From b57fcd0bd8c0df10947a3e8ebe1e565c659cbb5d Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Fri, 6 Sep 2024 16:33:04 -0700 Subject: [PATCH] Update Espressif sha, util, mem, time helpers --- wolfcrypt/src/port/Espressif/esp32_sha.c | 12 +- wolfcrypt/src/port/Espressif/esp32_util.c | 149 +++++++++++++++--- .../src/port/Espressif/esp_sdk_mem_lib.c | 4 +- .../src/port/Espressif/esp_sdk_time_lib.c | 21 ++- .../wolfcrypt/port/Espressif/esp-sdk-lib.h | 10 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 121 +++++++++++++- 6 files changed, 274 insertions(+), 43 deletions(-) diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index bef77b09e4..ad371c7603 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -135,7 +135,11 @@ static const char* TAG = "wolf_hw_sha"; #endif static uintptr_t mutex_ctx_owner = NULLPTR; + +#if (defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)) \ + || defined(WOLFSSL_DEBUG_MUTEX) static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED; +#endif #if defined(ESP_MONITOR_HW_TASK_LOCK) #ifdef SINGLE_THREADED @@ -506,7 +510,7 @@ int esp_sha224_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst) dst->ctx.initializer = (uintptr_t)&dst->ctx; #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) { - /* not HW mode for copy, so we are not interested in task owner: */ + /* Not HW mode for copy, so we are not interested in task owner: */ dst->ctx.task_owner = 0; } #endif @@ -985,8 +989,10 @@ int esp_sha_hw_in_use() */ uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx) { - TaskHandle_t mutexHolder; uintptr_t ret = 0; + #ifndef SINGLE_THREADED + TaskHandle_t mutexHolder; + #endif CTX_STACK_CHECK(ctx); #ifdef WOLFSSL_DEBUG_MUTEX @@ -1132,7 +1138,9 @@ uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx) ESP_LOGW(TAG, "esp_sha_release_unfinished_lock mode = %d", ctx->mode); #endif if (ctx->mode == ESP32_SHA_HW) { +#if defined(DEBUG_WOLFSSL_ESP32_UNFINISHED_HW) ESP_LOGW(TAG, "esp_sha_release_unfinished_lock HW!"); +#endif } } return ret; diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c index 793554a4a8..d5d77edde8 100644 --- a/wolfcrypt/src/port/Espressif/esp32_util.c +++ b/wolfcrypt/src/port/Espressif/esp32_util.c @@ -98,21 +98,44 @@ int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex) { } /* - * call the ESP-IDF mutex lock; xSemaphoreTake + * Call the ESP-IDF mutex lock; xSemaphoreTake * this is a general mutex locker, used for different mutex objects for * different HW acclerators or other single-use HW features. + * + * We should already have known if the resource is in use or not. + * + * Return 0 (ESP_OK) on success, otherwise BAD_MUTEX_E */ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) { + int ret; if (mutex == NULL) { WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex"); return BAD_MUTEX_E; } #ifdef SINGLE_THREADED - return wc_LockMutex(mutex); /* xSemaphoreTake take with portMAX_DELAY */ + /* does nothing in single thread mode, always return 0 */ + ret = wc_LockMutex(mutex); #else - return ((xSemaphoreTake(*mutex, block_time) == pdTRUE) ? 0 : BAD_MUTEX_E); + ret = xSemaphoreTake(*mutex, block_time); + ESP_LOGV(TAG, "xSemaphoreTake 0x%x = %d", (intptr_t)*mutex, ret); + if (ret == pdTRUE) { + ret = ESP_OK; + } + else { + if (ret == pdFALSE) { + ESP_LOGW(TAG, "xSemaphoreTake failed for 0x%x. Still busy?", + (intptr_t)*mutex); + ret = ESP_ERR_NOT_FINISHED; + } + else { + ESP_LOGE(TAG, "xSemaphoreTake 0x%x unexpected = %d", + (intptr_t)*mutex, ret); + ret = BAD_MUTEX_E; + } + } #endif + return ret; } /* @@ -120,17 +143,36 @@ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) { * */ esp_err_t esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { + int ret = pdTRUE; if (mutex == NULL) { WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex"); return BAD_MUTEX_E; } #ifdef SINGLE_THREADED - return wc_UnLockMutex(mutex); + ret = wc_UnLockMutex(mutex); #else - xSemaphoreGive(*mutex); - return ESP_OK; + ESP_LOGV(TAG, ">> xSemaphoreGive 0x%x", (intptr_t)*mutex); + TaskHandle_t mutexHolder = xSemaphoreGetMutexHolder(*mutex); + + if (mutexHolder == NULL) { + ESP_LOGW(TAG, "esp_CryptHwMutexUnLock with no lock owner 0x%x", + (intptr_t)*mutex); + ret = ESP_OK; + } + else { + ret = xSemaphoreGive(*mutex); + if (ret == pdTRUE) { + ESP_LOGV(TAG, "Success: give mutex 0x%x", (intptr_t)*mutex); + ret = ESP_OK; + } + else { + ESP_LOGV(TAG, "Failed: give mutex 0x%x", (intptr_t)*mutex); + ret = ESP_FAIL; + } + } #endif + return ret; } #endif /* WOLFSSL_ESP32_CRYPT, etc. */ @@ -168,6 +210,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void) WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u", Xthal_have_ccount); +#endif /* this is the legacy stack size */ #if defined(CONFIG_MAIN_TASK_STACK_SIZE) @@ -205,24 +248,35 @@ static int ShowExtendedSystemInfo_platform_espressif(void) #endif -#elif CONFIG_IDF_TARGET_ESP32S2 - WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u", +/* Platform-specific attributes of interest*/ +#if CONFIG_IDF_TARGET_ESP32 + #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) + WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz", + CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ); + #endif + WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u", Xthal_have_ccount); -#elif CONFIG_IDF_TARGET_ESP32C6 - /* TODO find Xthal for C6 */ + #elif CONFIG_IDF_TARGET_ESP32C2 - /* TODO find Xthal for C6 */ -#elif defined(CONFIG_IDF_TARGET_ESP8684) - /* TODO find Xthal for C6 */ + /* TODO find Xthal for C2 */ #elif CONFIG_IDF_TARGET_ESP32C3 /* not supported at this time */ -#elif CONFIG_IDF_TARGET_ESP32S3 - WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u", - Xthal_have_ccount); +#elif CONFIG_IDF_TARGET_ESP32C6 + /* TODO find Xthal for C6 */ #elif CONFIG_IDF_TARGET_ESP32H2 - /* not supported at this time */ -#elif CONFIG_IDF_TARGET_ESP32C2 - /* not supported at this time */ + /* TODO find Xthal for H2 */ +#elif CONFIG_IDF_TARGET_ESP32S2 + ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz", + CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ + ); + ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); +#elif CONFIG_IDF_TARGET_ESP32S3 + ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", + CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ + ); + ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* TODO find Xthal for ESP8684 */ #else /* not supported at this time */ #endif @@ -438,6 +492,7 @@ esp_err_t ShowExtendedSystemInfo_config(void) { esp_ShowMacroStatus_need_header = 1; + show_macro("NO_ESP32_CRYPT", STR_IFNDEF(NO_ESP32_CRYPT)); show_macro("NO_ESPIDF_DEFAULT", STR_IFNDEF(NO_ESPIDF_DEFAULT)); show_macro("HW_MATH_ENABLED", STR_IFNDEF(HW_MATH_ENABLED)); @@ -562,11 +617,11 @@ int ShowExtendedSystemInfo(void) #if defined(WOLFSSL_MULTI_INSTALL_WARNING) /* CMake may have detected undesired multiple installs, so give warning. */ - WOLFSSL_VERSION_PRINTF(""); + WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); WOLFSSL_VERSION_PRINTF("WARNING: Multiple wolfSSL installs found."); WOLFSSL_VERSION_PRINTF("Check ESP-IDF components and " "local project [components] directory."); - WOLFSSL_VERSION_PRINTF(""); + WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); #else #ifdef WOLFSSL_USER_SETTINGS_DIR { @@ -737,14 +792,11 @@ esp_err_t