- Add ECDSA peripheral chapter and instructions to program efuse key block
- Update security guide for ECDSA peripheral mention for device identity
- Link with ESP-TLS guide about using ECDSA peripheral in TLS connection
For ESP32-H2 case, the hardware k mode is always enforced through
efuse settings (done in startup code).
For ESP32-P4 case, the software k mode is not supported in the peripheral
itself and code was redundant.
Cert bundle is periodically updated with the upstream Mozilla's NSS
root cert store. Retracted certs are moved to deprecated list now and
an additional config allows to include them in the default bundle. New
config is kept default disabled but can be enabled if one would like
to ensure 100% compatibility w.r.t. cert bundle across IDF minor or
patch releases. In IDF major release the deprecated list shall be reset.
Set max TLS version in the SSL context during setup phase. Dynamic
buffer feature overrides the `mbedtls_ssl_setup` API and hence
this change is required per upstream 3.5.0 codebase change.
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.
Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
Updates config to define the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY
option, which replaced the previously used
MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be
used as the new one exceeds the maximum length for an option name in
esp-idf.
See https://github.com/Mbed-TLS/mbedtls/pull/4490 for more information.
Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
For certain data lengths, the last input descriptor was not getting appended
correctly and hence the EOF flag in the DMA descriptor link list was
set at incorrect location. This was resulting in the peripheral being
stalled expecting more data and eventually the code used to timeout
waiting for the AES completion interrupt.
Required configs for this issue:
CONFIG_MBEDTLS_HARDWARE_AES
CONFIG_SOC_AES_SUPPORT_DMA
This observation is similar to the issue reported in:
https://github.com/espressif/esp-idf/issues/10647
To recreate this issue, start the AES-GCM DMA operation with data length
12280 bytes and this should stall the operation forever.
In this fix, we are tracing the entire descriptor list and then appending the
extra bytes descriptor at correct position (as the last node).
DMA operation completion must wait until the last DMA descriptor
ownership has been changed to hardware, that is hardware is completed
the write operation for entire data. Earlier for the hardware GCM case,
the first DMA descriptor was checked and it could have resulted in some
race condition for non interrupt (MBEDTLS_AES_USE_INTERRUPT disabled) case.
SHA hardware DMA mode calculation had off-by-one error for specific
input lengths. This was causing last chunk of the input data not being
fed to the hardware accelerator and hence resulting in an incorrect
final result.
Closes: https://github.com/espressif/esp-idf/issues/11915
- Earlier, some intermediate return values were not stored and returned,
thus incorrect return values used to get transmitted to the upper layer of APIs.
- Also, zeroised the output buffer in case of error condition.
Fix build issue in mbedTLS dynamic buffer feature with
`CONFIG_MBEDTLS_DHM_C` enabled case. Also added a build
configuration for the test coverage.
Closes https://github.com/espressif/esp-idf/issues/11770
fix: mbedtls_ecdsa_can_do was not being defined when ECDSA_SIGN_ALT is defined but ECDSA_VERIFY_ALT is not defined causing mbedtls_ecdsa_verify_restartable to always fail.
feature: initial version of the sbom.yml file
The number of the DMA descriptors allocated for certain length (e.g.,
8176) were not sufficient (off by 1 error). This used to result in the
dynamic memory corruption as the region was modified beyond the
allocated range.
This change fixes the DMA descriptor calculation part and allocates
sufficient DMA descriptors based on the data length alignment considerations.
Test has also been added to cover the specific scenario in the CI.
Closes https://github.com/espressif/esp-idf/issues/11310
ADDITIONAL_MAKE_CLEAN_FILES is deprecated and only worked with make.
Replaced with the new ADDITIONAL_CLEAN_FILES (CMake 3.15) which also works with ninja.
- While updating to mbedtls release/v3.4.0, building mbedtls/library/psa_crypto.c,
clang produced an unreachable-code warning, so added `-Wno-unreachable-code` compile option for clang.
- In `mbedtls/v3.4.0`, the ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
only when `MBEDTLS_ECDSA_SIGN_ALT` was not defined.
- added a patch in mbedtls library to fix it.
- For esp32-c2, the `CONFIG_NEWLIB_NANO_FORMAT` is enabled by
default which does not allow printing `int64_t` values
- Copied these values to a `uint32_t` variable for printing
them properly
- Use DPORT_WRITE_REG (volatile writes) wrappers to write to the
MPI peripheral
- Updated the previous workaround added for the same issue as it
was failing in some long runs and with `COMPILER_OPTIMIZATION_PERF`
enabled.
- The test performance numbers had to be updated due to the
performance penalty introduced by this fix.
Closes https://github.com/espressif/esp-idf/issues/10403
- GCM operation in mbedtls used ECB, which calculated only 16 bytes of data each time.
- Therefore, when processing a large amount of data, it is necessary to frequently set hardware acceleration calculations,
- which could not make good use of the AES DMA function to improve efficiency.
- Hence, GCM implementation is replaced with CTR-based calculation which utilizes AES DMA to improve efficiency.
All the partition handling API functions and data-types were moved from the 'spi_flash' component to the new one named 'esp_partition'. See Storage 5.x migration guide for more details
This fix adds a workaround to disable compiler optimization flag "-ftree-loop-distribute-patterns"
for `mpi_to_mem_block` routine. It was observed that compiler with release configuration was falling
back to `memset` call from ROM library causing an issue in correctly zero initializing MPI peripheral
block.
Please see following linked issue for more discussion and context on this issue.
Closes https://github.com/espressif/esp-idf/issues/8710
Closes https://github.com/espressif/esp-idf/issues/9371
Closes https://github.com/espressif/esp-idf/issues/9256
Closes IDFGH-7102
Closes IDFGH-7842
Closes IDFGH-7714
Closes IDFCI-1452
Closes IDF-6029
Before `test_apps` migration, we had an independent release config,
but we can safely enable it in the default configuration for ESP32
target itself. This helps to catch any potential issues that may
occur in relevant tests because of compiler optimization flags.
- While checking if ciphersuite uses RSA key exchange methods,
the APIs `mbedtls_ssl_get_ciphersuite_id_from_ssl` and
`mbedtls_ssl_ciphersuite_from_id` were used to get the ciphersuite
info.
- However, this is incorrect as we need the ciphersuite info from the
handshake instance and not the ssl_session instance.
ESP32-C2 has a single group timer, thus it will use it for the interrupt watchdog,
which is more critical than the task watchdog. The latter is implement in
software thanks to the `esp_timer`component.
