mirror of https://github.com/ARMmbed/mbed-os.git
Added new global rng, needed for MbedTLS optimisations
parent
793837cafe
commit
17e513891b
|
@ -599,8 +599,15 @@ altcp_mbedtls_setup(void *conf, struct altcp_pcb *conn, struct altcp_pcb *inner_
|
|||
altcp_mbedtls_free(conf, state);
|
||||
return ERR_MEM;
|
||||
}
|
||||
// Defines MBEDTLS_SSL_CONF_RECV/SEND/RECV_TIMEOUT define global functions which should be the same for all
|
||||
// callers of mbedtls_ssl_set_bio_ctx and there should be only one ssl context. If these rules don't apply,
|
||||
// these defines can't be used.
|
||||
#if !defined(MBEDTLS_SSL_CONF_RECV) && !defined(MBEDTLS_SSL_CONF_SEND) && !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
|
||||
/* tell mbedtls about our I/O functions */
|
||||
mbedtls_ssl_set_bio(&state->ssl_context, conn, altcp_mbedtls_bio_send, altcp_mbedtls_bio_recv, NULL);
|
||||
#else
|
||||
mbedtls_ssl_set_bio_ctx(&state->ssl_context, conn);
|
||||
#endif /* !defined(MBEDTLS_SSL_CONF_RECV) && !defined(MBEDTLS_SSL_CONF_SEND) && !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT) */
|
||||
|
||||
altcp_mbedtls_setup_callbacks(conn, inner_conn);
|
||||
conn->inner_conn = inner_conn;
|
||||
|
@ -734,7 +741,10 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca
|
|||
}
|
||||
mbedtls_ssl_conf_authmode(&conf->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &conf->ctr_drbg);
|
||||
#endif
|
||||
|
||||
#if ALTCP_MBEDTLS_DEBUG != LWIP_DBG_OFF
|
||||
mbedtls_ssl_conf_dbg(&conf->conf, altcp_mbedtls_debug, stdout);
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,93 @@
|
|||
/*
|
||||
* shared_rng.h
|
||||
*
|
||||
* Copyright (C) 2019, Arm Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef SHARED_RNG_H
|
||||
#define SHARED_RNG_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_RNG)
|
||||
|
||||
#define MBED_SHARED_RNG_NOT_INITIALIZED -1 /**< init_global_rng not called before global_rng */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "mbedtls/hmac_drbg.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
|
||||
/**
|
||||
* \brief Initializes hmac ready for rng
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
|
||||
* MBEDTLS_ERR_MD_ALLOC_FAILED, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
|
||||
*/
|
||||
int init_global_rng();
|
||||
|
||||
/**
|
||||
* \brief Global HMAC_DRBG generate random
|
||||
*
|
||||
* \note Automatically reseeds if reseed_counter is reached or PR is enabled.
|
||||
* \note init_global_rng function must be called
|
||||
* before calling this function!
|
||||
*
|
||||
* \param ctx DRBG context
|
||||
* \param dst Buffer to fill
|
||||
* \param len Length of the buffer
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG or
|
||||
* MBED_SHARED_RNG_NOT_INITIALIZED
|
||||
*/
|
||||
int global_rng( void *ctx, unsigned char *dst, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Free allocated resources
|
||||
*/
|
||||
void free_global_rng();
|
||||
|
||||
/**
|
||||
* \brief Getter function for global hmac context
|
||||
*
|
||||
* \return global hmac context
|
||||
*/
|
||||
mbedtls_hmac_drbg_context *get_global_hmac_drbg();
|
||||
|
||||
/**
|
||||
* \brief Getter function for global entropy context
|
||||
*
|
||||
* \return global entropy context
|
||||
*/
|
||||
mbedtls_entropy_context *get_global_entropy();
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // MBEDTLS_SSL_CONF_RNG
|
||||
#endif // SHARED_RNG_H
|
|
@ -0,0 +1,75 @@
|
|||
/*
|
||||
* shared_rng.cpp
|
||||
*
|
||||
* Copyright (C) 2019, Arm Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "shared_rng.h"
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_RNG)
|
||||
|
||||
#include "mbed_trace.h"
|
||||
|
||||
mbedtls_hmac_drbg_context global_hmac_drbg;
|
||||
mbedtls_entropy_context global_entropy;
|
||||
static bool is_initialized = false;
|
||||
|
||||
int init_global_rng()
|
||||
{
|
||||
mbedtls_entropy_init(&global_entropy);
|
||||
mbedtls_hmac_drbg_init(&global_hmac_drbg);
|
||||
|
||||
int ret = mbedtls_hmac_drbg_seed(&global_hmac_drbg, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
||||
mbedtls_entropy_func, &global_entropy, NULL, 0);
|
||||
|
||||
if (ret != 0) {
|
||||
tr_error(" init_global_rng failed! mbedtls_hmac_drbg_seed returned -0x%x", -ret);
|
||||
free_global_rng();
|
||||
} else {
|
||||
is_initialized = true;
|
||||
}
|
||||
|
||||
return ret;
|
||||
This conversation was marked as resolved by jarvte
|
||||
}
|
||||
|
||||
void free_global_rng()
|
||||
{
|
||||
mbedtls_entropy_free(&global_entropy);
|
||||
mbedtls_hmac_drbg_free(&global_hmac_drbg);
|
||||
is_initialized = false;
|
||||
}
|
||||
|
||||
int global_rng( void *ctx, unsigned char *dst, size_t len )
|
||||
{
|
||||
if (!is_initialized) {
|
||||
return MBED_SHARED_RNG_NOT_INITIALIZED;
|
||||
}
|
||||
return mbedtls_hmac_drbg_random(&global_hmac_drbg, dst, len);
|
||||
}
|
||||
|
||||
mbedtls_hmac_drbg_context *get_global_hmac_drbg()
|
||||
{
|
||||
return &global_hmac_drbg;
|
||||
}
|
||||
|
||||
mbedtls_entropy_context *get_global_entropy()
|
||||
{
|
||||
return &global_entropy;
|
||||
}
|
||||
|
||||
#endif // MBEDTLS_SSL_CONF_RNG
|
|
@ -396,7 +396,9 @@ int coap_security_handler_connect_non_blocking(coap_security_t *sec, bool is_ser
|
|||
mbedtls_ssl_conf_handshake_timeout(&sec->_conf, timeout_min, timeout_max);
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
mbedtls_ssl_conf_rng(&sec->_conf, mbedtls_ctr_drbg_random, &sec->_ctr_drbg);
|
||||
#endif
|
||||
|
||||
if ((mbedtls_ssl_setup(&sec->_ssl, &sec->_conf)) != 0) {
|
||||
return -1;
|
||||
|
|
|
@ -327,8 +327,10 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p
|
|||
return -1;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
// Configure random number generator
|
||||
mbedtls_ssl_conf_rng(&sec->conf, mbedtls_ctr_drbg_random, &sec->ctr_drbg);
|
||||
#endif
|
||||
|
||||
#ifdef MBEDTLS_ECP_RESTARTABLE
|
||||
// Set ECC calculation maximum operations (affects only client)
|
||||
|
|
|
@ -184,7 +184,9 @@ nsapi_error_t TLSSocketWrapper::start_handshake(bool first_call)
|
|||
return NSAPI_ERROR_AUTH_FAILURE;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
mbedtls_ssl_conf_rng(get_ssl_config(), mbedtls_ctr_drbg_random, &_ctr_drbg);
|
||||
#endif
|
||||
|
||||
|
||||
#if MBED_CONF_TLS_SOCKET_DEBUG_LEVEL > 0
|
||||
|
|
Loading…
Reference in New Issue