In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.
This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).
This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
peripheral enable/disable usually should be managed by driver itself,
so make it as espressif private APIs, not recommended for user to use it
in application code.
However, if user want to re-write the driver or ports to other platform,
this is still possible by including the header in this way:
"esp_private/peripheral_ctrl.h"
Using these ciphers can constitute a security risk if the server
uses a weak prime for the key exchange.
Footprint impact:
Roughly 3K saved in text+rodata in default https_request example
Driver was using the channel ID from tx when reseting rx.
But since rx and tx is not necessarily from the same pair this could lead
to the driver reseting the wrong DMA channel.
Updates the following with changes from verification branches:
* esp_rom linker files
* rtc_cntl and system reg and struct headers
Also updates:
* GDMA driver with new register layout
* esptool submodule commit
Building mbedtls with CMake would warn that:
"A private source from a directory other than that of target "mbedcrypto
has a relative path"
This happened due to some of the CMake variables listing sources could be empty.
Changed to only use target_sources in the code-path where we set the sources,
so we only call target_sources will non-empty variables.
Closes https://github.com/espressif/esp-idf/issues/6767
This commit add following crypto changes
1. Update current crypto code with upstream supplicant code
2. Add a proper porting layer to use mbedtls APIs for all the crypto
operations used by supplicant.
Internal crypto will be used when USE_MBEDLTS flag is disabled
in supplicant's menuconfig.
This commit also removes the clutter in crypto files due to partial
porting of some APIs to mbedtls, all the code from those files have
been removed and rewritten in a generic way, this is inspired from
current upstream code.
This also reduces the lib size significantly, supplicant's lib
size reduces around ~567kb after this change(NB: lib size doesn't
indicate reduction in final bin size).
Removed the old dynamically allocated GDMA channel approach.
It proved too unreliable as we couldn't not ensure consumers of the mbedtls
would properly free the channels after use.
Replaced by a single shared GDMA channel for AES and SHA, which won't be
released unless user specifically calls API for releasing it.
MbedTLS: Add software fallback for Modular Exponentiation for larger bignum operations
Closes WIFI-3257 and IDFGH-132
See merge request espressif/esp-idf!11928
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.
Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
There is no ccomp timer on C3, which means our performance tests will start
failing again due to variance caused by cache misses.
This MR adds TEST_PERFORMANCE_CCOMP_ macro that will only fail
performance test if CCOMP timer is supported on the target
RX process caches the session information in "ssl->in_ctr" not in "ssl->in_buf".
So when freeing the SSL, can't free the "ssl->in_ctr", because the "ssl->in_buf"
is empty.
Make the RX process like TX process, and cache the session information in
"ssl->in_buf", so that the cache buffer can be freed when freeing the SSL.
Closes https://github.com/espressif/esp-idf/issues/6104
DMA process didnt wait for idle before returning.
This meant that there was a potential for the dma
descriptors which were on the stack to be reclaimed
before the DMA operation finished.
Note: besides the esp-netif component, this commit also disables
net_sockets.c from mbedtls, which is one of the base components and uses BSD API (not specifically lwIP). This might be refactored to use CONFIG_SUPPORT_BSD_API instead of CONFIG_ESP_NETIF_TCPIP_LWIP
in the future.
It also disables smartconfig_ack.c and wifi_init.c from esp_wifi
component for referencing some lwIP config options (smartconfig_ack.c changes might be also
updated to check CONFIG_SUPPORT_BSD_API)
Merges https://github.com/espressif/esp-idf/pull/5856
* changing dependencies from unity->cmock
* added component.mk and Makefile.projbuild
* ignore test dir in gen_esp_err_to_name.py
* added some brief introduction of CMock in IDF
Fixed MBEDTLS_SSL_PROTO_TLS1_1 still being defined even ifCONFIG_MBEDTLS_SSL_PROTO_TLS1_1 is not
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Merges https://github.com/espressif/esp-idf/pull/5675
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl
Closes https://github.com/espressif/esp-idf/issues/4432
When compiling esp_crt_bundle.c, it would end up with a different struct layout due
to configuration options from "mbedtls/esp_config.h" not being considered.
This lead to ca_chain potentially not being set correctly.
* Add options to mbedtls for hardware acceleration
* Disable mbedtls EC curves if hardware acceleration is selected
since the hardware will have to define the curves supported
* Add a hardware ecdsa example
Earlier check was for only input buffer but it is quite likely to have
output buffer also from non-DMA memory range and hence requirement to
reallocate and then copy data from AES engine.
Updated S2 hardware accelerated crypto to use the cache compensated timer.
Re-enabled RSA performance test and set lower targets now that results are more stable
Closes: IDF-1174
The GCM hardware accelerated algorithm for S2 would sometimes output
the wrong tag.
Added additional tests for AES and GCM
Re-enable HW GCM as default option
Adds the ESP certificate bundle feature that enables users to bundle a
root certificate bundle together with their application.
