From a83a05444bc74ea9e4b6042c8c16f535d3c8d3a5 Mon Sep 17 00:00:00 2001 From: Matthias Ringwald Date: Thu, 9 Jun 2016 15:07:53 +0200 Subject: [PATCH] sm: use correct ec test key, reduce memory to 1500 bytes --- 3rd-party/mbedtls/include/mbedtls/config.h | 5 +- src/ble/sm.c | 50 ++++++----- src/ble/sm_mbedtls_allocator.c | 97 +++++++++++++++++++++- 3 files changed, 119 insertions(+), 33 deletions(-) diff --git a/3rd-party/mbedtls/include/mbedtls/config.h b/3rd-party/mbedtls/include/mbedtls/config.h index b26563032..71042dde0 100644 --- a/3rd-party/mbedtls/include/mbedtls/config.h +++ b/3rd-party/mbedtls/include/mbedtls/config.h @@ -37,7 +37,6 @@ // test to force malloc-free version // #undef HAVE_MALLOC -// #define MBEDTLS_CALLOC_TRACKER #ifndef HAVE_MALLOC #define MBEDTLS_PLATFORM_MEMORY @@ -2449,8 +2448,8 @@ void sm_mbedtls_allocator_free(void * data); /* ECP options */ //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ -//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ +#define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ diff --git a/src/ble/sm.c b/src/ble/sm.c index 5fb8dd337..23b44f344 100644 --- a/src/ble/sm.c +++ b/src/ble/sm.c @@ -229,13 +229,8 @@ static uint8_t ec_qx[32]; static uint8_t ec_qy[32]; static uint8_t ec_d[32]; #ifndef HAVE_MALLOC -#ifdef ENABLE_FIXED_LE_EC_KEY -// 232 bytes with 6 allocations -#define MBEDTLS_ALLOC_BUFFER_SIZE (250+6*sizeof(void *)) -#else // 4304 bytes with 73 allocations -#define MBEDTLS_ALLOC_BUFFER_SIZE (4500+73*sizeof(void *)) -#endif +#define MBEDTLS_ALLOC_BUFFER_SIZE (1300+23*sizeof(void *)) static uint8_t mbedtls_memory_buffer[MBEDTLS_ALLOC_BUFFER_SIZE]; #endif #endif @@ -1137,14 +1132,6 @@ static void sm_init_setup(sm_connection_t * sm_conn){ } uint8_t auth_req = sm_auth_req; -#ifdef ENABLE_FIXED_LE_EC_KEY - if (auth_req & SM_AUTHREQ_SECURE_CONNECTION){ - if (!sm_have_ec_keypair){ - log_error("sm: disablling secure connection as key generation disabled but no fixed key provided."); - auth_req &= ~SM_AUTHREQ_SECURE_CONNECTION; - } - } -#endif sm_pairing_packet_set_io_capability(*local_packet, sm_io_capabilities); sm_pairing_packet_set_oob_data_flag(*local_packet, have_oob_data); sm_pairing_packet_set_auth_req(*local_packet, auth_req); @@ -2612,6 +2599,15 @@ static void sm_handle_random_result(uint8_t * data){ mbedtls_ecp_point_free(&P); mbedtls_mpi_free(&d); ec_key_generation_state = EC_KEY_GENERATION_DONE; + +#if 1 + printf("test dhkey check\n"); + sm_key256_t dhkey; + memcpy(setup->sm_peer_qx, ec_qx, 32); + memcpy(setup->sm_peer_qy, ec_qy, 32); + sm_sc_calculate_dhkey(dhkey); +#endif + } } #endif @@ -2728,12 +2724,10 @@ static void sm_event_packet_handler (uint8_t packet_type, uint16_t channel, uint dkg_state = sm_persistent_irk_ready ? DKG_CALC_DHK : DKG_CALC_IRK; rau_state = RAU_IDLE; #ifdef USE_MBEDTLS_FOR_ECDH -#ifndef ENABLE_FIXED_LE_EC_KEY if (!sm_have_ec_keypair){ setup->sm_passkey_bit = 0; ec_key_generation_state = EC_KEY_GENERATION_ACTIVE; } -#endif #endif sm_run(); } @@ -3422,19 +3416,23 @@ void sm_init(void){ #ifdef USE_MBEDTLS_FOR_ECDH ec_key_generation_state = EC_KEY_GENERATION_IDLE; - mbedtls_ecp_group_init(&mbedtls_ec_group); - mbedtls_ecp_group_load(&mbedtls_ec_group, MBEDTLS_ECP_DP_SECP256R1); + #ifndef HAVE_MALLOC sm_mbedtls_allocator_init(mbedtls_memory_buffer, sizeof(mbedtls_memory_buffer)); #endif + mbedtls_ecp_group_init(&mbedtls_ec_group); + mbedtls_ecp_group_load(&mbedtls_ec_group, MBEDTLS_ECP_DP_SECP256R1); #if 0 // test - printf("test dhkey check\n"); - sm_key256_t dhkey; - memcpy(setup->sm_peer_qx, ec_qx, 32); - memcpy(setup->sm_peer_qy, ec_qy, 32); - sm_sc_calculate_dhkey(dhkey); + sm_test_use_fixed_ec_keypair(); + if (sm_have_ec_keypair){ + printf("test dhkey check\n"); + sm_key256_t dhkey; + memcpy(setup->sm_peer_qx, ec_qx, 32); + memcpy(setup->sm_peer_qy, ec_qy, 32); + sm_sc_calculate_dhkey(dhkey); + } #endif #endif } @@ -3453,11 +3451,11 @@ void sm_test_use_fixed_ec_keypair(void){ mbedtls_mpi x; mbedtls_mpi_init(&x); mbedtls_mpi_read_string( &x, 