Support mbedtls crypto library #2345
Conversation
core/lib/libmbedtls/sub.mk
Outdated
| @@ -0,0 +1,3 @@ | |||
| cflags-lib-$(CFG_CRYPTO_SIZE_OPTIMIZATION) += -Os | |||
|
|
|||
| subdirs-y += src | |||
There was a problem hiding this comment.
I'd prefer if we put everything below lib/libmbedtls instead, having two different libmbedtls directories will be confusing.
The src directory will be core only we, so we could rename it to core and make this line:
subdirs-$(sm-core) += core
There was a problem hiding this comment.
Yes, it will be better to remove that confuse. I will update as that.
| @@ -0,0 +1,29 @@ | |||
| /* SPDX-License-Identifier: BSD-2-Clause */ | |||
There was a problem hiding this comment.
We already have a libmbedtls/include/mbedtls_config_kernel.h, please put the content of this file there instead.
edison-ai
force-pushed
the
support-mbedtls
branch
from
207b928 to
dbd59ea
Compare
|
@jenswi-linaro Update. But I do not know why the patch sequences are disorder. The patch "libmbedtls: configure mbedTLS for user mode TA" should be the first. |
|
@edison-ai it's OK, GitHub shows the commits in chronological order, which is not always parent/child order. |
|
@jforissier OK, got. Thanks your explanation. |
lib/libmbedtls/core/sub.mk
Outdated
| SRCS += sha256.c | ||
| SRCS += sha512.c | ||
|
|
||
| srcs-y += $(addprefix ../mbedtls/library/, $(SRCS)) |
There was a problem hiding this comment.
I'd prefer if we did this in lib/libmbedtls/sub.mk.
lib/libmbedtls/sub.mk will need to be restructured a bit. We could do it a bit like:
SRCS_CRYPTO :=
SRCS_CRYPTO += aes.c
...
SRCS_X509 :=
SRCS_X509 += certs.c
...
SRCS_TLS :=
SRCS_TLS += debug.c
...
srcs-y += $(addprefix mbedtls/library/, $(SRCS_CRYPTO))
srcs-$(sm-$(ta-target)) += $(addprefix mbedtls/library/, $(SRCS_X509))
srcs-$(sm-$(ta-target)) += $(addprefix mbedtls/library/, $(SRCS_TLS))
It doesn't matter if a few too many files are included as it's the lib/libmbedtls/include/mbedtls_config_kernel.h and lib/libmbedtls/include/mbedtls_config_uta.h files that controls what's really compiled.
There was a problem hiding this comment.
It doesn't matter if a few too many files are included as it's the
lib/libmbedtls/include/mbedtls_config_kernel.handlib/libmbedtls/include/mbedtls_config_uta.hfiles that controls what's really compiled.
By that logic, why not add all the files as it's done currently?
There was a problem hiding this comment.
By that logic, why not add all the files as it's done currently
Fine with me, if we think it adds too much time to compiling we can address that then.
|
@jenswi-linaro Any update? |
|
@edison-ai, I was actually going to ask you the same question. :-) |
|
@jenswi-linaro Sorry for that I had a few mistake to understand what your meaning. Of course I agree with your suggestion, and I will push a new version to refine it. |
edison-ai
force-pushed
the
support-mbedtls
branch
from
dbd59ea to
58522ba
Compare
|
Update and re-base it on newest master branch. |
edison-ai
force-pushed
the
support-mbedtls
branch
from
58522ba to
dfb2f39
Compare
lib/libmbedtls/sub.mk
Outdated
| @@ -88,3 +88,7 @@ srcs-$(sm-$(ta-target)) += $(addprefix mbedtls/library/, $(SRCS_TLS)) | |||
| cflags-lib-y += -Wno-redundant-decls | |||
| cflags-lib-y += -Wno-switch-default | |||
| cflags-lib-$(CFG_ULIBS_GPROF) += -pg | |||
|
|
|||
| cflags-lib-$(sm-core) += -Wno-pedantic | |||
There was a problem hiding this comment.
There's already a workaround for the "empty translation unit" errors in lib/libmbedtls/mbedtls/include/mbedtls/check_config.h, please use that instead by including that file from ib/libmbedtls/include/mbedtls_config_kernel.h just as in lib/libmbedtls/include/mbedtls_config_uta.h
|
When compiling "libmbedtls: support mbedTLS in kernel mode", I get the following error: |
|
When compiling the entire PR I get: |
|
@jenswi-linaro For the second compiling error, I cannot reappear it on my side. Is it relative with gcc version? Which version of gcc you are using? |
|
It's a type mismatch, |
edison-ai
force-pushed
the
support-mbedtls
branch
from
dfb2f39 to
3909a19
Compare
|
@jenswi-linaro Update, I had fix the 3 issue mentioned above. |
|
With 6e954a6 ("core: add new RNG implementation") is core/crypto/rng_*.c responsible to provide RNG. Crypto libraries should themselves use crypto_rng_read() to get random when needed. So "libmbedtls: support mbedtls PRNG function" isn't needed any longer. I suppose some internal wrapper function in mbedtls will be needed to use crypto_rng_read() instead of what's used previously. |
There was a problem hiding this comment.
