From 92b9474a71dd782094610557a28905913ef6ccda Mon Sep 17 00:00:00 2001 From: Jiang Guang Ming Date: Tue, 8 Aug 2023 20:58:44 +0800 Subject: [PATCH 1/4] feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM --- components/esp_rom/CMakeLists.txt | 6 +- .../esp_rom/esp32c2/Kconfig.soc_caps.in | 4 + components/esp_rom/esp32c2/esp_rom_caps.h | 1 + components/esp_rom/esp32c2/ld/esp32c2.rom.ld | 7 + .../esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.ld | 96 +++- components/mbedtls/CMakeLists.txt | 5 + components/mbedtls/Kconfig | 21 + .../port/mbedtls_rom/mbedtls_rom_osi.c | 187 ++++++ .../port/mbedtls_rom/mbedtls_rom_osi.h | 538 ++++++++++++++++++ 9 files changed, 859 insertions(+), 6 deletions(-) create mode 100644 components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c create mode 100644 components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h diff --git a/components/esp_rom/CMakeLists.txt b/components/esp_rom/CMakeLists.txt index 0ecf0f8629d..d9a30c530e0 100644 --- a/components/esp_rom/CMakeLists.txt +++ b/components/esp_rom/CMakeLists.txt @@ -114,7 +114,6 @@ if(BOOTLOADER_BUILD) elseif(target STREQUAL "esp32c2") rom_linker_script("newlib") - rom_linker_script("mbedtls") elseif(target STREQUAL "esp32c6") rom_linker_script("newlib") @@ -219,7 +218,10 @@ else() # Regular app build elseif(target STREQUAL "esp32c2") rom_linker_script("newlib") rom_linker_script("version") - rom_linker_script("mbedtls") + + if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL) + rom_linker_script("mbedtls") + endif() if(CONFIG_NEWLIB_NANO_FORMAT) # nano formatting functions in ROM are also built for 64-bit time_t. diff --git a/components/esp_rom/esp32c2/Kconfig.soc_caps.in b/components/esp_rom/esp32c2/Kconfig.soc_caps.in index 022578b6a3b..752cf25be62 100644 --- a/components/esp_rom/esp32c2/Kconfig.soc_caps.in +++ b/components/esp_rom/esp32c2/Kconfig.soc_caps.in @@ -62,3 +62,7 @@ config ESP_ROM_NEEDS_SET_CACHE_MMU_SIZE config ESP_ROM_RAM_APP_NEEDS_MMU_INIT bool default y + +config ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB + bool + default y diff --git a/components/esp_rom/esp32c2/esp_rom_caps.h b/components/esp_rom/esp32c2/esp_rom_caps.h index c62e783365f..8eacb1616c0 100644 --- a/components/esp_rom/esp32c2/esp_rom_caps.h +++ b/components/esp_rom/esp32c2/esp_rom_caps.h @@ -21,3 +21,4 @@ #define ESP_ROM_HAS_NEWLIB_NANO_FORMAT (1) // ROM has the newlib nano version of formatting functions #define ESP_ROM_NEEDS_SET_CACHE_MMU_SIZE (1) // ROM needs to set cache MMU size according to instruction and rodata for flash mmap #define ESP_ROM_RAM_APP_NEEDS_MMU_INIT (1) // ROM doesn't init cache MMU when it's a RAM APP, needs MMU hal to init +#define ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB (1) // ROM has the mbedtls crypto algorithm lib diff --git a/components/esp_rom/esp32c2/ld/esp32c2.rom.ld b/components/esp_rom/esp32c2/ld/esp32c2.rom.ld index 63b063ff5be..ac3a00ac4f8 100644 --- a/components/esp_rom/esp32c2/ld/esp32c2.rom.ld +++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.ld @@ -2330,3 +2330,10 @@ bt_bb_tx_cca_fifo_read = 0x40002654; coex_pti_v2 = 0x40002658; bt_bb_set_le_tx_on_delay = 0x4000265c; bt_bb_set_corr_thresh_le = 0x40002660; + +/*************************************** + Group rom_mbedtls md5 + ***************************************/ +mbedtls_md5_starts_ret = 0x40002be4; +mbedtls_md5_update_ret = 0x40002be8; +mbedtls_md5_finish_ret = 0x40002bec; diff --git a/components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.ld b/components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.ld index bc0f7b24b13..54f24e751c2 100644 --- a/components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.ld +++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.ld @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -19,7 +19,95 @@ ***************************************/ /* Functions */ -mbedtls_md5_starts_ret = 0x40002be4; -mbedtls_md5_update_ret = 0x40002be8; -mbedtls_md5_finish_ret = 0x40002bec; +mbedtls_aes_init = 0x40002664; +mbedtls_aes_free = 0x40002688; +mbedtls_aes_setkey_enc = 0x4000268c; +mbedtls_aes_setkey_dec = 0x40002690; +mbedtls_aes_crypt_ecb = 0x40002694; +mbedtls_aes_crypt_cbc = 0x40002698; +mbedtls_internal_aes_encrypt = 0x4000269c; +mbedtls_internal_aes_decrypt = 0x400026a0; +mbedtls_asn1_get_len = 0x400026a4; +mbedtls_asn1_get_tag = 0x400026a8; +mbedtls_asn1_get_bool = 0x400026ac; +mbedtls_asn1_get_int = 0x400026b0; +mbedtls_asn1_get_bitstring = 0x400026b4; +mbedtls_asn1_get_bitstring_null = 0x400026b8; +mbedtls_asn1_get_sequence_of = 0x400026bc; +mbedtls_asn1_get_mpi = 0x400026c0; +mbedtls_asn1_get_alg = 0x400026c4; +mbedtls_asn1_get_alg_null = 0x400026c8; +mbedtls_asn1_write_len = 0x400026cc; +mbedtls_asn1_write_tag = 0x400026d0; +mbedtls_asn1_write_mpi = 0x400026d4; +mbedtls_base64_decode = 0x400026d8; +mbedtls_ccm_star_encrypt_and_tag = 0x40002774; +mbedtls_ccm_star_auth_decrypt = 0x40002778; +mbedtls_cipher_init = 0x4000277c; +mbedtls_cipher_set_padding_mode = 0x40002780; +mbedtls_cipher_reset = 0x40002784; +mbedtls_cipher_finish = 0x40002788; +mbedtls_cipher_crypt = 0x4000278c; +mbedtls_cipher_cmac_starts = 0x40002790; +mbedtls_cipher_cmac_update = 0x40002794; +mbedtls_cipher_cmac_finish = 0x40002798; +mbedtls_ctr_drbg_init = 0x4000279c; +mbedtls_ctr_drbg_seed = 0x400027a0; +mbedtls_ctr_drbg_free = 0x400027a4; +mbedtls_ctr_drbg_reseed = 0x400027a8; +mbedtls_ctr_drbg_random_with_add = 0x400027ac; +mbedtls_ctr_drbg_random = 0x400027b0; +mbedtls_sha1_init = 0x40002a1c; +mbedtls_sha1_free = 0x40002a20; +mbedtls_sha1_clone = 0x40002a24; +mbedtls_sha1_starts = 0x40002a28; +mbedtls_sha1_finish = 0x40002a2c; +mbedtls_sha256_init = 0x40002a30; +mbedtls_sha256_free = 0x40002a34; +mbedtls_sha256_clone = 0x40002a38; +mbedtls_sha256_starts = 0x40002a3c; +mbedtls_sha256_finish = 0x40002a40; +mbedtls_sha256 = 0x40002a44; +mbedtls_sha512_init = 0x40002a48; +mbedtls_sha512_free = 0x40002a4c; +mbedtls_sha512_clone = 0x40002a50; +mbedtls_sha512_starts = 0x40002a54; +mbedtls_sha512_update = 0x40002a58; +mbedtls_sha512_finish = 0x40002a5c; +mbedtls_internal_sha512_process = 0x40002a60; +mbedtls_sha512 = 0x40002a64; +mbedtls_aes_xts_init = 0x40002b68; +mbedtls_aes_xts_free = 0x40002b6c; +mbedtls_aes_xts_setkey_enc = 0x40002b70; +mbedtls_aes_xts_setkey_dec = 0x40002b74; +mbedtls_aes_crypt_xts = 0x40002b78; +mbedtls_aes_crypt_cfb128 = 0x40002b7c; +mbedtls_aes_crypt_ofb = 0x40002b80; +mbedtls_aes_crypt_ctr = 0x40002b84; +mbedtls_ccm_init = 0x40002b98; +mbedtls_ccm_setkey = 0x40002b9c; +mbedtls_ccm_free = 0x40002ba0; +mbedtls_ccm_encrypt_and_tag = 0x40002ba4; +mbedtls_ccm_auth_decrypt = 0x40002ba8; +mbedtls_md5_init = 0x40002bd8; +mbedtls_md5_free = 0x40002bdc; +mbedtls_md5_clone = 0x40002be0; +mbedtls_md5_starts = 0x40002be4; +mbedtls_md5_update = 0x40002be8; +mbedtls_md5_finish = 0x40002bec; +mbedtls_internal_md5_process = 0x40002bf0; +mbedtls_md5 = 0x40002bf4; +mbedtls_sha1 = 0x40002c08; /* Data (.data, .bss, .rodata) */ +mbedtls_rom_osi_funcs_ptr = 0x3fcdfaa0; +AES_FSb_ptr = 0x3fcdfa9c; +AES_RT0_ptr = 0x3fcdfa98; +AES_RT1_ptr = 0x3fcdfa94; +AES_RT2_ptr = 0x3fcdfa90; +AES_RT3_ptr = 0x3fcdfa8c; +AES_FT0_ptr = 0x3fcdfa88; +AES_FT1_ptr = 0x3fcdfa84; +AES_FT2_ptr = 0x3fcdfa80; +AES_FT3_ptr = 0x3fcdfa7c; +bignum_small_prime_ptr = 0x3fcdfa78; +sha512_K_ptr = 0x3fcdfa74; diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index fcc47ebe725..8b756dc65b0 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -261,6 +261,11 @@ if(CONFIG_MBEDTLS_ROM_MD5) target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/md/esp_md.c") endif() +if(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/mbedtls_rom/mbedtls_rom_osi.c") + target_link_libraries(${COMPONENT_LIB} PRIVATE "-u mbedtls_rom_osi_functions_init") +endif() + foreach(target ${mbedtls_targets}) target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h") endforeach() diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 46bd1349375..99191f93db2 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -1052,4 +1052,25 @@ menu "mbedTLS" then the ESP will be unable to process keys greater than SOC_RSA_MAX_BIT_LEN. + config MBEDTLS_USE_CRYPTO_ROM_IMPL + bool "Use ROM implementation of the crypto algorithm" + depends on ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB && IDF_EXPERIMENTAL_FEATURES + default "n" + select MBEDTLS_SHA512_C + select MBEDTLS_AES_C + select MBEDTLS_CCM_C + select MBEDTLS_ROM_MD5 + select MBEDTLS_HARDWARE_SHA + help + Enable this flag to use mbedtls crypto algorithm from ROM instead of ESP-IDF. + + This configuration option saves flash footprint in the application binary. + Note that the version of mbedtls crypto algorithm library in ROM is v2.16.12. + We have done the security analysis of the mbedtls revision in ROM (v2.16.12) + and ensured that affected symbols have been patched (removed). If in the future + mbedtls revisions there are security issues that also affects the version in + ROM (v2.16.12) then we shall patch the relevant symbols. This would increase + the flash footprint and hence care must be taken to keep some reserved space + for the application binary in flash layout. + endmenu # mbedTLS diff --git a/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c b/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c new file mode 100644 index 00000000000..78fb4d479e8 --- /dev/null +++ b/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.c @@ -0,0 +1,187 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "mbedtls/platform.h" +#include "mbedtls_rom_osi.h" + +void mbedtls_rom_osi_functions_init(void); + +static void mbedtls_rom_mutex_init( mbedtls_threading_mutex_t *mutex ) +{ +#if (!defined(CONFIG_MBEDTLS_THREADING_C)) + ((void) mutex); + return; +#else + mbedtls_mutex_init(mutex); +#endif +} + +static void mbedtls_rom_mutex_free( mbedtls_threading_mutex_t *mutex ) +{ +#if (!defined(CONFIG_MBEDTLS_THREADING_C)) + ((void) mutex); + return; +#else + mbedtls_mutex_free(mutex); +#endif +} + +static int mbedtls_rom_mutex_lock( mbedtls_threading_mutex_t *mutex ) +{ +#if (!defined(CONFIG_MBEDTLS_THREADING_C)) + ((void) mutex); + return 0; +#else + return mbedtls_mutex_lock(mutex); +#endif +} + +static int mbedtls_rom_mutex_unlock( mbedtls_threading_mutex_t *mutex ) +{ +#if (!defined(CONFIG_MBEDTLS_THREADING_C)) + ((void) mutex); + return 0; +#else + return mbedtls_mutex_unlock(mutex); +#endif +} + +/* This structure can be automatically generated by the script with rom.mbedtls.ld. */ +static const mbedtls_rom_funcs_t mbedtls_rom_funcs_table = { + /* Fill the ROM functions into mbedtls rom function table. */ + /* aes module */ + ._rom_mbedtls_aes_init = mbedtls_aes_init, + ._rom_mbedtls_aes_free = mbedtls_aes_free, + ._rom_mbedtls_aes_setkey_enc = mbedtls_aes_setkey_enc, + ._rom_mbedtls_aes_setkey_dec = mbedtls_aes_setkey_dec, + ._rom_mbedtls_aes_crypt_ecb = mbedtls_aes_crypt_ecb, + ._rom_mbedtls_aes_crypt_cbc = mbedtls_aes_crypt_cbc, + ._rom_mbedtls_internal_aes_encrypt = mbedtls_internal_aes_encrypt, + ._rom_mbedtls_internal_aes_decrypt = mbedtls_internal_aes_decrypt, + /* asn1 module */ + ._rom_mbedtls_asn1_get_len = mbedtls_asn1_get_len, + ._rom_mbedtls_asn1_get_tag = mbedtls_asn1_get_tag, + ._rom_mbedtls_asn1_get_bool = mbedtls_asn1_get_bool, + ._rom_mbedtls_asn1_get_int = mbedtls_asn1_get_int, + ._rom_mbedtls_asn1_get_bitstring = mbedtls_asn1_get_bitstring, + ._rom_mbedtls_asn1_get_bitstring_null = mbedtls_asn1_get_bitstring_null, + ._rom_mbedtls_asn1_get_sequence_of = mbedtls_asn1_get_sequence_of, + ._rom_mbedtls_asn1_get_mpi = mbedtls_asn1_get_mpi, + ._rom_mbedtls_asn1_get_alg = mbedtls_asn1_get_alg, + ._rom_mbedtls_asn1_get_alg_null = mbedtls_asn1_get_alg_null, + ._rom_mbedtls_asn1_write_len = mbedtls_asn1_write_len, + ._rom_mbedtls_asn1_write_tag = mbedtls_asn1_write_tag, + ._rom_mbedtls_asn1_write_mpi = mbedtls_asn1_write_mpi, + /* base64 moudle */ + ._rom_mbedtls_base64_decode = mbedtls_base64_decode, + /* bignum module */ + ._rom_mbedtls_mpi_init = mbedtls_mpi_init, + ._rom_mbedtls_mpi_free = mbedtls_mpi_free, + ._rom_mbedtls_mpi_grow = mbedtls_mpi_grow, + ._rom_mbedtls_mpi_shrink = mbedtls_mpi_shrink, + ._rom_mbedtls_mpi_copy = mbedtls_mpi_copy, + ._rom_mbedtls_mpi_safe_cond_assign = mbedtls_mpi_safe_cond_assign, + ._rom_mbedtls_mpi_safe_cond_swap = mbedtls_mpi_safe_cond_swap, + ._rom_mbedtls_mpi_lset = mbedtls_mpi_lset, + ._rom_mbedtls_mpi_get_bit = mbedtls_mpi_get_bit, + ._rom_mbedtls_mpi_set_bit = mbedtls_mpi_set_bit, + ._rom_mbedtls_mpi_lsb = mbedtls_mpi_lsb, + ._rom_mbedtls_mpi_bitlen = mbedtls_mpi_bitlen, + ._rom_mbedtls_mpi_size = mbedtls_mpi_size, + ._rom_mbedtls_mpi_read_binary = mbedtls_mpi_read_binary, + ._rom_mbedtls_mpi_write_binary = mbedtls_mpi_write_binary, + ._rom_mbedtls_mpi_shift_l = mbedtls_mpi_shift_l, + ._rom_mbedtls_mpi_shift_r = mbedtls_mpi_shift_r, + ._rom_mbedtls_mpi_cmp_abs = mbedtls_mpi_cmp_abs, + ._rom_mbedtls_mpi_cmp_mpi = mbedtls_mpi_cmp_mpi, + ._rom_mbedtls_mpi_lt_mpi_ct = mbedtls_mpi_lt_mpi_ct, + ._rom_mbedtls_mpi_cmp_int = mbedtls_mpi_cmp_int, + ._rom_mbedtls_mpi_add_abs = mbedtls_mpi_add_abs, + ._rom_mbedtls_mpi_sub_abs = mbedtls_mpi_sub_abs, + ._rom_mbedtls_mpi_add_mpi = mbedtls_mpi_add_mpi, + ._rom_mbedtls_mpi_sub_mpi = mbedtls_mpi_sub_mpi, + ._rom_mbedtls_mpi_add_int = mbedtls_mpi_add_int, + ._rom_mbedtls_mpi_sub_int = mbedtls_mpi_sub_int, + ._rom_mbedtls_mpi_mul_mpi = mbedtls_mpi_mul_mpi, + ._rom_mbedtls_mpi_mul_int = mbedtls_mpi_mul_int, + ._rom_mbedtls_mpi_div_mpi = mbedtls_mpi_div_mpi, + ._rom_mbedtls_mpi_div_int = mbedtls_mpi_div_int, + ._rom_mbedtls_mpi_mod_mpi = mbedtls_mpi_mod_mpi, + ._rom_mbedtls_mpi_mod_int = mbedtls_mpi_mod_int, + ._rom_mbedtls_mpi_exp_mod = mbedtls_mpi_exp_mod, + ._rom_mbedtls_mpi_fill_random = mbedtls_mpi_fill_random, + ._rom_mbedtls_mpi_gcd = mbedtls_mpi_gcd, + ._rom_mbedtls_mpi_inv_mod = mbedtls_mpi_inv_mod, + ._rom_mbedtls_mpi_is_prime_ext = mbedtls_mpi_is_prime_ext, + /* ccm module */ + ._rom_mbedtls_ccm_star_encrypt_and_tag = mbedtls_ccm_star_encrypt_and_tag, + ._rom_mbedtls_ccm_star_auth_decrypt = mbedtls_ccm_star_auth_decrypt, + /* cipher module */ + ._rom_mbedtls_cipher_init = mbedtls_cipher_init, + ._rom_mbedtls_cipher_set_padding_mode = mbedtls_cipher_set_padding_mode, + ._rom_mbedtls_cipher_reset = mbedtls_cipher_reset, + ._rom_mbedtls_cipher_finish = mbedtls_cipher_finish, + ._rom_mbedtls_cipher_crypt = mbedtls_cipher_crypt, + ._rom_mbedtls_cipher_cmac_starts = mbedtls_cipher_cmac_starts, + ._rom_mbedtls_cipher_cmac_update = mbedtls_cipher_cmac_update, + ._rom_mbedtls_cipher_cmac_finish = mbedtls_cipher_cmac_finish, + /* ctr drbg module */ + ._rom_mbedtls_ctr_drbg_init = mbedtls_ctr_drbg_init, + ._rom_mbedtls_ctr_drbg_seed = mbedtls_ctr_drbg_seed, + ._rom_mbedtls_ctr_drbg_free = mbedtls_ctr_drbg_free, + ._rom_mbedtls_ctr_drbg_reseed = mbedtls_ctr_drbg_reseed, + ._rom_mbedtls_ctr_drbg_random_with_add = mbedtls_ctr_drbg_random_with_add, + ._rom_mbedtls_ctr_drbg_random = mbedtls_ctr_drbg_random, + /* sha1 module */ + ._rom_mbedtls_sha1_init = mbedtls_sha1_init, + ._rom_mbedtls_sha1_free = mbedtls_sha1_free, + ._rom_mbedtls_sha1_clone = mbedtls_sha1_clone, + ._rom_mbedtls_sha1_starts = mbedtls_sha1_starts, + ._rom_mbedtls_sha1_finish = mbedtls_sha1_finish, + /* sha256 module */ + ._rom_mbedtls_sha256_init = mbedtls_sha256_init, + ._rom_mbedtls_sha256_free = mbedtls_sha256_free, + ._rom_mbedtls_sha256_clone = mbedtls_sha256_clone, + ._rom_mbedtls_sha256_starts = mbedtls_sha256_starts, + ._rom_mbedtls_sha256_finish = mbedtls_sha256_finish, + ._rom_mbedtls_sha256 = mbedtls_sha256, + /* sha512 module */ + ._rom_mbedtls_sha512_init = mbedtls_sha512_init, + ._rom_mbedtls_sha512_free = mbedtls_sha512_free, + ._rom_mbedtls_sha512_clone = mbedtls_sha512_clone, + ._rom_mbedtls_sha512_starts = mbedtls_sha512_starts, + ._rom_mbedtls_sha512_update = mbedtls_sha512_update, + ._rom_mbedtls_sha512_finish = mbedtls_sha512_finish, + ._rom_mbedtls_internal_sha512_process = mbedtls_internal_sha512_process, + ._rom_mbedtls_sha512 = mbedtls_sha512, + + /* Fill the platform functions into mbedtls rom function table. */ + ._mbedtls_mutex_init = mbedtls_rom_mutex_init, + ._mbedtls_mutex_free = mbedtls_rom_mutex_free, + ._mbedtls_mutex_lock = mbedtls_rom_mutex_lock, + ._mbedtls_mutex_unlock = mbedtls_rom_mutex_unlock, + ._mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC, + ._mbedtls_free = MBEDTLS_PLATFORM_STD_FREE, + + /* Fill the SHA functions into mbedtls rom function table, since these functions are not exported in the ROM interface. */ + ._mbedtls_sha1_update = mbedtls_sha1_update, + ._mbedtls_internal_sha1_process = mbedtls_internal_sha1_process, + ._mbedtls_sha256_update = mbedtls_sha256_update, + ._mbedtls_internal_sha256_process = mbedtls_internal_sha256_process, +}; + +__attribute__((constructor)) void mbedtls_rom_osi_functions_init(void) +{ + /* Initialize the pointer of mbedtls rom osi function table. */ + extern mbedtls_rom_funcs_t *mbedtls_rom_osi_funcs_ptr; + mbedtls_rom_osi_funcs_ptr = (mbedtls_rom_funcs_t *)&mbedtls_rom_funcs_table; +} diff --git a/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h b/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h new file mode 100644 index 00000000000..42dddc325cf --- /dev/null +++ b/components/mbedtls/port/mbedtls_rom/mbedtls_rom_osi.h @@ -0,0 +1,538 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#include "mbedtls/aes.h" +#include "mbedtls/asn1.h" +#include "mbedtls/asn1write.h" +#include "mbedtls/base64.h" +#include "mbedtls/bignum.h" +#include "mbedtls/ccm.h" +#include "mbedtls/cipher.h" +#include "mbedtls/cmac.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/dhm.h" +#include "mbedtls/ecdh.h" +#include "mbedtls/ecdsa.h" +#include "mbedtls/ecjpake.h" +#include "mbedtls/ecp.h" +#include "mbedtls/entropy.h" +#include "mbedtls/hmac_drbg.h" +#include "mbedtls/md.h" +#include "mbedtls/oid.h" +#include "mbedtls/pem.h" +#include "mbedtls/pkcs12.h" +#include "mbedtls/pkcs5.h" +#include "mbedtls/pk.h" +#include "mbedtls/platform.h" +#include "mbedtls/rsa.h" +#include "mbedtls/sha1.h" +#include "mbedtls/sha256.h" +#include "mbedtls/sha512.h" +#include "mbedtls/ssl_ciphersuites.h" +#include "mbedtls/ssl.h" +#include "mbedtls/x509_crt.h" +#include "mbedtls/x509.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#if (!defined(CONFIG_MBEDTLS_THREADING_C)) +typedef struct mbedtls_threading_mutex_t { + int dummy; +} mbedtls_threading_mutex_t; +#endif + +typedef struct mbedtls_rom_funcs { + void (*_rom_mbedtls_aes_init)( mbedtls_aes_context *ctx ); + int (*_rom_ssl_write_client_hello)( mbedtls_ssl_context *ssl ); + int (*_rom_ssl_parse_server_hello)( mbedtls_ssl_context *ssl ); + int (*_rom_ssl_parse_server_key_exchange)( mbedtls_ssl_context *ssl ); + int (*_rom_ssl_parse_certificate_request)( mbedtls_ssl_context *ssl ); + int (*_rom_ssl_parse_server_hello_done)( mbedtls_ssl_context *ssl ); + int (*_rom_ssl_write_client_key_exchange)( mbedtls_ssl_context *ssl ); + int (*_rom_ssl_write_certificate_verify)( mbedtls_ssl_context *ssl ); + int (*_rom_ssl_parse_new_session_ticket)( mbedtls_ssl_context *ssl ); + void (*_rom_mbedtls_aes_free)( mbedtls_aes_context *ctx ); + int (*_rom_mbedtls_aes_setkey_enc)( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); + int (*_rom_mbedtls_aes_setkey_dec)( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); + int (*_rom_mbedtls_aes_crypt_ecb)( mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] ); + int (*_rom_mbedtls_aes_crypt_cbc)( mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output ); + int (*_rom_mbedtls_internal_aes_encrypt)( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); + int (*_rom_mbedtls_internal_aes_decrypt)( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); + int (*_rom_mbedtls_asn1_get_len)( unsigned char **p, const unsigned char *end, size_t *len ); + int (*_rom_mbedtls_asn1_get_tag)( unsigned char **p, const unsigned char *end, size_t *len, int tag ); + int (*_rom_mbedtls_asn1_get_bool)( unsigned char **p, const unsigned char *end, int *val ); + int (*_rom_mbedtls_asn1_get_int)( unsigned char **p, const unsigned char *end, int *val ); + int (*_rom_mbedtls_asn1_get_bitstring)( unsigned char **p, const unsigned char *end, mbedtls_asn1_bitstring *bs); + int (*_rom_mbedtls_asn1_get_bitstring_null)( unsigned char **p, const unsigned char *end, size_t *len ); + int (*_rom_mbedtls_asn1_get_sequence_of)( unsigned char **p, const unsigned char *end, mbedtls_asn1_sequence *cur, int tag); + int (*_rom_mbedtls_asn1_get_mpi)( unsigned char **p, const unsigned char *end, mbedtls_mpi *X ); + int (*_rom_mbedtls_asn1_get_alg)( unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ); + int (*_rom_mbedtls_asn1_get_alg_null)( unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg ); + int (*_rom_mbedtls_asn1_write_len)( unsigned char **p, const unsigned char *start, size_t len ); + int (*_rom_mbedtls_asn1_write_tag)( unsigned char **p, const unsigned char *start, unsigned char tag ); + int (*_rom_mbedtls_asn1_write_mpi)( unsigned char **p, const unsigned char *start, const mbedtls_mpi *X ); + int (*_rom_mbedtls_base64_decode)( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ); + void (*_rom_mbedtls_mpi_init)( mbedtls_mpi *X ); + void (*_rom_mbedtls_mpi_free)( mbedtls_mpi *X ); + int (*_rom_mbedtls_mpi_grow)( mbedtls_mpi *X, size_t nblimbs ); + int (*_rom_mbedtls_mpi_shrink)( mbedtls_mpi *X, size_t nblimbs ); + int (*_rom_mbedtls_mpi_copy)( mbedtls_mpi *X, const mbedtls_mpi *Y ); + int (*_rom_mbedtls_mpi_safe_cond_assign)( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ); + int (*_rom_mbedtls_mpi_safe_cond_swap)( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign ); + int (*_rom_mbedtls_mpi_lset)( mbedtls_mpi *X, mbedtls_mpi_sint z ); + int (*_rom_mbedtls_mpi_get_bit)( const mbedtls_mpi *X, size_t pos ); + int (*_rom_mbedtls_mpi_set_bit)( mbedtls_mpi *X, size_t pos, unsigned char val ); + size_t (*_rom_mbedtls_mpi_lsb)( const mbedtls_mpi *X ); + size_t (*_rom_mbedtls_mpi_bitlen)( const mbedtls_mpi *X ); + size_t (*_rom_mbedtls_mpi_size)( const mbedtls_mpi *X ); + int (*_rom_mbedtls_mpi_read_binary)( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ); + int (*_rom_mbedtls_mpi_write_binary)( const mbedtls_mpi *X, unsigned char *buf, size_t buflen ); + int (*_rom_mbedtls_mpi_shift_l)( mbedtls_mpi *X, size_t count ); + int (*_rom_mbedtls_mpi_shift_r)( mbedtls_mpi *X, size_t count ); + int (*_rom_mbedtls_mpi_cmp_abs)( const mbedtls_mpi *X, const mbedtls_mpi *Y ); + int (*_rom_mbedtls_mpi_cmp_mpi)( const mbedtls_mpi *X, const mbedtls_mpi *Y ); + int (*_rom_mbedtls_mpi_lt_mpi_ct)( const mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned *ret ); + int (*_rom_mbedtls_mpi_cmp_int)( const mbedtls_mpi *X, mbedtls_mpi_sint z ); + int (*_rom_mbedtls_mpi_add_abs)( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); + int (*_rom_mbedtls_mpi_sub_abs)( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); + int (*_rom_mbedtls_mpi_add_mpi)( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); + int (*_rom_mbedtls_mpi_sub_mpi)( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); + int (*_rom_mbedtls_mpi_add_int)( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ); + int (*_rom_mbedtls_mpi_sub_int)( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ); + int (*_rom_mbedtls_mpi_mul_mpi)( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ); + int (*_rom_mbedtls_mpi_mul_int)( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b ); + int (*_rom_mbedtls_mpi_div_mpi)( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ); + int (*_rom_mbedtls_mpi_div_int)( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b ); + int (*_rom_mbedtls_mpi_mod_mpi)( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ); + int (*_rom_mbedtls_mpi_mod_int)( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b ); + int (*_rom_mbedtls_mpi_exp_mod)( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR ); + int (*_rom_mbedtls_mpi_fill_random)( mbedtls_mpi *X, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_mpi_gcd)( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ); + int (*_rom_mbedtls_mpi_inv_mod)( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ); + int (*_rom_mbedtls_mpi_is_prime_ext)( const mbedtls_mpi *X, int rounds, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_ccm_star_encrypt_and_tag)( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ); + int (*_rom_mbedtls_ccm_star_auth_decrypt)( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ); + void (*_rom_mbedtls_cipher_init)( mbedtls_cipher_context_t *ctx ); + int (*_rom_mbedtls_cipher_set_padding_mode)( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ); + int (*_rom_mbedtls_cipher_reset)( mbedtls_cipher_context_t *ctx ); + int (*_rom_mbedtls_cipher_finish)( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ); + int (*_rom_mbedtls_cipher_crypt)( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ); + int (*_rom_mbedtls_cipher_cmac_starts)( mbedtls_cipher_context_t *ctx, const unsigned char *key, size_t keybits ); + int (*_rom_mbedtls_cipher_cmac_update)( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen ); + int (*_rom_mbedtls_cipher_cmac_finish)( mbedtls_cipher_context_t *ctx, unsigned char *output ); + void (*_rom_mbedtls_ctr_drbg_init)( mbedtls_ctr_drbg_context *ctx ); + int (*_rom_mbedtls_ctr_drbg_seed)( mbedtls_ctr_drbg_context *ctx, int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len ); + void (*_rom_mbedtls_ctr_drbg_free)( mbedtls_ctr_drbg_context *ctx ); + int (*_rom_mbedtls_ctr_drbg_reseed)( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len ); + int (*_rom_mbedtls_ctr_drbg_random_with_add)( void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len ); + int (*_rom_mbedtls_ctr_drbg_random)( void *p_rng, unsigned char *output, size_t output_len ); + void (*_rom_mbedtls_dhm_init)( mbedtls_dhm_context *ctx ); + int (*_rom_mbedtls_dhm_read_params)( mbedtls_dhm_context *ctx, unsigned char **p, const unsigned char *end ); + int (*_rom_mbedtls_dhm_make_public)( mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_dhm_calc_secret)( mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + void (*_rom_mbedtls_dhm_free)( mbedtls_dhm_context *ctx ); + void (*_rom_mbedtls_ecdh_init)( mbedtls_ecdh_context *ctx ); + int (*_rom_mbedtls_ecdh_setup)( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ); + void (*_rom_mbedtls_ecdh_free)( mbedtls_ecdh_context *ctx ); + int (*_rom_mbedtls_ecdh_read_params)( mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end ); + int (*_rom_mbedtls_ecdh_get_params)( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side ); + int (*_rom_mbedtls_ecdh_make_public)( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_ecdh_calc_secret)( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + void (*_rom_mbedtls_ecdh_enable_restart)( mbedtls_ecdh_context *ctx ); + int (*_rom_mbedtls_ecdsa_write_signature)( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_ecdsa_write_signature_restartable)( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecdsa_restart_ctx *rs_ctx ); + int (*_rom_mbedtls_ecdsa_read_signature)( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen ); + int (*_rom_mbedtls_ecdsa_read_signature_restartable)( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen, mbedtls_ecdsa_restart_ctx *rs_ctx ); + int (*_rom_mbedtls_ecdsa_from_keypair)( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ); + void (*_rom_mbedtls_ecdsa_init)( mbedtls_ecdsa_context *ctx ); + void (*_rom_mbedtls_ecdsa_free)( mbedtls_ecdsa_context *ctx ); + void (*_rom_mbedtls_ecdsa_restart_init)( mbedtls_ecdsa_restart_ctx *ctx ); + void (*_rom_mbedtls_ecdsa_restart_free)( mbedtls_ecdsa_restart_ctx *ctx ); + void (*_rom_mbedtls_ecjpake_init)( mbedtls_ecjpake_context *ctx ); + int (*_rom_mbedtls_ecjpake_check)( const mbedtls_ecjpake_context *ctx ); + int (*_rom_mbedtls_ecjpake_write_round_one)( mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_ecjpake_read_round_one)( mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len ); + int (*_rom_mbedtls_ecjpake_write_round_two)( mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_ecjpake_read_round_two)( mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len ); + int (*_rom_mbedtls_ecjpake_derive_secret)( mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + void (*_rom_mbedtls_ecjpake_free)( mbedtls_ecjpake_context *ctx ); + int (*_rom_mbedtls_ecp_check_budget)( const mbedtls_ecp_group *grp, mbedtls_ecp_restart_ctx *rs_ctx, unsigned ops ); + int (*_rom_mbedtls_ecp_restart_is_enabled)( void ); + const mbedtls_ecp_curve_info *(*_rom_mbedtls_ecp_curve_list)( void ); + const mbedtls_ecp_group_id *(*_rom_mbedtls_ecp_grp_id_list)( void ); + const mbedtls_ecp_curve_info *(*_rom_mbedtls_ecp_curve_info_from_grp_id)( mbedtls_ecp_group_id grp_id ); + const mbedtls_ecp_curve_info *(*_rom_mbedtls_ecp_curve_info_from_tls_id)( uint16_t tls_id ); + void (*_rom_mbedtls_ecp_point_init)( mbedtls_ecp_point *pt ); + void (*_rom_mbedtls_ecp_group_init)( mbedtls_ecp_group *grp ); + void (*_rom_mbedtls_ecp_keypair_init)( mbedtls_ecp_keypair *key ); + void (*_rom_mbedtls_ecp_point_free)( mbedtls_ecp_point *pt ); + void (*_rom_mbedtls_ecp_group_free)( mbedtls_ecp_group *grp ); + void (*_rom_mbedtls_ecp_keypair_free)( mbedtls_ecp_keypair *key ); + void (*_rom_mbedtls_ecp_restart_init)( mbedtls_ecp_restart_ctx *ctx ); + void (*_rom_mbedtls_ecp_restart_free)( mbedtls_ecp_restart_ctx *ctx ); + int (*_rom_mbedtls_ecp_copy)( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); + int (*_rom_mbedtls_ecp_group_copy)( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ); + int (*_rom_mbedtls_ecp_set_zero)( mbedtls_ecp_point *pt ); + int (*_rom_mbedtls_ecp_is_zero)( mbedtls_ecp_point *pt ); + int (*_rom_mbedtls_ecp_point_cmp)( const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); + int (*_rom_mbedtls_ecp_point_write_binary)( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen ); + int (*_rom_mbedtls_ecp_point_read_binary)( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen ); + int (*_rom_mbedtls_ecp_tls_read_point)( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len ); + int (*_rom_mbedtls_ecp_tls_write_point)( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen ); + int (*_rom_mbedtls_ecp_group_load)( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); + int (*_rom_mbedtls_ecp_tls_read_group)( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); + int (*_rom_mbedtls_ecp_tls_read_group_id)( mbedtls_ecp_group_id *grp, const unsigned char **buf, size_t len ); + int (*_rom_mbedtls_ecp_tls_write_group)( const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen ); + int (*_rom_mbedtls_ecp_mul)( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_ecp_mul_restartable)( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ); + int (*_rom_mbedtls_ecp_muladd)( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); + int (*_rom_mbedtls_ecp_muladd_restartable)( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q, mbedtls_ecp_restart_ctx *rs_ctx ); + int (*_rom_mbedtls_ecp_check_pubkey)( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); + int (*_rom_mbedtls_ecp_check_privkey)( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); + int (*_rom_mbedtls_ecp_gen_privkey)( const mbedtls_ecp_group *grp, mbedtls_mpi *d, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_ecp_gen_keypair_base)( mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_ecp_check_pub_priv)( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); + int (*_rom_mbedtls_reserved0)(void); + int (*_rom_mbedtls_reserved1)(void); + int (*_rom_mbedtls_gcm_crypt_and_tag)( mbedtls_gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag ); + int (*_rom_mbedtls_gcm_starts)( mbedtls_gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len ); + int (*_rom_mbedtls_gcm_update)( mbedtls_gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output ); + int (*_rom_mbedtls_gcm_finish)( mbedtls_gcm_context *ctx, unsigned char *tag, size_t tag_len ); + void (*_rom_mbedtls_hmac_drbg_init)( mbedtls_hmac_drbg_context *ctx ); + int (*_rom_mbedtls_hmac_drbg_seed_buf)( mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t * md_info, const unsigned char *data, size_t data_len ); + int (*_rom_mbedtls_hmac_drbg_update_ret)( mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len ); + int (*_rom_mbedtls_hmac_drbg_reseed)( mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t len ); + int (*_rom_mbedtls_hmac_drbg_random_with_add)( void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len ); + int (*_rom_mbedtls_hmac_drbg_random)( void *p_rng, unsigned char *output, size_t out_len ); + void (*_rom_mbedtls_hmac_drbg_free)( mbedtls_hmac_drbg_context *ctx ); + const int *(*_rom_mbedtls_md_list)( void ); + void (*_rom_mbedtls_md_init)( mbedtls_md_context_t *ctx ); + void (*_rom_mbedtls_md_free)( mbedtls_md_context_t *ctx ); + int (*_rom_mbedtls_md_setup)( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); + int (*_rom_mbedtls_md_clone)( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ); + unsigned char (*_rom_mbedtls_md_get_size)( const mbedtls_md_info_t *md_info ); + mbedtls_md_type_t (*_rom_mbedtls_md_get_type)( const mbedtls_md_info_t *md_info ); + int (*_rom_mbedtls_md_starts)( mbedtls_md_context_t *ctx ); + int (*_rom_mbedtls_md_update)( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); + int (*_rom_mbedtls_md_finish)( mbedtls_md_context_t *ctx, unsigned char *output ); + int (*_rom_mbedtls_md)( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output ); + int (*_rom_mbedtls_md_hmac_starts)( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ); + int (*_rom_mbedtls_md_hmac_update)( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); + int (*_rom_mbedtls_md_hmac_finish)( mbedtls_md_context_t *ctx, unsigned char *output); + int (*_rom_mbedtls_md_hmac_reset)( mbedtls_md_context_t *ctx ); + int (*_rom_mbedtls_oid_get_x509_ext_type)( const mbedtls_asn1_buf *oid, int *ext_type ); + int (*_rom_mbedtls_oid_get_pk_alg)( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg ); + int (*_rom_mbedtls_oid_get_ec_grp)( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id ); + int (*_rom_mbedtls_oid_get_sig_alg)( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg ); + int (*_rom_mbedtls_oid_get_md_alg)( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg ); + int (*_rom_mbedtls_oid_get_md_hmac)( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac ); + int (*_rom_mbedtls_oid_get_oid_by_md)( mbedtls_md_type_t md_alg, const char **oid, size_t *olen ); + int (*_rom_mbedtls_oid_get_cipher_alg)( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg ); + int (*_rom_mbedtls_oid_get_pkcs12_pbe_alg)( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, mbedtls_cipher_type_t *cipher_alg ); + void (*_rom_mbedtls_pem_init)( void *ctx ); + void (*_rom_mbedtls_pem_free)( void *ctx ); + int (*_rom_mbedtls_pkcs12_pbe_sha1_rc4_128)( mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output ); + int (*_rom_mbedtls_pkcs12_pbe)( mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output ); + int (*_rom_mbedtls_pkcs12_derivation)( unsigned char *data, size_t datalen, const unsigned char *pwd, size_t pwdlen, const unsigned char *salt, size_t saltlen, mbedtls_md_type_t mbedtls_md, int id, int iterations ); + int (*_rom_mbedtls_pkcs5_pbes2)( const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output ); + int (*_rom_mbedtls_pkcs5_pbkdf2_hmac)( mbedtls_md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, unsigned int iteration_count, uint32_t key_length, unsigned char *output ); + const mbedtls_pk_info_t *(*_rom_mbedtls_pk_info_from_type)( mbedtls_pk_type_t pk_type ); + void (*_rom_mbedtls_pk_init)( mbedtls_pk_context *ctx ); + void (*_rom_mbedtls_pk_free)( mbedtls_pk_context *ctx ); + void (*_rom_mbedtls_pk_restart_init)( mbedtls_pk_restart_ctx *ctx ); + void (*_rom_mbedtls_pk_restart_free)( mbedtls_pk_restart_ctx *ctx ); + int (*_rom_mbedtls_pk_setup)( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); + int (*_rom_mbedtls_pk_can_do)( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); + int (*_rom_mbedtls_pk_verify)( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ); + int (*_rom_mbedtls_pk_verify_restartable)( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx ); + int (*_rom_mbedtls_pk_verify_ext)( mbedtls_pk_type_t type, const void *options, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ); + int (*_rom_mbedtls_pk_sign_restartable)( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_pk_restart_ctx *rs_ctx ); + int (*_rom_mbedtls_pk_encrypt)( mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + mbedtls_pk_type_t (*_rom_mbedtls_pk_get_type)( const mbedtls_pk_context *ctx ); + int (*_rom_mbedtls_pk_parse_subpubkey)( unsigned char **p, const unsigned char *end, mbedtls_pk_context *pk ); + void (*_rom_mbedtls_rsa_init)( mbedtls_rsa_context *ctx ); + int (*_rom_mbedtls_rsa_import)( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E ); + int (*_rom_mbedtls_rsa_import_raw)( mbedtls_rsa_context *ctx, unsigned char const *N, size_t N_len, unsigned char const *P, size_t P_len, unsigned char const *Q, size_t Q_len, unsigned char const *D, size_t D_len, unsigned char const *E, size_t E_len ); + int (*_rom_mbedtls_rsa_complete)( mbedtls_rsa_context *ctx ); + int (*_rom_mbedtls_rsa_set_padding)( mbedtls_rsa_context *ctx, int padding, mbedtls_md_type_t hash_id ); + size_t (*_rom_mbedtls_rsa_get_len)( const mbedtls_rsa_context *ctx ); + int (*_rom_mbedtls_rsa_check_pubkey)( const