Commit Graph

90 Commits

Author SHA1 Message Date
Angus Gratton
adfc06a530 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-20 10:28:37 +10:00
Angus Gratton
c41b2b0415 mbedtls: Remove esp_aes_encrypt/decrypt
Deprecated in ESP-IDF V3.1

Anyone reading this should please include mbedtls/aes.h and use mbedTLS APIs,
not the ESP-specific APIs.
2019-09-13 09:44:07 +10:00
Michael (XIAO Xufeng)
b76d5d74d9 mbedtls: support esp32s2beta 2019-09-04 10:53:25 +10:00
Angus Gratton
6990a7cd54 Merge branch 'master' into feature/esp32s2beta_update 2019-08-19 15:03:43 +10:00
Angus Gratton
9a2e29e068 esp32s2beta: Invert RSA_CONSTANT_TIME_DISABLE_REG to RSA_CONSTANT_TIME_REG 2019-08-13 17:14:16 +10:00
Angus Gratton
80a4a11808 Merge branch 'bugfix/fix_mbedtls_net_sockets_error_handling' into 'master'
mbedtls: use `errno` instead of `SO_ERROR` for getting socket errors

See merge request espressif/esp-idf!5727
2019-08-13 14:38:28 +08:00
Angus Gratton
aa3c988c17 sha: Add fault injection checks reading hash digest state
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 11:16:33 +10:00
Angus Gratton
caea2889c8 aes: Add fault injection checks when writing key to hardware
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 11:16:33 +10:00
Mahavir Jain
ab6ad844b1 mbedtls: use errno instead of SO_ERROR for getting socket errors
As per upgrade notes of lwIP v2.1.0:
socket API: according to the standard, SO_ERROR now only returns asynchronous errors.
All other/normal/synchronous errors are (and always were) available via 'errno'.
LWIP_SOCKET_SET_ERRNO has been removed - 'errno' is always set - and required!

Refer: https://www.nongnu.org/lwip/2_1_x/upgrading.html

Fixes https://github.com/espressif/esp-azure/issues/51
2019-08-08 12:17:32 +00:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Jon Shallow
1aaec808da Add DTLS support to libcoap using MbedTLS
This update supports DTLS, TLS is a future TODO

components/coap/CMakeLists.txt:
components/coap/component.mk:

Add in the new files that have to be built
Replace libcoap/src/coap_notls.c with libcoap/src/coap_mbedtls.c

components/coap/libcoap:

Update the version to include the current version for supporting MbedTLS

components/coap/port/coap_debug.c:
components/coap/port/coap_mbedtls.c:
components/coap/port/include/coap/coap_dtls.h:

New port files for DTLS

components/coap/port/include/coap_config_posix.h:

Include building with MbedTLS

examples/protocols/coap_client/README.md:
examples/protocols/coap_client/main/CMakeLists.txt:
examples/protocols/coap_client/main/Kconfig.projbuild:
examples/protocols/coap_client/main/coap_client_example_main.c:
examples/protocols/coap_client/main/component.mk:

Update CoAP client to support DTLS

examples/protocols/coap_client/main/coap_ca.pem
examples/protocols/coap_client/main/coap_client.crt
examples/protocols/coap_client/main/coap_client.key

New PKI Certs for CoAP client (copied from wpa2_enterprise example)

examples/protocols/coap_server/README.md:
examples/protocols/coap_server/main/CMakeLists.txt:
examples/protocols/coap_server/main/Kconfig.projbuild:
examples/protocols/coap_server/main/coap_server_example_main.c:
examples/protocols/coap_server/main/component.mk:

Update CoAP server to support DTLS
Change "no data" to "Hello World!" to prevent confusion

examples/protocols/coap_server/main/coap_ca.pem
examples/protocols/coap_server/main/coap_server.crt
examples/protocols/coap_server/main/coap_server.key

New PKI Certs for CoAP server (copied from wpa2_enterprise example)

Closes https://github.com/espressif/esp-idf/pull/3345
Closes https://github.com/espressif/esp-idf/issues/1379
2019-08-06 10:37:40 +05:30
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
hemal.gujarathi
1dec976fba Update esp_config and add new feature
Closes https://github.com/espressif/esp-idf/issues/3372
2019-07-12 11:42:48 +05:30
Konstantin Kondrashov
0a040345cc mbedtls: Fix Z->s in mbedtls_mpi_exp_mod()
Z->s should never be zero, only 1 or -1.
Added additional checks for X, Y and M args to correctly set Z->s.

