Commit Graph

119 Commits

Author SHA1 Message Date
Roland Dobai
766aa57084 Build & config: Remove leftover files from the unsupported "make" build system 2021-11-11 15:32:36 +01:00
Mahavir Jain
8c9a3da695 mbedtls: disable Diffie-Hellman key exchange modes by default
Using these ciphers can constitute a security risk if the server
uses a weak prime for the key exchange.

Footprint impact:
Roughly 3K saved in text+rodata in default https_request example
2021-11-02 15:52:09 +08:00
John Ohl
27d66c0e33 Encoding base64 with wolfSSL should produce the same result as esp_crypto_bas64_encode_mbedtls and not encode in PEM format /w new lines
Closes https://github.com/espressif/esp-idf/pull/7676
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-10-17 00:01:23 +08:00
Laukik Hase
1d2b2b5879 feature: Added user callback for esp_https_server
- Can be used to get connection or client information (SSL context)
- E.g. Client certificate, Socket FD, Connection state, etc.
- Added example callback for getting client certificate information in 'https_server/simple' example

Closes https://github.com/espressif/esp-idf/issues/7479
2021-10-11 09:41:01 +05:30
Mahavir Jain
8b4c0e71a9 Merge branch 'feature/mbedtls_session_ticket_support' into 'master'
Feature/mbedtls session ticket support

Closes IDFGH-5288 and IDF-3242

See merge request espressif/esp-idf!14496
2021-09-17 09:59:02 +00:00
Aditya Patwardhan
b4e4b9f20d Added support for client session tickets in esp-tls (with mbedtls)
* client session tickets for individual tls connections are supported
* reorganize the esp-tls error codes.
* Update esp_err_to_name.c
* Fix styling
2021-09-15 22:19:04 +05:30
Daniel Bahrdt
7e886ca9ed Implement server session ticket support with mbedtls
Closes https://github.com/espressif/esp-idf/pull/7048

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-09-15 22:19:04 +05:30
Aditya Patwardhan
c6c2ea975f Fix esp_mbedtls_write API
Fix esp_wolfssl_write API
Closes https://github.com/espressif/esp-idf/issues/7461
2021-09-15 21:40:54 +05:30
Sachin Billore
667017d517 ESP32S3 support for ESP-MQTT SSL Mutual Authentication with Digital Signature
Closes IDF-3859
2021-09-06 11:17:30 +05:30
Shu Chen
6fce2930d0 esp32h2: enable more components to support esp32h2
Involved components:
 * app_trace
 * esp-tls
 * esp_adc_cal
 * esp_pm
 * esp_serial_slave_link
 * esp_timer
 * freertos
 * idf_test
 * log
 * mbedtls
 * newlib
 * perfmon
 * spi_flash
 * spiffs
 * ulp
 * unity
 * vfs
2021-07-01 19:53:11 +08:00
Aditya Patwardhan
0e01a22264 esp_tls_wolfssl: Improved error messages 2021-06-28 14:51:41 +05:30
Aditya Patwardhan
4af1176d15 esp_tls_mbedtls: Improved the error messages.
The error message string for error codes is printedwhen log level is set to debug
2021-06-28 14:51:41 +05:30
Jan Brudny
967e057906 esp-tls, esp_http_client and esp_http_server: update copyright notice 2021-05-31 20:06:09 +08:00
David Cermak
f68d7d7023 esp_tls: Renamed public API to indicate the Plain TCP connection
Also added parameter checks if used from as a public API
and updated the `is_plein_tcp` description that it's possible to connect
directly using plain tcp transport with the new API.
2021-05-25 10:55:50 +02:00
David Cermak
f249ddd9ae esp_transport: Use tcp_connect from esp_tls for plain TCP
so we don't have to allocate esp_tls structure (~2KB) to save heap when using plain TCP connection

Closes https://github.com/espressif/esp-idf/issues/6940
2021-05-25 07:04:02 +02:00
Jiri Schiebel
c01e259a98 esp_tls: esp_tls_connect: Reduce input params to err_handle
Pass only the error_handle instead of instead of the full config structure
2021-05-25 07:04:02 +02:00
Aditya Patwardhan
1abdfee3b7 secure_element: Update esp-cryptoauthlib submodule latest version.
*This updates the cryptoauthlib version in the esp-cryptoauthlib to cryptoauthlib-v3.3.1
2021-05-24 07:28:20 +00:00
Axel Lin
52442be9e1 esp-tls: Fix setsockopt for TCP_KEEPIDLE
Current code applies keep_alive_enable setting to TCP_KEEPIDLE, fix it.

Fixes: 2d25252746 ("esp-tls: Rework tcp_connect() to use more subroutines")
Signed-off-by: Axel Lin <axel.lin@gmail.com>
2021-04-06 15:37:16 +08:00
yuanjm
f68e55edb3 esp-tls: Separate timeout_ms conditional judgement from keep alive 2021-03-10 02:19:29 +00:00
yuanjm
c62cbd1254 transport: Support bind socket to specified interface in transport and esp-tls 2021-03-10 02:19:29 +00:00
Aditya Patwardhan
bf513b6f31 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
yuanjm
da58235a0e components: Use CONFIG_LWIP_IPV6 to strip IPv6 function in components 2021-02-23 18:26:03 +08:00
David Cermak
eb772e152c esp_tls: Fix unresolved lwip symbol when complex dependency tree 2021-02-16 09:01:35 +01:00
David Cermak
5cfa545d08 esp-tls: Added _esp_tls_net_init to init fd for both mbedtls/wolfssl 2021-02-16 09:01:35 +01:00
David Cermak
4375f888fa esp-tls: Fix wolfssl error codes for WANT_READ/WANT_WRITE
wolfSSL error codes are mostly positive numbers, but esp-tls potentially
non-block API (read/write) returns ssize_t, i.e. bytes read/written if
>0, errorcode otherwise. To comply with this API we have to conditionate
the wolfssl return codes to negative numbers, preferably the same codes
as mbedTLS codes.
2021-02-16 09:01:35 +01:00
David Cermak
2d25252746 esp-tls: Rework tcp_connect() to use more subroutines
Refactored the esp_tcp_connect() functionality to break it down to
* dns-resolution + socket creation
* set configured socket options
* set/reset non-block mode
* the actual connection in non-blocking mode
2021-02-16 09:01:35 +01:00
David Cermak
6b318fe583 esp_tls: Updated connection method to use non-blocking connect
For better control over connection timeouts
To be in line with former tcp_transport, as esp-tls is not used for
plain tcp transports
2021-02-16 09:00:43 +01:00
David Cermak
2c28ffffee tcp_transport/esp_tls: Use common TCP transport to reduce code duplication
For high level review of the changes.
2021-02-16 09:00:43 +01:00
David Cermak
391d7bf271 tcp_transport: Add TCP transport connection errors
Transport's error_handle is used to capture different types of errors
including esp_err_t from esp-tls and socket/system errors.
This change adds the following error codes for TCP transport:
* connection closed by a FIN flag (clean closure from server)
* DNS resolution problem
* connection timeout
These errors are already defined in esp-tls component and since this
component will be used in the future for both TCP and SSL transport, we
currently report these issues in transport::error_handle::esp_tls_last_error
of standard esp error type (esp_err_t)

Closes https://github.com/espressif/esp-mqtt/issues/182
2021-02-16 09:00:43 +01:00
Aditya Patwardhan
0175c68400 esp_tls: Fix misplaced paranthesis in esp_tls_mbedtls.c
Fixes one part of -  https://github.com/espressif/esp-idf/issues/6440
2021-02-10 02:07:58 +00:00
Mahavir Jain
f5e51e7c1b Merge branch 'feature/esp32c3_ds_mbedtls_integration' into 'master'
esp32c3/Digital Signature: mbedtls integration through ESP-TLS

