From 2379402061e229ebb52149c8782631364374a708 Mon Sep 17 00:00:00 2001 From: adustm Date: Tue, 7 Mar 2017 08:48:09 +0100 Subject: [PATCH 1/9] Add AES HW encryption for NUCLEO_F756ZG in mbedtls --- .../TARGST_NUCLEO_F756ZG/mbedtls_device.h | 26 +++++++++++++++++++ targets/targets.json | 1 + 2 files changed, 27 insertions(+) create mode 100644 features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGST_NUCLEO_F756ZG/mbedtls_device.h diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGST_NUCLEO_F756ZG/mbedtls_device.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGST_NUCLEO_F756ZG/mbedtls_device.h new file mode 100644 index 00000000000..9a06a1cba55 --- /dev/null +++ b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGST_NUCLEO_F756ZG/mbedtls_device.h @@ -0,0 +1,26 @@ +/* + * mbedtls_device.h + ******************************************************************************* + * Copyright (c) 2017, STMicroelectronics + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#ifndef MBEDTLS_DEVICE_H +#define MBEDTLS_DEVICE_H + +#define MBEDTLS_AES_ALT + + +#endif /* MBEDTLS_DEVICE_H */ diff --git a/targets/targets.json b/targets/targets.json index 1297e9a5072..81001cbe3e5 100644 --- a/targets/targets.json +++ b/targets/targets.json @@ -969,6 +969,7 @@ "extra_labels": ["STM", "STM32F7", "STM32F756", "STM32F756xG", "STM32F756ZG"], "supported_toolchains": ["ARM", "uARM", "GCC_ARM", "IAR"], "default_toolchain": "ARM", + "macros": ["TRANSACTION_QUEUE_SIZE_SPI=2", "USBHOST_OTHER", "MBEDTLS_CONFIG_HW_SUPPORT"], "supported_form_factors": ["ARDUINO"], "detect_code": ["0819"], "device_has": ["ANALOGIN", "ANALOGOUT", "CAN", "I2C", "I2CSLAVE", "I2C_ASYNCH", "INTERRUPTIN", "LOWPOWERTIMER", "PORTIN", "PORTINOUT", "PORTOUT", "PWMOUT", "RTC", "SERIAL", "SERIAL_ASYNCH", "SLEEP", "SPI", "SPISLAVE", "STDIO_MESSAGES", "TRNG"], From 3541939161c9c71b90e6bbd2918177237c25f031 Mon Sep 17 00:00:00 2001 From: adustm Date: Thu, 16 Mar 2017 18:18:08 +0100 Subject: [PATCH 2/9] fix typo in directory name --- .../mbedtls_device.h | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/{TARGST_NUCLEO_F756ZG => TARGET_NUCLEO_F756ZG}/mbedtls_device.h (100%) diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGST_NUCLEO_F756ZG/mbedtls_device.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h similarity index 100% rename from features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGST_NUCLEO_F756ZG/mbedtls_device.h rename to features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h From 159499b675e0260f8b428cf3a61fff2909babd6d Mon Sep 17 00:00:00 2001 From: adustm Date: Thu, 9 Mar 2017 15:34:09 +0100 Subject: [PATCH 3/9] NUCLEO_F429ZI/mbedtls: add SHA1 hw_acceleration --- .../TARGET_NUCLEO_F439ZI/mbedtls_device.h | 3 +- .../mbedtls/targets/TARGET_STM/sha1_alt.c | 149 ++++++++++++++++++ .../mbedtls/targets/TARGET_STM/sha1_alt.h | 127 +++++++++++++++ 3 files changed, 278 insertions(+), 1 deletion(-) create mode 100644 features/mbedtls/targets/TARGET_STM/sha1_alt.c create mode 100644 features/mbedtls/targets/TARGET_STM/sha1_alt.h diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_NUCLEO_F439ZI/mbedtls_device.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_NUCLEO_F439ZI/mbedtls_device.h index 9a06a1cba55..87972a7be56 100644 --- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_NUCLEO_F439ZI/mbedtls_device.h +++ b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_NUCLEO_F439ZI/mbedtls_device.h @@ -21,6 +21,7 @@ #define MBEDTLS_DEVICE_H #define MBEDTLS_AES_ALT +#define MBEDTLS_SHA1_ALT - +#define MBEDTLS_SHA1_C #endif /* MBEDTLS_DEVICE_H */ diff --git a/features/mbedtls/targets/TARGET_STM/sha1_alt.c b/features/mbedtls/targets/TARGET_STM/sha1_alt.c new file mode 100644 index 00000000000..26fad7c60f3 --- /dev/null +++ b/features/mbedtls/targets/TARGET_STM/sha1_alt.c @@ -0,0 +1,149 @@ +/* + * sha1_alt.c for SHA1 HASH + ******************************************************************************* + * Copyright (c) 2017, STMicroelectronics + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#include "mbedtls/sha1.h" + +#if defined(MBEDTLS_SHA1_ALT) + +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; +} + +void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); + + /* Enable HASH clock */ + __HAL_RCC_HASH_CLK_ENABLE(); + + ctx->flag=0; +} + +void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) +{ + if( ctx == NULL ) + return; + + /* Force the HASH Periheral Clock Reset */ + __HAL_RCC_HASH_FORCE_RESET(); + + /* Release the HASH Periheral Clock Reset */ + __HAL_RCC_HASH_RELEASE_RESET(); + + mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); +} + +void mbedtls_sha1_clone( mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src ) +{ + *dst = *src; +} + +/* + * SHA-1 context setup + */ +void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) +{ + /* Deinitializes the HASH peripheral */ + if (HAL_HASH_DeInit(&ctx->hhash_sha1) == HAL_ERROR) { + // error found to be returned + return; + } + + /* HASH Configuration */ + ctx->hhash_sha1.Init.DataType = HASH_DATATYPE_8B; + if (HAL_HASH_Init(&ctx->hhash_sha1) == HAL_ERROR) { + // error found to be returned + return; + } + + ctx->flag=0; +} + +void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) +{ + HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, (uint8_t *) data, 64); +} + +/* + * SHA-1 process buffer + */ +void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) +{ + unsigned char *intermediate_buf=NULL; + unsigned char modulus=0; + unsigned char buf_len=0; + + // Accumulate cannot be called for a size <4 unless it is the last call + + modulus = ilen % 4; + + if (ilen <4) + { + ctx->sbuf=malloc(ilen); + memcpy(ctx->sbuf, input, ilen); + ctx->flag = 1; + ctx->sbuf_len=ilen; + } + else + { + if (modulus !=0) + { + buf_len = ilen - modulus; + HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, (uint8_t *)input, buf_len); + ctx->sbuf_len=modulus; + ctx->sbuf=malloc(ctx->sbuf_len); + memcpy(ctx->sbuf, input+buf_len, modulus); + ctx->flag = 1; + } + else + { + if (ctx->flag==0) + HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, (uint8_t *)input, ilen); + else + { + intermediate_buf=malloc(ilen+ctx->sbuf_len); + memcpy(intermediate_buf, ctx->sbuf, ctx->sbuf_len); + memcpy(intermediate_buf+ctx->sbuf_len, input, ilen); + HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, intermediate_buf, ilen+ctx->sbuf_len); + ctx->flag=0; + } + } + } +} + +/* + * SHA-1 final digest + */ +void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) +{ + if (ctx->flag == 1) { + HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, ctx->sbuf, ctx->sbuf_len); + ctx->flag=0; + } + + __HAL_HASH_START_DIGEST(); + + if (HAL_HASH_SHA1_Finish(&ctx->hhash_sha1, output, 10)){ + // error code to be returned + } +} + +#endif /*MBEDTLS_SHA1_ALT*/ diff --git a/features/mbedtls/targets/TARGET_STM/sha1_alt.h b/features/mbedtls/targets/TARGET_STM/sha1_alt.h new file mode 100644 index 00000000000..fe3295e242f --- /dev/null +++ b/features/mbedtls/targets/TARGET_STM/sha1_alt.h @@ -0,0 +1,127 @@ +/* + * sha1_alt.h SHA-1 hash + ******************************************************************************* + * Copyright (C) 2017, STMicroelectronics + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#ifndef MBEDTLS_SHA1_ALT_H +#define MBEDTLS_SHA1_ALT_H + +#if defined MBEDTLS_SHA1_ALT + +#include "mbedtls/platform.h" +#include "mbedtls/config.h" + +#include "cmsis.h" +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-1 context structure + */ +typedef struct +{ + unsigned char *sbuf; + unsigned char sbuf_len; + HASH_HandleTypeDef