Commit Graph

66 Commits

Author SHA1 Message Date
Mahavir Jain
b3d3f74a67 esp_crt_bundle: Fix build problems if MBEDTLS_CERTIFICATE_BUNDLE is disabled
Exclude source and include file from build list if certificate bundle feature
is disabled.

Closes https://github.com/espressif/esp-idf/issues/8714
Closes IDFGH-7106
2022-04-06 05:10:43 +00:00
Mahavir Jain
3af2d15216 mbedtls: Fix build failures for ESP32-C2 with hardware SHA
Clean support for SHA peripheral will appear with IDF-3830
2022-03-22 02:06:30 +00:00
Mahavir Jain
0621a6f513 mbedtls: use soc capability macros in build CMakeLists 2022-03-22 02:06:30 +00:00
Mahavir Jain
5f646b1d43 mbedtls: move locally managed root certificates to separate file
Purpose:
This will allow for easily automating periodic updates to
"cacrt_all.pem" file.

Note:
For now newly created "cacrt_local.pem" contains single "DST Root CA X3"
which we are keeping to manage compatibility with endpoints like
"howsmyssl.com". Please note this Root CA is expired and is not part of
Mozilla’s NSS root certificate store.
2022-03-21 22:39:24 +05:30
Aditya Patwardhan
f31d8dd295 mbedtls: Remove certs.c and certs.h from port directory 2022-03-15 17:16:07 +05:30
Sachin Parekh
32a6550e87 mbedtls: Added ECC hardware accelerator support on ESP32C2
ESP32C2 has a ECC hardware accelerator capable of performing point
multiplication and point verification with a significant performance
boost
2022-03-08 14:05:23 +00:00
Ivan Grokhotkov
c19203be0e
mbedtls: disable files generation, specify Python interpreter to use
When GEN_FILES is enabled, Perl interpreter should be available. There
is a check in mbedTLS that disables GEN_FILES on Windows (where Perl
is not available by default) but it is broken for recent CMake
versions.

Also set Python interpreter to the one IDF uses, just to avoid calling
into some other Python version which CMake might manage to find.
2022-03-03 15:56:15 +01:00
Aditya Patwardhan
8111286668 Add entropy_poll.h in port directory 2022-03-03 01:37:10 +05:30
Laukik Hase
3925365351 ci: Fix pre-check stage failing tests
- Updated license headers
- Re-enabled public headers and static analysis checks
- Fix public header file check failure

Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
0483bfbbfe Initial Changes for updating mbedtls to v3.0 2022-03-03 01:37:09 +05:30
Mahavir Jain
c097e6bcab mbedtls: fix hardware MPI (bignum) related regression
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
2021-11-29 15:13:05 +08:00
Li Jingyi
b8892137f5 mbedtls: Add CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 for support GMSSL component
The configure will be enabled for GMSSL component and disabled as default because of it doesn't provide by IDF project.
2021-07-28 19:54:58 +08:00
Renz Bagaporo
7c22cccb9c esp32: cleanup build script 2021-07-16 20:14:27 +08:00
Marius Vikhammer
01664923f6 mbedtls: fixed CMake build warning
Building mbedtls with CMake would warn that:

"A private source from a directory other than that of target "mbedcrypto
 has a relative path"

This happened due to some of the CMake variables listing sources could be empty.

Changed to only use target_sources in the code-path where we set the sources,
so we only call target_sources will non-empty variables.

Closes https://github.com/espressif/esp-idf/issues/6767
2021-05-17 17:15:38 +08:00
liuhan
e87c64dc44 mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS 2021-04-14 06:42:13 +00:00
Marius Vikhammer
fe71a8e340 aes/sha: use a shared lazy allocated GDMA channel for AES and SHA
Removed the old dynamically allocated GDMA channel approach.
It proved too unreliable as we couldn't not ensure consumers of the mbedtls
would properly free the channels after use.

Replaced by a single shared GDMA channel for AES and SHA, which won't be
released unless user specifically calls API for releasing it.
2021-03-09 09:23:05 +08:00
Marius Vikhammer
04df1f3a42 CI: enable example builds for C3
Enables building C3 examples in CI.