esp_EnabledWatchdog(void) ESP_IDF_VERSION_MAJOR); #endif #endif - -#ifdef DEBUG_WOLFSSL - ESP_LOGI(TAG, "Watchdog enabled."); -#endif - return ret; } + + /* Print a MATH_INT_T attribute list. * * Note with the right string parameters, the result can be pasted as @@ -904,4 +956,49 @@ esp_err_t esp_hw_show_metrics(void) return ESP_OK; } +int show_binary(byte* theVar, size_t dataSz) { + printf("*****************************************************\n"); + word32 i; + for (i = 0; i < dataSz; i++) + printf("%02X", theVar[i]); + printf("\n"); + printf("******************************************************\n"); + return 0; +} + +int hexToBinary(byte* toVar, const char* fromHexString, size_t szHexString ) { + int ret = 0; + /* Calculate the actual binary length of the hex string */ + size_t byteLen = szHexString / 2; + + if (toVar == NULL || fromHexString == NULL) { + ESP_LOGE("ssh", " error"); + return -1; + } + if ((szHexString % 2 != 0)) { + ESP_LOGE("ssh", "fromHexString length not even!"); + } + + ESP_LOGW(TAG, "Replacing %d bytes at %x", byteLen, (word32)toVar); + memset(toVar, 0, byteLen); + /* Iterate through the hex string and convert to binary */ + for (size_t i = 0; i < szHexString; i += 2) { + /* Convert hex character to decimal */ + int decimalValue; + sscanf(&fromHexString[i], "%2x", &decimalValue); + size_t index = i / 2; +#if (0) + /* Optionall peek at new values */ + byte new_val = (decimalValue & 0x0F) << ((i % 2) * 4); + ESP_LOGI("hex", "Current char = %d", toVar[index]); + ESP_LOGI("hex", "New val = %d", decimalValue); +#endif + toVar[index] = decimalValue; + } + + return ret; +} + + + #endif /* WOLFSSL_ESPIDF */ diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index 8c5cd37082..7cea73bda6 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -161,7 +161,7 @@ static const char* sdk_memory_segment_text[SDK_MEMORY_SEGMENT_COUNT + 1] = { int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end) { const char* str; - int len = 0; + word32 len = 0; str = sdk_memory_segment_text[m]; sdk_memory_segment_start[m] = start; sdk_memory_segment_end[m] = end; @@ -173,7 +173,7 @@ int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end) ESP_LOGI(TAG, " Start End Length"); } else { - len = (uint32_t)end - (uint32_t)start; + len = (word32)end - (word32)start; ESP_LOGI(TAG, "%s: %p ~ %p : 0x%05x (%d)", str, start, end, len, len ); } return ESP_OK; diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index 1ef8de408b..c4bed901fc 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -23,14 +23,19 @@ #include #endif -/* Reminder: user_settings.h is needed and included from settings.h - * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ -#include +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include +#endif + #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig */ + #if defined(USE_WOLFSSL_ESP_SDK_TIME) /* Espressif */ -#include "sdkconfig.h" /* programmatically generated from sdkconfig */ #include #include @@ -145,11 +150,11 @@ int set_fixed_default_time(void) * but let's set a default time, just in case */ struct tm timeinfo = { .tm_year = 2024 - 1900, - .tm_mon = 1, - .tm_mday = 05, + .tm_mon = 9 - 1, /* Month, where 0 = Jan */ + .tm_mday = 3 , /* Day of the month 30 */ .tm_hour = 13, - .tm_min = 01, - .tm_sec = 05 + .tm_min = 1, + .tm_sec = 5 }; struct timeval now; time_t interim_time; diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h index a7873f203d..85b4ed121e 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h @@ -148,9 +148,13 @@ WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v); WOLFSSL_LOCAL intptr_t esp_sdk_stack_pointer(void); +#if