Merge branch 'feature/support_esp32c2_rom_mbedtls' into 'master'

feat(mbedtls): support c2 mbedtls can use crypto algorithm in ROM

See merge request espressif/esp-idf!25272

Kconfig

@@ -590,3 +590,4 @@ mainmenu "Espressif IoT Development Framework Configuration"
             - CONFIG_ESPTOOLPY_FLASHFREQ_120M
             - CONFIG_SPIRAM_SPEED_120M
             - CONFIG_SPI_FLASH_QUAD_32BIT_ADDR_ENABLE
+            - CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL

components/esp_rom/CMakeLists.txt

@@ -114,7 +114,6 @@ if(BOOTLOADER_BUILD)
 
     elseif(target STREQUAL "esp32c2")
         rom_linker_script("newlib")
-        rom_linker_script("mbedtls")
 
     elseif(target STREQUAL "esp32c6")
         rom_linker_script("newlib")
@@ -230,7 +229,10 @@ else() # Regular app build
     elseif(target STREQUAL "esp32c2")
         rom_linker_script("newlib")
         rom_linker_script("version")
-        rom_linker_script("mbedtls")
+
+        if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL)
+            rom_linker_script("mbedtls")
+        endif()
 
         if(CONFIG_NEWLIB_NANO_FORMAT)
             # nano formatting functions in ROM are also built for 64-bit time_t.

components/esp_rom/esp32c2/Kconfig.soc_caps.in

@@ -62,3 +62,7 @@ config ESP_ROM_NEEDS_SET_CACHE_MMU_SIZE
 config ESP_ROM_RAM_APP_NEEDS_MMU_INIT
     bool
     default y
+
+config ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB
+    bool
+    default y

components/esp_rom/esp32c2/esp_rom_caps.h

@@ -21,3 +21,4 @@
 #define ESP_ROM_HAS_NEWLIB_NANO_FORMAT      (1) // ROM has the newlib nano version of formatting functions
 #define ESP_ROM_NEEDS_SET_CACHE_MMU_SIZE    (1) // ROM needs to set cache MMU size according to instruction and rodata for flash mmap
 #define ESP_ROM_RAM_APP_NEEDS_MMU_INIT      (1) // ROM doesn't init cache MMU when it's a RAM APP, needs MMU hal to init
+#define ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB      (1) // ROM has the mbedtls crypto algorithm lib

components/esp_rom/esp32c2/ld/esp32c2.rom.ld

@@ -2330,3 +2330,10 @@ bt_bb_tx_cca_fifo_read = 0x40002654;
 coex_pti_v2 = 0x40002658;
 bt_bb_set_le_tx_on_delay = 0x4000265c;
 bt_bb_set_corr_thresh_le = 0x40002660;
+
+/***************************************
+ Group rom_mbedtls md5
+ ***************************************/
+mbedtls_md5_starts_ret = 0x40002be4;
+mbedtls_md5_update_ret = 0x40002be8;
+mbedtls_md5_finish_ret = 0x40002bec;

components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.ld

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -19,7 +19,95 @@
  ***************************************/
 