Fixes related warnings/errors and disables examples that cannot run.
2021-02-09 12:04:02 +08:00
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Jiang Jiang Jian
ea79091725 Merge branch 'bugfix/esp32c3_wpa4096_cert_support' into 'master'
MbedTLS: Add software fallback for Modular Exponentiation for larger bignum operations

Closes WIFI-3257 and IDFGH-132

See merge request espressif/esp-idf!11928
2021-01-21 12:45:19 +08:00
Marius Vikhammer
51169b0e0c AES/SHA: use GDMA driver instead of LL 2021-01-19 11:02:51 +08:00
kapil.gupta
de22f3a4e5 MbedTLS: Add software fallback implementation for exp mod
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
2021-01-18 18:47:51 +05:30
Marius Vikhammer
457ce080ae AES: refactor and add HAL layer
Refactor the AES driver and add HAL, LL and caps.

Add better support for running AES-GCM fully in hardware.
2020-12-10 09:04:47 +00:00
Marius Vikhammer
949fb8e63a SHA: add HAL layer and refactor driver
Add a LL and HAL layer for SHA.
2020-10-09 08:24:08 +00:00
Aditya Patwardhan
db3cbf91f9 mbedtls: Fixed target library linking when using the DS peripheral 2020-09-28 12:58:54 +05:30
Renz Bagaporo
6462f9bfe1 esp32, esp32s2: create esp_pm component 2020-09-25 05:24:10 +00:00
Aditya Patwardhan
47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Angus Gratton
94f5129bf8 mbedtls: Don't compile hardware MPI & SHA files if disabled in config
Fixes bug where hardware accelerated mbedtls_mpi API was always used, even when
disabled in config.
2020-05-26 03:37:46 +00:00
Ivan Grokhotkov
a2d7e8cbba Merge branch 'bugfix/crt_bundle_no_config_file' into 'master'
esp_crt_bundle: fixes the "No CA Chain is set" error

See merge request espressif/esp-idf!8851
2020-05-22 09:34:32 +08:00
Aditya Patwardhan
423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Marius Vikhammer
f72d259622 esp_crt_bundle: fixes the "No CA Chain is set" error
When compiling esp_crt_bundle.c, it would end up with a different struct layout due
to configuration options from "mbedtls/esp_config.h" not being considered.

This lead to ca_chain potentially not being set correctly.
2020-05-21 15:19:49 +08:00
Dong Heng
3d57bf30a2 feat(mbedtls): add dynamic buffer and local resource managment to decrease SSL heap cost 2020-05-14 11:45:09 +00:00
Marius Vikhammer
9ccc5e6d84 cert bundle: Fix memory leak during cert verification
Also refactors the unit tests and fixes the test case, as it was giving false positives.

Closes IDFGH-2950

Closes https://github.com/espressif/esp-idf/issues/4983
2020-04-07 18:50:30 +08:00
Marius Vikhammer
7e824508a9 mpi: refactor bignum into common and hw specific components
Closes IDF-1174
2020-03-16 19:44:30 +08:00
Marius Vikhammer
37369a8a57 crypto: SHA and AES accelerator bring up for S2
Brings up, fixes and enables AES and SHA hardware acceleration.

Closes IDF-714
Closes IDF-716
2020-03-11 15:09:45 +08:00
Marius Vikhammer
947e3e94ed Add ESP certificate bundle feature
Adds the ESP certificate bundle feature that enables users to bundle a
root certificate bundle together with their application.

Default bundle includes all Mozilla root certificates

Closes IDF-296
2020-03-04 10:51:43 +08:00
Angus Gratton
65dad0d46f build system: Remove some dependencies from esp32 & esp32s2beta
Possible now that wifi related source files are all in esp_wifi
2020-01-08 18:13:12 +11:00
Angus Gratton
6f761dd62d cmake: Fix some uninitialized variable warnings 2019-11-08 12:50:28 +08:00
Michael (XIAO Xufeng)
b76d5d74d9 mbedtls: support esp32s2beta 2019-09-04 10:53:25 +10:00
Angus Gratton
6990a7cd54 Merge branch 'master' into feature/esp32s2beta_update 2019-08-19 15:03:43 +10:00
Renz Christian Bagaporo
6875080b9b mbedtls: add source files to appropriate library 2019-08-15 12:43:45 +08:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Jon Shallow
1aaec808da Add DTLS support to libcoap using MbedTLS
This update supports DTLS, TLS is a future TODO

components/coap/CMakeLists.txt:
components/coap/component.mk:

