Commit Graph

41 Commits

Author SHA1 Message Date
Aditya Patwardhan
6ef7d24fc9 esp-tls: Add changes to the Cert selection callback PR. 2022-12-05 08:59:24 +05:30
Akos Vandra
e6442657fd esp-tls: Add support for the CERTIFICATE SELECTION HOOK. The hook has access to required information so that the application can make a more informed decision on which certificate to serve (such as alpn value, server certificate type, etc.)
Closes https://github.com/espressif/esp-idf/pull/9833

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-12-05 08:59:24 +05:30
yuanjianmin
0a41b9bcd8 esp-tls: Fix memory leak in mbedtls ds peripheral when MBEDTLS_THREADING_C enabled 2022-10-13 19:35:04 +08:00
Yuan Jian Min
769c6c2214 esp-tls: socket will be set to -1 and will not be closed 2022-09-26 19:20:15 +08:00
Laukik Hase
51cbbe486c
esp_tls/wpa_supplicant: Updated deprecated mbedtls APIs 2022-08-26 11:46:54 +05:30
Aditya Patwardhan
2ea419db22 esp_tls_mbedtls.c: Fix esp-idf integration of esp-cryptoauthlib
menuconfig option
2022-06-03 23:12:11 +05:30
Li Jingyi
6d58008119 esp-tls: add api to free client session
Free session with mbedtls api to avoid mem-leak
2022-05-23 16:28:40 +08:00
Aditya Patwardhan
788c9ddf8d esp_tls: Added getter function for esp_tls ssl ctx. 2022-05-11 07:09:34 +00:00
Aditya Patwardhan
434e74ff73 esp_tls: Make esp_tls_t as private structure. 2022-05-11 07:09:34 +00:00
Laukik Hase
d7090b4d52 https_server: Add config option to min. cert. auth mode
- Added a config option to set the minimum Certificate Verification
  mode to Optional
- When this option is enabled, the peer (the client) certificate
  is checked by the server, however the handshake continues even if
  verification failed.
- By default, the peer certificate is not checked and ignored by the server.

Closes https://github.com/espressif/esp-idf/issues/8664
2022-03-29 08:57:36 +00:00
Aditya Patwardhan
4c58685c00 esp_https_server: Enable secure element support.
Closes https://github.com/espressif/esp-idf/issues/8286
2022-03-27 14:35:25 +05:30
Laukik Hase
f5feb7813e mbedtls: Fix build errors related to TLS 1.3
- Kconfig: Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled
- esp-tls (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
60b167f2d6 mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE from multiple files
after they have been again made public in mbedtls-3.1

*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326 mbedtls-3.0: Fixed ESP32 build issues
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0 mbedtls-3 update:
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Laukik Hase
1d2b2b5879 feature: Added user callback for esp_https_server
- Can be used to get connection or client information (SSL context)
- E.g. Client certificate, Socket FD, Connection state, etc.
- Added example callback for getting client certificate information in 'https_server/simple' example

Closes https://github.com/espressif/esp-idf/issues/7479
2021-10-11 09:41:01 +05:30
Mahavir Jain
8b4c0e71a9 Merge branch 'feature/mbedtls_session_ticket_support' into 'master'
Feature/mbedtls session ticket support

Closes IDFGH-5288 and IDF-3242

See merge request espressif/esp-idf!14496
2021-09-17 09:59:02 +00:00
Aditya Patwardhan
b4e4b9f20d Added support for client session tickets in esp-tls (with mbedtls)
* client session tickets for individual tls connections are supported
* reorganize the esp-tls error codes.
* Update esp_err_to_name.c
* Fix styling
2021-09-15 22:19:04 +05:30
Daniel Bahrdt
7e886ca9ed Implement server session ticket support with mbedtls
Closes https://github.com/espressif/esp-idf/pull/7048

