sha port/sha/parallel_engine port/aes port/aes/block port/md esp_crt_bundle
COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o

9
components/mbedtls/port/include/mbedtls/esp_config.h
Wyświetl plik

@ -144,6 +144,15 @@
#undef MBEDTLS_SHA512_ALT
#endif
/* MBEDTLS_MDx_ALT to enable ROM MD support
with software fallback.
*/
#ifdef CONFIG_MBEDTLS_ROM_MD5
#define MBEDTLS_MD5_ALT
#else
#undef MBEDTLS_MD5_ALT
#endif
/* The following MPI (bignum) functions have ESP32 hardware support.
For exponential mod, both software and hardware implementation
will be compiled. If CONFIG_MBEDTLS_HARDWARE_MPI is enabled, mod APIs

154
components/mbedtls/port/include/md/esp_md.h 100644
Wyświetl plik

@ -0,0 +1,154 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
#pragma once
#include "esp_rom_md5.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct MD5Context mbedtls_md5_context;
/**
* \brief Initialize MD5 context
*
* \param ctx MD5 context to be initialized
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
int esp_md5_init_ret( mbedtls_md5_context *ctx );
/**
* \brief Clear MD5 context
*
* \param ctx MD5 context to be cleared
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_free( mbedtls_md5_context *ctx );
/**
* \brief Clone (the state of) an MD5 context
*
* \param dst The destination context
* \param src The context to be cloned
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src );
/**
* \brief MD5 process buffer
*
* \param ctx MD5 context
* \param input buffer holding the data
* \param ilen length of the input data
*
* \return 0 if successful
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief MD5 final digest
*
* \param ctx MD5 context
* \param output MD5 checksum result
*
* \return 0 if successful
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] );
/**
* \brief MD5 process data block (internal use only)
*
* \param ctx MD5 context
* \param data buffer holding one block of data
*
* \return 0 if successful
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
/**
* \brief MD5 context setup
*
* \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0
*
* \param ctx context to be initialized
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_init( mbedtls_md5_context *ctx );
/**
* \brief MD5 process buffer
*
* \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0
*
* \param ctx MD5 context
* \param input buffer holding the data
* \param ilen length of the input data
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief MD5 final digest
*
* \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0
*
* \param ctx MD5 context
* \param output MD5 checksum result
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
#ifdef __cplusplus
}
#endif

50
components/mbedtls/port/include/md5_alt.h 100644
Wyświetl plik

@ -0,0 +1,50 @@
/**
* \file md5_alt.h
*
* \brief MD5 block cipher
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*
*/
#ifndef MD5_ALT_H
#define MD5_ALT_H
#ifdef __cplusplus
extern "C" {
#endif
#if defined(MBEDTLS_MD5_ALT)
#include "md/esp_md.h"
#define mbedtls_md5_init esp_md5_init
#define mbedtls_md5_update esp_md5_update
#define mbedtls_md5_finish esp_md5_finish
#define mbedtls_md5_starts_ret esp_md5_init_ret
#define mbedtls_md5_update_ret esp_md5_update_ret
#define mbedtls_md5_finish_ret esp_md5_finish_ret
#define mbedtls_md5_free esp_md5_free
#define mbedtls_md5_clone esp_md5_clone
#define mbedtls_internal_md5_process esp_md5_process
#endif /* MBEDTLS_MD5_ALT */
#ifdef __cplusplus
}
#endif
#endif

78
components/mbedtls/port/md/esp_md.c 100644
Wyświetl plik

@ -0,0 +1,78 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
#include <stdio.h>
#include <string.h>
#include "mbedtls/md5.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_MD5_ALT)
#include "md/esp_md.h"
int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] )
{
esp_rom_md5_final(output, ctx);
return 0;
}
int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
{
esp_rom_md5_update(ctx, input, ilen);
return 0;
}
int esp_md5_init_ret( mbedtls_md5_context *ctx )
{
esp_rom_md5_init(ctx);
return 0;
}
void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
{
esp_md5_finish_ret(ctx, output);
}
void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
{
esp_md5_update_ret(ctx, input, ilen);
}
void esp_md5_init( mbedtls_md5_context *ctx )
{
esp_md5_init_ret(ctx);
}
void esp_md5_free( mbedtls_md5_context *ctx )
{
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) );
}
int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] )
{
esp_md5_update_ret(ctx, data, 64);
return 0;
}
void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src )
{
*dst = *src;
}
#endif