mbedtls_rsa_context *ctx ); + int (*_rom_mbedtls_rsa_check_privkey)( const mbedtls_rsa_context *ctx ); + int (*_rom_mbedtls_rsa_check_pub_priv)( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); + int (*_rom_mbedtls_rsa_public)( mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output ); + int (*_rom_mbedtls_rsa_private)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, const unsigned char *input, unsigned char *output ); + int (*_rom_mbedtls_rsa_pkcs1_encrypt)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output ); + int (*_rom_mbedtls_rsa_rsaes_pkcs1_v15_encrypt)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output ); + int (*_rom_mbedtls_rsa_rsaes_oaep_encrypt)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, unsigned char *output ); + int (*_rom_mbedtls_rsa_pkcs1_decrypt)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ); + int (*_rom_mbedtls_rsa_rsaes_pkcs1_v15_decrypt)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ); + int (*_rom_mbedtls_rsa_rsaes_oaep_decrypt)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ); + int (*_rom_mbedtls_rsa_pkcs1_sign)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ); + int (*_rom_mbedtls_rsa_rsassa_pkcs1_v15_sign)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ); + int (*_rom_mbedtls_rsa_rsassa_pss_sign)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ); + int (*_rom_mbedtls_rsa_pkcs1_verify)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig ); + int (*_rom_mbedtls_rsa_rsassa_pkcs1_v15_verify)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig ); + int (*_rom_mbedtls_rsa_rsassa_pss_verify)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig ); + int (*_rom_mbedtls_rsa_rsassa_pss_verify_ext)( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, mbedtls_md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig ); + void (*_rom_mbedtls_rsa_free)( mbedtls_rsa_context *ctx ); + int (*_rom_mbedtls_rsa_deduce_primes)( mbedtls_mpi const *N, mbedtls_mpi const *E, mbedtls_mpi const *D, mbedtls_mpi *P, mbedtls_mpi *Q ); + int (*_rom_mbedtls_rsa_deduce_private_exponent)( mbedtls_mpi const *P, mbedtls_mpi const *Q, mbedtls_mpi const *E, mbedtls_mpi *D ); + int (*_rom_mbedtls_rsa_deduce_crt)( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); + int (*_rom_mbedtls_rsa_validate_params)( const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + int (*_rom_mbedtls_rsa_validate_crt)( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *DP, const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); + void (*_rom_mbedtls_sha1_init)( mbedtls_sha1_context *ctx ); + void (*_rom_mbedtls_sha1_free)( mbedtls_sha1_context *ctx ); + void (*_rom_mbedtls_sha1_clone)( mbedtls_sha1_context *dst, const mbedtls_sha1_context *src ); + int (*_rom_mbedtls_sha1_starts)( mbedtls_sha1_context *ctx ); + int (*_rom_mbedtls_sha1_finish)( mbedtls_sha1_context *ctx, unsigned char output[20] ); + void (*_rom_mbedtls_sha256_init)( mbedtls_sha256_context *ctx ); + void (*_rom_mbedtls_sha256_free)( mbedtls_sha256_context *ctx ); + void (*_rom_mbedtls_sha256_clone)( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ); + int (*_rom_mbedtls_sha256_starts)( mbedtls_sha256_context *ctx, int is224 ); + int (*_rom_mbedtls_sha256_finish)( mbedtls_sha256_context *ctx, unsigned char output[32] ); + int (*_rom_mbedtls_sha256)( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ); + void (*_rom_mbedtls_sha512_init)( mbedtls_sha512_context *ctx ); + void (*_rom_mbedtls_sha512_free)( mbedtls_sha512_context *ctx ); + void (*_rom_mbedtls_sha512_clone)( mbedtls_sha512_context *dst, const mbedtls_sha512_context *src ); + int (*_rom_mbedtls_sha512_starts)( mbedtls_sha512_context *ctx, int is384 ); + int (*_rom_mbedtls_sha512_update)( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ); + int (*_rom_mbedtls_sha512_finish)( mbedtls_sha512_context *ctx, unsigned char output[64] ); + int (*_rom_mbedtls_internal_sha512_process)( mbedtls_sha512_context *ctx, const unsigned char data[128] ); + int (*_rom_mbedtls_sha512)( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ); + void (*_rom_mbedtls_ssl_conf_endpoint)( mbedtls_ssl_config *conf, int endpoint ); + void (*_rom_mbedtls_ssl_conf_transport)( mbedtls_ssl_config *conf, int transport ); + void (*_rom_mbedtls_ssl_set_bio)( mbedtls_ssl_context *ssl, void *p_bio, mbedtls_ssl_send_t *f_send, mbedtls_ssl_recv_t *f_recv, mbedtls_ssl_recv_timeout_t *f_recv_timeout ); + int (*_rom_mbedtls_ssl_conf_dh_param_bin)( mbedtls_ssl_config *conf, const unsigned char *dhm_P, size_t P_len, const unsigned char *dhm_G, size_t G_len ); + size_t (*_rom_mbedtls_ssl_get_max_frag_len)( const mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_get_max_out_record_payload)( const mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_handshake)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_handshake_step)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_renegotiate)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_send_alert_message)( mbedtls_ssl_context *ssl, unsigned char level, unsigned char message ); + int (*_rom_mbedtls_ssl_config_defaults)( mbedtls_ssl_config *conf, int endpoint, int transport, int preset ); + void (*_rom_mbedtls_ssl_session_init)( mbedtls_ssl_session *session ); + void (*_rom_mbedtls_ssl_session_free)( mbedtls_ssl_session *session ); + void (*_rom_mbedtls_ssl_transform_free)( mbedtls_ssl_transform *transform ); + void (*_rom_mbedtls_ssl_handshake_free)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_handshake_client_step)( mbedtls_ssl_context *ssl ); + void (*_rom_mbedtls_ssl_handshake_wrapup)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_derive_keys)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_handle_message_type)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_prepare_handshake_record)( mbedtls_ssl_context *ssl ); + void (*_rom_mbedtls_ssl_update_handshake_status)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_read_record)( mbedtls_ssl_context *ssl, unsigned update_hs_digest ); + int (*_rom_mbedtls_ssl_fetch_input)( mbedtls_ssl_context *ssl, size_t nb_want ); + int (*_rom_mbedtls_ssl_write_handshake_msg)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_write_record)( mbedtls_ssl_context *ssl, uint8_t force_flush ); + int (*_rom_mbedtls_ssl_flush_output)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_parse_certificate)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_write_certificate)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_parse_change_cipher_spec)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_write_change_cipher_spec)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_parse_finished)( mbedtls_ssl_context *ssl ); + int (*_rom_mbedtls_ssl_write_finished)( mbedtls_ssl_context *ssl ); + void (*_rom_mbedtls_ssl_optimize_checksum)( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); + int (*_rom_mbedtls_ssl_psk_derive_premaster)( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); + unsigned char (*_rom_mbedtls_ssl_sig_from_pk)( mbedtls_pk_context *pk ); + mbedtls_pk_type_t (*_rom_mbedtls_ssl_pk_alg_from_sig)( unsigned char sig ); + mbedtls_md_type_t (*_rom_mbedtls_ssl_md_alg_from_hash)( unsigned char hash ); + unsigned char (*_rom_mbedtls_ssl_hash_from_md_alg)( int md ); + int (*_rom_mbedtls_ssl_check_curve)( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); + int (*_rom_mbedtls_ssl_check_sig_hash)( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ); + void (*_rom_mbedtls_ssl_write_version)( int major, int minor, int transport, unsigned char ver[2] ); + void (*_rom_mbedtls_ssl_read_version)( int *major, int *minor, int transport, const unsigned char ver[2] ); + int (*_rom_mbedtls_ssl_get_key_exchange_md_ssl_tls)( mbedtls_ssl_context *ssl, unsigned char *output, unsigned char *data, size_t data_len ); + int (*_rom_mbedtls_ssl_get_key_exchange_md_tls1_2)( mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, mbedtls_md_type_t md_alg ); + int (*_rom_mbedtls_ssl_cf_hmac)( mbedtls_md_context_t *ctx, const unsigned char *add_data, size_t add_data_len, const unsigned char *data, size_t data_len_secret, size_t min_data_len, size_t max_data_len, unsigned char *output ); + void (*_rom_mbedtls_ssl_cf_memcpy_offset)( unsigned char *dst, const unsigned char *src_base, size_t offset_secret, size_t offset_min, size_t offset_max, size_t len ); + int (*_rom_mbedtls_x509_crt_parse_der)( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); + int (*_rom_mbedtls_x509_crt_verify_restartable)( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx ); + int (*_rom_mbedtls_x509_crt_check_key_usage)( const mbedtls_x509_crt *crt, unsigned int usage ); + int (*_rom_mbedtls_x509_crt_check_extended_key_usage)( const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len ); + int (*_rom_mbedtls_x509_crt_is_revoked)( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ); + void (*_rom_mbedtls_x509_crt_init)( mbedtls_x509_crt *crt ); + void (*_rom_mbedtls_x509_crt_free)( mbedtls_x509_crt *crt ); + void (*_rom_mbedtls_x509_crt_restart_init)( mbedtls_x509_crt_restart_ctx *ctx ); + void (*_rom_mbedtls_x509_crt_restart_free)( mbedtls_x509_crt_restart_ctx *ctx ); + int (*_rom_mbedtls_x509_get_name)( unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur ); + int (*_rom_mbedtls_x509_get_alg_null)( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg ); + int (*_rom_mbedtls_x509_get_alg)( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params ); + int (*_rom_mbedtls_x509_get_rsassa_pss_params)( const mbedtls_x509_buf *params, mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, int *salt_len ); + int (*_rom_mbedtls_x509_get_sig)( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ); + int (*_rom_mbedtls_x509_get_sig_alg)( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts ); + int (*_rom_mbedtls_x509_get_time)( unsigned char **p, const unsigned char *end, mbedtls_x509_time *t ); + int (*_rom_mbedtls_x509_get_serial)( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial ); + int (*_rom_mbedtls_x509_get_ext)( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ); + void (*_mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex ); + void (*_mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex ); + int (*_mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex ); + int (*_mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); + bool (*_mbedtls_allow_unsupported_critical_ext)( void ); + const mbedtls_cipher_info_t *(*_mbedtls_cipher_info_from_type)( const mbedtls_cipher_type_t cipher_type ); + const mbedtls_cipher_info_t *(*_mbedtls_cipher_info_from_values)( const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode ); + void (*_mbedtls_cipher_free)( mbedtls_cipher_context_t *ctx ); + int (*_mbedtls_cipher_setup)( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ); + int (*_mbedtls_cipher_setkey)( mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation ); + int (*_mbedtls_cipher_set_iv)( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ); + int (*_mbedtls_cipher_update)( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ); + int (*_mbedtls_cipher_auth_encrypt)( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len ); + int (*_mbedtls_cipher_auth_decrypt)( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len ); + int (*_mbedtls_hardware_poll)( void *data, unsigned char *output, size_t len, size_t *olen ); + const mbedtls_md_info_t *(*_mbedtls_md_info_from_type)( mbedtls_md_type_t md_type ); + int (*_mbedtls_pem_read_buffer)( void *ctx, const char *header, const char *footer, const unsigned char *data, const unsigned char *pwd, size_t pwdlen, size_t *use_len ); + void *(*_mbedtls_calloc)( size_t n, size_t size ); + void (*_mbedtls_free)( void *ptr ); + int (*_mbedtls_sha1_update)( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); + int (*_mbedtls_internal_sha1_process)( mbedtls_sha1_context *ctx, const unsigned char data[64] ); + int (*_mbedtls_sha256_update)( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ); + int (*_mbedtls_internal_sha256_process)( mbedtls_sha256_context *ctx, const unsigned char data[64] ); + const int *(*_mbedtls_ssl_list_ciphersuites)( void ); + const mbedtls_ssl_ciphersuite_t *(*_mbedtls_ssl_ciphersuite_from_id)( int ciphersuite_id ); + mbedtls_pk_type_t (*_mbedtls_ssl_get_ciphersuite_sig_pk_alg)( const mbedtls_ssl_ciphersuite_t *info ); + int (*_mbedtls_ssl_ciphersuite_uses_ec)( const mbedtls_ssl_ciphersuite_t *info ); + int (*_mbedtls_ssl_ciphersuite_uses_psk)( const mbedtls_ssl_ciphersuite_t *info ); + int (*_mbedtls_ssl_handshake_server_step)( mbedtls_ssl_context *ssl ); + int (*_mbedtls_ssl_check_cert_usage)( const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags ); + int (*_mbedtls_x509_time_is_past)( const mbedtls_x509_time *to ); + int (*_mbedtls_x509_time_is_future)( const mbedtls_x509_time *from ); +} mbedtls_rom_funcs_t; + +#define STRUCT_OFFSET_CHECK(x, y, z) _Static_assert((offsetof(x,y)==(z)), "The variables type of "#x" before "#y" should be "#z) +#define STRUCT_SIZE_CHECK(x, y) _Static_assert((sizeof(x)==(y)), "The sizeof "#x" should be "#y) + +#if (!defined(CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL)) +#error "CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL" +#endif + +/* platform_util.c */ +#if (defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)) +#error "MBEDTLS_PLATFORM_ZEROIZE_ALT" +#endif + +/* sha1.c */ +STRUCT_OFFSET_CHECK(mbedtls_sha1_context, total, 0); +STRUCT_OFFSET_CHECK(mbedtls_sha1_context, state, 8); +STRUCT_OFFSET_CHECK(mbedtls_sha1_context, buffer, 28); +#if (!defined(MBEDTLS_SHA1_C)) || \ + (!defined(MBEDTLS_SHA1_ALT)) || \ + (defined(MBEDTLS_SHA1_PROCESS_ALT)) +#error "MBEDTLS_SHA1_C" +#endif + +/* sha256.c */ +STRUCT_OFFSET_CHECK(mbedtls_sha256_context, total, 0); +STRUCT_OFFSET_CHECK(mbedtls_sha256_context, state, 8); +STRUCT_OFFSET_CHECK(mbedtls_sha256_context, buffer, 40); +STRUCT_OFFSET_CHECK(mbedtls_sha256_context, first_block, 104); +STRUCT_OFFSET_CHECK(mbedtls_sha256_context, mode, 108); +STRUCT_OFFSET_CHECK(mbedtls_sha256_context, sha_state, 112); +STRUCT_SIZE_CHECK(mbedtls_sha256_context, 116); +#if (!defined(MBEDTLS_SHA256_C)) || \ + (!defined(MBEDTLS_SHA256_ALT)) || \ + (defined(MBEDTLS_SHA256_PROCESS_ALT)) || \ + (defined(MBEDTLS_SHA256_SMALLER)) +#error "!MBEDTLS_SHA256_C" +#endif + +/* sha512.c */ +STRUCT_OFFSET_CHECK(mbedtls_sha512_context, MBEDTLS_PRIVATE(total), 0); +STRUCT_OFFSET_CHECK(mbedtls_sha512_context, MBEDTLS_PRIVATE(state), 16); +STRUCT_OFFSET_CHECK(mbedtls_sha512_context, MBEDTLS_PRIVATE(buffer), 80); +STRUCT_OFFSET_CHECK(mbedtls_sha512_context, MBEDTLS_PRIVATE(is384), 208); +STRUCT_SIZE_CHECK(mbedtls_sha512_context, 216); +#if (!defined(MBEDTLS_SHA512_C)) || \ + (defined(MBEDTLS_SHA512_ALT)) || \ + (defined(MBEDTLS_SHA512_PROCESS_ALT)) +#error "MBEDTLS_SHA256_C" +#endif + +/* aes.c */ +STRUCT_OFFSET_CHECK(mbedtls_aes_context, MBEDTLS_PRIVATE(nr), 0); +STRUCT_OFFSET_CHECK(mbedtls_aes_context, MBEDTLS_PRIVATE(rk_offset), 