Commit Graph

73 Commits

Author SHA1 Message Date
LiPeng
3c1ac62969 mbedtls: GCM implementation is replaced with CTR-based calculation
- GCM operation in mbedtls used ECB, which calculated only 16 bytes of data each time.
	- Therefore, when processing a large amount of data, it is necessary to frequently set hardware acceleration calculations,
	- which could not make good use of the AES DMA function to improve efficiency.
	- Hence, GCM implementation is replaced with CTR-based calculation which utilizes AES DMA to improve efficiency.
2023-01-09 18:37:07 +05:30
Laukik Hase
0c60328953
mbedtls/port: Fix dynamic buffers feature for v3.2.1
Co-authored-by: Li Jingyi <lijingyi@espressif.com>
2022-08-26 11:46:55 +05:30
Mahavir Jain
d34a91cace
esp-cryptoautlib: remove submodule and use from IDF component manager 2022-08-18 20:15:18 +05:30
Mahavir Jain
a94c74c26b
mbedtls: remove dependency on driver component
- keep `esp_pm` dependency conditional in mbedtls
- refactor `bt` cmakelist to keep dependencies as private

Related: IDF-1265
2022-07-18 21:10:51 +05:30
Marius Vikhammer
f4c79687f8 SHA: added hardware support for SHA on C2. 2022-06-23 11:01:16 +08:00
Marius Vikhammer
cf1b222cac build system: removed target component
After refactoring the target components (e.g. esp32) no longer contained any real functionality.
What remained in these components have been moved elsewhere and the component itself deleted from the
build system.
2022-05-24 09:12:59 +08:00
Ivan Grokhotkov
47659be5b8
build system: remove lwip from common requirements
lwip was added to common requirements list to provide "sys/socket.h"
header to all components without additional requirements specified.

However, lwip pulls in a lot of dependencies on other components.
This commit removes lwip from common requirements to reduce the number
of components in G1-only apps.

To compensate for this removal, the following changes are made:
- newlib (which is a common requirement) has a public dependency on
  lwip if lwip is present in the build. This ensures that sys/socket.h
  is available as long as lwip component is included into the build.
- lwip is now a public requirement of esp-tls since esp_tls.h includes
  sys/socket.h header.
- lwip is now a public requirement o esp_http_client because
  sys/socket.h is included from esp_http_client.h
- lwip is now a private requirement of esp_wifi for "smartconfig_ack"
- lwip is now a private requirement of mqtt for socket functions
- lwip is now a public requirement of tcp_transport because
  esp_transport_tcp.h includes sys/socket.h header.
- mbedtls checks if lwip component is present in the build. If yes,
  net_sockets.c is added to the build, along with the dependency on
  lwip. Previously lwip was a public requirement of mbedtls
  unconditionally.

system/g1_components test app is updated to reflect the changes

Default public dependencies of a component before and after this
change, except common requirements:

- esp_timer (public dependency of freertos)
- bootloader_support (public dependency of esp_hw_support)
- vfs (public dependency of lwip)
- esp_wifi (public dependency of lwip)
- esp_event (public dependency of esp_wifi)
- esp_netif (public dependency of esp_event)
- esp_eth (public dependency of esp_netif)
- esp_phy (public dependency of esp_wifi)

After:

- esp_timer (public dependency of freertos)
- bootloader_support (public dependency of esp_hw_support)

Altogether, the following components have been always added as
public requirements to all other components, and are not added now
([breaking-change]):

- lwip
- vfs
- esp_wifi
- esp_event
- esp_netif
- esp_eth
- esp_phy

Application components now need to explicitly declare dependencies on
these components.
2022-05-02 20:47:17 +02:00
Mahavir Jain
b3d3f74a67 esp_crt_bundle: Fix build problems if MBEDTLS_CERTIFICATE_BUNDLE is disabled
Exclude source and include file from build list if certificate bundle feature
is disabled.

Closes https://github.com/espressif/esp-idf/issues/8714
Closes IDFGH-7106
2022-04-06 05:10:43 +00:00
Mahavir Jain
3af2d15216 mbedtls: Fix build failures for ESP32-C2 with hardware SHA
Clean support for SHA peripheral will appear with IDF-3830
2022-03-22 02:06:30 +00:00
Mahavir Jain
0621a6f513 mbedtls: use soc capability macros in build CMakeLists 2022-03-22 02:06:30 +00:00
Mahavir Jain
5f646b1d43 mbedtls: move locally managed root certificates to separate file
Purpose:
This will allow for easily automating periodic updates to
"cacrt_all.pem" file.