hhash_sha1; + int flag; /* flag to manage buffer constraint of crypto Hw */ +} +mbedtls_sha1_context; + +/** + * \brief Initialize SHA-1 context + * + * \param ctx SHA-1 context to be initialized + */ +void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); + +/** + * \brief Clear SHA-1 context + * + * \param ctx SHA-1 context to be cleared + */ +void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); + +/** + * \brief Clone (the state of) a SHA-1 context + * + * \param dst The destination context + * \param src The context to be cloned + */ +void mbedtls_sha1_clone( mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src ); + +/** + * \brief SHA-1 context setup + * + * \param ctx context to be initialized + */ +void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); + +/** + * \brief SHA-1 process buffer + * + * \param ctx SHA-1 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief SHA-1 final digest + * + * \param ctx SHA-1 context + * \param output SHA-1 checksum result + */ +void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ); + +/* Internal use */ +void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Output = SHA-1( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-1 checksum result + */ +void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mbedtls_sha1_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_SHA1_ALT */ + +#endif /* sha1_alt.h */ From dbdae0133917006db0144ed5b4ff10a2a5515ebf Mon Sep 17 00:00:00 2001 From: adustm Date: Thu, 16 Mar 2017 18:38:36 +0100 Subject: [PATCH 4/9] NUCLEO_F756ZG/mbedTLS : add hw acceleration for SHA1 --- .../TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h index 9a06a1cba55..7c52183f234 100644 --- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h +++ b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h @@ -21,6 +21,9 @@ #define MBEDTLS_DEVICE_H #define MBEDTLS_AES_ALT +#define MBEDTLS_SHA1_ALT + +#define MBEDTLS_SHA1_C #endif /* MBEDTLS_DEVICE_H */ From ee3bf9cf811ebcfce0f1212acc7fba4bf285384e Mon Sep 17 00:00:00 2001 From: adustm Date: Mon, 20 Mar 2017 11:18:38 +0100 Subject: [PATCH 5/9] use mbedtls_zeroize instead of memset(xxx,0,xxx) --- features/mbedtls/targets/TARGET_STM/sha1_alt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha1_alt.c b/features/mbedtls/targets/TARGET_STM/sha1_alt.c index 26fad7c60f3..a5b61c135f1 100644 --- a/features/mbedtls/targets/TARGET_STM/sha1_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha1_alt.c @@ -28,7 +28,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); /* Enable HASH clock */ __HAL_RCC_HASH_CLK_ENABLE(); From a552bb6421b4646a8f6ecd6e6b60cc339a6ce8a9 Mon Sep 17 00:00:00 2001 From: adustm Date: Mon, 20 Mar 2017 11:19:56 +0100 Subject: [PATCH 6/9] Better explanation of the use of mbedtls_sha1_context fields --- features/mbedtls/targets/TARGET_STM/sha1_alt.h | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha1_alt.h b/features/mbedtls/targets/TARGET_STM/sha1_alt.h index fe3295e242f..4f04002ebe6 100644 --- a/features/mbedtls/targets/TARGET_STM/sha1_alt.h +++ b/features/mbedtls/targets/TARGET_STM/sha1_alt.h @@ -33,14 +33,19 @@ extern "C" { #endif /** - * \brief SHA-1 context structure + * \brief SHA-1 context structure + * \note HAL_HASH_SHA1_Accumulate cannot handle less than 4 bytes, unless it is the last call to the function + * In case of buffer size < 4, flag is set to 1, remaining bytes are copied in a temp buffer. + * The pointer and the length are saved in sbuf and sbuf_len. + * At the next accumulation, the saved values are taken into account, and flag is set to 0 + * If SHA1_finish is called and flag=1, the remaining bytes are accumulated before the call to HAL_HASH_SHA1_Finish */ typedef struct { - unsigned char *sbuf; - unsigned char sbuf_len; - HASH_HandleTypeDef hhash_sha1; - int flag; /* flag to manage buffer constraint of crypto Hw */ + unsigned char *sbuf; /*!