[TLS / hw acceleration] AES ECB for NUCLEO_F439ZI #3691
Conversation
|
Hi |
|
Hi @jeromecoutant @0xc0170 ? Kind regards |
@sbutcher-arm Please review this PR. |
|
CC @RonEld |
|
Hello @RonEld @sbutcher-arm Cheers |
|
Hi @adustm. The idea of keeping the mbed TLS acceleration driver code in the Does this present any issues for you? We're working on reviewing this code, and we need feedback and sign-off from myself, @yanesca and @andresag01 before we can approve this PR. |
|
Hi @sbutcher-arm
features/mbedtls/targets/TARGET_STM/aes_alt.c is calling functions from targets/.../TARGET_STM32F4/device/stm32f4_hal_cryp.c so from ST's point of view, ST code is separated out
Let me try to explain the reason for this request from my colleagues and I. If we can do it, let's go, if we can't, let it go. It is ARM to decide at the end :-) ST code is spread out in several features (mbedTLS / usb / lwip... ). ST code is specific for our targets:
When every code is located in a single directory tree we maximize the chance that every ST contributor is aware of the changes coming from others, and is better aware of the impact of his/her changes. mbed compilation and link mechanism is creating a long list of include directories, so the code could be located here or there, I think it has no impact, has it ? Anyway I have written this pull request following the specification (ST code in features/mbedtls). Kind regards |
|
Hi @adustm, I think this is a useful discussion, and we have been seeking feedback from partners on the hardware acceleration interfaces. However, this is going outside the scope of this PR, and it may be more useful to discuss this directly. To clarify - the targets directory is concerned with the mbed HAL and the interfaces mbed OS presents. mbed TLS has a life outside of mbed OS and is used on other platforms, and has separate and distinct interfaces itself. For instance, note mbed OS has a TRNG HAL API, whereas mbed TLS has it's own entropy interface, a mbed OS platform code brings the two interfaces together. I think it's understandable that platform/SoC/driver code that might reside in the TARGETS directory may be called by driver code in the mbed TLS code driving the hardware acceleration code. I don't think that is an issue, and you are correct to say we could place the sources in other places (and indeed could move them later). This is really about logical organisation and management. |
There was a problem hiding this comment.
I have done an initial review and found the following:
- There are some issues with the use of the _ALT macros.
- I do not think this code is thread safe.
- I think there is an opportunity to reconcile the
mbedtls_aes_contextstructure withCRYP_HandleTypeDefas some of the data is duplicated, unused or redundant. - Pointed out places where the function return codes are not checked for errors.
| #define MBEDTLS_AES_SETKEY_ENC_ALT | ||
| #define MBEDTLS_AES_SETKEY_DEC_ALT | ||
| #define MBEDTLS_AES_ENCRYPT_ALT | ||
| #define MBEDTLS_AES_DECRYPT_ALT |
There was a problem hiding this comment.
The AES module supports replacing the full module by defining the macro MBEDTLS_AES_ALT or replacing functions by defining the macros MBEDTLS_AES_SETKEY_ENC_ALT, MBEDTLS_AES_ENCRYPT_ALT, etc... However, it is my understanding that when MBEDTLS_AES_ALT is defined, the function specific replacement macros become irrelevant, so I do not think it makes sense to define these here.
There was a problem hiding this comment.
I think that this file should contain the macro definition for MBEDTLS_AES_ALT instead of the targets.json file.
| */ | ||
| #if defined(MBEDTLS_AES_ALT) | ||
|
|
||
| #include <stdio.h> |
There was a problem hiding this comment.
Because this is mbed TLS related code, I would advise to include the mbed TLS platform abstraction header (i.e. mbedtls/platform.h) instead of stdio.h, unless there is good reason to do this.
There was a problem hiding this comment.
I had a look at all the code in this file and it does not look like there are references to any symbols from stdio.h. Could you please remove this include, or explain why it is required?
There was a problem hiding this comment.
The code in this file uses a few macros such as MBEDTLS_CIPHER_MODE_CTR which are defined in mbedtls/config.h, but the file is not included here.
There was a problem hiding this comment.
thanks I will check these
| #include <stdio.h> | ||
| #include "cmsis.h" | ||
| #include "string.h" | ||
| #include "aes.h" |
There was a problem hiding this comment.
