Commit Graph

90 Commits

Author SHA1 Message Date
Mahavir Jain
3e90ed6428 fix(mbedtls): remove deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
This config has been removed in the upstream mbedTLS starting 3.0
release. Please see mbedTLS changelog for more details.
2023-10-16 03:54:57 +00:00
Jiang Guang Ming
b554ee475c feat(mbedtls): support ecp fixed-point multiplication configurable 2023-08-09 16:54:28 +08:00
harshal.patil
8017e23611 mbedtls: Update config options as per release/v3.4.0
- Added a Kconfig option for the newly added mbedtls option MBEDTLS_PKCS7_C
2023-04-24 12:03:55 +05:30
Laukik Hase
8b5ab6820f mbedtls: Update config options as per v3.3.0 release 2023-02-19 03:53:02 +00:00
Laukik Hase
28ac0b12fb
mbedtls: Remove deprecated options from mbedtls/esp_config.h
- Removed options related to RC4 ciphersuite, SSL3 and TLS1
  (as per mbedtls v3.1.0)
2022-05-28 10:21:06 +05:30
Aditya Patwardhan
c27c6916a7 esp_crt_bundle: Add bounds checking for the "esp_crt_bundle_set" API.
Closes https://github.com/espressif/esp-idf/issues/8397
2022-03-31 13:11:11 +05:30
Mahavir Jain
3af2d15216 mbedtls: Fix build failures for ESP32-C2 with hardware SHA
Clean support for SHA peripheral will appear with IDF-3830
2022-03-22 02:06:30 +00:00
Mahavir Jain
36377b9cc3 mbedtls: use SOC capability macros instead of target names 2022-03-22 02:06:30 +00:00
Laukik Hase
1c65ab5307
mbedtls: Add config for MBEDTLS_PLATFORM_TIME_ALT 2022-03-14 09:42:33 +05:30
Laukik Hase
87d3296c37
mbedtls: Disable MBEDTLS_DYNAMIC_BUFFER when TLS 1.3 is enabled
- Resulted in a crash in the handshake stage when
  used alongside TLS 1.3 (MBEDTLS_SSL_PROTO_TLS1_3)
- Fix build error when MBEDTLS_HARDWARE_SHA=n &&
  MBEDTLS_DYNAMIC_BUFFER=y
- Fix build error when TLS 1.3 is enabled with
  MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n
2022-03-11 10:03:48 +05:30
Sachin Parekh
32a6550e87 mbedtls: Added ECC hardware accelerator support on ESP32C2
ESP32C2 has a ECC hardware accelerator capable of performing point
multiplication and point verification with a significant performance
boost
2022-03-08 14:05:23 +00:00
Laukik Hase
f5feb7813e mbedtls: Fix build errors related to TLS 1.3
- Kconfig: Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled
- esp-tls (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
8cbfb18037 mbedtls-3.x: Update Kconfig macros 2022-03-03 01:37:10 +05:30
Aditya Patwardhan
66a9243d3b mbedtls 3.X update:
*MBEDTLS_ECDH_LEGACY_CONTEXT is now disabled by default.
*Fixed MBEDTLS_ECDH_LEGACY_CONTEXT issue for protocomm component.
*Removed all code under MBEDTLS_DEPRECATED_REMOVED
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0 mbedtls-3 update:
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Laukik Hase
befc93aa2d mbedtls: Added option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT
  (config was kept for backward compatibility)
- Combined mbedTLS v2.28.x related options under a separate Kconfig menu
2022-01-25 10:51:27 +05:30
Laukik Hase
285790e5aa mbedtls: Added config options for v2.28.0 upgrade 2022-01-25 10:51:27 +05:30
laokaiyao
cf049e15ed esp8684: rename target to esp32c2 2022-01-19 11:08:57 +08:00
Marius Vikhammer
ba3f12a9fe rsa: add generate RSA keys test case 2022-01-07 11:35:35 +08:00
Marius Vikhammer
a9a7160cb6 MPI: add kconfig option for doing intr-based exp-mod operations 2021-12-29 18:55:48 +08:00
Mahavir Jain
1f435b4703 Merge branch 'feature/mbedtls_dynamic_memory' into 'master'
fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable...

Closes IDFGH-6437

See merge request espressif/esp-idf!16471
2021-12-22 08:19:14 +00:00
Li Jingyi
2b1402890d fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable MBEDTLS_SSL_PROTO_DTLS when open MBEDTLS_DYNAMIC_BUFFER 2021-12-21 16:11:03 +08:00
Mahavir Jain
bcadeeb7d3 mbedtls: small documentation update 2021-12-20 10:27:44 +05:30
Mahavir Jain
1a390f4518 mbedtls: update kconfig help to correct on supported MPI bits 2021-11-29 15:13:02 +08:00
Cao Sen Miao
5add6593f4 ESP8684: Add esp_gdbstub, mbedtls, esp_timer 2021-11-06 17:33:45 +08:00
Mahavir Jain
8c9a3da695 mbedtls: disable Diffie-Hellman key exchange modes by default
Using these ciphers can constitute a security risk if the server
uses a weak prime for the key exchange.