< pointer to the remaining buffer to be processed */ + unsigned char sbuf_len; /*!< number of bytes remaining in sbuf to be processed */ + HASH_HandleTypeDef hhash_sha1; /*!< ST HAL HASH struct */ + int flag; /*!< 1 : there are sbuf_len bytes to be processed in sbuf, 0 : every data have been processed. */ } mbedtls_sha1_context; From 1d62cf907ea449d489e39ca3e160710d021a899d Mon Sep 17 00:00:00 2001 From: adustm Date: Tue, 4 Apr 2017 14:33:53 +0200 Subject: [PATCH 7/9] Remove unneeded function declarations + include file Move include platform from sha1_alt.h to sha1_alt.c --- features/mbedtls/targets/TARGET_STM/sha1_alt.c | 10 +++++----- features/mbedtls/targets/TARGET_STM/sha1_alt.h | 18 ------------------ 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha1_alt.c b/features/mbedtls/targets/TARGET_STM/sha1_alt.c index a5b61c135f1..8cc38a80548 100644 --- a/features/mbedtls/targets/TARGET_STM/sha1_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha1_alt.c @@ -18,8 +18,8 @@ * */ #include "mbedtls/sha1.h" - #if defined(MBEDTLS_SHA1_ALT) +#include "mbedtls/platform.h" /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -40,7 +40,7 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) { if( ctx == NULL ) return; - + /* Force the HASH Periheral Clock Reset */ __HAL_RCC_HASH_FORCE_RESET(); @@ -66,7 +66,7 @@ void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) // error found to be returned return; } - + /* HASH Configuration */ ctx->hhash_sha1.Init.DataType = HASH_DATATYPE_8B; if (HAL_HASH_Init(&ctx->hhash_sha1) == HAL_ERROR) { @@ -126,7 +126,7 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, ctx->flag=0; } } - } + } } /* @@ -140,7 +140,7 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) } __HAL_HASH_START_DIGEST(); - + if (HAL_HASH_SHA1_Finish(&ctx->hhash_sha1, output, 10)){ // error code to be returned } diff --git a/features/mbedtls/targets/TARGET_STM/sha1_alt.h b/features/mbedtls/targets/TARGET_STM/sha1_alt.h index 4f04002ebe6..37fa83b7708 100644 --- a/features/mbedtls/targets/TARGET_STM/sha1_alt.h +++ b/features/mbedtls/targets/TARGET_STM/sha1_alt.h @@ -22,8 +22,6 @@ #if defined MBEDTLS_SHA1_ALT -#include "mbedtls/platform.h" -#include "mbedtls/config.h" #include "cmsis.h" #include @@ -107,22 +105,6 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6 extern "C" { #endif -/** - * \brief Output = SHA-1( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-1 checksum result - */ -void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_sha1_self_test( int verbose ); - #ifdef __cplusplus } #endif From ff3017a7ef8f2f30a25f3926709d26ca3c8b17ae Mon Sep 17 00:00:00 2001 From: adustm Date: Fri, 7 Apr 2017 14:28:09 +0200 Subject: [PATCH 8/9] Move MBEDTLS_SHA1_C from mbedtls_device.h to targets.json --- .../TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h | 5 +---- targets/targets.json | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h index 7c52183f234..7fd14853241 100644 --- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h +++ b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/TARGET_NUCLEO_F756ZG/mbedtls_device.h @@ -1,5 +1,5 @@ /* - * mbedtls_device.h + * mbedtls_device.h ******************************************************************************* * Copyright (c) 2017, STMicroelectronics * SPDX-License-Identifier: Apache-2.0 @@ -23,7 +23,4 @@ #define MBEDTLS_AES_ALT #define MBEDTLS_SHA1_ALT -#define MBEDTLS_SHA1_C - - #endif /* MBEDTLS_DEVICE_H */ diff --git a/targets/targets.json b/targets/targets.json index 81001cbe3e5..4e906358fd1 100644 --- a/targets/targets.json +++ b/targets/targets.json @@ -969,7 +969,7 @@ "extra_labels": ["STM", "STM32F7", "STM32F756", "STM32F756xG", "STM32F756ZG"], "supported_toolchains": ["ARM", "uARM", "GCC_ARM", "IAR"], "default_toolchain": "ARM", - "macros": ["TRANSACTION_QUEUE_SIZE_SPI=2", "USBHOST_OTHER", "MBEDTLS_CONFIG_HW_SUPPORT"], + "macros": ["TRANSACTION_QUEUE_SIZE_SPI=2", "USBHOST_OTHER", "MBEDTLS_CONFIG_HW_SUPPORT", "MBEDTLS_SHA1_C"], "supported_form_factors": ["ARDUINO"], "detect_code": ["0819"], "device_has": ["ANALOGIN", "ANALOGOUT", "CAN", "I2C", "I2CSLAVE", "I2C_ASYNCH", "INTERRUPTIN", "LOWPOWERTIMER", "PORTIN", "PORTINOUT", "PORTOUT", "PWMOUT", "RTC", "SERIAL", "SERIAL_ASYNCH", "SLEEP", "SPI", "SPISLAVE", "STDIO_MESSAGES", "TRNG"], From 97fc11547f072d12b0767ad5174d950fb3c2e050 Mon Sep 17 00:00:00 2001 From: adustm Date: Fri, 7 Apr 2017 13:30:49 +0200 Subject: [PATCH 9/9] Improve memory management --- .../mbedtls/targets/TARGET_STM/sha1_alt.c | 66 ++++++++++++------- 1 file changed, 41 insertions(+), 25 deletions(-) diff --git a/features/mbedtls/targets/TARGET_STM/sha1_alt.c b/features/mbedtls/targets/TARGET_STM/sha1_alt.c index 8cc38a80548..8c2604cf17d 100644 --- a/features/mbedtls/targets/TARGET_STM/sha1_alt.c +++ b/features/mbedtls/targets/TARGET_STM/sha1_alt.c @@ -26,6 +26,33 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } +/* mbedtls_sha1_store will store in ctx->sbuf size new values located at *ptr */ +/* wether ctx->sbuf already contains something or not */ +static void mbedtls_sha1_store( mbedtls_sha1_context *ctx, uint8_t *ptr, unsigned char size) +{ + if (ctx->sbuf == NULL) { // new allocation + ctx->sbuf = malloc(size); + } else { // realloc + ctx->sbuf = realloc(ptr, size); + } + if (ctx->sbuf !=NULL) { // allocation occured + memcpy(ctx->sbuf, ptr, size); + ctx->flag = 1; + ctx->sbuf_len += size; + } +} + +/* mbedtls_sha1_clear_ctxbuf will clear the ctx buff, free memory */ +static void mbedtls_sha1_clear_ctxbuf( mbedtls_sha1_context *ctx) +{ + ctx->flag=0; + mbedtls_zeroize( ctx->sbuf, ctx->sbuf_len); + free(ctx->sbuf); + ctx->sbuf = NULL; + ctx->sbuf_len = 0; + +} + void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) { mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); @@ -90,40 +117,28 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, unsigned char *intermediate_buf=NULL; unsigned char modulus=0; unsigned char buf_len=0; - // Accumulate cannot be called for a size <4 unless it is the last call - modulus = ilen % 4; - if (ilen <4) - { - ctx->sbuf=malloc(ilen); - memcpy(ctx->sbuf, input, ilen); - ctx->flag = 1; - ctx->sbuf_len=ilen; - } - else - { - if (modulus !=0) - { + if (ilen <4) { + mbedtls_sha1_store(ctx, (uint8_t *)input, ilen); + } else { + if (modulus !=0) { buf_len = ilen - modulus; HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, (uint8_t *)input, buf_len); - ctx->sbuf_len=modulus; - ctx->sbuf=malloc(ctx->sbuf_len); - memcpy(ctx->sbuf, input+buf_len, modulus); - ctx->flag = 1; - } - else - { + mbedtls_sha1_store(ctx, (uint8_t *)(input+buf_len), modulus); + } else { if (ctx->flag==0) HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, (uint8_t *)input, ilen); - else - { - intermediate_buf=malloc(ilen+ctx->sbuf_len); + else { + intermediate_buf=malloc(ilen + ctx->sbuf_len); memcpy(intermediate_buf, ctx->sbuf, ctx->sbuf_len); memcpy(intermediate_buf+ctx->sbuf_len, input, ilen); HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, intermediate_buf, ilen+ctx->sbuf_len); - ctx->flag=0; + mbedtls_zeroize( intermediate_buf, (ilen + ctx->sbuf_len ) ); + free(intermediate_buf); + intermediate_buf = NULL; + mbedtls_sha1_clear_ctxbuf(ctx); } } } @@ -134,9 +149,10 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, */ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) { + if (ctx->flag == 1) { HAL_HASH_SHA1_Accumulate(&ctx->hhash_sha1, ctx->sbuf, ctx->sbuf_len); - ctx->flag=0; + mbedtls_sha1_clear_ctxbuf(ctx); } __HAL_HASH_START_DIGEST();