[PATCH v2 00/28] [RFC] Integrate MbedTLS v3.6 LTS with U-Boot
Peter Robinson
pbrobinson at gmail.com
Thu May 9 13:11:47 CEST 2024
On Tue, 7 May 2024 at 19:30, Raymond Mao <raymond.mao at linaro.org> wrote:
>
> Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
>
> Motivations:
> ------------
> 1. MbedTLS is well maintained with LTS versions.
> 2. LWIP is integrated with MbedTLS and easily to enable HTTPS.
> 3. MbedTLS recently switched license back to GPLv2.
>
> Prerequisite:
> -------------
> This patch series requires mbedtls git repo to be added as a
> subtree to the main U-Boot repo via:
> $ git subtree add --prefix lib/mbedtls/external/mbedtls \
> https://github.com/Mbed-TLS/mbedtls.git \
> v3.6.0 --squash
> Moreover, due to the Windows-style files from mbedtls git repo,
> we need to convert the CRLF endings to LF and do a commit manually:
> $ git add --renormalize .
> $ git commit
>
> New Kconfig options:
> --------------------
> `MBEDTLS_LIB` is for MbedTLS general switch.
> `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs with
> MbedTLS.
> `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1,
> and Pubkey parser with MbedTLS.
> `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is
> ready)
> In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509
> are by default enabled in qemu_arm64_defconfig for testing purpose.
>
> Patches for external MbedTLS project:
> -------------------------------------
> Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs
> executables which is not supported by MbedTLS at the moment,
> addtional patches for MbedTLS are created to adapt with the EFI loader:
> 1. Decoding of Microsoft Authentication Code.
> 2. Decoding of PKCS#9 Authenticate Attributes.
> 3. Extending MbedTLS PKCS#7 lib to support multiple signer's certificates.
> 4. MbedTLS native test suites for PKCS#7 signer's info.
> All above 4 patches (tagged with `mbedtls/external`) are submitted to
> MbedTLS project and being reviewed, eventually they should be part of
> MbedTLS release.
> See below PR for the reference:
> https://github.com/Mbed-TLS/mbedtls/pull/9001
>
> Miscellaneous:
> --------------
> Minor fixes for arm EFI linker script for testing EFI secure boot.
>
> Optimized MbedTLS library size by tailoring the config file.
> After disabling all unnecessary features for EFI loader, enabling MbedTLS
> increases U-Boot size by 6.03% (V1).
> For V2, this figure drops to about 4.66% by completely replacing
> original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512)
> with MbedTLS when related Kconfig options are enabled.
> Please see the output of bloat-o-meter for the reference of the size-growth
> on QEMU arm64 target [1].
>
> Tests done:
> -----------
> EFI Secure Boot test (EFI variables loading and verifying, EFI signed image
> verifying and booting) via U-Boot console.
> EFI Secure Boot and Capsule sandbox test passed.
>
> Known issues:
> -------------
