mbedtls: Remove "unsafe" warning, enable AES by default & make SHA/MPI optional

2017-08-17 14:19:03 +10:00 · 2017-08-17 14:19:03 +10:00 · 0ea4cd67dd
commit 0ea4cd67dd
parent afb6119504
3 changed files with 45 additions and 32 deletions
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@ -31,26 +31,18 @@ config MBEDTLS_DEBUG
 	   at runtime in order to enable mbedTLS debug output via the ESP
 	   log mechanism.
 config MBEDTLS_UNSAFE_ACCELERATION
   bool "Allow buggy hardware acceleration features"
   depends on !FREERTOS_UNICORE
   default n
   help
       A bug currently prevents dual cores & crypto hardware acceleration from being used together.
       Enable this option to allow hardware acceleration anyhow (note that invalid results or crashes may occur.)
 config MBEDTLS_HARDWARE_AES
   bool "Enable hardware AES acceleration"
   depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
   default y
   help
       Enable hardware accelerated AES encryption & decryption.
       Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
       offer any speed boost over software AES.
 config MBEDTLS_HARDWARE_MPI
   bool "Enable hardware MPI (bignum) acceleration"
-   depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
+   default n
   default y
   help
       Enable hardware accelerated multiple precision integer operations.
@ -62,7 +54,7 @@ config MBEDTLS_HARDWARE_MPI
 config MBEDTLS_MPI_USE_INTERRUPT
    bool "Use interrupt for MPI operations"
    depends on MBEDTLS_HARDWARE_MPI
-    default y
+    default n
    help
        Use an interrupt to coordinate MPI operations.
@ -71,16 +63,18 @@ config MBEDTLS_MPI_USE_INTERRUPT
 config MBEDTLS_HARDWARE_SHA
   bool "Enable hardware SHA acceleration"
-   depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
+   default n
   default y
   help
       Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
       Due to a hardware limitation, hardware acceleration is only
       guaranteed if SHA digests are calculated one at a time. If more
-       than one SHA digest is calculated at the same time, only will
+       than one SHA digest is calculated at the same time, one will
       be calculated fully in hardware and the rest will be calculated
-       (at least partially calculated) in software.
+       (at least partially calculated) in software. This happens automatically.
       SHA hardware acceleration is faster than software in some situations but
       slower in others. You should benchmark to find the best setting for you.
 config MBEDTLS_HAVE_TIME
   bool "Enable mbedtls time"
--- a/components/mbedtls/test/test_mbedtls_sha.c
+++ b/components/mbedtls/test/test_mbedtls_sha.c
@ -119,13 +119,15 @@ static void tskRunSHA256Test(void *pvParameters)
    vTaskDelete(NULL);
 }
-TEST_CASE("mbedtls SHA multithreading", "[mbedtls][ignore]")
+#define SHA_TASK_STACK_SIZE (10*1024)
 TEST_CASE("mbedtls SHA multithreading", "[mbedtls]")
 {
    done_sem = xSemaphoreCreateCounting(4, 0);
-    xTaskCreate(tskRunSHA1Test, "SHA1Task1", 8192, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA1Test, "SHA1Task1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
-    xTaskCreate(tskRunSHA1Test, "SHA1Task2", 8192, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA1Test, "SHA1Task2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