 /* Functions */
-mbedtls_md5_starts_ret = 0x40002be4;
-mbedtls_md5_update_ret = 0x40002be8;
-mbedtls_md5_finish_ret = 0x40002bec;
+mbedtls_aes_init = 0x40002664;
+mbedtls_aes_free = 0x40002688;
+mbedtls_aes_setkey_enc = 0x4000268c;
+mbedtls_aes_setkey_dec = 0x40002690;
+mbedtls_aes_crypt_ecb = 0x40002694;
+mbedtls_aes_crypt_cbc = 0x40002698;
+mbedtls_internal_aes_encrypt = 0x4000269c;
+mbedtls_internal_aes_decrypt = 0x400026a0;
+mbedtls_asn1_get_len = 0x400026a4;
+mbedtls_asn1_get_tag = 0x400026a8;
+mbedtls_asn1_get_bool = 0x400026ac;
+mbedtls_asn1_get_int = 0x400026b0;
+mbedtls_asn1_get_bitstring = 0x400026b4;
+mbedtls_asn1_get_bitstring_null = 0x400026b8;
+mbedtls_asn1_get_sequence_of = 0x400026bc;
+mbedtls_asn1_get_mpi = 0x400026c0;
+mbedtls_asn1_get_alg = 0x400026c4;
+mbedtls_asn1_get_alg_null = 0x400026c8;
+mbedtls_asn1_write_len = 0x400026cc;
+mbedtls_asn1_write_tag = 0x400026d0;
+mbedtls_asn1_write_mpi = 0x400026d4;
+mbedtls_base64_decode = 0x400026d8;
+mbedtls_ccm_star_encrypt_and_tag = 0x40002774;
+mbedtls_ccm_star_auth_decrypt = 0x40002778;
+mbedtls_cipher_init = 0x4000277c;
+mbedtls_cipher_set_padding_mode = 0x40002780;
+mbedtls_cipher_reset = 0x40002784;
+mbedtls_cipher_finish = 0x40002788;
+mbedtls_cipher_crypt = 0x4000278c;
+mbedtls_cipher_cmac_starts = 0x40002790;
+mbedtls_cipher_cmac_update = 0x40002794;
+mbedtls_cipher_cmac_finish = 0x40002798;
+mbedtls_ctr_drbg_init = 0x4000279c;
+mbedtls_ctr_drbg_seed = 0x400027a0;
+mbedtls_ctr_drbg_free = 0x400027a4;
+mbedtls_ctr_drbg_reseed = 0x400027a8;
+mbedtls_ctr_drbg_random_with_add = 0x400027ac;
+mbedtls_ctr_drbg_random = 0x400027b0;
+mbedtls_sha1_init = 0x40002a1c;
+mbedtls_sha1_free = 0x40002a20;
+mbedtls_sha1_clone = 0x40002a24;
+mbedtls_sha1_starts = 0x40002a28;
+mbedtls_sha1_finish = 0x40002a2c;
+mbedtls_sha256_init = 0x40002a30;
+mbedtls_sha256_free = 0x40002a34;
+mbedtls_sha256_clone = 0x40002a38;
+mbedtls_sha256_starts = 0x40002a3c;
+mbedtls_sha256_finish = 0x40002a40;
+mbedtls_sha256 = 0x40002a44;
+mbedtls_sha512_init = 0x40002a48;
+mbedtls_sha512_free = 0x40002a4c;
+mbedtls_sha512_clone = 0x40002a50;
+mbedtls_sha512_starts = 0x40002a54;
+mbedtls_sha512_update = 0x40002a58;
+mbedtls_sha512_finish = 0x40002a5c;
+mbedtls_internal_sha512_process = 0x40002a60;
+mbedtls_sha512 = 0x40002a64;
+mbedtls_aes_xts_init = 0x40002b68;
+mbedtls_aes_xts_free = 0x40002b6c;
+mbedtls_aes_xts_setkey_enc = 0x40002b70;
+mbedtls_aes_xts_setkey_dec = 0x40002b74;
+mbedtls_aes_crypt_xts = 0x40002b78;
+mbedtls_aes_crypt_cfb128 = 0x40002b7c;
+mbedtls_aes_crypt_ofb = 0x40002b80;
+mbedtls_aes_crypt_ctr = 0x40002b84;
+mbedtls_ccm_init = 0x40002b98;
+mbedtls_ccm_setkey = 0x40002b9c;
+mbedtls_ccm_free = 0x40002ba0;
+mbedtls_ccm_encrypt_and_tag = 0x40002ba4;
+mbedtls_ccm_auth_decrypt = 0x40002ba8;
+mbedtls_md5_init = 0x40002bd8;
+mbedtls_md5_free = 0x40002bdc;
+mbedtls_md5_clone = 0x40002be0;
+mbedtls_md5_starts = 0x40002be4;
+mbedtls_md5_update = 0x40002be8;
+mbedtls_md5_finish = 0x40002bec;
+mbedtls_internal_md5_process = 0x40002bf0;
+mbedtls_md5 = 0x40002bf4;
+mbedtls_sha1 = 0x40002c08;
 /* Data (.data, .bss, .rodata) */
+mbedtls_rom_osi_funcs_ptr = 0x3fcdfaa0;
+AES_FSb_ptr = 0x3fcdfa9c;
+AES_RT0_ptr = 0x3fcdfa98;
+AES_RT1_ptr = 0x3fcdfa94;
+AES_RT2_ptr = 0x3fcdfa90;
+AES_RT3_ptr = 0x3fcdfa8c;
+AES_FT0_ptr = 0x3fcdfa88;
+AES_FT1_ptr = 0x3fcdfa84;
+AES_FT2_ptr = 0x3fcdfa80;
+AES_FT3_ptr = 0x3fcdfa7c;
+bignum_small_prime_ptr = 0x3fcdfa78;
+sha512_K_ptr = 0x3fcdfa74;