> None.
>
> [1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
> ```
> add/remove: 212/81 grow/shrink: 20/17 up/down: 56376/-17495 (38881)
> Function old new delta
> mbedtls_internal_sha1_process - 4540 +4540
> mbedtls_x509_crt_parse_der_internal - 3072 +3072
> mbedtls_internal_md5_process - 2928 +2928
> mbedtls_internal_sha256_process - 2052 +2052
> mbedtls_pkcs7_parse_der - 1608 +1608
> mbedtls_rsa_private - 1468 +1468
> pkcs7_parse_message 372 1648 +1276
> mbedtls_mpi_div_mpi - 1168 +1168
> mbedtls_internal_sha512_process - 1056 +1056
> mbedtls_mpi_inv_mod - 1000 +1000
> mbedtls_x509_dn_gets - 996 +996
> x509_populate_cert - 948 +948
> K - 896 +896
> oid_x520_attr_type - 840 +840
> __udivti3 - 832 +832
> mbedtls_x509_parse_subject_alt_name - 724 +724
> mbedtls_rsa_deduce_primes - 720 +720
> mbedtls_mpi_exp_mod - 668 +668
> mbedtls_rsa_rsaes_pkcs1_v15_decrypt - 652 +652
> pkcs7_get_signer_info - 632 +632
> mbedtls_rsa_complete - 624 +624
> mbedtls_rsa_validate_params - 608 +608
> mbedtls_mpi_core_exp_mod - 560 +560
> mbedtls_sha512_finish - 556 +556
> mscode_parse 28 580 +552
> mbedtls_x509_get_time - 552 +552
> mbedtls_x509_get_name - 516 +516
> mbedtls_sha256_finish - 484 +484
> mbedtls_rsa_validate_crt - 464 +464
> mbedtls_mpi_core_mla - 460 +460
> rsa_rsassa_pkcs1_v15_encode - 420 +420
> mbedtls_sha1_finish - 420 +420
> mbedtls_mpi_gcd - 400 +400
> oid_x509_ext - 360 +360
> rsa_parse_pub_key 24 372 +348
> mbedtls_x509_get_subject_alt_name_ext - 348 +348
> mbedtls_sha512_starts - 340 +340
> mbedtls_mpi_mul_mpi - 340 +340
> mbedtls_rsa_rsassa_pkcs1_v15_sign - 336 +336
> mbedtls_oid_get_numeric_string - 336 +336
> mbedtls_md5_finish - 336 +336
> mbedtls_pk_parse_subpubkey - 328 +328
> oid_sig_alg - 320 +320
> mbedtls_rsa_deduce_private_exponent - 312 +312
> rsa_check_context.isra - 300 +300
> mbedtls_rsa_rsaes_pkcs1_v15_encrypt - 288 +288
> mbedtls_rsa_parse_pubkey - 284 +284
> mbedtls_mpi_sub_abs - 284 +284
> mbedtls_mpi_core_montmul - 276 +276
> mbedtls_rsa_rsassa_pkcs1_v15_verify - 268 +268
> mbedtls_asn1_traverse_sequence_of - 268 +268
> mbedtls_sha512_update - 264 +264
> hash_command 472 732 +260
> mbedtls_asn1_get_alg - 256 +256
> mbedtls_sha256_update - 252 +252
> mbedtls_mpi_add_abs - 248 +248
> oid_md_alg - 240 +240
> mbedtls_sha1_update - 236 +236
> mbedtls_rsa_deduce_crt - 236 +236
> mbedtls_md5_update - 236 +236
> mbedtls_rsa_import_raw - 232 +232
> mbedtls_ct_memcpy_if - 228 +228
> mbedtls_mpi_copy - 220 +220
> mbedtls_mpi_cmp_mpi - 212 +212
> mbedtls_mpi_shrink - 208 +208
> mbedtls_ct_memmove_left - 208 +208
> mbedtls_rsa_public - 204 +204
> rsa_sign_wrap - 196 +196
> mbedtls_pk_parse_public_key - 196 +196
> asn1_get_tagged_int - 196 +196
> mbedtls_mpi_mul_int - 184 +184
> mbedtls_mpi_core_write_be - 184 +184
> mbedtls_pk_verify_restartable - 180 +180
> mbedtls_mpi_mod_mpi - 180 +180
> mbedtls_asn1_get_len - 180 +180
> pk_get_pk_alg.isra - 176 +176