Closes: https://github.com/espressif/esp-idf/issues/1681
Closes: https://github.com/espressif/esp-idf/issues/3603
Closes: IDFGH-1313
2019-06-17 07:19:54 +00:00
suda-morris
84b2f9f14d build and link hello-world for esp32s2beta 2019-06-11 13:07:37 +08:00
suda-morris
b146104885 add esp32s2beta component 2019-06-11 13:06:32 +08:00
Angus Gratton
045aaf6fb0 Merge branch 'feature/add_xxx_periph_h' into 'master'
soc: Add xxx_periph.h for all modules

Closes IDF-192

See merge request idf/esp-idf!4952
2019-06-04 13:24:14 +08:00
Konstantin Kondrashov
399d2d2605 all: Using xxx_periph.h
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .

Cleaned up header files from unnecessary headers (releated to soc/... headers).
2019-06-03 14:15:08 +08:00
Stephen Bird
058c6afd3c Add option to disable server side SSL session tickets as well as client
Closes https://github.com/espressif/esp-idf/pull/2570
2019-05-29 18:02:18 +05:30
Angus Gratton
af98ca6b46 hwcrypto: Add AES fault injection check
Hardware AES-CBC performance changes:

Release config 11.0MB/sec -> 10.8MB/sec
Debug config 9.4MB/sec -> 9.8MB/sec

(Unrolling the loop to optimize the check improves
performance at -Og, even with the fault check.)
2019-05-21 12:41:42 +10:00
Konstantin Kondrashov
bbdeff1da1 esp32: Rewrite esp_sha function
It removes using a STALL_OTHER_CPU while sha operations.
It improves performance with SHA.
2019-05-13 12:32:45 +08:00
morris
f5b03c9ea3 misc adjustment of esp32 component 2019-04-03 19:57:46 +08:00
morris
709a320f33 move hwcrypto from esp32 to mbedtls 2019-03-26 16:24:22 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Angus Gratton
b7ee11231d mbedtls: Fix esp_debug not including its dependencies
As reported on forum: https://esp32.com/viewtopic.php?f=13&t=9782&p=40464#p40464
2019-03-21 10:48:55 +11:00
Renz Christian Bagaporo
0908fba1a3 mbedtls: import mbedtls project w/o modification 2018-11-27 13:59:26 +08:00
Konstantin Kondrashov
8bba348528 aes/sha/mpi: Bugfix a use of shared registers.
This commit resolves a blocking in esp_aes_block function.

Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.

Fix some related issue with shared using of AES SHA RSA accelerators.

Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
2018-11-05 04:22:47 +00:00
Angus Gratton
96cd3b75cd Merge branch 'feature/mbedtls_mem_alloc_options' into 'master'
mbedtls: configurable options for controlling dynamic memory allocations

See merge request idf/esp-idf!3343
2018-09-25 08:24:29 +08:00
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30
Mahavir Jain
54382277b6 mbedtls: configurable options for controlling dynamic memory allocations
Modifies https://github.com/espressif/esp-idf/pull/2237
2018-09-24 11:17:48 +05:30
Angus Gratton
83a179abb0 esp32: Add esp_fill_random() function
Convenience function to fill a buffer with random bytes.

Add some unit tests (only sanity checks, really.)
2018-09-03 04:39:45 +00:00
Angus Gratton
961f59ff57 mbedtls: Don't unnecessarily grow the result of a hardware bignum operation
Avoids growing the result of hardware bignum operations
(particularly for multiplication)

Fixes bugs where some Elliptic Curve operations fail or corrupt memory,
as they assume length of the number is never greater than the number of
non-zero limbs.

Includes some general refactoring to standardize terminology.