Default bundle includes all Mozilla root certificates
Closes IDF-296
Configurable option to use IRAM as byte accessible memory (in single core mode) using
load-store (non-word aligned and non-word size IRAM access specific) exception handlers.
This allows to use IRAM for use-cases where certain performance penalty
(upto 170 cpu cycles per load or store operation) is acceptable. Additional configuration
option has been provided to redirect mbedTLS specific in-out content length buffers to
IRAM (in single core mode), allows to save 20KB per TLS connection.
this issue is mainly exposed when using larger (4096) client key in TLS mutual auth,
since it uses multiplications > 2048 when mbedtls_mpi_mul_mpi is used in recursion,
which works only if both operands point to different location than result since
mpi_mult_mpi_overlong() called mbedtls_mpi_grow() to reallocate buffers used in previous
pointer arithmetics and thus corrupting it. Fixed by growing the mpi buffer before
calling mpi_mult_mpi_overlong()
DISABLED_FOR_TARGETS macros are used
Partly revert "ci: disable unavailable tests for esp32s2beta"
This partly reverts commit 76a3a5fb48.
Partly revert "ci: disable UTs for esp32s2beta without runners"
This partly reverts commit eb158e9a22.
Partly revert "fix unit test and examples for s2beta"
This partly reverts commit 9baa7826be.
Partly revert "efuse: Add support for esp32s2beta"
This partly reverts commit db84ba868c.
Activated AES, RSA and SHA hardware acceleration for esp32s2 and enabled related unit tests.
Updated with changes made for ESP32 from 0a04034, 961f59f and caea288.
Added performance targets for esp32s2beta
Closes IDF-757
It gave us a better performance of RSA operations. (2~11 times)
The old modexp implementation (Z = X ^ Y mod M) loaded all the data into
the hw registers and was waiting for completion, but due to
the hardware RSA implementation, the calculations always started with 4096 bit,
which took a lot of time.
Measurement results (measurements were made for keys: 2048, 3072 and 4096 bits)
(Old) - Sliding-window exponentiation (HAC 14.85):
keysize = 2048 bits
RSA key operation (performance): public [93206 us], private [280189 us]
keysize = 3072 bits
RSA key operation (performance): public [293614 us], private [858157 us]
keysize = 4096 bits
RSA key operation (performance): public [653192 us], private [1912126 us]
Instead (Old) - Sliding-window exponentiation (HAC 14.85) was implemented
(New) - Montgomery exponentiation (HAC 14.94) which showed
better performance on private and public keys.
keysize = 2048 bits
RSA key operation (performance): public [14504 us], private [149456 us]
keysize = 3072 bits
RSA key operation (performance): public [35073 us], private [392743 us]
keysize = 4096 bits
RSA key operation (performance): public [58650 us], private [787186 us]
For this reason, the old implementation was removed
and the MBEDTLS_HARDWARE_MPI option was turned on by default.
Why the MPI_INTERRUPT option is removed:
the old implementation used calculations on the hardware and
it took a lot of time (10ms - 500ms). And in order not to stand idle
while waiting for completion, an interrupt option was added.
This made it possible to carry out other tasks during the calculation,
and this one to block. The new method is free from such a drawback and
the maximum duration of one RSA HW operation does not exceed 70us (usually 2-70 μs).
This option is no longer needed.
Closes: IDF-965
Basically, in the portability layer, it is checked if the socket is
NON-block, and if not, then even the EAGAIN and EWOULDBLOCK errors are
diverted to a RECV error. This causes a problem for sockets with
receive timeouts set. When such a timeout is set, the condition for
NON_BLOCK isn't met and hence a hard error is returned.
Searching for EAGAIN and EWOULDBLOCK in lwip returns only 3 results
(accept, recvfrom, close) and all of them look to be genuine cases for
EWOULDBLOCK. So removing this check to make receive timeout with TLS
work.
- Additional menuconfig option to select either mbedTLS or Tinycrypt from NimBLE.
- Addition of `CMAC` and `ECP_RESTARTABLE` to mbedTLS menuconfig option and
`esp_config.h`.
- Changes NimBLE `component.mk` and `CMakeLists.txt` to support mbedTLS option.
- Minor changes to `app_mesh.c` application.
As per upgrade notes of lwIP v2.1.0:
socket API: according to the standard, SO_ERROR now only returns asynchronous errors.
All other/normal/synchronous errors are (and always were) available via 'errno'.
LWIP_SOCKET_SET_ERRNO has been removed - 'errno' is always set - and required!
