MbedTLS: Add software fallback implementation for exp mod

Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.

components/mbedtls/CMakeLists.txt

@@ -149,6 +149,10 @@ if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
     endforeach()
 endif()
 
+if(CONFIG_MBEDTLS_HARDWARE_MPI)
+    target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_mpi_exp_mod")
+endif()
+
 set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls)
 
 # Link mbedtls libraries to component library

components/mbedtls/Kconfig

@@ -827,6 +827,17 @@ menu "mbedTLS"
         help
             Enable the pthread wrapper layer for the threading layer.
 
+    config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
+        bool "Fallback to software implementation for larger MPI values"
+        depends on MBEDTLS_HARDWARE_MPI
+        default y if IDF_TARGET_ESP32C3  # HW max 3072 bits
+        default n
+        help
+            Fallback to software implementation for RSA key lengths
+            larger than SOC_RSA_MAX_BIT_LEN. If this is not active
+            then the ESP will be unable to process keys greater
+            than SOC_RSA_MAX_BIT_LEN.
+
     menuconfig MBEDTLS_SECURITY_RISKS
         bool "Show configurations with potential security risks"
         default n

components/mbedtls/component.mk

@@ -62,7 +62,6 @@ COMPONENT_EMBED_FILES := $(X509_CERTIFICATE_BUNDLE)
 endif
 
 ifdef CONFIG_MBEDTLS_DYNAMIC_BUFFER
-
 WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \
                  mbedtls_ssl_handshake_server_step \
                  mbedtls_ssl_read \
@@ -73,10 +72,14 @@ WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \
                  mbedtls_ssl_send_alert_message \
                  mbedtls_ssl_close_notify
 
-WRAP_ARGUMENT := -Wl,--wrap=
-
-COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS))
-
 COMPONENT_SRCDIRS += port/dynamic
+endif
+
+ifdef CONFIG_MBEDTLS_HARDWARE_MPI
+WRAP_FUNCTIONS += mbedtls_mpi_exp_mod
+endif
 
+ifneq ($(origin WRAP_FUNCTIONS),undefined)
+WRAP_ARGUMENT := -Wl,--wrap=
+COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS))
 endif

components/mbedtls/port/esp_bignum.c

@@ -67,7 +67,9 @@ static inline size_t bits_to_words(size_t bits)
 /* Return the number of words actually used to represent an mpi
    number.
 */
-#if defined(MBEDTLS_MPI_EXP_MOD_ALT)
+int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv );
+extern int __real_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv );
+
 static size_t mpi_words(const mbedtls_mpi *mpi)
 {
     for (size_t i = mpi->n; i > 0; i--) {
@@ -78,7 +80,6 @@ static size_t mpi_words(const mbedtls_mpi *mpi)
     return 0;
 }
 
-#endif //MBEDTLS_MPI_EXP_MOD_ALT
 
 /**
  *
@@ -181,8 +182,6 @@ cleanup:
     return ret;
 }
 
-#if defined(MBEDTLS_MPI_EXP_MOD_ALT)
-
 #ifdef ESP_MPI_USE_MONT_EXP
 /*
  * Return the most significant one-bit.
@@ -273,7 +272,7 @@ cleanup2:
  * (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv)
  *
  */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv )
+int __wrap_mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, mbedtls_mpi *_Rinv )
 {
     int ret = 0;
     size_t x_words = mpi_words(X);
@@ -303,7 +302,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
     }
 
     if (num_words * 32 > SOC_RSA_MAX_BIT_LEN) {
+#ifdef CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI
+        return __real_mbedtls_mpi_exp_mod(Z, X, Y, M, _Rinv);
+#else
         return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+#endif
     }
 
     /* Determine RR pointer, either _RR for cached value
@@ -352,10 +355,6 @@ cleanup:
     return ret;
 }
 
-#endif /* MBEDTLS_MPI_EXP_MOD_ALT */
-
-
-
 #if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */
 
 static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words);

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -144,15 +144,15 @@
 #undef MBEDTLS_SHA512_ALT
 #endif
 
-/* The following MPI (bignum) functions have ESP32 hardware support,
-   Uncommenting these macros will use the hardware-accelerated
-   implementations.
+/* The following MPI (bignum) functions have ESP32 hardware support.
+   For exponential mod, both software and hardware implementation
+   will be compiled. If CONFIG_MBEDTLS_HARDWARE_MPI is enabled, mod APIs
+   will be wrapped to use hardware implementation.
 */
+#undef MBEDTLS_MPI_EXP_MOD_ALT
 #ifdef CONFIG_MBEDTLS_HARDWARE_MPI
-#define MBEDTLS_MPI_EXP_MOD_ALT
 #define MBEDTLS_MPI_MUL_MPI_ALT
 #else
-#undef MBEDTLS_MPI_EXP_MOD_ALT
 #undef MBEDTLS_MPI_MUL_MPI_ALT
 #endif