> mbedtls_mpi_core_fill_random - 176 +176
> x509_populate_pubkey - 164 +164
> rsa_verify_wrap - 164 +164
> mbedtls_x509_crt_free - 164 +164
> mbedtls_mpi_core_shift_r - 164 +164
> oid_pk_alg - 160 +160
> mbedtls_ct_zeroize_if - 156 +156
> rsa_encrypt_wrap - 152 +152
> rsa_decrypt_wrap - 152 +152
> mbedtls_mpi_cmp_abs - 152 +152
> add_sub_mpi - 152 +152
> mbedtls_sha512 - 148 +148
> mbedtls_rsa_check_privkey - 148 +148
> mbedtls_mpi_core_shift_l - 148 +148
> mbedtls_x509_get_ext - 144 +144
> mbedtls_mpi_grow - 144 +144
> mbedtls_mpi_core_read_be - 144 +144
> mbedtls_x509_get_serial - 140 +140
> mbedtls_asn1_write_len - 140 +140
> pkcs7_get_one_cert - 136 +136
> mbedtls_x509_crl_free - 136 +136
> mbedtls_rsa_free - 136 +136
> mbedtls_rsa_check_pubkey - 136 +136
> mbedtls_x509_get_key_usage - 128 +128
> mbedtls_asn1_get_bitstring - 128 +128
> do_sha1sum - 128 +128
> do_md5sum - 128 +128
> mbedtls_sha256_starts - 124 +124
> mbedtls_mpi_core_mul - 124 +124
> mbedtls_asn1_get_alg_null - 124 +124
> hash_parse_string - 124 +124
> mbedtls_x509_get_sig - 120 +120
> mbedtls_pkcs7_free - 120 +120
> mbedtls_oid_get_x509_ext_type - 120 +120
> mbedtls_oid_get_pk_alg - 120 +120
> mbedtls_oid_get_md_alg - 120 +120
> mbedtls_oid_get_attr_short_name - 120 +120
> mbedtls_x509_get_subject_alt_name - 116 +116
> asn1_get_sequence_of_cb - 116 +116
> mbedtls_x509_get_sig_alg - 112 +112
> hash_show - 112 +112
> mbedtls_x509_get_ns_cert_type - 108 +108
> mbedtls_mpi_resize_clear - 108 +108
> mbedtls_mpi_lset - 108 +108
> mbedtls_mpi_fill_random - 108 +108
> mbedtls_asn1_get_sequence_of - 108 +108
> mbedtls_mpi_core_get_mont_r2_unsafe - 104 +104
> oid_sig_alg_from_asn1 - 100 +100
> mbedtls_mpi_shift_l - 100 +100
> public_key_verify_signature 312 408 +96
> mbedtls_rsa_info - 96 +96
> mbedtls_pk_setup - 96 +96
> mbedtls_mpi_read_binary - 96 +96
> mbedtls_rsa_check_pub_priv - 92 +92
> mbedtls_mpi_lsb - 92 +92
> mbedtls_asn1_get_bool - 92 +92
> mbedtls_mpi_core_bigendian_to_host - 84 +84
> mbedtls_mpi_core_bitlen - 76 +76
> mbedtls_asn1_get_bitstring_null - 76 +76
> x509_free_mbedtls_ctx.part - 72 +72
> mbedtls_sha1_starts - 72 +72
> mbedtls_mpi_core_cond_assign - 72 +72
> CSWTCH 1266 1338 +72
> x509_populate_dn_name_string - 68 +68
> mbedtls_pk_free - 68 +68
> mbedtls_oid_get_sig_alg - 68 +68
> mbedtls_mpi_free - 68 +68
> mbedtls_mpi_core_sub - 68 +68
> mbedtls_mpi_core_check_zero_ct - 68 +68
> pkcs7_free_signer_info - 64 +64
> pkcs7_free_message 124 188 +64
> mbedtls_oid_get_oid_by_md - 64 +64
> rsa_debug - 60 +60
> mbedtls_mpi_sub_int - 60 +60
> mbedtls_mpi_core_add - 60 +60
> mbedtls_mpi_cmp_int - 60 +60
> mbedtls_mpi_add_int - 60 +60
> mbedtls_md5_starts - 60 +60
> hash_init_sha512 52 112 +60
> hash_init_sha256 52 112 +60
> mbedtls_platform_zeroize - 56 +56
> mbedtls_asn1_get_tag - 56 +56
> _u_boot_list_2_cmd_2_sha1sum - 56 +56
> _u_boot_list_2_cmd_2_md5sum - 56 +56
> rsa_alloc_wrap - 52 +52
> mbedtls_mpi_shift_r - 52 +52