16, "3f49f6d4a3c55f3874c9b3e3d2103f504aff607beb40b7995899b8a6cd3c1abd"); - mbedtls_mpi_write_binary(&x, ec_qx, 16); + mbedtls_mpi_write_binary(&x, ec_d, 32); mbedtls_mpi_read_string( &x, 16, "20b003d2f297be2c5e2c83a7e9f9a5b9eff49111acf4fddbcc0301480e359de6"); - mbedtls_mpi_write_binary(&x, ec_qy, 16); + mbedtls_mpi_write_binary(&x, ec_qx, 32); mbedtls_mpi_read_string( &x, 16, "dc809c49652aeb6d63329abf5a52155c766345c28fed3024741c8ed01589d28b"); - mbedtls_mpi_write_binary(&x, ec_d, 16); + mbedtls_mpi_write_binary(&x, ec_qy, 32); mbedtls_mpi_free(&x); #endif sm_have_ec_keypair = 1; diff --git a/src/ble/sm_mbedtls_allocator.c b/src/ble/sm_mbedtls_allocator.c index 0a33c46e8..1152ddeb1 100644 --- a/src/ble/sm_mbedtls_allocator.c +++ b/src/ble/sm_mbedtls_allocator.c @@ -43,6 +43,7 @@ #include "sm_mbedtls_allocator.h" #include "btstack_util.h" +#include "btstack_debug.h" #ifdef ENABLE_LE_SECURE_CONNECTIONS #ifdef HAVE_HCI_CONTROLLER_DHKEY_SUPPORT @@ -65,6 +66,11 @@ size_t mbed_memory_max; size_t mbed_memory_smallest_buffer = 0xfffffff; int mbed_memory_num_allocations; +#define NUM_SIZES 150 +int current_individual_allocation[NUM_SIZES]; +int max_individual_allocation[NUM_SIZES]; +int max_total_allocation[NUM_SIZES]; + // customized allocator for use with BTstack's Security Manager // assumptions: // - allocations are multiple of 8 @@ -81,6 +87,60 @@ static sm_allocator_node_t * sm_mbedtls_node_for_offset(uint32_t offset){ return (sm_allocator_node_t *) (sm_allocator_buffer + offset); } +static void dump_allocations(void){ + size_t overhead = mbed_memory_num_allocations * sizeof(void*); + printf("SM Per Block - Summary: Allocations %u. Current %lu (+ %zu = %zu used), Max %lu.\n", + mbed_memory_num_allocations, + mbed_memory_allocated_current, overhead, mbed_memory_allocated_current + overhead, + mbed_memory_allocated_max); + int i; + int total = 0; + printf("- current : [ "); + for (i=0;i mbed_memory_space_max) { - mbed_memory_space_max = current_pos + 8; - printf("SM Alloc: space used %zu (%zu data + %u allocations)\n", mbed_memory_space_max, mbed_memory_allocated_current, mbed_memory_num_allocations); + mbed_memory_space_max = current_pos + 8; + printf("SM Alloc: space used %zu (%zu data + %u allocations)\n", mbed_memory_space_max, mbed_memory_allocated_current, mbed_memory_num_allocations); } current_pos = current->next; current = sm_mbedtls_node_for_offset(current_pos); @@ -119,14 +181,35 @@ static inline void sm_mbedtls_allocator_update_max(){ #endif } + + void * sm_mbedtls_allocator_calloc(size_t count, size_t size){ size_t num_bytes = count * size; size_t total = num_bytes + sizeof(void *); mbed_memory_allocated_current += num_bytes; - mbed_memory_allocated_max = btstack_max(mbed_memory_allocated_max, mbed_memory_allocated_current); mbed_memory_smallest_buffer = btstack_min(mbed_memory_smallest_buffer, num_bytes); mbed_memory_num_allocations++; + // printf("SM Alloc %zu bytes\n", num_bytes); + + // if (num_bytes > 1000){ + // printf("big alloc!\n"); + // } + + int index = num_bytes / 8; + current_individual_allocation[index]++; + + if (current_individual_allocation[index] > max_individual_allocation[index]){ + max_individual_allocation[index] = current_individual_allocation[index]; + dump_allocations(); + } + // mbed_memory_allocated_max = btstack_max(mbed_memory_allocated_max, mbed_memory_allocated_current); + if (mbed_memory_allocated_current > mbed_memory_allocated_max){ + memcpy(max_total_allocation, current_individual_allocation, sizeof(max_total_allocation)); + mbed_memory_allocated_max = mbed_memory_allocated_current; + dump_allocations(); + } + uint32_t prev_pos, current_pos, node_pos; sm_allocator_node_t * prev, * current, * node; @@ -204,6 +287,12 @@ void sm_mbedtls_allocator_free(void * data){ size_t num_bytes = total - sizeof(void *); mbed_memory_allocated_current -= num_bytes; mbed_memory_num_allocations--; + + int index = num_bytes / 8; + current_individual_allocation[index]--; + + // printf("SM Free %zu bytes\n", num_bytes); + #ifdef DEBUG_ALLOCATIONS printf("sm_mbedtls_allocator_free: pos %u, total %zu\n", current_pos, total);