components/mbedtls/CMakeLists.txt

@@ -262,6 +262,11 @@ if(CONFIG_MBEDTLS_ROM_MD5)
     target_sources(mbedcrypto PRIVATE  "${COMPONENT_DIR}/port/md/esp_md.c")
 endif()
 
+if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL)
+    target_sources(mbedcrypto PRIVATE  "${COMPONENT_DIR}/port/mbedtls_rom/mbedtls_rom_osi.c")
+    target_link_libraries(${COMPONENT_LIB} PRIVATE "-u mbedtls_rom_osi_functions_init")
+endif()
+
 foreach(target ${mbedtls_targets})
     target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h")
 endforeach()

components/mbedtls/Kconfig

@@ -1074,4 +1074,25 @@ menu "mbedTLS"
             then the ESP will be unable to process keys greater
             than SOC_RSA_MAX_BIT_LEN.
 
+    config MBEDTLS_USE_CRYPTO_ROM_IMPL
+        bool "Use ROM implementation of the crypto algorithm"
+        depends on ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB && IDF_EXPERIMENTAL_FEATURES
+        default "n"
+        select MBEDTLS_SHA512_C
+        select MBEDTLS_AES_C
+        select MBEDTLS_CCM_C
+        select MBEDTLS_ROM_MD5
+        select MBEDTLS_HARDWARE_SHA
+        help
+            Enable this flag to use mbedtls crypto algorithm from ROM instead of ESP-IDF.
+
+            This configuration option saves flash footprint in the application binary.
+            Note that the version of mbedtls crypto algorithm library in ROM is v2.16.12.
+            We have done the security analysis of the mbedtls revision in ROM (v2.16.12)
+            and ensured that affected symbols have been patched (removed). If in the future
+            mbedtls revisions there are security issues that also affects the version in
+            ROM (v2.16.12) then we shall patch the relevant symbols. This would increase
+            the flash footprint and hence care must be taken to keep some reserved space
+            for the application binary in flash layout.
+
 endmenu  # mbedTLS