Closes IDF-2267

See merge request espressif/esp-idf!12033
2021-01-22 17:06:46 +08:00
yuanjm
044c3e3e74 Modify esp-tls and tcp_transport to support keep alive for tcp and ssl connection
Closes IDFGH-4543
2021-01-22 06:56:28 +00:00
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Aditya Patwardhan
cc3843263a esp-tls: Added unit tests 2021-01-21 01:17:23 +00:00
Aditya Patwardhan
43a1b53aad esp_tls_wolfssl: Move order of crt_bundle check to match that in
esp_tls_mbedtls
2021-01-21 01:17:23 +00:00
Aditya Patwardhan
1a09e16af2 esp_tls: Fix memory leak when esp-tls server session is deleted 2021-01-21 01:17:23 +00:00
Aditya Patwardhan
cddb8c29e6 esp-tls: Fix mem leak when global_ca_store is freed 2021-01-21 01:17:23 +00:00
Aditya Patwardhan
0841d2bc75 esp_tls: Add warning if the CA chain provided contains one/more invalid
cert
2021-01-11 03:20:35 +00:00
Aditya Patwardhan
ca964dfbcc esp-tls: Changed default behaviour for esp-tls client ( for security
purpose)
        By default esp-tls client will now return error if no server verify option
        is provided, earlier it used to skip the verification by
        default.
        Added config option to skip server verification by default (for testing
        purpose)
        Updated required docs
2021-01-05 07:33:32 +00:00
Aditya Patwardhan
39b446f9fe esp_tls_wolfssl : Add domain name check 2020-12-23 18:10:36 +05:30
Aditya Patwardhan
95d9533294 esp-tls : (Fix) update tls->sockfd value after socket is freed internally
Closes https://github.com/espressif/esp-idf/issues/6163
2020-12-02 03:47:15 +00:00
Angus Gratton
935e4b4d62 Merge branch 'feature/riscv_arch' into 'master'
Add RISC-V support

Closes IDF-2359

See merge request espressif/esp-idf!11140
2020-11-13 07:50:31 +08:00
Angus Gratton
420aef1ffe Updates for riscv support
* Target components pull in xtensa component directly
* Use CPU HAL where applicable
* Remove unnecessary xtensa headers
* Compilation changes necessary to support non-xtensa gcc types (ie int32_t/uint32_t is no
  longer signed/unsigned int).

Changes come from internal branch commit a6723fc
2020-11-13 07:49:11 +11:00
David Cermak
ce519ee783 tcp_transport: Extend transport error storage for socket error
Everytime we report error and log errno, we also capture the actual
errno to an internal storage so that user application can retrieve
its value.
2020-11-12 12:46:22 +00:00
Aditya Patwardhan
8d65cee0a9 esp32/esp-tls: Make crypto abstraction layer inside esp-tls
Which allows several components to use cryptographic functions from
esp-tls which is the current abstraction layer.
2020-10-23 05:16:06 +00:00
Aditya Patwardhan
47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Mahavir Jain
52469c8505 esp-tls: enable TLS renegotiation using explicit API call
mbedTLS stack does not keep TLS renegotiation enabled even if
relevant config option is turned on, it needs explicit API call
`mbedtls_ssl_conf_renegotiation` to do so.

This issue was observed in case of Azure IoT, where keys needs to
be refreshed periodically to keep TLS connection intact.
2020-07-03 05:52:22 +00:00
Aditya Patwardhan
ea635c2bba esp_tls_wolfssl: fix incorrect error message after handshake fails 2020-06-18 10:10:40 +05:30
Aditya Patwardhan
423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Mahavir Jain
7a2ea9b7f7 esp-tls: add support for using hardware security module 2020-05-20 22:52:37 +05:30