stm32 sha1 acceleration does not work since 2.16.8 release #4118
Comments
xhpohanka
changed the title
bensze01
added
bug
component-platform
|
Any progress here, please? |
|
Hi, and sorry for the long response time. Thanks for bisecting the issue. The commit is somewhat consistent with the error you're getting, in the this commit changes how the MAC is verified, which is what the error is about. OTOH, I don't really see what in this commit could trigger issues in the SHA1 alt implementation. First I was going to say that perhaps it might have to do with the fact that after this commit, the computation relies on This would be easily verified by running the test suites on your device, but I'm afraid we don't have good facilities for running our test suites on embedded devices yet... Could you try running the following test on your device (possibly adapting the calls to #include "mbedtls/md.h"
#include "stdio.h"
int main( void ) {
int ret;
mbedtls_md_context_t ctx, clo;
const mbedtls_md_info_t *sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
unsigned char buf[250];
const size_t split = 123;
unsigned char out[20];
mbedtls_md_init( &ctx );
mbedtls_md_init( &clo );
for( size_t i = 0; i < sizeof( buf ); i++ )
buf[i] = i;
/* start computation with one context */
ret = mbedtls_md_setup( &ctx, sha1, 0 );
if( ret != 0 )
goto exit;
ret = mbedtls_md_starts( &ctx );
if( ret != 0 )
goto exit;
ret = mbedtls_md_update( &ctx, buf, split );
if( ret != 0 )
goto exit;
/* clone in the middle */
ret = mbedtls_md_setup( &clo, sha1, 0 );
if( ret != 0 )
goto exit;
ret = mbedtls_md_clone( &clo, &ctx );
if( ret != 0 )
goto exit;
/* finish computation with original */
ret = mbedtls_md_update( &ctx, buf + split, sizeof( buf ) - split );
if( ret != 0 )
goto exit;
ret = mbedtls_md_finish( &ctx, out );
if( ret != 0 )
goto exit;
printf( "Origin:" );
for( size_t i = 0; i < sizeof( out ); i++ )
printf( " %02x", out[i] );
printf( "\n" );
/* finish computation with clone */
ret = mbedtls_md_update( &clo, buf + split, sizeof( buf ) - split );
if( ret != 0 )
goto exit;
ret = mbedtls_md_finish( &clo, out );
if( ret != 0 )
goto exit;
printf( "Cloned:" );
for( size_t i = 0; i < sizeof( out ); i++ )
printf( " %02x", out[i] );
printf( "\n" );
exit:
mbedtls_md_free( &ctx );
mbedtls_md_free( &clo );
return( ret );
}(If the results are identical, can you try varying the value of |
|
Hello, Originally I have mentioned only sha-1 but later I found that it concerns also sha-256. I have run your tests and indeed the values are identical. However imediately after during TLS handshake in web server... |
|
Ok, thanks for running the test! The debug output you posted confirms that the problem is with the computation of the expected MAC, which was modified in the commit identified by git bisect, so that part really checks out. So, I went again line by line over this commit looking for things that would trip up a alt implementation, and now I think I've found my mistake. Could you try applying the following patch on top of the current diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c749a8611c43..a6c629748163 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1895,6 +1895,9 @@ int mbedtls_ssl_cf_hmac(
MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
}
+ /* The context needs to finish() before it starts() again */
+ MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+
/* Now compute HASH(okey + inner_hash) */
MD_CHK( mbedtls_md_starts( ctx ) );
MD_CHK( mbedtls_md_update( ctx, okey, block_size ) ); |
|
Bingo! This really solves the described issue. Thank you for your support. |
|
Good news! Thanks for testing the patch! I'll create a PR so that the fix lands in the next release of 2.16. |
I'm using mbedtls on stm32f7 board. Until 2.16.7 it worked fine with alternative functions providing hw acceleration (same as ones in mbedos (https://github.com/ARMmbed/mbed-os/blob/master/connectivity/drivers/mbedtls/TARGET_STM/sha1_alt.cpp)). I have recently tried to update to actual 2.16 tip but here I noticed that my webserver does not work and reports
SSL - Verification of the message MAC failedwhenMBEDTLS_SHA1_ALTis defined. With internal SHA1 everything works fine.With bisecting I have found that it started with this commit de02b58. I do not see on the first sight what could be the issue here, hopefuly someone with more knowledge can help...
The text was updated successfully, but these errors were encountered: