Skip to content

Commit

Permalink
Squashed commit upgrading to mbedtls-3.4.0
Browse files Browse the repository at this point in the history
Squash merging branch import/mbedtls-3.4.0

8225713 ("libmbedtls: fix unrecognized compiler option")
f037308 ("core: ltc: configure internal MD5")
2b0d0c5 ("core: ltc: configure internal SHA-1 and SHA-224")
0e48a6e ("libmedtls: core: update to mbedTLS 3.4.0 API")
049882b ("libutee: update to mbedTLS 3.4.0 API")
982307b ("core: LTC mpi_desc.c: update to mbedTLS 3.4.0 API")
33218e9 ("ta: pkcs11: update to mbedTLS 3.4.0 API")
6956420 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
ad67ef0 ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
7300f4d ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
cec89b6 ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e7e0487 ("libmbedtls: add SM2 curve")
096beff ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
7108668 ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
0ba4eb8 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
3fd6ecf ("libmbedtls: fix no CRT issue")
d5ea7e9 ("libmbedtls: add interfaces in mbedtls for context memory operation")
2b0fb3f ("libmedtls: mpi_miller_rabin: increase count limit")
2c3301a ("libmbedtls: add mbedtls_mpi_init_mempool()")
9a111f0 ("libmbedtls: make mbedtls_mpi_mont*() available")
804fe3a ("mbedtls: configure mbedtls to reach for config")
b28a415 ("mbedtls: remove default include/mbedtls/config.h")
dfafe50 ("Import mbedtls-3.4.0")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
  • Loading branch information
jenswi-linaro committed Oct 10, 2023
1 parent 00b7b3e commit 4327457
Show file tree
Hide file tree
Showing 245 changed files with 99,119 additions and 62,208 deletions.
10 changes: 9 additions & 1 deletion core/crypto.mk
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,9 @@ _CFG_CORE_LTC_SHA384_DESC := $(CFG_CRYPTO_DSA)
_CFG_CORE_LTC_SHA512_DESC := $(CFG_CRYPTO_DSA)
_CFG_CORE_LTC_XTS := $(CFG_CRYPTO_XTS)
_CFG_CORE_LTC_CCM := $(CFG_CRYPTO_CCM)
_CFG_CORE_LTC_AES_DESC := $(call cfg-one-enabled, CFG_CRYPTO_XTS CFG_CRYPTO_CCM)
_CFG_CORE_LTC_AES := $(call cfg-one-enabled, CFG_CRYPTO_XTS CFG_CRYPTO_CCM \
CFG_CRYPTO_AES)
_CFG_CORE_LTC_AES_ACCEL := $(CFG_CORE_CRYPTO_AES_ACCEL)
_CFG_CORE_LTC_X25519 := $(CFG_CRYPTO_X25519)
_CFG_CORE_LTC_ED25519 := $(CFG_CRYPTO_ED25519)
_CFG_CORE_LTC_SHA3_224 := $(CFG_CRYPTO_SHA3_224)
Expand All @@ -249,6 +251,12 @@ endif
# libtomcrypt (LTC) specifics, phase #2
###############################################################

_CFG_CORE_LTC_MD5_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_MD5_DESC \
_CFG_CORE_LTC_MD5)
_CFG_CORE_LTC_SHA1_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA1_DESC \
_CFG_CORE_LTC_SHA1)
_CFG_CORE_LTC_SHA224_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA224_DESC \
_CFG_CORE_LTC_SHA224)
_CFG_CORE_LTC_SHA256_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA256_DESC \
_CFG_CORE_LTC_SHA224 \
_CFG_CORE_LTC_SHA256)
Expand Down
4 changes: 2 additions & 2 deletions core/lib/libtomcrypt/mpi_desc.c
Original file line number Diff line number Diff line change
Expand Up @@ -602,9 +602,9 @@ static int rng_read(void *ignored __unused, unsigned char *buf, size_t blen)
return 0;
}