With my comment addressed, for these commits
907b555 ("libmbedtls: support mbedtls hash algorithm")
9fc0bb5 ("libmbedtls: support mbedTLS in kernel mode")
33cffad ("libmbedtls: configure mbedTLS for different modes")
please apply:
Reviewed-by: Jens Wiklander <[email protected]>
| /****************************************************************************** | ||
| * Pseudo Random Number Generator | ||
| ******************************************************************************/ | ||
| TEE_Result __weak crypto_rng_read(void *buf __unused, size_t blen __unused) |
There was a problem hiding this comment.
This function doesn't belong ere any more.
There was a problem hiding this comment.
Yes, I will remove PRNG patch.
|
ae549da ("libmbedtls: add interfaces in mbedtls for context memory operation") |
| /* | ||
| * Get the Mbedtls chipher info given a TEE Algorithm "algo" | ||
| * Return | ||
| * - TEE_SUCCESS in case of success, |
There was a problem hiding this comment.
A pointer to a valid mbedtls_cipher_definition_t on success
| #if defined(_CFG_CRYPTO_WITH_CIPHER) || defined(_CFG_CRYPTO_WITH_MAC) || \ | ||
| defined(_CFG_CRYPTO_WITH_AUTHENC) | ||
| /* | ||
| * Get the Mbedtls chipher info given a TEE Algorithm "algo" |
| static const mbedtls_cipher_info_t *get_cipher_info(uint32_t algo, | ||
| size_t key_len) | ||
| { | ||
| /* Only support key_length is 128 bits of AES in Optee_os */ |
There was a problem hiding this comment.
I can't make sense of this comment.
There was a problem hiding this comment.
This comment should be deleted. I will fix it.
| switch (algo) { | ||
| #if defined(CFG_CRYPTO_ECB) | ||
| case TEE_ALG_AES_ECB_NOPAD: | ||
| cipher_info = get_cipher_info(algo, 128); |
There was a problem hiding this comment.
Why 128 as key size?
There was a problem hiding this comment.
It needs cipher_info to allocate context operation for mbedTLS cipher ctx. For getting cipher info, it need to know the key size. But the key size is not provided yet, it will be provided in init function. So, here, we only use 128 as a default key length. It will be ok, for the mbedtls_cipher_base_t(used for allocate context) are same for all AES operate(different key length). I will add some comments in here.
| if (cipher_info == NULL) | ||
| return TEE_ERROR_NOT_SUPPORTED; | ||
|
|
||
| lmd_res = mbedtls_cipher_setup_info(ctx, cipher_info); |
There was a problem hiding this comment.
Now we're changing cipher_info, this deserves a comment explaining why and how it's safe.
| EMSG("update failed, res is 0x%x", -lmd_res); | ||
| return TEE_ERROR_BAD_STATE; | ||
| } | ||
| lmd_res = mbedtls_cipher_finish(ctx, dst + olen, &finish_olen); |
There was a problem hiding this comment.
Please add a comment explaining why we're doing mbedtls_cipher_reset() and mbedtls_cipher_finish() here, same for TEE_ALG_AES_CTR below.
There was a problem hiding this comment.
The comments doesn't answer the "why".
I was looking for something like:
/*
* Do the mbedtls_cipher_reset(), mbedtls_cipher_update(), mbedtls_cipher_finish()
* sequence to catch and report partial blocks early.
*/
There was a problem hiding this comment.
Yes, I will use the comments as you suggest.
|
"libmbedtls: implement two AES interfaces" need to be split up in two separate commits, one with the changes outside mbedtls and one with the stuff inside |
| case TEE_ALG_AES_CMAC: | ||
| res = TEE_ERROR_NOT_SUPPORTED; | ||
| break; | ||
| break; |
| if (res == TEE_SUCCESS) | ||
| *ctx_ret = ctx; | ||
| else | ||
| crypto_mac_free_ctx(ctx, algo); |
There was a problem hiding this comment.
I don't think it's safe to call this function unless mbedtls_md_setup() has succeeded.
There was a problem hiding this comment.
The mbedtls_md_free will check if the freed pointer is valid or not before free it. So it does not matter to do that.
There was a problem hiding this comment.
If the second allocation fails, then we'll have a double free.
There was a problem hiding this comment.