4); +STRUCT_OFFSET_CHECK(mbedtls_aes_context, MBEDTLS_PRIVATE(buf), 8); +STRUCT_SIZE_CHECK(mbedtls_aes_context, 280); +STRUCT_OFFSET_CHECK(mbedtls_aes_xts_context, MBEDTLS_PRIVATE(crypt), 0); +STRUCT_OFFSET_CHECK(mbedtls_aes_xts_context, MBEDTLS_PRIVATE(tweak), 280); +STRUCT_SIZE_CHECK(mbedtls_aes_xts_context, 560); +#if (defined(MBEDTLS_HAVE_X86)) || \ + (defined(MBEDTLS_HAVE_X86_64)) +#error "MBEDTLS_HAVE_X86" +#endif +#if (!defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_AES_ALT)) || \ + (defined(MBEDTLS_AES_ENCRYPT_ALT)) || \ + (defined(MBEDTLS_AES_DECRYPT_ALT)) || \ + (defined(MBEDTLS_AES_SETKEY_ENC_ALT)) || \ + (defined(MBEDTLS_AES_SETKEY_DEC_ALT)) +#error "MBEDTLS_AES_C" +#endif +#if (!defined(MBEDTLS_AES_ROM_TABLES)) || \ + (defined(MBEDTLS_AES_FEWER_TABLES)) +#error "MBEDTLS_AES_ROM_TABLES" +#endif +#if (!defined(MBEDTLS_CIPHER_MODE_XTS)) || \ + (!defined(MBEDTLS_CIPHER_MODE_CBC)) || \ + (!defined(MBEDTLS_CIPHER_MODE_CFB)) || \ + (!defined(MBEDTLS_CIPHER_MODE_OFB)) || \ + (!defined(MBEDTLS_CIPHER_MODE_CTR)) +#error "MBEDTLS_CIPHER_MODE" +#endif + +/* asn1parse.c asn1write.c */ +STRUCT_OFFSET_CHECK(mbedtls_asn1_buf, tag, 0); +STRUCT_OFFSET_CHECK(mbedtls_asn1_buf, len, 4); +STRUCT_OFFSET_CHECK(mbedtls_asn1_buf, p, 8); +STRUCT_SIZE_CHECK(mbedtls_asn1_buf, 12); +STRUCT_OFFSET_CHECK(mbedtls_asn1_bitstring, len, 0); +STRUCT_OFFSET_CHECK(mbedtls_asn1_bitstring, unused_bits, 4); +STRUCT_OFFSET_CHECK(mbedtls_asn1_bitstring, p, 8); +STRUCT_SIZE_CHECK(mbedtls_asn1_bitstring, 12); +STRUCT_OFFSET_CHECK(mbedtls_asn1_sequence, buf, 0); +STRUCT_OFFSET_CHECK(mbedtls_asn1_sequence, next, 12); +STRUCT_SIZE_CHECK(mbedtls_asn1_sequence, 16); +STRUCT_OFFSET_CHECK(mbedtls_asn1_named_data, oid, 0); +STRUCT_OFFSET_CHECK(mbedtls_asn1_named_data, val, 12); +STRUCT_OFFSET_CHECK(mbedtls_asn1_named_data, next, 24); +STRUCT_OFFSET_CHECK(mbedtls_asn1_named_data, MBEDTLS_PRIVATE(next_merged), 28); +STRUCT_SIZE_CHECK(mbedtls_asn1_named_data, 32); +#if (!defined(MBEDTLS_ASN1_PARSE_C)) +#error "MBEDTLS_ASN1_PARSE_C" +#endif +#if (!defined(MBEDTLS_ASN1_WRITE_C)) +#error "MBEDTLS_ASN1_PARSE_C" +#endif + +/* base64.c */ +#if (!defined(MBEDTLS_BASE64_C)) +#error "MBEDTLS_BASE64_C" +#endif + +/* md5.c */ +#if (defined(MBEDTLS_MD2_C)) || \ + (defined(MBEDTLS_MD4_C)) || \ + (!defined(MBEDTLS_MD5_C)) /* || \ + (defined(MBEDTLS_MD5_ALT)) */ +#error "MBEDTLS_MD_C" +#endif +#ifdef CONFIG_MBEDTLS_ROM_MD5 +STRUCT_OFFSET_CHECK(mbedtls_md5_context, total, 0); +STRUCT_OFFSET_CHECK(mbedtls_md5_context, state, 8); +STRUCT_OFFSET_CHECK(mbedtls_md5_context, buffer, 24); +STRUCT_SIZE_CHECK(mbedtls_md5_context, 88); +#else +STRUCT_OFFSET_CHECK(mbedtls_md5_context, MBEDTLS_PRIVATE(total), 0); +STRUCT_OFFSET_CHECK(mbedtls_md5_context, MBEDTLS_PRIVATE(state), 8); +STRUCT_OFFSET_CHECK(mbedtls_md5_context, MBEDTLS_PRIVATE(buffer), 24); +STRUCT_SIZE_CHECK(mbedtls_md5_context, 88); +#endif + +#ifdef __cplusplus +} +#endif From 336bb858063b6d2a389b4ed550397cbbc9e35afb Mon Sep 17 00:00:00 2001 From: Jiang Guang Ming Date: Wed, 16 Aug 2023 00:11:23 -0700 Subject: [PATCH 2/4] feat(mbedtls): add new option CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL for mbedtls pytest --- components/mbedtls/test_apps/pytest_mbedtls_ut.py | 13 +++++++++++++ components/mbedtls/test_apps/sdkconfig.ci.rom_impl | 3 +++ 2 files changed, 16 insertions(+) create mode 100644 components/mbedtls/test_apps/sdkconfig.ci.rom_impl diff --git a/components/mbedtls/test_apps/pytest_mbedtls_ut.py b/components/mbedtls/test_apps/pytest_mbedtls_ut.py index 1a2fdd0fd41..1445e9a5a4b 100644 --- a/components/mbedtls/test_apps/pytest_mbedtls_ut.py +++ b/components/mbedtls/test_apps/pytest_mbedtls_ut.py @@ -74,3 +74,16 @@ def test_mbedtls_psram_esp32(dut: Dut) -> None: @pytest.mark.parametrize('config', ['ecdsa_sign',], indirect=True) def test_mbedtls_ecdsa_sign(dut: Dut) -> None: dut.run_all_single_board_cases(group='efuse_key') + + +@pytest.mark.esp32c2 +@pytest.mark.generic +@pytest.mark.parametrize( + 'config', + [ + 'rom_impl', + ], + indirect=True, +) +def test_mbedtls_rom_impl_esp32c2(dut: Dut) -> None: + dut.run_all_single_board_cases() diff --git a/components/mbedtls/test_apps/sdkconfig.ci.rom_impl b/components/mbedtls/test_apps/sdkconfig.ci.rom_impl new file mode 100644 index 00000000000..552cc7c9733 --- /dev/null +++ b/components/mbedtls/test_apps/sdkconfig.ci.rom_impl @@ -0,0 +1,3 @@ +CONFIG_IDF_TARGET="esp32c2" +CONFIG_IDF_EXPERIMENTAL_FEATURES=y +CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL=y From e3a6001284f83e23f3cb157cabeada3fcc665318 Mon Sep 17 00:00:00 2001 From: Jiang Guang Ming Date: Wed, 9 Aug 2023 15:01:20 +0800 Subject: [PATCH 3/4] docs: add the description of CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL --- docs/en/api-guides/performance/size.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst index 3568fd25107..fd6a6252efc 100644 --- a/docs/en/api-guides/performance/size.rst +++ b/docs/en/api-guides/performance/size.rst @@ -431,6 +431,11 @@ The help text for each option has some more information. If depending on third party clients or servers, always pay attention to announcements about future changes to supported TLS features. If not, the {IDF_TARGET_NAME} device may become inaccessible if support changes. +.. only:: CONFIG_ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB + + Enabling the config option :ref:`CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL` will use the crypto algorithms from mbedTLS library inside the chip ROM. + Disabling the config option :ref:`CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL` will use the crypto algorithms from the ESP-IDF mbedtls component library. This will increase the binary size (flash footprint). + .. note:: Not every combination of mbedTLS compile-time config is tested in ESP-IDF. If you find a combination that fails to compile or function as expected, please report the details on GitHub. From 76bd3ab832250d691992667db7d69441584a713c Mon Sep 17 00:00:00 2001 From: Jiang Guang Ming Date: Sun, 17 Sep 2023 23:57:27 -0700 Subject: [PATCH 4/4] docs: Update COPYRIGHT.rst since mbedtls supported in C2 ROM --- docs/en/COPYRIGHT.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/en/COPYRIGHT.rst b/docs/en/COPYRIGHT.rst index 68426ffe408..e9432cf61a9 100644 --- a/docs/en/COPYRIGHT.rst +++ b/docs/en/COPYRIGHT.rst @@ -53,7 +53,7 @@ These third party libraries can be included into the application (firmware) prod * :component:`ESP-MQTT ` MQTT Package (contiki-mqtt) - Copyright (c) 2014, Stephen Robinson, MQTT-ESP - Tuan PM is licensed under Apache License 2.0 as described in :component_file:`LICENSE file `. -* :component:`BLE Mesh ` is adapted from Zephyr Project, Copyright (c) 2017-2018 Intel Corporation and licensed under Apache License 2.0 +* :component:`BLE Mesh ` is adapted from Zephyr Project, Copyright (c) 2017-2018 Intel Corporation and licensed under Apache License 2.0. * `mynewt-nimble`_ Apache Mynewt NimBLE, Copyright 2015-2018, The Apache Software Foundation, is licensed under Apache License 2.0 as described in :component_file:`LICENSE file`. @@ -89,6 +89,10 @@ ESP32, ESP32-S and ESP32-C Series SoCs mask ROM hardware includes binaries compi * TJpgDec_ Copyright (C) 2011, ChaN, all right reserved. See below for license. +.. only:: CONFIG_ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB + + * `Mbed TLS`_ library, Copyright (C) 2006-2018 ARM Limited and licensed under Apache 2.0 License. + Xtensa libhal MIT License =========================