components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c

@@ -0,0 +1,187 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/platform.h"
+#include "mbedtls_rom_osi.h"
+
+void mbedtls_rom_osi_functions_init(void);
+
+static void mbedtls_rom_mutex_init( mbedtls_threading_mutex_t *mutex )
+{
+#if (!defined(CONFIG_MBEDTLS_THREADING_C))
+    ((void) mutex);
+    return;
+#else
+    mbedtls_mutex_init(mutex);
+#endif
+}
+
+static void mbedtls_rom_mutex_free( mbedtls_threading_mutex_t *mutex )
+{
+#if (!defined(CONFIG_MBEDTLS_THREADING_C))
+    ((void) mutex);
+    return;
+#else
+    mbedtls_mutex_free(mutex);
+#endif
+}
+
+static int mbedtls_rom_mutex_lock( mbedtls_threading_mutex_t *mutex )
+{
+#if (!defined(CONFIG_MBEDTLS_THREADING_C))
+    ((void) mutex);
+    return 0;
+#else
+    return mbedtls_mutex_lock(mutex);
+#endif
+}
+
+static int mbedtls_rom_mutex_unlock( mbedtls_threading_mutex_t *mutex )
+{
+#if (!defined(CONFIG_MBEDTLS_THREADING_C))
+    ((void) mutex);
+    return 0;
+#else
+    return mbedtls_mutex_unlock(mutex);
+#endif
+}
+
+/* This structure can be automatically generated by the script with rom.mbedtls.ld. */
+static const mbedtls_rom_funcs_t mbedtls_rom_funcs_table = {
+    /* Fill the ROM functions into mbedtls rom function table. */
+    /* aes module */
+    ._rom_mbedtls_aes_init = mbedtls_aes_init,
+    ._rom_mbedtls_aes_free = mbedtls_aes_free,
+    ._rom_mbedtls_aes_setkey_enc = mbedtls_aes_setkey_enc,
+    ._rom_mbedtls_aes_setkey_dec = mbedtls_aes_setkey_dec,
+    ._rom_mbedtls_aes_crypt_ecb = mbedtls_aes_crypt_ecb,
+    ._rom_mbedtls_aes_crypt_cbc = mbedtls_aes_crypt_cbc,
+    ._rom_mbedtls_internal_aes_encrypt = mbedtls_internal_aes_encrypt,
+    ._rom_mbedtls_internal_aes_decrypt = mbedtls_internal_aes_decrypt,
+    /* asn1 module */
+    ._rom_mbedtls_asn1_get_len = mbedtls_asn1_get_len,
+    ._rom_mbedtls_asn1_get_tag = mbedtls_asn1_get_tag,
+    ._rom_mbedtls_asn1_get_bool = mbedtls_asn1_get_bool,
+    ._rom_mbedtls_asn1_get_int = mbedtls_asn1_get_int,
+    ._rom_mbedtls_asn1_get_bitstring = mbedtls_asn1_get_bitstring,
+    ._rom_mbedtls_asn1_get_bitstring_null = mbedtls_asn1_get_bitstring_null,
+    ._rom_mbedtls_asn1_get_sequence_of = mbedtls_asn1_get_sequence_of,
+    ._rom_mbedtls_asn1_get_mpi = mbedtls_asn1_get_mpi,
+    ._rom_mbedtls_asn1_get_alg = mbedtls_asn1_get_alg,
+    ._rom_mbedtls_asn1_get_alg_null = mbedtls_asn1_get_alg_null,
+    ._rom_mbedtls_asn1_write_len = mbedtls_asn1_write_len,
+    ._rom_mbedtls_asn1_write_tag = mbedtls_asn1_write_tag,
+    ._rom_mbedtls_asn1_write_mpi = mbedtls_asn1_write_mpi,
+    /* base64 moudle */
+    ._rom_mbedtls_base64_decode = mbedtls_base64_decode,