-    xTaskCreate(tskRunSHA256Test, "SHA256Task1", 8192, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA256Test, "SHA256Task1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
-    xTaskCreate(tskRunSHA256Test, "SHA256Task2", 8192, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA256Test, "SHA256Task2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
    for(int i = 0; i < 4; i++) {
        if(!xSemaphoreTake(done_sem, 10000/portTICK_PERIOD_MS)) {
@ -165,14 +167,10 @@ void tskRunSHASelftests(void *param)
 TEST_CASE("mbedtls SHA self-tests multithreaded", "[mbedtls]")
 {
    done_sem = xSemaphoreCreateCounting(2, 0);
-    xTaskCreate(tskRunSHASelftests, "SHASelftests1", 8192, NULL, 3, NULL);
+    xTaskCreate(tskRunSHASelftests, "SHASelftests1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
-    xTaskCreate(tskRunSHASelftests, "SHASelftests2", 8192, NULL, 3, NULL);
+    xTaskCreate(tskRunSHASelftests, "SHASelftests2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
-#ifdef CONFIG_MBEDTLS_HARDWARE_SHA
+    const int TIMEOUT_MS = 20000;
    const int TIMEOUT_MS = 12000;
 #else
    const int TIMEOUT_MS = 20000; // Soft-only SHA may need a little longer
 #endif
    for(int i = 0; i < 2; i++) {
        if(!xSemaphoreTake(done_sem, TIMEOUT_MS/portTICK_PERIOD_MS)) {
--- a/tools/unit-test-app/sdkconfig
+++ b/tools/unit-test-app/sdkconfig
@ -19,7 +19,6 @@ CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
 # CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG is not set
 # CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE is not set
 CONFIG_LOG_BOOTLOADER_LEVEL=2
 # CONFIG_BOOTLOADER_LTO is not set
 #
 # Security features
@ -174,6 +173,11 @@ CONFIG_ESP32_DEEP_SLEEP_WAKEUP_DELAY=0
 # CONFIG_ESP32_XTAL_FREQ_26 is not set
 CONFIG_ESP32_XTAL_FREQ_AUTO=y
 CONFIG_ESP32_XTAL_FREQ=0
 # CONFIG_NO_BLOBS is not set
 #
 # Wi-Fi
 #
 CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM=10
 CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM=0
 # CONFIG_ESP32_WIFI_STATIC_TX_BUFFER is not set
@ -181,8 +185,9 @@ CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER=y
 CONFIG_ESP32_WIFI_TX_BUFFER_TYPE=1
 CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER_NUM=32
 CONFIG_ESP32_WIFI_AMPDU_ENABLED=y
 CONFIG_ESP32_WIFI_TX_BA_WIN=6
 CONFIG_ESP32_WIFI_RX_BA_WIN=6
 CONFIG_ESP32_WIFI_NVS_ENABLED=y
 CONFIG_PHY_ENABLED=y
 #
 # PHY
@ -280,10 +285,16 @@ CONFIG_TCP_SYNMAXRTX=6
 CONFIG_TCP_MSS=1436
 CONFIG_TCP_SND_BUF_DEFAULT=5744
 CONFIG_TCP_WND_DEFAULT=5744
 CONFIG_TCP_RECVMBOX_SIZE=6
 CONFIG_TCP_QUEUE_OOSEQ=y
 CONFIG_TCP_OVERSIZE_MSS=y
 # CONFIG_TCP_OVERSIZE_QUARTER_MSS is not set
 # CONFIG_TCP_OVERSIZE_DISABLE is not set
 #
 # UDP
 #
 CONFIG_UDP_RECVMBOX_SIZE=6
 # CONFIG_LWIP_DHCP_DOES_ARP_CHECK is not set
 CONFIG_TCPIP_TASK_STACK_SIZE=2048
 # CONFIG_PPP_SUPPORT is not set
@ -299,7 +310,10 @@ CONFIG_TCPIP_TASK_STACK_SIZE=2048
 #
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
 # CONFIG_MBEDTLS_DEBUG is not set
-# CONFIG_MBEDTLS_UNSAFE_ACCELERATION is not set
+CONFIG_MBEDTLS_HARDWARE_AES=y
 CONFIG_MBEDTLS_HARDWARE_MPI=y
 CONFIG_MBEDTLS_MPI_USE_INTERRUPT=y
 CONFIG_MBEDTLS_HARDWARE_SHA=y
 CONFIG_MBEDTLS_HAVE_TIME=y
 # CONFIG_MBEDTLS_HAVE_TIME_DATE is not set
@ -315,3 +329,10 @@ CONFIG_OPENSSL_ASSERT_DO_NOTHING=y
 #
 # CONFIG_SPI_FLASH_ENABLE_COUNTERS is not set
 CONFIG_SPI_FLASH_ROM_DRIVER_PATCH=y
 #
 # Wear Levelling
 #
 # CONFIG_WL_SECTOR_SIZE_512 is not set
 CONFIG_WL_SECTOR_SIZE_4096=y
 CONFIG_WL_SECTOR_SIZE=4096