Note:
For now newly created "cacrt_local.pem" contains single "DST Root CA X3"
which we are keeping to manage compatibility with endpoints like
"howsmyssl.com". Please note this Root CA is expired and is not part of
Mozilla’s NSS root certificate store.
2022-03-21 22:39:24 +05:30
Aditya Patwardhan
f31d8dd295 mbedtls: Remove certs.c and certs.h from port directory 2022-03-15 17:16:07 +05:30
Sachin Parekh
32a6550e87 mbedtls: Added ECC hardware accelerator support on ESP32C2
ESP32C2 has a ECC hardware accelerator capable of performing point
multiplication and point verification with a significant performance
boost
2022-03-08 14:05:23 +00:00
Ivan Grokhotkov
c19203be0e
mbedtls: disable files generation, specify Python interpreter to use
When GEN_FILES is enabled, Perl interpreter should be available. There
is a check in mbedTLS that disables GEN_FILES on Windows (where Perl
is not available by default) but it is broken for recent CMake
versions.

Also set Python interpreter to the one IDF uses, just to avoid calling
into some other Python version which CMake might manage to find.
2022-03-03 15:56:15 +01:00
Aditya Patwardhan
8111286668 Add entropy_poll.h in port directory 2022-03-03 01:37:10 +05:30
Laukik Hase
3925365351 ci: Fix pre-check stage failing tests
- Updated license headers
- Re-enabled public headers and static analysis checks
- Fix public header file check failure

Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
0483bfbbfe Initial Changes for updating mbedtls to v3.0 2022-03-03 01:37:09 +05:30
Mahavir Jain
c097e6bcab mbedtls: fix hardware MPI (bignum) related regression
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
2021-11-29 15:13:05 +08:00
Li Jingyi
b8892137f5 mbedtls: Add CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 for support GMSSL component
The configure will be enabled for GMSSL component and disabled as default because of it doesn't provide by IDF project.
2021-07-28 19:54:58 +08:00
Renz Bagaporo
7c22cccb9c esp32: cleanup build script 2021-07-16 20:14:27 +08:00
Marius Vikhammer
01664923f6 mbedtls: fixed CMake build warning
Building mbedtls with CMake would warn that:

"A private source from a directory other than that of target "mbedcrypto
 has a relative path"

This happened due to some of the CMake variables listing sources could be empty.

Changed to only use target_sources in the code-path where we set the sources,
so we only call target_sources will non-empty variables.

Closes https://github.com/espressif/esp-idf/issues/6767
2021-05-17 17:15:38 +08:00
liuhan
e87c64dc44 mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS 2021-04-14 06:42:13 +00:00
Marius Vikhammer
fe71a8e340 aes/sha: use a shared lazy allocated GDMA channel for AES and SHA
Removed the old dynamically allocated GDMA channel approach.
It proved too unreliable as we couldn't not ensure consumers of the mbedtls
would properly free the channels after use.

Replaced by a single shared GDMA channel for AES and SHA, which won't be
released unless user specifically calls API for releasing it.
2021-03-09 09:23:05 +08:00
Marius Vikhammer
04df1f3a42 CI: enable example builds for C3
Enables building C3 examples in CI.

Fixes related warnings/errors and disables examples that cannot run.
2021-02-09 12:04:02 +08:00
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Jiang Jiang Jian
ea79091725 Merge branch 'bugfix/esp32c3_wpa4096_cert_support' into 'master'
MbedTLS: Add software fallback for Modular Exponentiation for larger bignum operations

Closes WIFI-3257 and IDFGH-132

See merge request espressif/esp-idf!11928
2021-01-21 12:45:19 +08:00
Marius Vikhammer
51169b0e0c AES/SHA: use GDMA driver instead of LL 2021-01-19 11:02:51 +08:00
kapil.gupta
de22f3a4e5 MbedTLS: Add software fallback implementation for exp mod
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
2021-01-18 18:47:51 +05:30
Marius Vikhammer
457ce080ae AES: refactor and add HAL layer
Refactor the AES driver and add HAL, LL and caps.

Add better support for running AES-GCM fully in hardware.
2020-12-10 09:04:47 +00:00
Marius Vikhammer
949fb8e63a SHA: add HAL layer and refactor driver
Add a LL and HAL layer for SHA.
2020-10-09 08:24:08 +00:00
Aditya Patwardhan
db3cbf91f9 mbedtls: Fixed target library linking when using the DS peripheral 2020-09-28 12:58:54 +05:30
Renz Bagaporo
6462f9bfe1 esp32, esp32s2: create esp_pm component 2020-09-25 05:24:10 +00:00
Aditya Patwardhan
47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Angus Gratton
94f5129bf8 mbedtls: Don't compile hardware MPI & SHA files if disabled in config
Fixes bug where hardware accelerated mbedtls_mpi API was always used, even when
disabled in config.
2020-05-26 03:37:46 +00:00
Ivan Grokhotkov
a2d7e8cbba Merge branch 'bugfix/crt_bundle_no_config_file' into 'master'
esp_crt_bundle: fixes the "No CA Chain is set" error

See merge request espressif/esp-idf!8851
2020-05-22 09:34:32 +08:00
Aditya Patwardhan
423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Marius Vikhammer
f72d259622 esp_crt_bundle: fixes the "No CA Chain is set" error
When compiling esp_crt_bundle.c, it would end up with a different struct layout due
to configuration options from "mbedtls/esp_config.h" not being considered.

