diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 254a112b44..d06280fdf1 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -1235,7 +1235,7 @@ menu "mbedTLS" config MBEDTLS_SHA3_C bool "Enable the SHA3 cryptographic hash algorithm" - default y + default n help Enabling MBEDTLS_SHA3_C adds support for SHA3. Enabling this configuration option increases the flash footprint diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 6e27e020a0..8aeff6986c 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -199,6 +199,7 @@ #if SOC_SHA_SUPPORT_SHA512 #define MBEDTLS_PSA_ACCEL_ALG_SHA_384 #define MBEDTLS_PSA_ACCEL_ALG_SHA_512 +#undef MBEDTLS_PSA_BUILTIN_ALG_HMAC #endif #if SOC_SHA_SUPPORT_SHA512 #else @@ -217,7 +218,12 @@ #ifdef CONFIG_MBEDTLS_ROM_MD5 #define MBEDTLS_PSA_ACCEL_ALG_MD5 #undef MBEDTLS_PSA_BUILTIN_ALG_MD5 +#else +#if !defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) + /* If ROM MD5 is not enabled, use the builtin HMAC algorithm for HMAC(MD5) operations */ + #define MBEDTLS_PSA_BUILTIN_ALG_HMAC #endif +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ /* The following MPI (bignum) functions have hardware support. * Uncommenting these macros will use the hardware-accelerated @@ -2723,6 +2729,10 @@ #define PSA_WANT_ALG_SHA3_256 1 #define PSA_WANT_ALG_SHA3_384 1 #define PSA_WANT_ALG_SHA3_512 1 +#if !defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) + /* If SHA3 is enabled, use the builtin HMAC algorithm for HMAC(SHA3) operations */ + #define MBEDTLS_PSA_BUILTIN_ALG_HMAC +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ #else #undef PSA_WANT_ALG_SHA3_224 #undef PSA_WANT_ALG_SHA3_256 diff --git a/components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_transparent.c b/components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_transparent.c index c1c6d7b356..d08533c9fe 100644 --- a/components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_transparent.c +++ b/components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_transparent.c @@ -5,19 +5,38 @@ */ #include +#include #include "psa/crypto.h" #include "psa_crypto_driver_esp_hmac_transparent.h" #include "psa_crypto_driver_esp_sha.h" +#include "psa_crypto_driver_esp_md5.h" +#include "sdkconfig.h" psa_status_t esp_hmac_abort_transparent(esp_hmac_transparent_operation_t *esp_hmac_ctx) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - status = esp_sha_hash_abort(&esp_hmac_ctx->esp_sha_ctx); +#if CONFIG_MBEDTLS_ROM_MD5 + psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(esp_hmac_ctx->alg); + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_abort(&esp_hmac_ctx->md5_ctx); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_abort(&esp_hmac_ctx->esp_sha_ctx); + } + if (status != PSA_SUCCESS) { return status; } + // Free dynamically allocated opad buffer + if (esp_hmac_ctx->opad != NULL) { + mbedtls_platform_zeroize(esp_hmac_ctx->opad, PSA_HMAC_MAX_HASH_BLOCK_SIZE); + free(esp_hmac_ctx->opad); + esp_hmac_ctx->opad = NULL; + } + mbedtls_platform_zeroize(esp_hmac_ctx, sizeof(esp_hmac_transparent_operation_t)); return status; } @@ -41,11 +60,30 @@ psa_status_t esp_hmac_setup_transparent(esp_hmac_transparent_operation_t *esp_hm memset(esp_hmac_ctx, 0, sizeof(esp_hmac_transparent_operation_t)); - status = esp_sha_hash_setup(&esp_hmac_ctx->esp_sha_ctx, hash_alg); - if (status != PSA_SUCCESS) { + // Allocate opad buffer dynamically + esp_hmac_ctx->opad = (uint8_t *)malloc(PSA_HMAC_MAX_HASH_BLOCK_SIZE); + if (esp_hmac_ctx->opad == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + memset(esp_hmac_ctx->opad, 0, PSA_HMAC_MAX_HASH_BLOCK_SIZE); + + if ( +#if CONFIG_MBEDTLS_ROM_MD5 + hash_alg != PSA_ALG_MD5 && +#endif // CONFIG_MBEDTLS_ROM_MD5 + (hash_alg < PSA_ALG_SHA_1 +#if SOC_SHA_SUPPORT_SHA512 + || hash_alg > PSA_ALG_SHA_512 +#else + || hash_alg > PSA_ALG_SHA_256 +#endif // SOC_SHA_SUPPORT_SHA512 + )) { + status = PSA_ERROR_NOT_SUPPORTED; goto error; } + esp_hmac_ctx->alg = alg; + /* Sanity checks on block_size, to guarantee that there won't be a buffer * overflow below. This should never trigger if the hash algorithm * is implemented correctly. */ @@ -57,8 +95,16 @@ psa_status_t esp_hmac_setup_transparent(esp_hmac_transparent_operation_t *esp_hm } if (key_buffer_size > block_size) { - status = esp_sha_hash_compute(hash_alg, key_buffer, key_buffer_size, - ipad, sizeof(ipad), &key_buffer_size); +#if CONFIG_MBEDTLS_ROM_MD5 + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_compute(hash_alg, key_buffer, key_buffer_size, + ipad, sizeof(ipad), &key_buffer_size); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_compute(hash_alg, key_buffer, key_buffer_size, + ipad, sizeof(ipad), &key_buffer_size); + } if (status != PSA_SUCCESS) { goto error; } @@ -117,12 +163,30 @@ psa_status_t esp_hmac_setup_transparent(esp_hmac_transparent_operation_t *esp_hm memset(esp_hmac_ctx->opad + key_buffer_size, 