Rework crypto in fw: mbedtls / standalone AES / bearssl ?

[doegox]

trafficstars

[doegox]

@iceman1001 Any reason why mbedtls is in common/ ? I though common/ is for common stuff between bootrom & armsrc while mbedtls is used only in client.

[iceman1001]

Ask piwi? he did a lot of these shuffle around.
I totally agree common is suppose to be code that is shared with client/device. However I think the mbedtls is also possible to compile and make use add support for cryptos on deviceside and that would be the cause to its relocation to common.

It would be nice to have 3des / aes / des on deviceside for DesFire implementation etc.

[doegox]

Today:

• common: code used only in armsrc & bootrom and not client (I think)
• common/mbedtls: code used only in client

For AES/DES in pm3, mbedtls would be very much overkill, we can drop just small AES/DES implems for pm3

[iceman1001]

the thing is we had small des/aes implements but they where dropped in order to use mbedtls. Luckily you don't have to compile the whole mbedtls just for AES or single crypton, you can compile those that is needed with few extras. So I see no need to drop this to go back to custom crypto implementations on deviceside.

[doegox]

ok we'll see when the first one will make the effort of compiling mbedtls in armsrc... BTW this will very probably require two different common/mbedtls/config.h for client & pm3

[slurdge]

There's still a duplicated aes.c file right now. I would believe to migrate everything to mbedtls or bearssl would be a benefit in the future. Since mbedtls is already in, we could try to remove the other aes.c file. Especially since it takes ~5KB just for AES tables.

[iceman1001]

well, no problem removing stuff but make sure that there is no standalone, or other code using it... then make sure mbedtls is working...

[iceman1001]

hey... arent' we using mbedtls now on arm and client?!?