Topics

mbedtls and memory allocator


Tomasz Bursztyka
 

Hi,

I sent a draft for a mbedtls shim crypto device driver, so it exposes CCM operations (for now)
through Crypto API.

Patch is here:

https://gerrit.zephyrproject.org/r/#/c/13227/

While running the cryto sample on top of it, I get a mbedtls memory allocation error
when calling mbedtls_ccm_setkey().

Looking quickly at mbdetls code, it seems to want to allocate some space for the chosen
cipher (AES here) and obviously fails because there is no calloc in Zephyr, and instead
mbedtls is built to return NULL from a default built-in memory allocator.

I used ext/lib/crypto/mbedtls/configs/config-ccm-psk-tls1_2.h
That one is being used in, for instance, samples/net/mbedtls_sslclient. And AES and CCM
could be used there, I wonder how it is supposed to work if it has the same issue.

So, before I dive deeper into mbedtls myself:

How is mbedtls supposed to be configured to get AES CCM working without any dynamic memory allocator?

If by any chance someone has already worked with mbedtls, it will be of great help to give me hints.

Thanks,

Tomasz


Rodriguez, Sergio SF <sergio.sf.rodriguez@...>
 

Hi Tomasz

Mbedtls has his own allocator, version of calloc to enable it, you need the a configuration file that enables the compilation of that feature

Namely

#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS

You can see an example in

ext/lib/crypto/mbedtls/configs/config-threadnet.h


if you need an specific configuration file this is where you will put it , and add to your prj.conf

CONFIG_MBEDTLS_CFG_FILE="config-file.h"

now as a reference how to enable you can take a look to

samples/net/mbedtls_dtlsclient

in the file dtls_client.c look for

#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
static unsigned char heap[20480];
#endif

There a heap is statically created and eventually you have to assign the heap with the function

#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(heap, sizeof(heap));
#endif


For that point on mbedtls will use its own memory allocator

Let me know if this helps
Sergio

-----Original Message-----
From: zephyr-devel-bounces@lists.zephyrproject.org [mailto:zephyr-devel-bounces@lists.zephyrproject.org] On Behalf Of Tomasz Bursztyka
Sent: Thursday, April 27, 2017 3:56 AM
To: devel@lists.zephyrproject.org
Subject: [Zephyr-devel] mbedtls and memory allocator

Hi,

I sent a draft for a mbedtls shim crypto device driver, so it exposes CCM operations (for now) through Crypto API.

Patch is here:

https://gerrit.zephyrproject.org/r/#/c/13227/

While running the cryto sample on top of it, I get a mbedtls memory allocation error when calling mbedtls_ccm_setkey().

Looking quickly at mbdetls code, it seems to want to allocate some space for the chosen cipher (AES here) and obviously fails because there is no calloc in Zephyr, and instead mbedtls is built to return NULL from a default built-in memory allocator.

I used ext/lib/crypto/mbedtls/configs/config-ccm-psk-tls1_2.h
That one is being used in, for instance, samples/net/mbedtls_sslclient. And AES and CCM could be used there, I wonder how it is supposed to work if it has the same issue.

So, before I dive deeper into mbedtls myself:

How is mbedtls supposed to be configured to get AES CCM working without any dynamic memory allocator?

If by any chance someone has already worked with mbedtls, it will be of great help to give me hints.

Thanks,

Tomasz

_______________________________________________
Zephyr-devel mailing list
Zephyr-devel@lists.zephyrproject.org
https://lists.zephyrproject.org/mailman/listinfo/zephyr-devel


Tomasz Bursztyka
 

Hi Sergio,

now as a reference how to enable you can take a look to

samples/net/mbedtls_dtlsclient

in the file dtls_client.c look for

#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
static unsigned char heap[20480];
#endif

There a heap is statically created and eventually you have to assign the heap with the function

#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(heap, sizeof(heap));
#endif


For that point on mbedtls will use its own memory allocator

Let me know if this helps
Indeed, that I could not guess it from mbedtls includes.

That helps a lot! :)

Thank you

Tomasz