static int isprime(void *a, int b __unused, int *c)
static int isprime(void *a, int b, int *c)
{
int res = mbedtls_mpi_is_prime(a, rng_read, NULL);
int res = mbedtls_mpi_is_prime_ext(a, b, rng_read, NULL);

if (res == MBEDTLS_ERR_MPI_ALLOC_FAILED)
return CRYPT_MEM;
Expand Down
12 changes: 6 additions & 6 deletions core/lib/libtomcrypt/rsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -29,42 +29,42 @@
static TEE_Result tee_algo_to_ltc_hashindex(uint32_t algo, int *ltc_hashindex)
{
switch (algo) {
#if defined(_CFG_CORE_LTC_SHA1)
#if defined(_CFG_CORE_LTC_SHA1_DESC)
case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1:
*ltc_hashindex = find_hash("sha1");
break;
#endif
#if defined(_CFG_CORE_LTC_MD5)
#if defined(_CFG_CORE_LTC_MD5_DESC)
case TEE_ALG_RSASSA_PKCS1_V1_5_MD5:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5:
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5:
*ltc_hashindex = find_hash("md5");
break;
#endif
#if defined(_CFG_CORE_LTC_SHA224)
#if defined(_CFG_CORE_LTC_SHA224_DESC)
case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224:
*ltc_hashindex = find_hash("sha224");
break;
#endif
#if defined(_CFG_CORE_LTC_SHA256)
#if defined(_CFG_CORE_LTC_SHA256_DESC)
case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
*ltc_hashindex = find_hash("sha256");
break;
#endif
#if defined(_CFG_CORE_LTC_SHA384)
#if defined(_CFG_CORE_LTC_SHA384_DESC)
case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
*ltc_hashindex = find_hash("sha384");
break;
#endif
#if defined(_CFG_CORE_LTC_SHA512)
#if defined(_CFG_CORE_LTC_SHA512_DESC)
case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
Expand Down
2 changes: 1 addition & 1 deletion core/lib/libtomcrypt/src/hashes/sha2/sub.mk
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
srcs-$(_CFG_CORE_LTC_SHA224) += sha224.c
srcs-$(_CFG_CORE_LTC_SHA224_DESC) += sha224.c

ifneq ($(_CFG_CORE_LTC_SHA256_ACCEL),y)
srcs-$(_CFG_CORE_LTC_SHA256_DESC) += sha256.c
Expand Down
4 changes: 2 additions & 2 deletions core/lib/libtomcrypt/src/hashes/sub.mk
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
srcs-$(_CFG_CORE_LTC_MD5) += md5.c
srcs-$(_CFG_CORE_LTC_MD5_DESC) += md5.c

ifeq ($(_CFG_CORE_LTC_SHA1),y)
ifeq ($(_CFG_CORE_LTC_SHA1_DESC),y)
ifneq ($(_CFG_CORE_LTC_SHA1_ACCEL),y)
srcs-y += sha1.c
endif
Expand Down
7 changes: 4 additions & 3 deletions core/lib/libtomcrypt/sub.mk
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,13 @@ endif

cppflags-lib-y += -DLTC_NO_HASHES

ifeq ($(_CFG_CORE_LTC_MD5),y)
ifeq ($(_CFG_CORE_LTC_MD5_DESC),y)
cppflags-lib-y += -DLTC_MD5
endif
ifeq ($(_CFG_CORE_LTC_SHA1),y)
ifeq ($(_CFG_CORE_LTC_SHA1_DESC),y)
cppflags-lib-y += -DLTC_SHA1
endif
ifeq ($(_CFG_CORE_LTC_SHA224),y)
ifeq ($(_CFG_CORE_LTC_SHA224_DESC),y)
cppflags-lib-y += -DLTC_SHA224
endif
ifeq ($(_CFG_CORE_LTC_SHA256_DESC),y)
Expand Down Expand Up @@ -148,6 +148,7 @@ srcs-$(_CFG_CORE_LTC_X25519) += x25519.c
srcs-$(_CFG_CORE_LTC_ED25519) += ed25519.c
ifeq ($(_CFG_CORE_LTC_ACIPHER),y)
srcs-y += mpi_desc.c
cppflags-mpi_desc.c-y += -DMBEDTLS_ALLOW_PRIVATE_ACCESS
endif