Footprint impact:
Roughly 3K saved in text+rodata in default https_request example
2021-11-02 15:52:09 +08:00
Li Jingyi
b8892137f5 mbedtls: Add CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 for support GMSSL component
The configure will be enabled for GMSSL component and disabled as default because of it doesn't provide by IDF project.
2021-07-28 19:54:58 +08:00
Kapil Gupta
38d6772507 mbedtls: Add config option key element and key element ext 2021-07-08 09:23:22 +05:30
Shu Chen
6fce2930d0 esp32h2: enable more components to support esp32h2
Involved components:
 * app_trace
 * esp-tls
 * esp_adc_cal
 * esp_pm
 * esp_serial_slave_link
 * esp_timer
 * freertos
 * idf_test
 * log
 * mbedtls
 * newlib
 * perfmon
 * spi_flash
 * spiffs
 * ulp
 * unity
 * vfs
2021-07-01 19:53:11 +08:00
Aditya Patwardhan
e44bd93cc9 i) wpa_supplicant: Force enable the necessary options for mbedtls in the wpa_supplicant to fix illegal combinations in mbedtls
ii) Fix dependancy for one option in mbedtls menuconfig
2021-06-20 08:39:51 +05:30
Marius Vikhammer
4786f2d88a aes/sha/rsa: update registers for ESP32-S3
Updates register headers for ESP32-S3 and default
crypto accelerators for S3 to enabled
2021-06-08 14:15:18 +08:00
Marius Vikhammer
9b4ba3d707 crypto: initial S3 Beta 3 bringup and testing for SHA/AES/RSA/flash enc 2021-05-18 11:25:41 +08:00
Marcel Kottmann
cf4b9ef854 mbedtls: Allow external mem alloc for ESP32-S2
Closes https://github.com/espressif/esp-idf/pull/6998
Closes IDFGH-5226
2021-05-17 10:43:42 +00:00
kapil.gupta
ad7cb5f5c1 wpa_supplicant: Write Crypto API based on mbedtls
This commit add following crypto changes

1. Update current crypto code with upstream supplicant code
2. Add a proper porting layer to use mbedtls APIs for all the crypto
   operations used by supplicant.

Internal crypto will be used when USE_MBEDLTS flag is disabled
in supplicant's menuconfig.

This commit also removes the clutter in crypto files due to partial
porting of some APIs to mbedtls, all the code from those files have
been removed and rewritten in a generic way, this is inspired from
current upstream code.

This also reduces the lib size significantly, supplicant's lib
size reduces around ~567kb after this change(NB: lib size doesn't
indicate reduction in final bin size).
2021-05-04 10:54:57 +00:00
liuhan
e87c64dc44 mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS 2021-04-14 06:42:13 +00:00
Aditya Patwardhan
bf513b6f31 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
ChenJianxing
243417c48c temporarily disable hardware encryption for esp32s3 2021-01-28 21:05:51 +08:00
kapil.gupta
de22f3a4e5 MbedTLS: Add software fallback implementation for exp mod
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
2021-01-18 18:47:51 +05:30
Angus Gratton
795e69b570 mbedtls: Expand KConfig documentation for MBEDTLS_HAVE_TIME_DATE
Original comments were copied from mbedtls config.h, so not
directly applicable to ESP-IDF.

As reported https://esp32.com/viewtopic.php?f=13&t=18817&p=69772#p69772
2021-01-04 10:45:01 +11:00
Konstantin Kondrashov
9386cafbc3 time: Fix gettimeofday for ESP32-S3 2020-10-20 14:09:32 +08:00
Aditya Patwardhan
423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Bryan Hunt
4553f6c95d Add cryptoauthlib as a component with mbedtls integration
* Add options to mbedtls for hardware acceleration
* Disable mbedtls EC curves if hardware acceleration is selected
since the hardware will have to define the curves supported
* Add a hardware ecdsa example
2020-05-20 22:52:37 +05:30
Mahavir Jain
be3b6b7cb8 Merge branch 'feature/mbedtls_dynamic_memory' into 'master'
feat(mbedtls): add dynamic buffer and local resource managment to decrease SSL heap cost

See merge request espressif/esp-idf!8313
2020-05-18 13:55:05 +08:00
Shubham Kulkarni
ca3daa50de mbedtls: Add configuration options 2020-05-15 11:27:44 +05:30
Dong Heng
3d57bf30a2 feat(mbedtls): add dynamic buffer and local resource managment to decrease SSL heap cost 2020-05-14 11:45:09 +00:00
Piyush Shah
43b3def711 mbedtls_hkdf: Add a config option to enable HKDF 2020-05-11 11:49:14 +05:30
Piyush Shah
62e1d6712b mbedtls: Add config options for chacha20, poly1305 and chachapoly 2020-05-05 16:41:31 +00:00
kangping
4883010f40 mbedtls: add configuration options for EC-JPAKE
Closes https://github.com/espressif/esp-idf/pull/5106
2020-04-14 12:22:16 +00:00
Jeroen Domburg
419848549e Add fixes for gcc8 psram fix improvement 2020-03-27 20:04:47 +07:00
Marius Vikhammer
ffb9010cbe aes: Fixed tag sometime being wrong for HW GCM
The GCM hardware accelerated algorithm for S2 would sometimes output
the wrong tag.

Added additional tests for AES and GCM

Re-enable HW GCM as default option
2020-03-18 08:44:38 +08:00