Second allocation inside mbedtls_md_setup(), that is.
There was a problem hiding this comment.
Yes, sorry for not reading code clearly.
| res = TEE_ERROR_NOT_SUPPORTED; | ||
| } | ||
|
|
||
| if (res == TEE_SUCCESS) |
There was a problem hiding this comment.
I'd prefer doing the epilogue of this function as:
*ctx_ret = ctx;
return TEE_SUCCESS;
err:
free(ctx);
return res;
It's more like it's done in the Linux kernel and also at each point where we break out we know if it's because of an error or not so doing "goto err" wouldn't be harder.
There was a problem hiding this comment.
Ok, we can do like that. But I still want to use crypto_mac_free_ctx() for err. Because there are may allocate operation in mbedtls_md_setup(), it maybe failed in middle process. So we need to call crypto_mac_free_ctx() to free allocated memory.
There was a problem hiding this comment.
So, as discuss above, we should use free(ctx) here.
But I find another issue, caller will call crypto_mac_free_ctx() if crypto_mac_alloc_ctx() failed. it will cause double free for ctx, look this example:
optee_os/core/tee/tee_cryp_hkdf.c
Lines 37 to 62 in af8149d
There was a problem hiding this comment.
Calling crypto_mac_free_ctx() on a ctx being NULL is harmless, it's even preferred over testing if ctx is NULL or not before calling the function.
If I would have written that function, I would have returned on the crypto_mac_alloc_ctx() error instead of doing a goto. However, this is a matter of taste so we leave that to the author.
You're free to do the function epilogue as you like, I just think what I proposed instead is less complicated.
There was a problem hiding this comment.
Ok, got, thanks for your explanation.
| if (!cipher_info) | ||
| return TEE_ERROR_NOT_SUPPORTED; | ||
|
|
||
| lmd_res = mbedtls_cipher_setup_info(ctx, cipher_info); |
There was a problem hiding this comment.
Please comment why it's safe to change cipher_info here.
| @@ -1138,8 +1143,22 @@ TEE_Result crypto_mac_alloc_ctx(void **ctx_ret, uint32_t algo) | |||
| #endif | |||
| #if defined(CFG_CRYPTO_CMAC) | |||
| case TEE_ALG_AES_CMAC: | |||
| res = TEE_ERROR_NOT_SUPPORTED; | |||
| break; | |||
| cipher_info = get_cipher_info(TEE_ALG_AES_ECB_NOPAD, 128); | |||
| assert(b != NULL); | ||
| ret = mbedtls_mpi_cmp_mpi((const mbedtls_mpi *)a, | ||
| (const mbedtls_mpi *)b); | ||
| if (ret < 0) |
There was a problem hiding this comment.
This is where CMP_TRILEAN() is handy, compare (pardon the pun) with:
return CMP_TRILEAN(ret, 0);
There was a problem hiding this comment.
Yes, it will be better. I will fix it.
| assert(a != NULL); | ||
| assert(b != NULL); | ||
| ret = mbedtls_mpi_cmp_mpi((const mbedtls_mpi *)a, | ||
| (const mbedtls_mpi *)b); |
There was a problem hiding this comment.
Please align with the opening ( above.
| return NULL; | ||
| mbedtls_mpi_init(bn); | ||
| if (mbedtls_mpi_grow(bn, BITS_TO_LIMBS(size_bits)) != 0) | ||
| return NULL; |
There was a problem hiding this comment.
Sorry, I do not understand why you say it.
mbedtls_mpi_grow() will allocate a new buffer if the older is not enough, and swap them.
There was a problem hiding this comment.
bn is just allocated with calloc(), if we return NULL here without freeing bn we have a memory leak.
There was a problem hiding this comment.
Yes, I will add free(bn) here.
| struct bignum *crypto_bignum_allocate(size_t size_bits __unused) | ||
| #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ | ||
| #define biL (ciL << 3) /* bits in limb */ | ||
| #define biH (ciL << 2) /* half limb size */ |
There was a problem hiding this comment.
This define seems unused
There was a problem hiding this comment.
Actually, only biH is unused and I will delete it. ciL and biL are used in BITS_TO_LIMBS.
|
Bignum allocations should use the |
| lmd_res = mbedtls_rsa_public(&rsa, buf, buf); | ||
| switch (lmd_res) { | ||
| case MBEDTLS_ERR_RSA_BAD_INPUT_DATA: | ||
| EMSG("mbedtls_rsa_public() returned 0x%x", -lmd_res); |
There was a problem hiding this comment.
This is a debug print that if kept should be made with FMSG
| break; | ||
| default: | ||
| /* This will result in a panic */ | ||
| EMSG("mbedtls_rsa_public() returned 0x%x", -lmd_res); |
There was a problem hiding this comment.