I think this is including the mbed TLS header file for the AES module. If this is the case, I would encourage to modify the include to #include "mbedtls/aes.h" to avoid any aliasing problems.
| * \brief Initialize AES context | ||
| * | ||
| * \param ctx AES context to be initialized | ||
| */ |
There was a problem hiding this comment.
Style: Normally, the doxygen-style documentation for each module should be written in the header file instead of the .c file. So, I would advise to remove these doxygen comment blocks. Furthermore, the aes_alt.h file already contains the same comment blocks.
targets/targets.json
Outdated
| @@ -899,7 +899,7 @@ | |||
| "extra_labels": ["STM", "STM32F4", "STM32F439", "STM32F439ZI", "STM32F439xx", "F429_F439"], | |||
| "supported_toolchains": ["ARM", "uARM", "GCC_ARM", "IAR"], | |||
| "progen": {"target": "nucleo-f439zi"}, | |||
| "macros": ["TRANSACTION_QUEUE_SIZE_SPI=2"], | |||
| "macros": ["TRANSACTION_QUEUE_SIZE_SPI=2", "MBEDTLS_CONFIG_HW_SUPPORT", "MBEDTLS_AES_ALT"], | |||
There was a problem hiding this comment.
I think the targets.json should not contain defines such as MBEDTLS_AES_ALT. Instead, these defines are expected to be in the mbedtls_device.h file.
There was a problem hiding this comment.
Thank you very much @andresag01 for this detailled and interesting review :+1
I will rework that and send updates
| return(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); | ||
|
|
||
| /*------------------ AES Decryption ------------------*/ | ||
| if(mode == MBEDTLS_AES_DECRYPT) /* AES decryption */ |
There was a problem hiding this comment.
This comment is a little redundant...
| mbedtls_aes_decrypt( ctx, input, output ); | ||
| } | ||
| /*------------------ AES Encryption ------------------*/ | ||
| else /* AES encryption */ |
| // unaccelerated mode | ||
| // | ||
| } | ||
| #endif |
There was a problem hiding this comment.
I think this block of code is only for x86 machines. Please consider removing it...
| unsigned char output[16] ) | ||
| { | ||
|
|
||
| HAL_CRYP_AESECB_Encrypt(&hcryp_aes, (uint8_t *)input, 16, (uint8_t *)output, 10); |
There was a problem hiding this comment.
I think it would be good to check this function's return code for errors.
There was a problem hiding this comment.
it does return timeout for instance. but mbedtls_aes_encrypt returns void. How do you usually handle it ?
There was a problem hiding this comment.
I think we have an issue here. The interface was originally designed for a software implementation of AES and was later re-purposed for other implementations.
Here, I don't think the interface suits what we're trying to achieve in hardware, therefore I think we should deprecate this interface, and implement a new interface which enables a error return code.
@andresag01 - Can you raise an issue/enhancement on the mbed TLS github repo?
@adustm - I think we can accept this code as it is at the moment, but we'll probably want to refine this code to work with a new interface later. In the meantime, can we remove the mbedtls_printf() and replace it with a comment?
There was a problem hiding this comment.
@sbutcher-arm: I have raised the new issue in the mbed TLS repository at Mbed-TLS/mbedtls#817
| unsigned char output[16] ) | ||
| { | ||
|
|
||
| HAL_CRYP_AESECB_Decrypt(&hcryp_aes, (uint8_t *)input, 16, (uint8_t *)output, 10); |
There was a problem hiding this comment.
I think it would be good to check this function's return code for errors.