srcs-y += tomcrypt.c
Expand Down
6 changes: 3 additions & 3 deletions core/lib/libtomcrypt/tomcrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -99,13 +99,13 @@ static void tee_ltc_reg_algs(void)
register_cipher(&des_desc);
register_cipher(&des3_desc);
#endif
#if defined(_CFG_CORE_LTC_MD5)
#if defined(_CFG_CORE_LTC_MD5_DESC)
register_hash(&md5_desc);
#endif
#if defined(_CFG_CORE_LTC_SHA1)
#if defined(_CFG_CORE_LTC_SHA1) || defined(_CFG_CORE_LTC_SHA1_DESC)
register_hash(&sha1_desc);
#endif
#if defined(_CFG_CORE_LTC_SHA224)
#if defined(_CFG_CORE_LTC_SHA224) || defined(_CFG_CORE_LTC_SHA224_DESC)
register_hash(&sha224_desc);
#endif
#if defined(_CFG_CORE_LTC_SHA256) || defined(_CFG_CORE_LTC_SHA256_DESC)
Expand Down
44 changes: 0 additions & 44 deletions lib/libmbedtls/core/aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -13,50 +13,6 @@
#include <mbedtls/platform_util.h>
#include <string.h>

TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len,
void *enc_key, size_t enc_keylen,
unsigned int *rounds)
{
#if defined(MBEDTLS_AES_ALT)
return crypto_accel_aes_expand_keys(key, key_len, enc_key, NULL,
enc_keylen, rounds);
#else
mbedtls_aes_context ctx;

memset(&ctx, 0, sizeof(ctx));
mbedtls_aes_init(&ctx);
if (mbedtls_aes_setkey_enc(&ctx, key, key_len * 8) != 0)
return TEE_ERROR_BAD_PARAMETERS;

if (enc_keylen > sizeof(ctx.buf))
return TEE_ERROR_BAD_PARAMETERS;
memcpy(enc_key, ctx.buf, enc_keylen);
*rounds = ctx.nr;
mbedtls_aes_free(&ctx);
return TEE_SUCCESS;
#endif
}

void crypto_aes_enc_block(const void *enc_key, size_t enc_keylen __maybe_unused,
unsigned int rounds, const void *src, void *dst)
{
#if defined(MBEDTLS_AES_ALT)
crypto_accel_aes_ecb_enc(dst, src, enc_key, rounds, 1);
#else
mbedtls_aes_context ctx;

memset(&ctx, 0, sizeof(ctx));
mbedtls_aes_init(&ctx);
if (enc_keylen > sizeof(ctx.buf))
panic();
memcpy(ctx.buf, enc_key, enc_keylen);
ctx.rk = ctx.buf;
ctx.nr = rounds;
mbedtls_aes_encrypt(&ctx, src, dst);
mbedtls_aes_free(&ctx);
#endif
}

#if defined(MBEDTLS_AES_ALT)
void mbedtls_aes_init(mbedtls_aes_context *ctx)
{
Expand Down
18 changes: 10 additions & 8 deletions lib/libmbedtls/core/dh.c
Original file line number Diff line number Diff line change
Expand Up @@ -51,31 +51,32 @@ TEE_Result crypto_acipher_gen_dh_key(struct dh_keypair *key,
mbedtls_dhm_context dhm;
unsigned char *buf = NULL;
size_t xbytes = 0;
size_t len = 0;

memset(&dhm, 0, sizeof(dhm));
mbedtls_dhm_init(&dhm);

dhm.G = *(mbedtls_mpi *)key->g;
dhm.P = *(mbedtls_mpi *)key->p;

dhm.len = crypto_bignum_num_bytes(key->p);
if (key_size != 8 * dhm.len) {
len = mbedtls_dhm_get_len(&dhm);
if (key_size != 8 * len) {
res = TEE_ERROR_BAD_PARAMETERS;
goto out;
}