> mbedtls_mpi_core_montmul_init - 52 +52
> mbedtls_mpi_core_from_mont_rep - 52 +52
> mbedtls_mpi_core_clz - 52 +52
> mbedtls_ct_memcmp - 52 +52
> mbedtls_mpi_core_sub_int - 48 +48
> mbedtls_asn1_write_tag - 48 +48
> mbedtls_asn1_sequence_free - 48 +48
> mbedtls_asn1_free_named_data_list_shallow - 48 +48
> mbedtls_rsa_init - 44 +44
> mbedtls_mpi_get_bit - 44 +44
> hash_init_sha1 52 96 +44
> x509_parse2_int - 40 +40
> mbedtls_zeroize_and_free - 40 +40
> mbedtls_rsa_pkcs1_verify - 40 +40
> mbedtls_rsa_pkcs1_sign - 40 +40
> mbedtls_mpi_core_exp_mod_working_limbs - 40 +40
> rsa_free_wrap - 36 +36
> mbedtls_md_info_from_type - 36 +36
> mbedtls_x509_get_alg - 32 +32
> mbedtls_pk_get_type - 28 +28
> mbedtls_mpi_size - 28 +28
> mbedtls_mpi_core_to_mont_rep - 28 +28
> x509_get_timestamp - 24 +24
> mbedtls_x509_free_subject_alt_name - 24 +24
> mbedtls_rsa_pkcs1_encrypt - 20 +20
> mbedtls_rsa_pkcs1_decrypt - 20 +20
> mbedtls_pk_info_from_type - 20 +20
> mbedtls_mpi_write_binary - 20 +20
> mbedtls_md_get_size - 20 +20
> rsa_can_do - 16 +16
> mbedtls_x509_crt_parse_der - 16 +16
> mbedtls_sha512_free - 16 +16
> mbedtls_sha256_free - 16 +16
> mbedtls_sha1_free - 16 +16
> mbedtls_mpi_init - 16 +16
> mbedtls_md5_free - 16 +16
> hash_finish_sha512 72 88 +16
> hash_finish_sha256 72 88 +16
> hash_finish_sha1 72 88 +16
> x509_free_certificate 88 100 +12
> sha512_csum_wd 68 80 +12
> sha256_csum_wd 68 80 +12
> sha1_csum_wd 68 80 +12
> rsa_check_pair_wrap - 12 +12
> md5_wd 68 80 +12
> mbedtls_x509_crt_init - 12 +12
> mbedtls_sha512_init - 12 +12
> mbedtls_sha256_init - 12 +12
> mbedtls_sha1_init - 12 +12
> mbedtls_pkcs7_init - 12 +12
> mbedtls_mpi_bitlen - 12 +12
> mbedtls_md5_init - 12 +12
> mbedtls_asn1_get_int - 12 +12
> rsa_get_bitlen - 8 +8
> mpi_bigendian_to_host - 8 +8
> memset_func - 8 +8
> mbedtls_sha512_info - 8 +8
> mbedtls_sha384_info - 8 +8
> mbedtls_sha256_info - 8 +8
> mbedtls_sha1_info - 8 +8
> mbedtls_rsa_get_len - 8 +8
> mbedtls_rsa_get_bitlen - 8 +8
> mbedtls_pk_verify - 8 +8
> mbedtls_pk_init - 8 +8
> mbedtls_mpi_sub_mpi - 8 +8
> mbedtls_mpi_add_mpi - 8 +8
> mbedtls_md5_info - 8 +8
> mbedtls_ct_zero - 8 +8
> sha512_update 4 8 +4
> sha384_update 4 8 +4
> sha256_update 12 8 -4
> sha1_update 12 8 -4
> rsapubkey_machine 10 - -10
> x509_note_not_before 12 - -12
> x509_note_not_after 12 - -12
> month_lengths 12 - -12
> x509_akid_note_name 16 - -16
> sha256_process 16 - -16
> sha1_process 16 - -16
> rsapubkey_action_table 16 - -16
> pkcs7_sig_note_skid 16 - -16
> pkcs7_sig_note_serial 16 - -16
> pkcs7_sig_note_issuer 16 - -16
> pkcs7_check_content_type 20 - -20
> hash_update_sha512 36 16 -20
> hash_update_sha256 36 16 -20
> hash_update_sha1 36 16 -20
> MD5Init 56 36 -20
> x509_note_serial 24 - -24
> x509_decoder 24 - -24
> x509_akid_decoder 24 - -24
> sha1_starts 60 36 -24
> rsapubkey_decoder 24 - -24
> pkcs7_decoder 24 - -24
> mscode_machine 24 - -24
> mscode_decoder 24 - -24