+    /* bignum module */
+    ._rom_mbedtls_mpi_init = mbedtls_mpi_init,
+    ._rom_mbedtls_mpi_free = mbedtls_mpi_free,
+    ._rom_mbedtls_mpi_grow = mbedtls_mpi_grow,
+    ._rom_mbedtls_mpi_shrink = mbedtls_mpi_shrink,
+    ._rom_mbedtls_mpi_copy = mbedtls_mpi_copy,
+    ._rom_mbedtls_mpi_safe_cond_assign = mbedtls_mpi_safe_cond_assign,
+    ._rom_mbedtls_mpi_safe_cond_swap = mbedtls_mpi_safe_cond_swap,
+    ._rom_mbedtls_mpi_lset = mbedtls_mpi_lset,
+    ._rom_mbedtls_mpi_get_bit = mbedtls_mpi_get_bit,
+    ._rom_mbedtls_mpi_set_bit = mbedtls_mpi_set_bit,
+    ._rom_mbedtls_mpi_lsb = mbedtls_mpi_lsb,
+    ._rom_mbedtls_mpi_bitlen = mbedtls_mpi_bitlen,
+    ._rom_mbedtls_mpi_size = mbedtls_mpi_size,
+    ._rom_mbedtls_mpi_read_binary = mbedtls_mpi_read_binary,
+    ._rom_mbedtls_mpi_write_binary = mbedtls_mpi_write_binary,
+    ._rom_mbedtls_mpi_shift_l = mbedtls_mpi_shift_l,
+    ._rom_mbedtls_mpi_shift_r = mbedtls_mpi_shift_r,
+    ._rom_mbedtls_mpi_cmp_abs = mbedtls_mpi_cmp_abs,
+    ._rom_mbedtls_mpi_cmp_mpi = mbedtls_mpi_cmp_mpi,
+    ._rom_mbedtls_mpi_lt_mpi_ct = mbedtls_mpi_lt_mpi_ct,
+    ._rom_mbedtls_mpi_cmp_int = mbedtls_mpi_cmp_int,
+    ._rom_mbedtls_mpi_add_abs = mbedtls_mpi_add_abs,
+    ._rom_mbedtls_mpi_sub_abs = mbedtls_mpi_sub_abs,
+    ._rom_mbedtls_mpi_add_mpi = mbedtls_mpi_add_mpi,
+    ._rom_mbedtls_mpi_sub_mpi = mbedtls_mpi_sub_mpi,
+    ._rom_mbedtls_mpi_add_int = mbedtls_mpi_add_int,
+    ._rom_mbedtls_mpi_sub_int = mbedtls_mpi_sub_int,
+    ._rom_mbedtls_mpi_mul_mpi = mbedtls_mpi_mul_mpi,
+    ._rom_mbedtls_mpi_mul_int = mbedtls_mpi_mul_int,
+    ._rom_mbedtls_mpi_div_mpi = mbedtls_mpi_div_mpi,
+    ._rom_mbedtls_mpi_div_int = mbedtls_mpi_div_int,
+    ._rom_mbedtls_mpi_mod_mpi = mbedtls_mpi_mod_mpi,
+    ._rom_mbedtls_mpi_mod_int = mbedtls_mpi_mod_int,
+    ._rom_mbedtls_mpi_exp_mod = mbedtls_mpi_exp_mod,
+    ._rom_mbedtls_mpi_fill_random = mbedtls_mpi_fill_random,
+    ._rom_mbedtls_mpi_gcd = mbedtls_mpi_gcd,
+    ._rom_mbedtls_mpi_inv_mod = mbedtls_mpi_inv_mod,
+    ._rom_mbedtls_mpi_is_prime_ext = mbedtls_mpi_is_prime_ext,
+    /* ccm module */
+    ._rom_mbedtls_ccm_star_encrypt_and_tag = mbedtls_ccm_star_encrypt_and_tag,
+    ._rom_mbedtls_ccm_star_auth_decrypt = mbedtls_ccm_star_auth_decrypt,
+    /* cipher module */
+    ._rom_mbedtls_cipher_init = mbedtls_cipher_init,
+    ._rom_mbedtls_cipher_set_padding_mode = mbedtls_cipher_set_padding_mode,
+    ._rom_mbedtls_cipher_reset = mbedtls_cipher_reset,
+    ._rom_mbedtls_cipher_finish = mbedtls_cipher_finish,
+    ._rom_mbedtls_cipher_crypt = mbedtls_cipher_crypt,
+    ._rom_mbedtls_cipher_cmac_starts = mbedtls_cipher_cmac_starts,
+    ._rom_mbedtls_cipher_cmac_update = mbedtls_cipher_cmac_update,