Closes https://github.com/espressif/esp-idf/issues/1556

Fixes TW12984

Adds test cases for both these issues.
2018-08-28 09:08:43 +00:00
Jason von Nieda
d7a17ac941 Adds a Kconfig option for mbedtls' MBEDTLS_PLATFORM_MEMORY define. This makes it possible to override the mbedtls allocator with your own.
Merges https://github.com/espressif/esp-idf/pull/2237
2018-08-01 11:28:28 +10:00
Alexey Gerenkov
c2dc09304c gcc8_newlib3: Compilation warnings and errors not specific to newlib v3 2018-07-09 13:22:24 +03:00
Konstantin Kondrashov
8f80cc733d soc: Change DPORT access
When two CPUs read the area of the DPORT and the area of the APB, the result is corrupted for the CPU that read the APB area.
And another CPU has valid data.

The method of eliminating this error.
Before reading the registers of the DPORT, make a preliminary reading of the APB register.
In this case, the joint access of the two CPUs to the registers of the APB and the DPORT is successful.
2018-05-14 17:54:57 +05:00
Ivan Grokhotkov
dbc919eff5 mbedtls: update usage of mbedtls_aes_encrypt/decrypt 2018-05-09 23:15:28 +08:00
Ivan Grokhotkov
aad51ea8a0 mbedtls/port: don’t re-declare mbedtls_shaX functions
ALT header files for sha1, sha256, sha512 are only supposed to declare
mbedtls_sha1_context data structure. Function prototypes should come
from original header files.
2018-05-09 23:15:28 +08:00
Ivan Grokhotkov
254e29aca4 mbedtls: update usage of deprecated mbedtls_shaX APIs
The following mbedTLS APIs have been deprecated and replaced with the
new ones which return error codes:

mbedtls_shaX_starts -> mbedtls_shaX_starts_ret
mbedtls_shaX_update -> mbedtls_shaX_update_ret
mbedtls_shaX_finish -> mbedtls_shaX_finish_ret
mbedtls_shaX_process -> mbedtls_shaX_internal_process

Update hardware implementations of SHA functions, and other IDF
components which used above functions, to use new versions.
2018-05-09 23:15:28 +08:00
Paul Reimer
8a47679d04 Add #include guards and __cplusplus guards to esp_debug.h
Merges https://github.com/espressif/esp-idf/pull/1358
2017-12-07 10:25:57 +11:00
Alexey Skalozub
5405255928 Fix losing sign when multiplying by -1 2017-10-28 03:47:00 +03:00
Angus Gratton
c503a01388 mbedtls: Rename net to net_sockets (in line with 2.4.0 API change) 2017-09-07 18:02:39 +10:00
Angus Gratton
ae382b3bfa mbedtls: Update to 2.6.0 release (without IDF-specific patches) 2017-09-07 18:02:26 +10:00
Angus Gratton
8ce09c2c1c mbedtls: Don't assign ctx->fd until connect() or bind() has succeeded
Avoid leaking closed file descriptors via ctx->fd

Reported: https://esp32.com/viewtopic.php?f=13&t=2910&sid=8568b1fd93a4c8d5760628a638efc48b#p13620
2017-09-05 11:08:35 +10:00
Angus Gratton
2624e10055 esp32 hwcrypto: Use AES registers directly 2017-08-25 16:08:03 +10:00
Angus Gratton
7be002ec0f hwcrypto bignum/MPI: Batch safe DPORT reads to improve performance 2017-08-25 16:08:02 +10:00
Ivan Grokhotkov
08287852ab esp32: add protection for DPORT registers of RSA 2017-08-25 16:08:02 +10:00
Angus Gratton
2c0ff0c1e1 mbedtls: Add a shim header to account for including "mbedtls/config.h" directly in program
Previously this resulted in a config mismatch between default config and esp_config.h

Closes https://github.com/espressif/esp-idf/issues/711
2017-08-21 12:37:53 +10:00
Angus Gratton
66ad84d318 mbedtls: Add more config options to disable Elliptic Curve features
Can save up to an additional 20KB when not using EC in TLS, or disable
unwanted features as needed.
2017-08-18 17:44:33 +10:00
Angus Gratton
c0f65f6680 mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
  (ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
  implications if using DER formatted certificates, RSA ciphersuites only,
  etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-18 17:15:08 +10:00