> mscode_action_table 24 - -24
> x509_note_subject 28 - -28
> x509_note_issuer 28 - -28
> x509_note_tbs_certificate 32 - -32
> pkcs7_note_data 32 - -32
> rsa_get_n 36 - -36
> hash_update_sha384 36 - -36
> x509_note_params 40 - -40
> x509_akid_action_table 40 - -40
> pkcs7_note_content 40 - -40
> asn1_op_lengths 41 - -41
> rsa_get_e 48 - -48
> pkcs7_note_signeddata_version 48 - -48
> pkcs7_note_certificate_list 48 - -48
> hash_init_sha384 52 - -52
> sha384_csum_wd 68 12 -56
> sha256_starts 104 40 -64
> sha256_padding 64 - -64
> sha1_padding 64 - -64
> mscode_note_digest 72 - -72
> hash_finish_sha384 72 - -72
> pkcs7_sig_note_set_of_authattrs 84 - -84
> x509_note_OID 92 - -92
> x509_akid_note_serial 92 - -92
> x509_akid_note_kid 92 - -92
> pkcs7_sig_note_pkey_algo 92 - -92
> x509_akid_machine 93 - -93
> x509_extract_name_segment 96 - -96
> pkcs7_note_signerinfo_version 96 - -96
> pkcs7_sig_note_signature 100 - -100
> x509_action_table 104 - -104
> x509_machine 113 - -113
> x509_extract_key_data 116 - -116
> sha512_finish 152 36 -116
> pkcs7_note_OID 116 - -116
> pkcs7_extract_cert 116 - -116
> sha512_starts 168 40 -128
> sha384_starts 168 40 -128
> mscode_note_content_type 132 - -132
> pkcs7_action_table 136 - -136
> sha384_finish 152 4 -148
> oid_index 150 - -150
> MD5Final 196 44 -152
> sha512_base_do_finalize 160 - -160
> x509_process_extension 168 - -168
> x509_note_signature 172 - -172
> pkcs7_note_signed_info 216 - -216
> sha256_update.part 228 - -228
> pkcs7_machine 239 - -239
> sha1_update.part 240 - -240
> sha512_base_do_update 244 - -244
> pkcs7_sig_note_digest_algo 244 - -244
> look_up_OID 244 - -244
> sprint_oid 260 - -260
> MD5Update 260 - -260
> sha1_finish 300 36 -264
> mscode_note_digest_algo 280 - -280
> oid_search_table 296 - -296
> x509_cert_parse 408 108 -300
> x509_get_sig_params 304 - -304
> pkcs7_sig_note_authenticated_attr 316 - -316
> x509_note_pkey_algo 336 - -336
> sha256_finish 404 36 -368
> sha256_armv8_ce_process 428 - -428
> x509_fabricate_name.isra 460 - -460
> sha1_armv8_ce_process 484 - -484
> oid_data 513 - -513
> sha512_K 640 - -640
> x509_decode_time 672 - -672
> sha512_block_fn 1212 - -1212
> asn1_ber_decoder 1480 - -1480
> MD5Transform 2552 - -2552
> Total: Before=835065, After=873946, chg +4.66%
> ```
>
> Raymond Mao (28):
> CI: Exclude MbedTLS subtree for CONFIG checks
> mbedtls: Add script to update MbedTLS subtree
> mbedtls: add mbedtls into the build system
> arm: EFI linker script text section alignment
> image: remove redundant hash includes
> efi_loader: remove redundant hash includes
> lib: Adapt digest header files to MbedTLS
> md5: Adapt to the changes of md5 header
> mbedtls: add digest shim layer for MbedTLS
> hash: integrate hash on mbedtls
> makefile: add mbedtls include directories
> mbedtls/external: support MicroSoft Authentication Code
Minor nit, Microsoft is spelt with a lower case S so it should be
consistent throughout.
