mbedtls-alt:Support for new algorithms in mbedtls alternative implementation

crypto/mbedtls/Kconfig

@@ -577,6 +577,16 @@ config MBEDTLS_MD5_ALT
 	select MBEDTLS_ALT
 	default n
 
+config MBEDTLS_POLY1305_ALT
+	bool "Enable Mbedt TLS POLY1305 module alted by nuttx crypto"
+	select MBEDTLS_ALT
+	default n
+
+config MBEDTLS_RIPEMD160_ALT
+	bool "Enable Mbedt TLS RIPEMD160 module alted by nuttx crypto"
+	select MBEDTLS_ALT
+	default n
+
 config MBEDTLS_SHA1_ALT
 	bool "Enable Mbedt TLS SHA1 module alted by nuttx crypto"
 	select MBEDTLS_ALT
@@ -592,6 +602,11 @@ config MBEDTLS_SHA512_ALT
 	select MBEDTLS_ALT
 	default n
 
+config MBEDTLS_BIGNUM_ALT
+	bool "Enable Mbedt TLS Bignum module alted by nuttx mpi"
+	select MBEDTLS_ALT
+	default n
+
 endif # CRYPTO_CRYPTODEV
 
 menuconfig MBEDTLS_APPS

crypto/mbedtls/Makefile

@@ -127,6 +127,14 @@ ifeq ($(CONFIG_MBEDTLS_MD5_ALT),y)
 CSRCS += $(APPDIR)/crypto/mbedtls/source/md5_alt.c
 endif
 
+ifeq ($(CONFIG_MBEDTLS_POLY1305_ALT),y)
+CSRCS += $(APPDIR)/crypto/mbedtls/source/poly1305_alt.c
+endif
+
+ifeq ($(CONFIG_MBEDTLS_RIPEMD160_ALT),y)
+CSRCS += $(APPDIR)/crypto/mbedtls/source/ripemd160_alt.c
+endif
+
 ifeq ($(CONFIG_MBEDTLS_SHA1_ALT),y)
 CSRCS += $(APPDIR)/crypto/mbedtls/source/sha1_alt.c
 endif
@@ -139,6 +147,10 @@ ifeq ($(CONFIG_MBEDTLS_SHA512_ALT),y)
 CSRCS += $(APPDIR)/crypto/mbedtls/source/sha512_alt.c
 endif
 
+ifeq ($(CONFIG_MBEDTLS_BIGNUM_ALT),y)
+CSRCS += $(APPDIR)/crypto/mbedtls/source/bignum_alt.c
+endif
+
 endif
 
 include $(APPDIR)/Application.mk

crypto/mbedtls/include/aes_alt.h

@@ -30,7 +30,7 @@
  * Pre-processor Definitions
  ****************************************************************************/
 
-#define MAX_KEY_SIZE      36
+#define MAX_KEY_SIZE      64
 
 typedef struct mbedtls_aes_context
 {

crypto/mbedtls/include/mbedtls/mbedtls_config.h

@@ -374,9 +374,13 @@
 #ifdef CONFIG_MBEDTLS_MD5_ALT
 #define MBEDTLS_MD5_ALT
 #endif
-/* #define MBEDTLS_POLY1305_ALT
- * #define MBEDTLS_RIPEMD160_ALT
- * #define MBEDTLS_RSA_ALT
+#ifdef CONFIG_MBEDTLS_POLY1305_ALT
+#define MBEDTLS_POLY1305_ALT
+#endif
+#ifdef CONFIG_MBEDTLS_RIPEMD160_ALT
+#define MBEDTLS_RIPEMD160_ALT
+#endif
+/* #define MBEDTLS_RSA_ALT
  */
 #ifdef CONFIG_MBEDTLS_SHA1_ALT
 #define MBEDTLS_SHA1_ALT
@@ -387,6 +391,9 @@
 #ifdef CONFIG_MBEDTLS_SHA512_ALT
 #define MBEDTLS_SHA512_ALT
 #endif
+#ifdef CONFIG_MBEDTLS_BIGNUM_ALT
+#define MBEDTLS_BIGNUM_ALT
+#endif
 /* #define MBEDTLS_XTEA_ALT
  */
 

crypto/mbedtls/include/poly1305_alt.h

@@ -0,0 +1,31 @@
+/****************************************************************************
+ * apps/crypto/mbedtls/include/poly1305_alt.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ ****************************************************************************/
+
+#ifndef __APPS_CRYPTO_MBEDTLS_INCLUDE_POLY1305_ALT_H
+#define __APPS_CRYPTO_MBEDTLS_INCLUDE_POLY1305_ALT_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include "dev_alt.h"
+
+#define mbedtls_poly1305_context cryptodev_context_t
+
+#endif /* __APPS_CRYPTO_MBEDTLS_INCLUDE_POLY1305_ALT_H */