Add in the new files that have to be built
Replace libcoap/src/coap_notls.c with libcoap/src/coap_mbedtls.c

components/coap/libcoap:

Update the version to include the current version for supporting MbedTLS

components/coap/port/coap_debug.c:
components/coap/port/coap_mbedtls.c:
components/coap/port/include/coap/coap_dtls.h:

New port files for DTLS

components/coap/port/include/coap_config_posix.h:

Include building with MbedTLS

examples/protocols/coap_client/README.md:
examples/protocols/coap_client/main/CMakeLists.txt:
examples/protocols/coap_client/main/Kconfig.projbuild:
examples/protocols/coap_client/main/coap_client_example_main.c:
examples/protocols/coap_client/main/component.mk:

Update CoAP client to support DTLS

examples/protocols/coap_client/main/coap_ca.pem
examples/protocols/coap_client/main/coap_client.crt
examples/protocols/coap_client/main/coap_client.key

New PKI Certs for CoAP client (copied from wpa2_enterprise example)

examples/protocols/coap_server/README.md:
examples/protocols/coap_server/main/CMakeLists.txt:
examples/protocols/coap_server/main/Kconfig.projbuild:
examples/protocols/coap_server/main/coap_server_example_main.c:
examples/protocols/coap_server/main/component.mk:

Update CoAP server to support DTLS
Change "no data" to "Hello World!" to prevent confusion

examples/protocols/coap_server/main/coap_ca.pem
examples/protocols/coap_server/main/coap_server.crt
examples/protocols/coap_server/main/coap_server.key

New PKI Certs for CoAP server (copied from wpa2_enterprise example)

Closes https://github.com/espressif/esp-idf/pull/3345
Closes https://github.com/espressif/esp-idf/issues/1379
2019-08-06 10:37:40 +05:30
Renz Christian Bagaporo
0872efa4ef mbedtls: remove component CMake file workarounds 2019-06-26 08:41:02 +00:00
Renz Christian Bagaporo
9eccd7c082 components: use new component registration api 2019-06-21 19:53:29 +08:00
Renz Christian Bagaporo
3882e48e8a cmake: use new signature form of target_link_library to link components
!4452 used setting LINK_LIBRARIES and INTERFACE_LINK_LIBRARIES to link
components built under ESP-IDF build system. However, LINK_LIBRARIES does
not produce behavior same as linking PRIVATE. This MR uses the new
signature for target_link_libraries directly instead. This also moves
setting dependencies during component registration rather than after all
components have been processed.

The consequence is that internally, components have to use the new
signature form as well. This does not affect linking the components to
external targets, such as with idf_as_lib example. This only affects
linking additional libraries to ESP-IDF libraries outside component processing (after
idf_build_process), which is not even possible for CMake<v3.13 as
target_link_libraries is not valid for targets not created in current
directory. See https://cmake.org/cmake/help/v3.13/policy/CMP0079.html#policy:CMP0079
2019-06-11 18:09:26 +08:00
Renz Christian Bagaporo
70dfcb35d4 mbedtls: component CMakeLists.txt corrections
Since !4452 the common component requirements automatically get
privately linked to libraries built under ESP-IDF build system (this
includes targets from third-party libraries). This removes a variable
that was used for that purpose before !4452.

Since the internal target names were changed, the compile definition for
warning on using deprecated functions is not being passed. Since using
the internal name is unreliable, prefer passing this compile definition
from the test itself.
2019-06-11 18:09:26 +08:00
suda-morris
84b2f9f14d build and link hello-world for esp32s2beta 2019-06-11 13:07:37 +08:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
Konstantin Kondrashov
bbdeff1da1 esp32: Rewrite esp_sha function
It removes using a STALL_OTHER_CPU while sha operations.
It improves performance with SHA.
2019-05-13 12:32:45 +08:00