- 
                Notifications
    You must be signed in to change notification settings 
- Fork 3k
Initial implementation of Cypress Crypto hardware acceleration for mbedTLS #11046
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
| @kotkcy, thank you for your changes. | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Many .py files are missing their license headers.
Please add.
Then there is Oracle Binary Code License Agreement is this needed, and why? I need to seek advice whether this can be accepted.
        
          
                targets/TARGET_Cypress/TARGET_PSOC6/sb-tools/imgtool/create_aesHeader.py
          
            Show resolved
            Hide resolved
        
              
          
                targets/TARGET_Cypress/TARGET_PSOC6/sb-tools/imgtool/imgtool/keys/ecdsa.py
          
            Show resolved
            Hide resolved
        
              
          
                targets/TARGET_Cypress/TARGET_PSOC6/sb-tools/imgtool/imgtool/keys/ecdsa_test.py
          
            Show resolved
            Hide resolved
        
              
          
                targets/TARGET_Cypress/TARGET_PSOC6/sb-tools/imgtool/imgtool/keys/general.py
          
            Show resolved
            Hide resolved
        
              
          
                targets/TARGET_Cypress/TARGET_PSOC6/sb-tools/imgtool/imgtool/keys/rsa.py
          
            Show resolved
            Hide resolved
        
              
          
                targets/TARGET_Cypress/TARGET_PSOC6/sb-tools/imgtool/imgtool/keys/rsa_test.py
          
            Show resolved
            Hide resolved
        
      | @Patater do we even accept code into mbed TLS copy that resides in Mbed OS? I have a feeling they'll be lost during an update. | 
| 
 | 
| Why is the Oracle binary license required? | 
ed3a1b0    to
    e63c255      
    Compare
  
    | 
 | 
| 
 We generally don't accept code into the copies of Mbed TLS or Mbed Crypto that resides in Mbed OS. Exactly as you say, the changes will be lost upon the next update of Mbed TLS and Mbed Crypto. Any changes to Mbed TLS or Mbed Crypto should be raised as PRs to https://github.com/ARMmbed/mbedtls and https://github.com/ARMmbed/mbed-crypto | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR now seems to contain test changes TESTS/mbed_platform/atomic/main.cpp as well as API changes Atomic.h.
And various smaller touches to AT_cellular stuff.
Those have nothing to do with "Initial implementatation of Cypress Crypto" and should therefore be separated to own PR.
0f0177a    to
    6a123d3      
    Compare
  
    | @SeppoTakalo: the presence of unrelated changes was caused by the wrong branch used as a base of contributions (GitHub PRs always display difference against latest master). This PR is now rebased against master + #11018 commits included. Once CY8CPROTO_064_SB target is merged, this PR will contain single commit 6a123d3. I recommend to focus the review on this commit, and track CY8CPROTO_064_SB related issues in #11018 | 
07f8cb9    to
    1c4e2ab      
    Compare
  
    | #11018 is moving forward. Once it is in, this should be rebased. Meanwhile, can this PR be made on its own (so we can focus on reviewing just crypto implementation) ? At least share range of commits for review here. | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just alignment in some mbedtls files (tabs used?)
All TABs are changed to spaces in the commit 08fd157.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally there are quite a few cases where some really complex C code has been used and which could be simplified to make later maintenance/bug fixing much easier. I appreciate that this stuff is complex, but using longer and more descriptive variable names might help too. Putting braces around statements within every 'if' statement is usually recommended.
        
          
                features/mbedtls/targets/TARGET_Cypress/TARGET_PSOC6/TARGET_PSOC6_01/sha256_alt.h
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                features/mbedtls/targets/TARGET_Cypress/TARGET_PSOC6/TARGET_PSOC6_01/sha512_alt.h
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                features/mbedtls/targets/TARGET_Cypress/TARGET_PSOC6/TARGET_PSOC6_02/sha1_alt.h
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                features/mbedtls/targets/TARGET_Cypress/TARGET_PSOC6/TARGET_PSOC6_02/sha256_alt.h
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                features/mbedtls/targets/TARGET_Cypress/TARGET_PSOC6/TARGET_PSOC6_02/sha512_alt.h
              
                Outdated
          
            Show resolved
            Hide resolved
        
      | mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) ) | ||
| { | ||
| ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; | ||
| goto cleanup; | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not required as this is the next statement
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please look into ecp.c line 2281.
| /* | ||
| * Domain parameters for secp192r1 | ||
| */ | ||
| #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these numbers ok to be included here or are they hackable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please look into ecp_curves.c line 95.
| #endif | ||
|  | ||
| #ifndef PUT_UINT64_LE | ||
| #define PUT_UINT64_LE(n,b,i) \ | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two issues:
- If any of the input parameters have a side effect then this macro will not work as intended.
- What happens if 'n' is signed and negative? C standard says undefined; could be sign extended.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code was captured to support XTS cipher mode from aes.c. Please look into line 1129.
|  | ||
| /* Endianess with 64 bits values */ | ||
| #ifndef GET_UINT64_LE | ||
| #define GET_UINT64_LE(n,b,i) \ | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Potential for error if any parameter has a side effect. Also might read better if 'n' was the result of the macro being used as an R-value, eg result = GET_UINT64_LE(buff, offset)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code was captured to support XTS cipher mode from aes.c. Please look into line 1116.
| Generally it looks like lots of this code was copied from elsewhere in mbed-os, and the original code has quite a few 'clever' (aka difficult to maintain/understand) bits of C in it that are being replicated here. I have highlighted several places where improvements could be made to improve readability, and a couple of cases where incipient bugs might lurk. | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have just one remaining question about how the AES hardware sharing works with regard to XTS mode (which uses two AES contexts at the same time). The underlying driver handles multiple concurrent operations, but I did not review how that is done.
| CI started | 
| Test run: FAILEDSummary: 3 of 4 test jobs failed Failed test jobs: 
 | 
| Because of 5.14.0-rc1 CI jobs, we aborted CI job here. We will restart once 5.14.0rc1 is ready. | 
| 
 PDL crypto driver provides a separated contexts for all AES objects that hold all needed information inside. So we can use many AES objects at the same time at driver layer not in the hardware. | 
| 
 Sounds good to me. Thanks for the explanation. | 
| CI restarted | 
| Test run: FAILEDSummary: 3 of 4 test jobs failed Failed test jobs: 
 | 
| CI restarted | 
| 
 @0xc0170 I removed mbedTLS hardware support from Sequana targets, so please restart CI asap | 
| CI aborted and restarted | 
| Test run: FAILEDSummary: 3 of 4 test jobs failed Failed test jobs: 
 | 
| New CI is running, old one was aborted quite late.. ^^ | 
| Test run: SUCCESSSummary: 11 of 11 test jobs passed | 
Kind request for ARM team!!!
Could you please make a review as soon as possible - we need this for our customer. Ideally at start on the next week.
Description
This PR brings the following major updates to the Cypress PSoC 6 targets for Mbed TLS library resides in Mbed OS 5.13:
This PR is based on PR #11018, so actual changes only related to crypto acceleration support in MbedTLS library.
Pull request type
Reviewers
Please suggest
Release Notes