defined(USE_WOLFSSL_ESP_SDK_TIME) + /****************************************************************************** * Time helpers ******************************************************************************/ +WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void); + WOLFSSL_LOCAL esp_err_t esp_sdk_time_lib_init(void); /* a function to show the current data and time */ @@ -168,8 +172,9 @@ WOLFSSL_LOCAL esp_err_t set_time(void); /* wait NTP_RETRY_COUNT seconds before giving up on NTP time */ WOLFSSL_LOCAL esp_err_t set_time_wait_for_ntp(void); +#endif -#ifndef NO_ESP_SDK_WIFI +#if defined(USE_WOLFSSL_ESP_SDK_WIFI) /****************************************************************************** * WiFi helpers @@ -201,8 +206,7 @@ WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_init_sta(void); WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void); -#endif /* !NO_ESP_SDK_WIFI */ - +#endif /* USE_WOLFSSL_ESP_SDK_WIFI */ /****************************************************************************** * Debug helpers diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 9a33bf5d39..41961cf4f5 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -216,6 +216,10 @@ enum { ** Turns on diagnostic messages for SHA mutex. Note that given verbosity, ** there may be TLS timing issues encountered. Use with caution. ** +** DEBUG_WOLFSSL_ESP32_UNFINISHED_HW +** This may be interesting in that HW may have been unnessearily locked +** for hash that was never completed. (typically encountered at `free1` time) +** ** LOG_LOCAL_LEVEL ** Debugging. Default value is ESP_LOG_DEBUG ** @@ -563,6 +567,95 @@ enum { defined(WOLFSSL_ESP32_CRYPT_DEBUG) #endif +/* +****************************************************************************** +** wolfssl component Kconfig file settings +****************************************************************************** + * Naming convention: + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ + + + +/* Pre-set some hardware acceleration from Kconfig / menuconfig settings */ +#ifdef CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_AES + #define NO_WOLFSSL_ESP32_CRYPT_AES +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_HASH + #define NO_WOLFSSL_ESP32_CRYPT_HASH +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD +#endif + +/* wolfCrypt test settings */ +#ifdef CONFIG_ESP_WOLFSSL_ENABLE_TEST + #ifdef CONFIG_WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + #define HAVE_WOLFCRYPT_TEST_OPTIONS + #endif +#endif + +/* debug options */ +#if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) + /* wolfSSH debugging enabled via Kconfig / menuconfig */ + #define DEBUG_WOLFSSL +#endif + +/* +****************************************************************************** +** END wolfssl component Kconfig file settings +****************************************************************************** +*/ + #ifdef __cplusplus extern "C" { @@ -623,7 +716,8 @@ extern "C" #elif defined(CONFIG_IDF_TARGET_ESP8266) /* no hardware includes for ESP8266*/ #else - #include "rom/aes.h" + /* TODO: Confirm for older versions: */ + /* #include "rom/aes.h" */ #endif typedef enum tagES32_AES_PROCESS /* TODO what's this ? */ @@ -759,7 +853,7 @@ extern "C" #if defined(WOLFSSL_STACK_CHECK) word32 last_word; #endif - } WC_ESP32SHA; + } WC_ESP32SHA __attribute__((aligned(4))); WOLFSSL_LOCAL int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx); WOLFSSL_LOCAL int esp_sha_init(WC_ESP32SHA* ctx, @@ -986,6 +1080,29 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); } #endif +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif + #endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */ #endif /* __ESP32_CRYPT_H__ */