This lead to ca_chain potentially not being set correctly.
2020-05-21 15:19:49 +08:00
Dong Heng
3d57bf30a2 feat(mbedtls): add dynamic buffer and local resource managment to decrease SSL heap cost 2020-05-14 11:45:09 +00:00
Marius Vikhammer
9ccc5e6d84 cert bundle: Fix memory leak during cert verification
Also refactors the unit tests and fixes the test case, as it was giving false positives.

Closes IDFGH-2950

Closes https://github.com/espressif/esp-idf/issues/4983
2020-04-07 18:50:30 +08:00
Marius Vikhammer
7e824508a9 mpi: refactor bignum into common and hw specific components
Closes IDF-1174
2020-03-16 19:44:30 +08:00
Marius Vikhammer
37369a8a57 crypto: SHA and AES accelerator bring up for S2
Brings up, fixes and enables AES and SHA hardware acceleration.

Closes IDF-714
Closes IDF-716
2020-03-11 15:09:45 +08:00
Marius Vikhammer
947e3e94ed Add ESP certificate bundle feature
Adds the ESP certificate bundle feature that enables users to bundle a
root certificate bundle together with their application.

Default bundle includes all Mozilla root certificates

Closes IDF-296
2020-03-04 10:51:43 +08:00
Angus Gratton
65dad0d46f build system: Remove some dependencies from esp32 & esp32s2beta
Possible now that wifi related source files are all in esp_wifi
2020-01-08 18:13:12 +11:00
Angus Gratton
6f761dd62d cmake: Fix some uninitialized variable warnings 2019-11-08 12:50:28 +08:00
Michael (XIAO Xufeng)
b76d5d74d9 mbedtls: support esp32s2beta 2019-09-04 10:53:25 +10:00
Angus Gratton
6990a7cd54 Merge branch 'master' into feature/esp32s2beta_update 2019-08-19 15:03:43 +10:00
Renz Christian Bagaporo
6875080b9b mbedtls: add source files to appropriate library 2019-08-15 12:43:45 +08:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Jon Shallow
1aaec808da Add DTLS support to libcoap using MbedTLS
This update supports DTLS, TLS is a future TODO

components/coap/CMakeLists.txt:
components/coap/component.mk:

Add in the new files that have to be built
Replace libcoap/src/coap_notls.c with libcoap/src/coap_mbedtls.c

components/coap/libcoap:

Update the version to include the current version for supporting MbedTLS

components/coap/port/coap_debug.c:
components/coap/port/coap_mbedtls.c:
components/coap/port/include/coap/coap_dtls.h:

New port files for DTLS

components/coap/port/include/coap_config_posix.h:

Include building with MbedTLS

examples/protocols/coap_client/README.md:
examples/protocols/coap_client/main/CMakeLists.txt:
examples/protocols/coap_client/main/Kconfig.projbuild:
examples/protocols/coap_client/main/coap_client_example_main.c:
examples/protocols/coap_client/main/component.mk:

Update CoAP client to support DTLS

examples/protocols/coap_client/main/coap_ca.pem
examples/protocols/coap_client/main/coap_client.crt
examples/protocols/coap_client/main/coap_client.key

New PKI Certs for CoAP client (copied from wpa2_enterprise example)

examples/protocols/coap_server/README.md:
examples/protocols/coap_server/main/CMakeLists.txt:
examples/protocols/coap_server/main/Kconfig.projbuild:
examples/protocols/coap_server/main/coap_server_example_main.c:
examples/protocols/coap_server/main/component.mk:

Update CoAP server to support DTLS
Change "no data" to "Hello World!" to prevent confusion

examples/protocols/coap_server/main/coap_ca.pem
examples/protocols/coap_server/main/coap_server.crt
examples/protocols/coap_server/main/coap_server.key

New PKI Certs for CoAP server (copied from wpa2_enterprise example)

Closes https://github.com/espressif/esp-idf/pull/3345
Closes https://github.com/espressif/esp-idf/issues/1379
2019-08-06 10:37:40 +05:30