Refer: https://www.nongnu.org/lwip/2_1_x/upgrading.html
Fixes https://github.com/espressif/esp-azure/issues/51
This update supports DTLS, TLS is a future TODO
components/coap/CMakeLists.txt:
components/coap/component.mk:
Add in the new files that have to be built
Replace libcoap/src/coap_notls.c with libcoap/src/coap_mbedtls.c
components/coap/libcoap:
Update the version to include the current version for supporting MbedTLS
components/coap/port/coap_debug.c:
components/coap/port/coap_mbedtls.c:
components/coap/port/include/coap/coap_dtls.h:
New port files for DTLS
components/coap/port/include/coap_config_posix.h:
Include building with MbedTLS
examples/protocols/coap_client/README.md:
examples/protocols/coap_client/main/CMakeLists.txt:
examples/protocols/coap_client/main/Kconfig.projbuild:
examples/protocols/coap_client/main/coap_client_example_main.c:
examples/protocols/coap_client/main/component.mk:
Update CoAP client to support DTLS
examples/protocols/coap_client/main/coap_ca.pem
examples/protocols/coap_client/main/coap_client.crt
examples/protocols/coap_client/main/coap_client.key
New PKI Certs for CoAP client (copied from wpa2_enterprise example)
examples/protocols/coap_server/README.md:
examples/protocols/coap_server/main/CMakeLists.txt:
examples/protocols/coap_server/main/Kconfig.projbuild:
examples/protocols/coap_server/main/coap_server_example_main.c:
examples/protocols/coap_server/main/component.mk:
Update CoAP server to support DTLS
Change "no data" to "Hello World!" to prevent confusion
examples/protocols/coap_server/main/coap_ca.pem
examples/protocols/coap_server/main/coap_server.crt
examples/protocols/coap_server/main/coap_server.key
New PKI Certs for CoAP server (copied from wpa2_enterprise example)
Closes https://github.com/espressif/esp-idf/pull/3345
Closes https://github.com/espressif/esp-idf/issues/1379
!4452 used setting LINK_LIBRARIES and INTERFACE_LINK_LIBRARIES to link
components built under ESP-IDF build system. However, LINK_LIBRARIES does
not produce behavior same as linking PRIVATE. This MR uses the new
signature for target_link_libraries directly instead. This also moves
setting dependencies during component registration rather than after all
components have been processed.
The consequence is that internally, components have to use the new
signature form as well. This does not affect linking the components to
external targets, such as with idf_as_lib example. This only affects
linking additional libraries to ESP-IDF libraries outside component processing (after
idf_build_process), which is not even possible for CMake<v3.13 as
target_link_libraries is not valid for targets not created in current
directory. See https://cmake.org/cmake/help/v3.13/policy/CMP0079.html#policy:CMP0079
Since !4452 the common component requirements automatically get
privately linked to libraries built under ESP-IDF build system (this
includes targets from third-party libraries). This removes a variable
that was used for that purpose before !4452.
Since the internal target names were changed, the compile definition for
warning on using deprecated functions is not being passed. Since using
the internal name is unreliable, prefer passing this compile definition
from the test itself.
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .
Cleaned up header files from unnecessary headers (releated to soc/... headers).
Hardware AES-CBC performance changes:
Release config 11.0MB/sec -> 10.8MB/sec
Debug config 9.4MB/sec -> 9.8MB/sec
(Unrolling the loop to optimize the check improves
performance at -Og, even with the fault check.)
This MR removes the common dependency from every IDF components to the SOC component.
Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.
In CMAKE, we have two kinds of header visibilities (set by include path visibility):
(Assume component A --(depends on)--> B, B is the current component)
1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)
and we have two kinds of depending ways:
(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)
1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)
1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)
This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:
- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h
The major broken include chain includes:
1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h
some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h
BREAKING CHANGE
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
Previously, hardware SHA engine "locks" were mutex semaphores. This meant that the task which
started a particular SHA session (in hardware) needed to finalise that session, or an invalid
FreeRTOS state was created.
Replace with binary semaphore which can be shared between tasks.
Includes a unit test, but unit test doesn't crash even without this fix
(some other unknown condition is required).
New unity component can be used for testing other applications.
Upstream version of Unity is included as a submodule.
Utilities specific to ESP-IDF unit tests (partitions, leak checking
setup/teardown functions, etc) are kept only in unit-test-app.
Kconfig options are added to allow disabling certain Unity features.
This commit resolves a blocking in esp_aes_block function.
Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.
Fix some related issue with shared using of AES SHA RSA accelerators.
Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
Avoids growing the result of hardware bignum operations
(particularly for multiplication)
Fixes bugs where some Elliptic Curve operations fail or corrupt memory,
as they assume length of the number is never greater than the number of
non-zero limbs.
Includes some general refactoring to standardize terminology.
Closes https://github.com/espressif/esp-idf/issues/1556
Fixes TW12984
Adds test cases for both these issues.
When two CPUs read the area of the DPORT and the area of the APB, the result is corrupted for the CPU that read the APB area.
And another CPU has valid data.
The method of eliminating this error.
Before reading the registers of the DPORT, make a preliminary reading of the APB register.
In this case, the joint access of the two CPUs to the registers of the APB and the DPORT is successful.
ALT header files for sha1, sha256, sha512 are only supposed to declare
mbedtls_sha1_context data structure. Function prototypes should come
from original header files.