crypto/mbedtls/include/ripemd160_alt.h

@@ -0,0 +1,31 @@
+/****************************************************************************
+ * apps/crypto/mbedtls/include/ripemd160_alt.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ ****************************************************************************/
+
+#ifndef __APPS_CRYPTO_MBEDTLS_INCLUDE_RIPEMD160_ALT_H
+#define __APPS_CRYPTO_MBEDTLS_INCLUDE_RIPEMD160_ALT_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include "dev_alt.h"
+
+#define mbedtls_ripemd160_context cryptodev_context_t
+
+#endif /* __APPS_CRYPTO_MBEDTLS_INCLUDE_RIPEMD160_ALT_H */

crypto/mbedtls/source/aes_alt.c

@@ -51,6 +51,18 @@ int mbedtls_aes_setkey_enc(FAR mbedtls_aes_context *ctx,
                            FAR const unsigned char *key,
                            unsigned int keybits)
 {
+  switch (keybits)
+    {
+      case 128:
+        break;
+      case 192:
+        break;
+      case 256:
+        break;
+      default:
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
   memcpy(ctx->key, key, keybits / 8);
   ctx->dev.session.key = (caddr_t)ctx->key;
   ctx->dev.session.keylen = keybits / 8;
@@ -74,6 +86,11 @@ int mbedtls_aes_crypt_ecb(FAR mbedtls_aes_context *ctx,
   int ret;
   unsigned char iv[16];
 
+  if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT)
+    {
+      return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
   ctx->dev.session.cipher = CRYPTO_AES_CBC;
   ret = cryptodev_get_session(&ctx->dev);
   if (ret != 0)
@@ -107,6 +124,16 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
 {
   int ret;
 
+  if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT)
+    {
+      return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
+  if ((length % 16) != 0)
+    {
+      return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+    }
+
   ctx->dev.session.cipher = CRYPTO_AES_CBC;
   ret = cryptodev_get_session(&ctx->dev);
   if (ret != 0)
@@ -141,6 +168,11 @@ int mbedtls_aes_crypt_ctr(FAR mbedtls_aes_context *ctx,
 {
   int ret;
 
+  if (*nc_off > 0x0f)
+    {
+      return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
   ctx->dev.session.cipher = CRYPTO_AES_CTR;
   memcpy(ctx->key + ctx->dev.session.keylen,
          nonce_counter, NONCE_LENGTH);
@@ -183,14 +215,22 @@ int mbedtls_aes_xts_setkey_enc(FAR mbedtls_aes_xts_context *ctx,
                                FAR const unsigned char *key,
                                unsigned int keybits)
 {
-  return mbedtls_aes_setkey_enc(ctx, key, keybits);
+  if (keybits != 256 && keybits != 512)
+    {
+      return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+  memcpy(ctx->key, key, keybits / 8);
+  ctx->dev.session.key = (caddr_t)ctx->key;
+  ctx->dev.session.keylen = keybits / 8;
+  return 0;
 }
 
 int mbedtls_aes_xts_setkey_dec(FAR mbedtls_aes_xts_context *ctx,
                                FAR const unsigned char *key,
                                unsigned int keybits)
 {
-  return mbedtls_aes_setkey_dec(ctx, key, keybits);
+  return mbedtls_aes_xts_setkey_enc(ctx, key, keybits);
 }
 
 int mbedtls_aes_crypt_xts(FAR mbedtls_aes_xts_context *ctx,
@@ -203,6 +243,25 @@ int mbedtls_aes_crypt_xts(FAR mbedtls_aes_xts_context *ctx,
   int ret;
   unsigned char iv[16];
 
+  if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT)
+    {
+      return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
+  /* Data units must be at least 16 bytes long. */
+
+  if (length < 16)
+    {
+      return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+    }
+
+  /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
+
+  if (length > (1 << 20) * 16)
+    {
+      return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+    }
+
   ctx->dev.session.cipher = CRYPTO_AES_XTS;
   ret = cryptodev_get_session(&ctx->dev);
   if (ret != 0)
@@ -238,6 +297,16 @@ int mbedtls_aes_crypt_cfb128(FAR mbedtls_aes_context *ctx,
 {
   int ret;
 
+  if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT)
+    {
+      return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
+  if (*iv_off > 15)
+    {
+      return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
   ctx->dev.session.cipher = CRYPTO_AES_CFB_128;
   ret = cryptodev_get_session(&ctx->dev);
   if (ret != 0)
@@ -273,6 +342,11 @@ int mbedtls_aes_crypt_cfb8(FAR mbedtls_aes_context *ctx,
 {
   int ret;
 
+  if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT)
+    {
+      return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
   ctx->dev.session.cipher = CRYPTO_AES_CFB_8;
   ret = cryptodev_get_session(&ctx->dev);
   if (ret != 0)
@@ -306,6 +380,11 @@ int mbedtls_aes_crypt_ofb(FAR mbedtls_aes_context *ctx,
 {
   int ret;
 
+  if (*iv_off > 15)
+    {
+      return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
   ctx->dev.session.cipher = CRYPTO_AES_OFB;
   ret = cryptodev_get_session(&ctx->dev);
   if (ret != 0)