Update to mbedtls 3.4.0 #9
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Changes in https://github.com/jenswi-linaro/optee_test/tree/wip/mbedtls-3.4.0 are needed too. |
I've added patches to use the RSA implementation from LTC instead. As a nice bonus are also the PKCS#11 tests passing. |
Imports Mbed TLS 3.4.0 from https://github.com/Mbed-TLS/mbedtls.git tags mbedtls-3.4.0, v3.4.0. Files that are not needed are removed: cd lib/libmbedtls rm -rf mbedtls cp -R path/to/mbedtls-3.4.0/mbedtls . cd mbedtls rm CMakeLists.txt DartConfiguration.tcl Makefile rm .gitignore .travis.yml .pylintrc .globalrc .mypy.ini BRANCHES.md rm include/.gitignore include/CMakeLists.txt library/.gitignore rm library/CMakeLists.txt library/Makefile rm mbedtls/cmake/MbedTLSConfig.cmake.in rm -rf .git .github doxygen configs programs scripts tests visualc rm -rf 3rdparty ChangeLog.d docs rm library/psa_* library/mps_* cd .. git add mbedtls This is a complete overwrite of previous code so earlier changes in the previous branch import/mbedtls-2.28.1 will be added on top of this commit. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Removes default config include/mbedtls/config.h Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jf: rebased onto mbedtls-2.28.1] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Configures mbedtls to reach outside the imported source tree for configuration .h file. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Makes mbedtls_mpi_montg_init(), mbedtls_mpi_montmul() and mbedtls_mpi_montred() available for external use. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0, keep static functions] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jf: rebased onto mbedtls-2.28.1] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds mbedtls_mpi_init_mempool() which initializes a mbedtls_mpi struct to use the mempool mbedtls_mpi_mempool if configured for memory allocation. All local memory allocation are changed to use mbedtls_mpi_init_mempool() instead of mbedtls_mpi_init(). This will give a stack like alloc/free pattern for which the mempool is optimized. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0, fold fixup commit: 2df910b ("libmbedtls: mbedtls_mpi_shrink(): fix possible unwanted truncation"), adjust macro ECP_MPI_INIT] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0, adjust new coding style] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Increase the count limit when generating the witness in the Rabin-Miller primality test. The previous number 30 was too low to reliably detect 000000022770A7DC599BC90B2FF981CCB5CF05703344C8F350418AAD as a prime number. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
For integrating into OPTEE_OS, it needs add some interfaces: 1. add mbedtls_cipher_clone() for cipher to copy context between two operations. 2. add mbedtls_cipher_setup_info() for cipher. cipher need to get its "cipher_info" according the key length, while the key length is not an input in allocate function. So, use a default key len in the beginning. It need to reset the cipher info again in init function. 3. add mbedtls_cipher_cmac_setup() for cmac. This function is separate from mbedtls_cipher_cmac_starts(). 4. copy hmac context in md. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Edison Ai <edison.ai@arm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebase onto mbedtls-2.22.0] [jf: rebase onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jf: rebase onto mbedtls-2.28.1, fix typo in comment] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> [jw: rebase onto mbedtls-3.4.0, adjust new coding style] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
In NO_CRT mode, Q and P may be invalid. But Q and P will be re-filled again if PRNG function is valid. So add judgement process if it is in NO_CRT mode. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Summer Qin <summer.qin@arm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebase onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebase onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Initialize W using mbedtls_mpi_init_mempool() instead of memset() to ensure that the temporary variable uses the designated memory pool if configured. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The W variable is 3072 bytes on AArch64 with MBEDTLS_MPI_WINDOW_SIZE set to 6 for maximum performance. Instead of allocating such a large variable on the stack use mempool_alloc(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
With W allocated in the mempool instead of the stack it is more important to utilize the mempool in a stack like way. With this patch allocation and initialization of W is moved to a point where all following mempool allocations are free before the function returns. This reduces maximum memory consumption of mempool in regression case 8101 for an AArch64 TA in from 17280 to 7640 bytes. Figures for an AArch32 TA are 12040 to 5288 bytes. Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
When MBEDTLS_ECP_DP_SM2_ENABLED is set, adds support for the ECC curve defined for the Chinese SM2 algorithm (G/MT 0003 Part 5, [1]). Link: [1] http://www.gmbz.org.cn/upload/2018-07-24/1532401863206085511.pdf Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp() when checking that the hash in the RSA signature is matching the expected value. FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local storage if fault mitigations was enabled when the function was called. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
…fy() Adds fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify() by using the macro FTMN_CALLEE_DONE_MEMCMP() instead of just mbedtls_safer_memcmp() when checking that the hash in the RSA signature is matching the expected value. FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local storage if fault mitigations was enabled when the function was called. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
For chacha20 and chachapoly, the *_ctx_clone() function is missing and therefore the wrong function pointers are assigned to .ctx_clone_func and .ctx_free_func when MBEDTLS_CHACHA20_C or MBEDTLS_CHACHAPOLY_C is enabled. Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
For AES Key Wrap mode, the *_ctx_clone() function is missing and therefore the wrong function pointers are assigned to .ctx_clone_func and .ctx_free_func when MBEDTLS_NIST_KW_C is enabled. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The mbedtls_pk_parse_key() has two new paramters with the new 3.x API in. Fix the call of mbedtls_pk_parse_key(). Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
MbedTLS 3.4.0 normally doesn't permit access to the internal fields of mbedtls_mpi. However, mpi_desc.c manipulates the internals of mbedtls_mpi so define MBEDTLS_ALLOW_PRIVATE_ACCESS to allow accesses to the internals of mbedtls_mpi. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
MbedTLS 3.4.0 normally doesn't permit access to the internal fields of mbedtls_mpi. However, libutee manipulates the internals of mbedtls_mpi so update define MBEDTLS_ALLOW_PRIVATE_ACCESS to allow accesses to the internals of mbedtls_mpi. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Update for API changes for DH, ECC, RSA, hash, HMAC, and AES. MBEDTLS_ALLOW_PRIVATE_ACCESS is always defined to enable access to private elements in mbedtls structs. The AES API has changed enough to prevent an efficient implementation of crypto_aes_enc_block() so switch the one provided via LTC is used instead. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds _CFG_CORE_LTC_SHA1_DESC and _CFG_CORE_LTC_SHA224_DESC to allow enabling support for SHA-1 and SHA-224 internally in LTC. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds _CFG_CORE_LTC_MD5_DESC to allow enabling support for MD5 224 internally in LTC. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Replace the RSA implementation in MbedTLS with the one in LTC. This is needed to pass the non-CRT RSA tests in xtest. Skips disabling CFG_CRYPTO_RSASSA_NA1 since the RSA implementation now is provided by LTC. This commit can be reverted once MbedTLS supports to switch at runtime between[ CRT and non-CRT RSA depending on the supplied key. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
jenswi-linaro
force-pushed
the
wip/mbedtls-3.4.0
branch
from
38c3ded
to
5d0542a
Compare
Closed
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates to mbedtls 3.4.0, cherry-picking previous patches, and fixing conflicts or problems as needed.
A few things to note:
crypto_aes_enc_block() so we have to switch to the one provided via LTC instead.
Point 2 is a showstopper. It must be fixed in some way, either by patching mbedtls or by using LTC for RSA instead.
We could request dynamic support for RSA CRT parameters instead of having it hard coded with MBEDTLS_RSA_NO_CRT, in the meantime we'll switch to use LTC for RSA.
What do others think of the way forward with mbedtls?