+    ._rom_mbedtls_cipher_cmac_finish = mbedtls_cipher_cmac_finish,
+    /* ctr drbg module */
+    ._rom_mbedtls_ctr_drbg_init = mbedtls_ctr_drbg_init,
+    ._rom_mbedtls_ctr_drbg_seed = mbedtls_ctr_drbg_seed,
+    ._rom_mbedtls_ctr_drbg_free = mbedtls_ctr_drbg_free,
+    ._rom_mbedtls_ctr_drbg_reseed = mbedtls_ctr_drbg_reseed,
+    ._rom_mbedtls_ctr_drbg_random_with_add = mbedtls_ctr_drbg_random_with_add,
+    ._rom_mbedtls_ctr_drbg_random = mbedtls_ctr_drbg_random,
+    /* sha1 module */
+    ._rom_mbedtls_sha1_init = mbedtls_sha1_init,
+    ._rom_mbedtls_sha1_free = mbedtls_sha1_free,
+    ._rom_mbedtls_sha1_clone = mbedtls_sha1_clone,
+    ._rom_mbedtls_sha1_starts = mbedtls_sha1_starts,
+    ._rom_mbedtls_sha1_finish = mbedtls_sha1_finish,
+    /* sha256 module */
+    ._rom_mbedtls_sha256_init = mbedtls_sha256_init,
+    ._rom_mbedtls_sha256_free = mbedtls_sha256_free,
+    ._rom_mbedtls_sha256_clone = mbedtls_sha256_clone,
+    ._rom_mbedtls_sha256_starts = mbedtls_sha256_starts,
+    ._rom_mbedtls_sha256_finish = mbedtls_sha256_finish,
+    ._rom_mbedtls_sha256 = mbedtls_sha256,
+    /* sha512 module */
+    ._rom_mbedtls_sha512_init = mbedtls_sha512_init,
+    ._rom_mbedtls_sha512_free = mbedtls_sha512_free,
+    ._rom_mbedtls_sha512_clone = mbedtls_sha512_clone,
+    ._rom_mbedtls_sha512_starts = mbedtls_sha512_starts,
+    ._rom_mbedtls_sha512_update = mbedtls_sha512_update,
+    ._rom_mbedtls_sha512_finish = mbedtls_sha512_finish,
+    ._rom_mbedtls_internal_sha512_process = mbedtls_internal_sha512_process,
+    ._rom_mbedtls_sha512 = mbedtls_sha512,
+
+    /* Fill the platform functions into mbedtls rom function table. */
+    ._mbedtls_mutex_init = mbedtls_rom_mutex_init,
+    ._mbedtls_mutex_free = mbedtls_rom_mutex_free,
+    ._mbedtls_mutex_lock = mbedtls_rom_mutex_lock,
+    ._mbedtls_mutex_unlock = mbedtls_rom_mutex_unlock,
+    ._mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC,
+    ._mbedtls_free = MBEDTLS_PLATFORM_STD_FREE,
+
+    /* Fill the SHA functions into mbedtls rom function table, since these functions are not exported in the ROM interface. */
+    ._mbedtls_sha1_update = mbedtls_sha1_update,
+    ._mbedtls_internal_sha1_process = mbedtls_internal_sha1_process,
+    ._mbedtls_sha256_update = mbedtls_sha256_update,
+    ._mbedtls_internal_sha256_process = mbedtls_internal_sha256_process,
+};
+
+__attribute__((constructor)) void mbedtls_rom_osi_functions_init(void)
+{
+    /* Initialize the pointer of mbedtls rom osi function table. */
+    extern mbedtls_rom_funcs_t *mbedtls_rom_osi_funcs_ptr;
+    mbedtls_rom_osi_funcs_ptr = (mbedtls_rom_funcs_t *)&mbedtls_rom_funcs_table;
+}