FMSG, if kept at all
There was a problem hiding this comment.
There are many EMSG in this PR, do I need to change all of them to FMSG?
There was a problem hiding this comment.
All which are like this one.
| case 0: | ||
| break; | ||
| default: | ||
| /* This will result in a panic */ |
There was a problem hiding this comment.
panic in the calling TA
Split mbedTLS into 3 partitions: CRYPTO, X509 and TLS. CRYPTO is for kernel and user mode. X509 and TLS are mainly for user mode. Signed-off-by: Edison Ai <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Adds support for symmetrical ciphers. The CTS and XTS modes are not supported in mbedTLS and will be dealt with later. Signed-off-by: Edison Ai <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Adds size of expanded AES encryption key to crypto_aes_expand_enc_key() and crypto_aes_enc_block() to make the functions more safe to call. Signed-off-by: Summer Qin <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
These two implement interfaces will be used by AES-GCM algo. Signed-off-by: Summer Qin <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Implement HMAC function which based on mbedtls. Signed-off-by: Edison Ai <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Implement CMAC function which based on mbedtls. Signed-off-by: Edison Ai <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Implement bignum function which based on mbedtls. Signed-off-by: Edison Ai <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Support RSA: RSASSA_PKCS1_V1_5 RSASSA_PKCS1_PSS_MGF1 RSAES_PKCS1_V1_5 RSAES_PKCS1_OAEP_MGF1 Signed-off-by: Edison Ai <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
This patch will be disscuss in branch "import/mbedtls-2.6.1" first. In NO_CRT mode, Q and P may be invalid. But Q and P will be re-filled again if PRNG function is valid. So add judgement process if it is in NO_CRT mode. Signed-off-by: Summer Qin <[email protected]>
Implement DH function which based on mbedtls. Signed-off-by: Edison Ai <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
Support mbedtls ECC: ecdh and ecdsa. Signed-off-by: Edison Ai <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
This patch will be disscuss in branch "import/mbedtls-2.6.1" first.
1. Add clone interface for GCM and CCM to support optee os.
2. Split ccm_auth_crypt() into 3 interfaces: mbedtls_ccm_starts(),
mbedtls_ccm_update(), mbedtls_ccm_finish(). They are used to support
optee interfaces. mbedTLS selftest and test_suite_ccm are all pass.
Signed-off-by: Edison Ai <[email protected]>
Implement CCM function which based on mbedtls. Signed-off-by: Shawn Shan <[email protected]>
1. Split tomcrypt into two partitions, while tomcrypt_lite will include the algos that mbedtls does not support. 2. Rename some crypto interfaces for distinguish them with those in crypto.c. Signed-off-by: Edison Ai <[email protected]>
edison-ai
force-pushed
the
support-mbedtls
branch
from
a15ac30 to
c7d0bc4
Compare
|
In IBART there are various aborts happening so it never ends the test suite and then after 600 seconds it time out and the test fails. I've tracked this PR and I've seen the same issue showing up, but for other PR's it is not happening so I suspect this would be reproducible on a local build also. |
|
@jbech-linaro Thanks for your information, I will try to reproduce it locally. |
|
@jenswi-linaro @jforissier , Sorry not to update it as soon as possible. for I am rushing for another things. I had try several time on local with newest optee os, client and test "master" breach, and all test are passed with no errors. So I have no idea for this "IBART" failed now. Do you have any suggest? |
|
@edison-ai, are you still stuck on IBART? |
|
@jenswi-linaro Yes, I cannot reproduce the error on my side. So, if we can start the review process, and to see if can fix the IBART problem later? |
|
So it's ready to be reviewed again (ignoring IBART)? |
|
@jenswi-linaro Yes,I had refine all the patches according your last comment. So you can continue to review them. |
|
For "libmbedtls: support mbedtls ccm function" please apply: |
|
Comments for "libmbedtls: support mbedtls unsupported algorithms": libtomcrypt_lite is entirely an mbedTLS internal thing, there's no need to create a crypto_lite api or anything like that. |
|
If not not mistaken then only thing left in the PR is to fix "libmbedtls: support mbedtls unsupported algorithms". Then we can take care of the stuff to merge in the branch |
|
@jenswi-linaro Sorry for not reply this so long time because I am blocked by other things. |
Yes, that would probably be the best. I think we can accept some shortcuts here as I assume that mbedtls sooner or later will have the missing features.
Please create a pull request against Also, please apply the last tags and rebase on master. |
|
OK, I will try to do as it and create a new PR to |
|
Move this PR to #2705. Close it now. |
Pull request for mbedtls crypto supporting again here.
The mbedtls source path is "lib/libmebdtls" which is same as TA's.