> mbedtls/external: support PKCS9 Authenticate Attributes
> mbedtls/external: support decoding multiple signer's cert
> mbedtls/external: update MbedTLS PKCS7 test suites
> mbedtls: add public key porting layer
> lib/crypto: Adapt public_key header with MbedTLS
> mbedtls: add X509 cert parser porting layer
> lib/crypto: Adapt x509_cert_parser to MbedTLS
> mbedtls: add PKCS7 parser porting layer
> lib/crypto: Adapt PKCS7 parser to MbedTLS
> mbedtls: add MSCode parser porting layer
> lib/crypto: Adapt mscode_parser to MbedTLS
> mbedtls: add RSA helper layer on MbedTLS
> lib/rypto: Adapt rsa_helper to MbedTLS
> asn1_decoder: remove ASN1 decoder when using MbedTLS
> test: Remove ASN1 library test
> configs: enable MbedTLS as default setting
>
> .azure-pipelines.yml | 3 +-
> .gitlab-ci.yml | 3 +-
> Makefile | 13 +
> arch/arm/lib/elf_aarch64_efi.lds | 1 +
> boot/image-fit.c | 4 -
> boot/image.c | 2 -
> common/hash.c | 134 +
> configs/qemu_arm64_defconfig | 5 +
> configs/sandbox_defconfig | 4 +
> drivers/crypto/hash/hash_sw.c | 8 +-
> include/crypto/mscode.h | 4 +
> include/crypto/pkcs7_parser.h | 56 +
> include/crypto/public_key.h | 6 +
> include/crypto/x509_parser.h | 36 +
> include/stdio.h | 1 +
> include/stdlib.h | 1 +
> include/u-boot/md5.h | 17 +-
> include/u-boot/sha1.h | 21 +-
> include/u-boot/sha256.h | 20 +
> include/u-boot/sha512.h | 22 +-
> lib/Kconfig | 4 +
> lib/Makefile | 10 +-
> lib/crypto/Makefile | 12 +-
> lib/crypto/asymmetric_type.c | 2 +-
> lib/crypto/x509_public_key.c | 4 +
> lib/efi_loader/efi_signature.c | 1 -
> lib/efi_loader/efi_tcg2.c | 3 -
> lib/mbedtls/Kconfig | 25 +
> lib/mbedtls/Makefile | 132 +
> .../external/mbedtls/include/mbedtls/oid.h | 35 +
> .../external/mbedtls/include/mbedtls/pkcs7.h | 21 +
> lib/mbedtls/external/mbedtls/library/pkcs7.c | 154 +-
> .../tests/suites/test_suite_pkcs7.data | 4 +-
> lib/mbedtls/mbedtls_def_config.h | 4262 +++++++++++++++++
> lib/mbedtls/md5.c | 68 +
> lib/mbedtls/mscode_parser.c | 111 +
> lib/mbedtls/pkcs7_parser.c | 533 +++
> lib/mbedtls/port/assert.h | 12 +
> lib/mbedtls/port/limits.h | 33 +
> lib/mbedtls/public_key.c | 105 +
> lib/mbedtls/rsa_helper.c | 99 +
> lib/mbedtls/sha1.c | 111 +
> lib/mbedtls/sha256.c | 65 +
> lib/mbedtls/sha512.c | 96 +
> lib/mbedtls/update-mbedtls-subtree.sh | 50 +
> lib/mbedtls/x509_cert_parser.c | 497 ++
> lib/md5.c | 10 +-
> test/Kconfig | 2 +-
> 48 files changed, 6747 insertions(+), 75 deletions(-)
> create mode 100644 lib/mbedtls/Kconfig
> create mode 100644 lib/mbedtls/Makefile
> create mode 100644 lib/mbedtls/mbedtls_def_config.h
> create mode 100644 lib/mbedtls/md5.c
> create mode 100644 lib/mbedtls/mscode_parser.c
> create mode 100644 lib/mbedtls/pkcs7_parser.c
> create mode 100644 lib/mbedtls/port/assert.h
> create mode 100644 lib/mbedtls/port/limits.h
> create mode 100644 lib/mbedtls/public_key.c
> create mode 100644 lib/mbedtls/rsa_helper.c
> create mode 100644 lib/mbedtls/sha1.c
> create mode 100644 lib/mbedtls/sha256.c
> create mode 100644 lib/mbedtls/sha512.c
> create mode 100755 lib/mbedtls/update-mbedtls-subtree.sh
> create mode 100644 lib/mbedtls/x509_cert_parser.c
>
> --
> 2.25.1
>
More information about the U-Boot
mailing list