if (xbits == 0)
xbytes = dhm.len;
xbytes = len;
else
xbytes = xbits / 8;

buf = malloc(dhm.len);
buf = malloc(len);
if (!buf) {
res = TEE_ERROR_OUT_OF_MEMORY;
goto out;
}
lmd_res = mbedtls_dhm_make_public(&dhm, (int)xbytes, buf,
dhm.len, mbd_rand, NULL);
len, mbd_rand, NULL);
if (lmd_res != 0) {
FMSG("mbedtls_dhm_make_public err, return is 0x%x", -lmd_res);
res = TEE_ERROR_BAD_PARAMETERS;
Expand All @@ -102,6 +103,7 @@ TEE_Result crypto_acipher_dh_shared_secret(struct dh_keypair *private_key,
mbedtls_dhm_context dhm;
unsigned char *buf = NULL;
size_t olen = 0;
size_t len = 0;

memset(&dhm, 0, sizeof(dhm));
mbedtls_dhm_init(&dhm);
Expand All @@ -112,15 +114,15 @@ TEE_Result crypto_acipher_dh_shared_secret(struct dh_keypair *private_key,
dhm.X = *(mbedtls_mpi *)private_key->x;
dhm.GY = *(mbedtls_mpi *)public_key;

dhm.len = crypto_bignum_num_bytes(private_key->p);
len = mbedtls_dhm_get_len(&dhm);

buf = malloc(dhm.len);
buf = malloc(len);
if (!buf) {
res = TEE_ERROR_OUT_OF_MEMORY;
goto out;
}

lmd_res = mbedtls_dhm_calc_secret(&dhm, buf, dhm.len,
lmd_res = mbedtls_dhm_calc_secret(&dhm, buf, len,
&olen, mbd_rand, NULL);
if (lmd_res != 0) {
FMSG("mbedtls_dhm_calc_secret failed, ret is 0x%x", -lmd_res);
Expand Down
34 changes: 9 additions & 25 deletions lib/libmbedtls/core/ecc.c
Original file line number Diff line number Diff line change
Expand Up @@ -84,22 +84,6 @@ static TEE_Result ecc_get_keysize(uint32_t curve, uint32_t algo,
return TEE_SUCCESS;
}

/*
* Clear some memory that was used to prepare the context
*/
static void ecc_clear_precomputed(mbedtls_ecp_group *grp)
{
size_t i = 0;

if (grp->T) {
for (i = 0; i < grp->T_size; i++)
mbedtls_ecp_point_free(&grp->T[i]);
free(grp->T);
}
grp->T = NULL;
grp->T_size = 0;
}

static mbedtls_ecp_group_id curve_to_group_id(uint32_t curve)
{
switch (curve) {
Expand Down Expand Up @@ -149,7 +133,6 @@ static TEE_Result ecc_generate_keypair(struct ecc_keypair *key, size_t key_size)
FMSG("mbedtls_ecdsa_genkey failed.");
goto exit;
}
ecc_clear_precomputed(&ecdsa.grp);

/* check the size of the keys */
if ((mbedtls_mpi_bitlen(&ecdsa.Q.X) > key_size_bits) ||
Expand Down Expand Up @@ -341,16 +324,17 @@ static TEE_Result ecc_shared_secret(struct ecc_keypair *private_key,
memset(&gid, 0, sizeof(gid));
mbedtls_ecdh_init(&ecdh);
gid = curve_to_group_id(private_key->curve);
lmd_res = mbedtls_ecp_group_load(&ecdh.grp, gid);
lmd_res = mbedtls_ecdh_setup(&ecdh, gid);
if (lmd_res != 0) {
res = TEE_ERROR_NOT_SUPPORTED;
goto out;
}

