When MBEDTLS_HARDWARE_GCM is enabled, we ALT all the GCM functions that are
declared in mbedtls/gcm.h with our H/W port functions, due to which even
if non-AES ciphers such as ARIA, CAMELLIA, BLOWFISH, etc. are selected
for a GCM operation, we perform an AES-GCM operation, thus resulting into
an incorrect calculation.
Thus in such cases we need to fallback to the software definitions of
GCM.
Currently, it is not directly possible to pull in software definitions of GCM
related functions directly due to gcm_alt.h, but this commit renames the
functions by appending `_soft` to their names, thus making them look different
functions in all and thus they are made available to pull in during compilation.
The change is configrable using the config MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK.
As this config is enabled by default, building the mbedtls crypto library
(libmbedcrypto.a) with this change increases its size by ~2.5KB.
- ESP32C2 has a hardware ECC accelerator that supports NIST P-192 and NIST P-256 curves,
which can increase the performance of the point multiplication and point
verification operation.
- Provision is also added to fallback to software implementation in
case the curve is not from the supported curves
- Override ecp_mul_restartable_internal with accelerator
- Many ECC operations use the internal API ecp_mul_restartable_internal
instead of the public API mbedtls_ecp_mul for point multiplication.
This will improve the performance of all those parent operations as
well
(cherry picked from commit 0ecb27b9d88059e8980c8ae6e111283f5f2859f8)
For exponential mod (API mbedtls_mpi_exp_mod) operation, some ESP target
chips needs to have ability for both hardware and software implementation.
Hardware implementation provided performance advantage but it can only
support upto 3072 bit operations (e.g., ESP32-C3) and hence we fallback
to software implementation in such cases (e.g., 4096 bit operations).
Earlier this was handled using linker "--wrap" flag but that does not
work in all scenarios as API `mbedtls_mpi_exp_mod` is being used in
same tranlation (compilation unit).
This approach was found to be next best option with minimal changes in
mbedTLS library.
(cherry picked from commit ab3a845107377c6cdf148f86015cad94434a1f2e)
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Use the global data mutex, as the key slot mutex has to be held in some
of the functions where we are testing the flag, and we already hold the
global data mutex when calling the functions where the flag is set.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Internal only for now, but can be made external with some more
work. Break up psa_crypto_init into chunks to prevent deadlocks when
initialising RNG, likewise break up mbedtls_crypto_free() to stop having
to hold more than one mutex at a time.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