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-09-15 22:19:04 +05:30
Aditya Patwardhan
c6c2ea975f Fix esp_mbedtls_write API
Fix esp_wolfssl_write API
Closes https://github.com/espressif/esp-idf/issues/7461
2021-09-15 21:40:54 +05:30
Aditya Patwardhan
0e01a22264 esp_tls_wolfssl: Improved error messages 2021-06-28 14:51:41 +05:30
Aditya Patwardhan
4af1176d15 esp_tls_mbedtls: Improved the error messages.
The error message string for error codes is printedwhen log level is set to debug
2021-06-28 14:51:41 +05:30
Jan Brudny
967e057906 esp-tls, esp_http_client and esp_http_server: update copyright notice 2021-05-31 20:06:09 +08:00
Aditya Patwardhan
1abdfee3b7 secure_element: Update esp-cryptoauthlib submodule latest version.
*This updates the cryptoauthlib version in the esp-cryptoauthlib to cryptoauthlib-v3.3.1
2021-05-24 07:28:20 +00:00
Aditya Patwardhan
bf513b6f31 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
Aditya Patwardhan
0175c68400 esp_tls: Fix misplaced paranthesis in esp_tls_mbedtls.c
Fixes one part of -  https://github.com/espressif/esp-idf/issues/6440
2021-02-10 02:07:58 +00:00
Aditya Patwardhan
1a09e16af2 esp_tls: Fix memory leak when esp-tls server session is deleted 2021-01-21 01:17:23 +00:00
Aditya Patwardhan
cddb8c29e6 esp-tls: Fix mem leak when global_ca_store is freed 2021-01-21 01:17:23 +00:00
Aditya Patwardhan
0841d2bc75 esp_tls: Add warning if the CA chain provided contains one/more invalid
cert
2021-01-11 03:20:35 +00:00
Aditya Patwardhan
ca964dfbcc esp-tls: Changed default behaviour for esp-tls client ( for security
purpose)
        By default esp-tls client will now return error if no server verify option
        is provided, earlier it used to skip the verification by
        default.
        Added config option to skip server verification by default (for testing
        purpose)
        Updated required docs
2021-01-05 07:33:32 +00:00
Aditya Patwardhan
95d9533294 esp-tls : (Fix) update tls->sockfd value after socket is freed internally
Closes https://github.com/espressif/esp-idf/issues/6163
2020-12-02 03:47:15 +00:00
David Cermak
ce519ee783 tcp_transport: Extend transport error storage for socket error
Everytime we report error and log errno, we also capture the actual
errno to an internal storage so that user application can retrieve
its value.
2020-11-12 12:46:22 +00:00
Aditya Patwardhan
47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Mahavir Jain
52469c8505 esp-tls: enable TLS renegotiation using explicit API call
mbedTLS stack does not keep TLS renegotiation enabled even if
relevant config option is turned on, it needs explicit API call
`mbedtls_ssl_conf_renegotiation` to do so.

This issue was observed in case of Azure IoT, where keys needs to
be refreshed periodically to keep TLS connection intact.
2020-07-03 05:52:22 +00:00
Aditya Patwardhan
423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Mahavir Jain
7a2ea9b7f7 esp-tls: add support for using hardware security module 2020-05-20 22:52:37 +05:30
Marius Vikhammer
947e3e94ed Add ESP certificate bundle feature
Adds the ESP certificate bundle feature that enables users to bundle a
root certificate bundle together with their application.

Default bundle includes all Mozilla root certificates

Closes IDF-296
2020-03-04 10:51:43 +08:00
David Cermak
b69ac4448e tcp_transport: added API for client-key password 2020-01-06 21:16:24 +00:00
Marius Vikhammer
ed85046138 tcp_transport: added functionality for using ALPN with SSL
Closes IDF-1160
2019-11-13 11:33:13 +08:00
Aditya Patwardhan
988f0c8feb ESP_TLS: Generalizing error messages for esp_tls
:Replace mbedtls specific error messages
2019-10-28 16:05:31 +05:30
Aditya Patwardhan
f7eaa5f946 ESP_TLS: Restructuring esp_tls
1)Segregating mbedtls API into seperate file and cleaned esp_tls.c
2)Added support for wolfssl for CMake and make
3)Added support for debug_wolfssl (with menuconfig option)
4)Added info on wolfssl in ESP-TLS docs
2019-10-28 16:05:22 +05:30