ecdh.d = *(mbedtls_mpi *)private_key->d;
ecdh.Qp.X = *(mbedtls_mpi *)public_key->x;
ecdh.Qp.Y = *(mbedtls_mpi *)public_key->y;
mbedtls_mpi_read_binary(&ecdh.Qp.Z, one, sizeof(one));
assert(ecdh.var == MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0);
ecdh.ctx.mbed_ecdh.d = *(mbedtls_mpi *)private_key->d;
ecdh.ctx.mbed_ecdh.Qp.X = *(mbedtls_mpi *)public_key->x;
ecdh.ctx.mbed_ecdh.Qp.Y = *(mbedtls_mpi *)public_key->y;
mbedtls_mpi_read_binary(&ecdh.ctx.mbed_ecdh.Qp.Z, one, sizeof(one));

lmd_res = mbedtls_ecdh_calc_secret(&ecdh, &out_len, secret,
*secret_len, mbd_rand, NULL);
Expand All @@ -361,9 +345,9 @@ static TEE_Result ecc_shared_secret(struct ecc_keypair *private_key,
*secret_len = out_len;
out:
/* Reset mpi to skip freeing here, those mpis will be freed with key */
mbedtls_mpi_init(&ecdh.d);
mbedtls_mpi_init(&ecdh.Qp.X);
mbedtls_mpi_init(&ecdh.Qp.Y);
mbedtls_mpi_init(&ecdh.ctx.mbed_ecdh.d);
mbedtls_mpi_init(&ecdh.ctx.mbed_ecdh.Qp.X);
mbedtls_mpi_init(&ecdh.ctx.mbed_ecdh.Qp.Y);
mbedtls_ecdh_free(&ecdh);
return res;
}
Expand Down
3 changes: 2 additions & 1 deletion lib/libmbedtls/core/hash.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,14 @@ static TEE_Result mbed_hash_final(struct crypto_hash_ctx *ctx, uint8_t *digest,
size_t len)
{
struct mbed_hash_ctx *hc = to_hash_ctx(ctx);
size_t hash_size = mbedtls_md_get_size(hc->md_ctx.md_info);
uint8_t block_digest[TEE_MAX_HASH_SIZE] = { 0 };
uint8_t *tmp_digest = NULL;
size_t hash_size = 0;

if (len == 0)
return TEE_ERROR_BAD_PARAMETERS;

hash_size = mbedtls_md_get_size(mbedtls_md_info_from_ctx(&hc->md_ctx));
if (hash_size > len) {
if (hash_size > sizeof(block_digest))
return TEE_ERROR_BAD_STATE;
Expand Down
3 changes: 2 additions & 1 deletion lib/libmbedtls/core/hmac.c
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,14 @@ static TEE_Result mbed_hmac_final(struct crypto_mac_ctx *ctx, uint8_t *digest,
size_t len)
{
struct mbed_hmac_ctx *c = to_hmac_ctx(ctx);
size_t hmac_size = mbedtls_md_get_size(c->md_ctx.md_info);
uint8_t block_digest[TEE_MAX_HASH_SIZE] = { 0 };
uint8_t *tmp_digest = NULL;
size_t hmac_size = 0;

if (len == 0)
return TEE_ERROR_BAD_PARAMETERS;

hmac_size = mbedtls_md_get_size(mbedtls_md_info_from_ctx(&c->md_ctx));
if (hmac_size > len) {
if (hmac_size > sizeof(block_digest))
return TEE_ERROR_BAD_STATE;
Expand Down
11 changes: 0 additions & 11 deletions lib/libmbedtls/core/mbed_helpers.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,17 +25,6 @@ static inline void mbed_copy_mbedtls_aes_context(mbedtls_aes_context *dst,
mbedtls_aes_context *src)
{
*dst = *src;
#if !defined(MBEDTLS_AES_ALT)
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
/*
* This build configuration should not occur, but just in case error out
* here. It needs special handling of the rk pointer, see
* mbedtls_aes_setkey_enc().
*/
#error Do not know how to copy mbedtls_aes_context::rk
#endif
dst->rk = dst->buf;
#endif
}

TEE_Result mbed_gen_random_upto(mbedtls_mpi *n, mbedtls_mpi *max);
Expand Down
Loading

0 comments on commit 4327457

Please sign in to comment.