0x5C, fill_size); } - status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, ipad, block_size); +#if CONFIG_MBEDTLS_ROM_MD5 + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_setup(&esp_hmac_ctx->md5_ctx, hash_alg); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_setup(&esp_hmac_ctx->esp_sha_ctx, hash_alg); + } + if (status != PSA_SUCCESS) { + goto error; + } + +#if CONFIG_MBEDTLS_ROM_MD5 + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_update(&esp_hmac_ctx->md5_ctx, ipad, block_size); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, ipad, block_size); + } if (status != PSA_SUCCESS) { goto error; } - esp_hmac_ctx->alg = alg; return status; error: @@ -132,10 +196,20 @@ error: psa_status_t esp_hmac_update_transparent(esp_hmac_transparent_operation_t *esp_hmac_ctx, const uint8_t *data, size_t data_length) { + if (esp_hmac_ctx == NULL || data == NULL) { return PSA_ERROR_INVALID_ARGUMENT; } - return esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, data, data_length); + +#if CONFIG_MBEDTLS_ROM_MD5 + psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(esp_hmac_ctx->alg); + if (hash_alg == PSA_ALG_MD5) { + return esp_md5_hash_update(&esp_hmac_ctx->md5_ctx, data, data_length); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + return esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, data, data_length); + } } psa_status_t esp_hmac_finish_transparent( @@ -145,38 +219,74 @@ psa_status_t esp_hmac_finish_transparent( size_t *mac_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if (esp_hmac_ctx == NULL || mac == NULL || mac_length == NULL) { + return PSA_ERROR_INVALID_ARGUMENT; + } + psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(esp_hmac_ctx->alg); uint8_t tmp[PSA_HASH_MAX_SIZE]; size_t hash_size = 0; size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg); - if (esp_hmac_ctx == NULL || mac == NULL || mac_length == NULL) { - return PSA_ERROR_INVALID_ARGUMENT; +#if CONFIG_MBEDTLS_ROM_MD5 + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_finish(&esp_hmac_ctx->md5_ctx, tmp, sizeof(tmp), &hash_size); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_finish(&esp_hmac_ctx->esp_sha_ctx, tmp, sizeof(tmp), &hash_size); } - - status = esp_sha_hash_finish(&esp_hmac_ctx->esp_sha_ctx, tmp, sizeof(tmp), &hash_size); if (status != PSA_SUCCESS) { return status; } /* From here on, tmp needs to be wiped. */ - status = esp_sha_hash_setup(&esp_hmac_ctx->esp_sha_ctx, hash_alg); +#if CONFIG_MBEDTLS_ROM_MD5 + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_setup(&esp_hmac_ctx->md5_ctx, hash_alg); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_setup(&esp_hmac_ctx->esp_sha_ctx, hash_alg); + } if (status != PSA_SUCCESS) { goto exit; } - status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, esp_hmac_ctx->opad, block_size); +#if CONFIG_MBEDTLS_ROM_MD5 + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_update(&esp_hmac_ctx->md5_ctx, esp_hmac_ctx->opad, block_size); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, esp_hmac_ctx->opad, block_size); + } if (status != PSA_SUCCESS) { goto exit; } - status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, tmp, hash_size); +#if CONFIG_MBEDTLS_ROM_MD5 + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_update(&esp_hmac_ctx->md5_ctx, tmp, hash_size); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, tmp, hash_size); + } if (status != PSA_SUCCESS) { goto exit; } - status = esp_sha_hash_finish(&esp_hmac_ctx->esp_sha_ctx, tmp, sizeof(tmp), &hash_size); +#if CONFIG_MBEDTLS_ROM_MD5 + if (hash_alg == PSA_ALG_MD5) { + status = esp_md5_hash_finish(&esp_hmac_ctx->md5_ctx, tmp, sizeof(tmp), &hash_size); + } else +#endif // CONFIG_MBEDTLS_ROM_MD5 + { + status = esp_sha_hash_finish(&esp_hmac_ctx->esp_sha_ctx, tmp, sizeof(tmp), &hash_size); + } if (status != PSA_SUCCESS) { goto exit; } diff --git a/components/mbedtls/port/psa_driver/include/psa_crypto_driver_esp_hmac_transparent_contexts.h b/components/mbedtls/port/psa_driver/include/psa_crypto_driver_esp_hmac_transparent_contexts.h index efade77eb9..8d24421619 100644 --- a/components/mbedtls/port/psa_driver/include/psa_crypto_driver_esp_hmac_transparent_contexts.h +++ b/components/mbedtls/port/psa_driver/include/psa_crypto_driver_esp_hmac_transparent_contexts.h @@ -10,6 +10,7 @@ #include "soc/soc_caps.h" #include "psa/crypto_driver_common.h" #include "psa_crypto_driver_esp_sha_contexts.h" +#include "esp_rom_md5.h" #ifdef __cplusplus extern "C" { @@ -17,9 +18,12 @@ extern "C" { #if defined(ESP_HMAC_TRANSPARENT_DRIVER_ENABLED) typedef struct { - uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; psa_algorithm_t alg; - esp_sha_hash_operation_t esp_sha_ctx; + uint8_t *opad; // Dynamically allocated to save space + union { + md5_context_t md5_ctx; + esp_sha_hash_operation_t esp_sha_ctx; + }; } esp_hmac_transparent_operation_t; #endif /* ESP_HMAC_TRANSPARENT_DRIVER_ENABLED */