|
@adustm @sbutcher-arm I think there are 2 points of views:
I agree with @adustm about having all target support code in one place under @sbutcher-arm wrote: This PR is not to the mbed TLS specifically (e.g. this is not http://github.com/ARMmbed/mbedtls), but to extend an existing target support in mbed OS for TLS features. If the TLS team would like to request from ST to contribute this HW crypto support to http://github.com/ARMmbed/mbedtls then please follow the formal process via email. Also if there is visibility issue, then this could be addressed by adding a label for the ARM mbed TLS team to review. Perhaps this is a wider question (hence cc @sg-):
Also it's important to understand the maintainability point of view, e.g. how much code mbed Partner teams are managing. For example, the following structure may satisfy both ST team code maintenance and glue layers for features support With this structure the feature driver code and the feature glue layer for would be gated by the presence of the feature (meaning that it won't be compiled if the feature is not enabled). Also it would be in one place from mbed Partner maintenance point of view. |
|
Top level target code is organized to contain MCU SDKs and a binding to the mbed HAL. Any feature integrated as a mbed HAL interface and enabled by In this case, I agree with @sbutcher-arm
From the developer guide for hardware acceleration: https://docs.mbed.com/docs/mbed-os-handbook/en/latest/advanced/tls_hardware_acceleration/#how-to-implement-the-functions
|
|
Hello, I'll start working on the PR review comments. |
|
Hi @andresag01
I hope everything will be fine now. |
|
Another round of review please? retest uvisor |
|
Hello, is there anything blocking ? |
|
There's a conflict to be resolved @andresag01 @sbutcher-arm please review |
There was a problem hiding this comment.
@adustm: Thanks for taking into account the previous review comments. I have reviewed the code once more and most of the issues I pointed out seem to have been resolved.
From my point of view, there are still a couple of issues left:
- The functions
mbedtls_aes_encrypt()andmbedtls_aes_decrypt()do nor have return values, making difficult to check whether the crypto accelerator succeeded. This touches on the API design, so I have raised the issue mbedtls_aes_encrypt() and mbedtls_aes_derypt() do no have return values Mbed-TLS/mbedtls#817. - There have been some improvements, but I do not think that this code is thread-safe. Normally, we achieve this in mbed TLS by using the threading API (threading.h). Please note that there is a PR to add support for this: mbed TLS: threading support - DRAFT - Do not merge #3150
|
I have looked in the changes, and I saw that there is many code duplicity, and copy\paste from the sw implementation. I beleive this is due to the current implementation of the HW configuration. This code duplication could have been resolved by |
| unsigned char output[16] ) | ||
| { | ||
|
|
||
| if (HAL_CRYP_AESECB_Encrypt(&ctx->hcryp_aes, (uint8_t *)input, 16, (uint8_t *)output, 10) !=0) |
There was a problem hiding this comment.
We've identified that we need to change this function so it can return an error code, but until we do, I don't think we should be calling mbedtls_printf() here, unless it's restricted to be in just debug builds or similar.
There was a problem hiding this comment.
hello @sbutcher-arm
Do you suggest that I remove the mbedtls_printf and replace it by a comment line
/* return error code once mbedtls_aes_encrypt and mbedtls_aes_decrypt functions will return one */
?
| { | ||
|
|
||
| if(HAL_CRYP_AESECB_Decrypt(&ctx->hcryp_aes, (uint8_t *)input, 16, (uint8_t *)output, 10)) | ||
| mbedtls_printf( "HAL_CRYP_AESECB_Decrypt timeout\n" ); |
There was a problem hiding this comment.
Same point as above on mbedtls_printf().
|
Hi @adustm, Looking over the code, and based on the feedback from @andresag01 and @RonEld, I can see we need to refine the hardware acceleration interface that mbed TLS presents. I don't want those changes to hold up this work, so we'll do that independently and then later can revise this code to take advantage of those changes. Please feel free to provide more feedback on those changes. Thanks for your patience as we've worked through this pull request. My only concern is the calls to |
|
Hello @RonEld Thank you to the 3 reviewers |
+---------------------------+--------+--------+--------+ | test case | passed | failed | result | +---------------------------+--------+--------+--------+ | mbedtls_aes_self_test | 1 | 0 | OK | | mbedtls_entropy_self_test | 1 | 0 | OK | | mbedtls_sha256_self_test | 1 | 0 | OK | | mbedtls_sha512_self_test | 1 | 0 | OK | +---------------------------+--------+--------+--------+
removed from targets.json, added in mbedtls_device.h remove function alternate defines (not used as we replace the full module)
cleanup in include files (unrequired removed + other moved to aes_alt.h) hcryp_aes moved to mbedtls_aes_context to allow multi instances remove ctx->nr, ctx->buf doxygen comments are removed (kept in .h file) function _ALT are removed (full module _ALT) handle error returned by HAL_CRYPxx functions aes is symetric, remove the dupplicated set_key_enc and set_key_dec buffer, and factorize the call to set_key function
adustm
force-pushed
the
STM_aes_f439zi
branch
from
f57b166 to
ea71724
Compare
adustm
force-pushed
the
STM_aes_f439zi
branch
from
ea71724 to
5c858a4
Compare
|
Hello, I've removed the mbedtls_printf error notifications |
|
@adustm - Thanks. The PR is fine by me now. There are outstanding changes but we should revisit these when we've done the necessary changes to mbed TLS. |
|
Hello @0xc0170 I think the 'need review' can be transformed into 'ready to merge'... :) |
|
Hi @adustm |
|
Hello @andresag01, @sbutcher-arm @RonEld
I have read PR#3150 but it is not clear to me what you are waiting for: shall I wait until this thread PR is integrated in mbed-tls then in mbed-os ? What would be the impact to my code ? Or can it be treated separately in another PR later on ? I have work about AES for 2 other platforms + SHA1 and SHA256 that are pending the integration of the current PR. I would like to be able to progress on the subject. |
|
As I said above, @andresag01's points are valid, but I don't think we should hold up this PR for the work on thread safety it depends on. @0xc0170 - this PR is ready to merge. We know it has issues, but they're dependent on changes in mbed TLS and can be fixed later. |
|
/morph test-nightly |
Result: FAILUREYour command has finished executing! Here's what you wrote!
OutputBuild failed! |
|
/morph test |
Result: FAILUREYour command has finished executing! Here's what you wrote!
OutputBuild failed! |
|
@bridadan Need you eye. The failures are about sections overflow. @adustm The selftest change should not affect other targets or? You can view the failures : http://mbedosci.cloudapp.net/results/pr/3691/1660 From the failures, looks like the test does not fit to many devices that are tested. |
|
Hello, |
|
Thanks @0xc0170 for sharing the build output failure. |
|
/morph test-nightly |
Result: SUCCESSYour command has finished executing! Here's what you wrote!
OutputAll builds and test passed! |
Ports for Upcoming Targets 3934: [Silicon Labs] Update to HAL and devices ARMmbed/mbed-os#3934 Known Issues There is an issue with LPC1768 failing the 'Semihost file system' test with this release. Fixes and Changes 3691: [TLS / hw acceleration] AES ECB for NUCLEO_F439ZI ARMmbed/mbed-os#3691 3869: NCS36510: Default range changed from 0 to 950mV - ADC ARMmbed/mbed-os#3869 3893: [STM32F7] Update STM32 Cube version v1.6.0 ARMmbed/mbed-os#3893 3917: Fix mistake register setting in serial_format() ARMmbed/mbed-os#3917 3927: [DELTA_DFBM_NQ620] Add RC calibration setting and revise mbed_overrides.c ARMmbed/mbed-os#3927 3918: [NUC472/M453] Support unique locally administered MAC address and other driver updates ARMmbed/mbed-os#3918 3920: Heap size adjusted to work for both tls-client and mbed-client ARMmbed/mbed-os#3920 3969: NUCLEO_F302R8: Add missing PB_8/PB_9 CAN pins ARMmbed/mbed-os#3969
Description
This pull request contains the very first HW acceleration for STM devices
Could you review it and let us know if it fits the requested process for HW acceleration in mbedtls feature ?
I've also added aes in TESTS/mbedtls/selftest/main.cpp
+---------------------------+--------+--------+--------+
| test case | passed | failed | result |
+---------------------------+--------+--------+--------+
| mbedtls_aes_self_test | 1 | 0 | OK |
| mbedtls_entropy_self_test | 1 | 0 | OK |
| mbedtls_sha256_self_test | 1 | 0 | OK |
| mbedtls_sha512_self_test | 1 | 0 | OK |
+---------------------------+--------+--------+--------+
Once we agree on this files format and structure, we will be able to add soon AES-CBC mode, SHA1 etc...
Status
READY
Steps to test or reproduce
mbed test -m NUCLEO_F439ZI -t IAR -n tests-mbedtls-selftest
cc @bcostm @screamerbg @sbutcher-arm @0xc0170