From c2b71a385502fe481c9f1a421abfc772b3a7b061 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Mon, 14 Oct 2024 12:46:07 +0530 Subject: [PATCH 1/2] ci(mbedtls): Fix component dependencies for security-related test apps --- components/esp_security/test_apps/.build-test-rules.yml | 2 ++ components/hal/.build-test-rules.yml | 2 ++ components/mbedtls/test_apps/.build-test-rules.yml | 5 +++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/components/esp_security/test_apps/.build-test-rules.yml b/components/esp_security/test_apps/.build-test-rules.yml index baac155ce3..6802faf753 100644 --- a/components/esp_security/test_apps/.build-test-rules.yml +++ b/components/esp_security/test_apps/.build-test-rules.yml @@ -3,3 +3,5 @@ components/esp_security/test_apps/crypto_drivers: enable: - if: ((SOC_HMAC_SUPPORTED == 1) or (SOC_DIG_SIGN_SUPPORTED == 1)) or (SOC_KEY_MANAGER_SUPPORTED == 1) + depends_components: + - esp_security diff --git a/components/hal/.build-test-rules.yml b/components/hal/.build-test-rules.yml index 2577a357be..161bbc1df3 100644 --- a/components/hal/.build-test-rules.yml +++ b/components/hal/.build-test-rules.yml @@ -1,6 +1,8 @@ components/hal/test_apps/crypto: depends_components: - efuse + - mbedtls + - esp_security components/hal/test_apps/hal_i2c: disable: diff --git a/components/mbedtls/test_apps/.build-test-rules.yml b/components/mbedtls/test_apps/.build-test-rules.yml index f33fabc474..0e72c8d3dc 100644 --- a/components/mbedtls/test_apps/.build-test-rules.yml +++ b/components/mbedtls/test_apps/.build-test-rules.yml @@ -7,5 +7,6 @@ components/mbedtls/test_apps: - if: CONFIG_NAME == "ecdsa_sign" and SOC_ECDSA_SUPPORTED != 1 depends_components: - efuse - depends_filepatterns: - - components/mbedtls/port/ecdsa/* + - mbedtls + - esp_security + - esp_mm From 4cdfdac18c3479c9359e62ea2e0502494cdb16af Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Mon, 14 Oct 2024 16:29:27 +0530 Subject: [PATCH 2/2] fix(mbedtls): Fix the increase in build size of mbedtls when upgrading to v3.x --- components/mbedtls/Kconfig | 14 +++++++++++--- .../mbedtls/port/include/mbedtls/esp_config.h | 15 +++++++++++++++ docs/en/api-guides/performance/size.rst | 1 + docs/zh_CN/api-guides/performance/size.rst | 1 + 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 367ba114ee..1defa61db5 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -667,6 +667,14 @@ menu "mbedTLS" help Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512. + config MBEDTLS_SHA3_C + bool "Enable the SHA3 cryptographic hash algorithm" + default n + help + Enabling MBEDTLS_SHA3_C adds support for SHA3. + Enabling this configuration option increases the flash footprint + by almost 4KB. + choice MBEDTLS_TLS_MODE bool "TLS Protocol Role" default MBEDTLS_TLS_SERVER_AND_CLIENT @@ -1103,12 +1111,12 @@ menu "mbedTLS" config MBEDTLS_ECP_FIXED_POINT_OPTIM bool "Enable fixed-point multiplication optimisations" depends on MBEDTLS_ECP_C - default y + default n help This configuration option enables optimizations to speedup (about 3 ~ 4 times) the ECP fixed point multiplication using pre-computed tables in the flash memory. - Disabling this configuration option saves flash footprint (about 29KB if all Elliptic Curve selected) - in the application binary. + Enabling this configuration option increases the flash footprint + (about 29KB if all Elliptic Curve selected) in the application binary. # end of Elliptic Curve options diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 90d90729bb..d1413571db 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -2560,6 +2560,21 @@ #undef MBEDTLS_SHA512_C #endif +/** + * \def MBEDTLS_SHA3_C + * + * Enable the SHA3 cryptographic hash algorithm. + * + * Module: library/sha3.c + * + * This module adds support for SHA3. + */ +#ifdef CONFIG_MBEDTLS_SHA3_C +#define MBEDTLS_SHA3_C +#else +#undef MBEDTLS_SHA3_C +#endif + /** * \def MBEDTLS_SSL_CACHE_C * diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst index f88f8a38bc..f7e627bfdd 100644 --- a/docs/en/api-guides/performance/size.rst +++ b/docs/en/api-guides/performance/size.rst @@ -194,6 +194,7 @@ These include: - :ref:`CONFIG_MBEDTLS_HAVE_TIME` - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC` - :ref:`CONFIG_MBEDTLS_SHA512_C` +- :ref:`CONFIG_MBEDTLS_SHA3_C` - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION` diff --git a/docs/zh_CN/api-guides/performance/size.rst b/docs/zh_CN/api-guides/performance/size.rst index a17b84c27a..3d52af653e 100644 --- a/docs/zh_CN/api-guides/performance/size.rst +++ b/docs/zh_CN/api-guides/performance/size.rst @@ -194,6 +194,7 @@ MbedTLS 功能 - :ref:`CONFIG_MBEDTLS_HAVE_TIME` - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC` - :ref:`CONFIG_MBEDTLS_SHA512_C` +- :ref:`CONFIG_MBEDTLS_SHA3_C` - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION`