diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index ce4298fc75..c97f337523 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -152,6 +152,10 @@ if(CONFIG_MBEDTLS_HARDWARE_GCM) target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c") endif() +if(CONFIG_MBEDTLS_ROM_MD5) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/md/esp_md.c") +endif() + foreach(target ${mbedtls_targets}) target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h") endforeach() diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index fa2e9abeeb..ed0e62e9b8 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -293,6 +293,12 @@ menu "mbedTLS" SHA hardware acceleration is faster than software in some situations but slower in others. You should benchmark to find the best setting for you. + config MBEDTLS_ROM_MD5 + bool "Use MD5 implementation in ROM" + default y + help + Use ROM MD5 in mbedTLS. + config MBEDTLS_ATCA_HW_ECDSA_SIGN bool "Enable hardware ECDSA sign acceleration when using ATECC608A" default n diff --git a/components/mbedtls/component.mk b/components/mbedtls/component.mk index 502bf94fa6..465fb5c16f 100644 --- a/components/mbedtls/component.mk +++ b/components/mbedtls/component.mk @@ -5,7 +5,7 @@ COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include esp_crt_bundle/include -COMPONENT_SRCDIRS := mbedtls/library port port/$(IDF_TARGET) port/sha port/sha/parallel_engine port/aes port/aes/block esp_crt_bundle +COMPONENT_SRCDIRS := mbedtls/library port port/$(IDF_TARGET) port/sha port/sha/parallel_engine port/aes port/aes/block port/md esp_crt_bundle COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 844d3f1eb5..565383e32b 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -144,6 +144,15 @@ #undef MBEDTLS_SHA512_ALT #endif +/* MBEDTLS_MDx_ALT to enable ROM MD support + with software fallback. +*/ +#ifdef CONFIG_MBEDTLS_ROM_MD5 +#define MBEDTLS_MD5_ALT +#else +#undef MBEDTLS_MD5_ALT +#endif + /* The following MPI (bignum) functions have ESP32 hardware support. For exponential mod, both software and hardware implementation will be compiled. If CONFIG_MBEDTLS_HARDWARE_MPI is enabled, mod APIs diff --git a/components/mbedtls/port/include/md/esp_md.h b/components/mbedtls/port/include/md/esp_md.h new file mode 100644 index 0000000000..e61b6c4e47 --- /dev/null +++ b/components/mbedtls/port/include/md/esp_md.h @@ -0,0 +1,154 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and + +#pragma once + +#include "esp_rom_md5.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct MD5Context mbedtls_md5_context; + +/** + * \brief Initialize MD5 context + * + * \param ctx MD5 context to be initialized + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +int esp_md5_init_ret( mbedtls_md5_context *ctx ); + +/** + * \brief Clear MD5 context + * + * \param ctx MD5 context to be cleared + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +void esp_md5_free( mbedtls_md5_context *ctx ); + +/** + * \brief Clone (the state of) an MD5 context + * + * \param dst The destination context + * \param src The context to be cloned + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src ); + +/** + * \brief MD5 process buffer + * + * \param ctx MD5 context + * \param input buffer holding the data + * \param ilen length of the input data + * + * \return 0 if successful + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief MD5 final digest + * + * \param ctx MD5 context + * \param output MD5 checksum result + * + * \return 0 if successful + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ); + +/** + * \brief MD5 process data block (internal use only) + * + * \param ctx MD5 context + * \param data buffer holding one block of data + * + * \return 0 if successful + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); + +/** + * \brief MD5 context setup + * + * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0 + * + * \param ctx context to be initialized + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +void esp_md5_init( mbedtls_md5_context *ctx ); + +/** + * \brief MD5 process buffer + * + * \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0 + * + * \param ctx MD5 context + * \param input buffer holding the data + * \param ilen length of the input data + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief MD5 final digest + * + * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0 + * + * \param ctx MD5 context + * \param output MD5 checksum result + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ +void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ); + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/include/md5_alt.h b/components/mbedtls/port/include/md5_alt.h new file mode 100644 index 0000000000..4777d047f1 --- /dev/null +++ b/components/mbedtls/port/include/md5_alt.h @@ -0,0 +1,50 @@ +/** + * \file md5_alt.h + * + * \brief MD5 block cipher + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + */ +#ifndef MD5_ALT_H +#define MD5_ALT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_MD5_ALT) +#include "md/esp_md.h" + +#define mbedtls_md5_init esp_md5_init +#define mbedtls_md5_update esp_md5_update +#define mbedtls_md5_finish esp_md5_finish +#define mbedtls_md5_starts_ret esp_md5_init_ret +#define mbedtls_md5_update_ret esp_md5_update_ret +#define mbedtls_md5_finish_ret esp_md5_finish_ret + +#define mbedtls_md5_free esp_md5_free +#define mbedtls_md5_clone esp_md5_clone +#define mbedtls_internal_md5_process esp_md5_process + +#endif /* MBEDTLS_MD5_ALT */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/components/mbedtls/port/md/esp_md.c b/components/mbedtls/port/md/esp_md.c new file mode 100644 index 0000000000..dbd4338209 --- /dev/null +++ b/components/mbedtls/port/md/esp_md.c @@ -0,0 +1,78 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and + +#include +#include +#include "mbedtls/md5.h" +#include "mbedtls/platform_util.h" + +#if defined(MBEDTLS_MD5_ALT) +#include "md/esp_md.h" + +int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) +{ + esp_rom_md5_final(output, ctx); + + return 0; +} + +int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) +{ + esp_rom_md5_update(ctx, input, ilen); + + return 0; +} + +int esp_md5_init_ret( mbedtls_md5_context *ctx ) +{ + esp_rom_md5_init(ctx); + + return 0; +} + +void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) +{ + esp_md5_finish_ret(ctx, output); +} + +void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) +{ + esp_md5_update_ret(ctx, input, ilen); +} + +void esp_md5_init( mbedtls_md5_context *ctx ) +{ + esp_md5_init_ret(ctx); +} + +void esp_md5_free( mbedtls_md5_context *ctx ) +{ + if (ctx == NULL) { + return; + } + + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); +} + +int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) +{ + esp_md5_update_ret(ctx, data, 64); + + return 0; +} + +void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src ) +{ + *dst = *src; +} +#endif