Commit Graph

165 Commits

Author SHA1 Message Date
Aditya Patwardhan
9cad274092 fix(esp_tls): Fixed client key parsing for ECC key
Client key parsing for ECC keys was failing as the
    RNG supplied to the key parsing API was uninitialized.
    This commit fixes that behaviour
2024-07-09 12:36:20 +08:00
Harshit Malpani
90d0689331
fix(esp-tls): Use TLS 1.2 and TLS 1.3 simultaneously
This commit fixes the issue with TLS 1.2 connection when TLS 1.3 is
enabled in config.
2024-05-02 17:15:08 +05:30
Harshit Malpani
1c3c89eb43
fix(esp-tls): Retry reads if using session tickets with TLS 1.3
Fixed the error that occurred while performing OTA upgrades over
TLS 1.3 connection. After handshake is completed, post-handshake message
is received and internal state is changed. While performing mbedtls_ssl_read(),
it checks handshake state and if it is not MBEDTLS_SSL_HANDSHAKE_OVER,
mbedtls_ssl_handshake is called again.
2024-05-02 17:11:50 +05:30
Mahavir Jain
0b7bb679bb
esp_tls: add initial support for TLS 1.3 connection 2024-05-02 17:11:01 +05:30
Harshit Malpani
0728e4cdf4
fix(esp-tls): Add headers in esp_tls_errors.h header file
Closes https://github.com/espressif/esp-idf/issues/12541
2023-12-06 10:20:07 +05:30
Alex
97bdb74766 fix(esp-tls): fix pointer cast and condition for CONFIG_ATECC608A_TCUSTOM
Closes https://github.com/espressif/esp-idf/pull/11923
2023-08-24 04:17:56 +00:00
Mahavir Jain
1a389f4ebb
Fix coverity warning in esp-tls component
The regressions was introduced in the commit: 0abd1cb51f
2023-04-12 17:23:47 +05:30
Mark H. Spatz
ee403a1bb6
[esp-tls] Add addr_family option to esp_tls_cfg_t 2023-04-12 16:02:18 +05:30
Aditya Patwardhan
6692a1346b esp-tls: Fix build issue when esp-tls server session tickets have been enabled.
Closes https://github.com/espressif/esp-idf/issues/10765
2023-03-10 03:46:19 +00:00
Laukik Hase
081e2ac97e
esp_tls: Fix issue when timeout is not explicitly given in esp_tls_cfg_t
- If internet connectivity weakened or disappeared suddenly while we were
  in the TLS handshake stage, the app got stuck at that point indefinitely.
- This was because when timeout was not explicitly specified in esp_tls_cfg_t,
  the default timeout was set at the wrong place. This causes the sockets to be
  setup with zero timeout, hence the indefinite wait.
2022-12-21 14:42:33 +05:30
Aditya Patwardhan
16e18d9170 esp-tls/Kconfig: Fix dependency for ESP-TLS Server menuconfig option 2022-12-05 08:59:24 +05:30
Aditya Patwardhan
6ef7d24fc9 esp-tls: Add changes to the Cert selection callback PR. 2022-12-05 08:59:24 +05:30
Akos Vandra
e6442657fd esp-tls: Add support for the CERTIFICATE SELECTION HOOK. The hook has access to required information so that the application can make a more informed decision on which certificate to serve (such as alpn value, server certificate type, etc.)
Closes https://github.com/espressif/esp-idf/pull/9833

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-12-05 08:59:24 +05:30
Aditya Patwardhan
ae32582cc7 esp-tls: Fix esp-cryptoauthlib built dependency when secure element
support is enabled
2022-11-24 09:32:30 +05:30
yuanjianmin
0a41b9bcd8 esp-tls: Fix memory leak in mbedtls ds peripheral when MBEDTLS_THREADING_C enabled 2022-10-13 19:35:04 +08:00
Yuan Jian Min
769c6c2214 esp-tls: socket will be set to -1 and will not be closed 2022-09-26 19:20:15 +08:00
Laukik Hase
51cbbe486c
esp_tls/wpa_supplicant: Updated deprecated mbedtls APIs 2022-08-26 11:46:54 +05:30
Ivan Grokhotkov
401c10ecfb build system: re-add -Wno-format as private flag for some components 2022-08-03 16:42:47 +04:00
Marius Vikhammer
7e60e07a0a Merge branch 'feature/esp8684_sha' into 'master'
mbedtls: enable hw support for SHA on C2

Closes IDF-3830 and IDF-5141

See merge request espressif/esp-idf!18531
2022-06-23 14:18:49 +08:00
Marius Vikhammer
f4c79687f8 SHA: added hardware support for SHA on C2. 2022-06-23 11:01:16 +08:00
Aditya Patwardhan
8785d1687c esp_tls.h: Add note regarding default timeout_ms value 2022-06-21 16:33:52 +05:30
Aditya Patwardhan
2ea419db22 esp_tls_mbedtls.c: Fix esp-idf integration of esp-cryptoauthlib
menuconfig option
2022-06-03 23:12:11 +05:30
Michael (XIAO Xufeng)
6a8aed12ee ci: partially enable ut tests for esp32c2
Disabled test cases are tracked in:

 IDF-4465, IDF-5045, IDF-5057, IDF-5058, IDF-5059, IDF-5060, IDF-5061, IDF-5131

- test_fatfs: IDF-5136

- test_pm: IDF-5053

- test_cache_mmu: IDF-5138

- test_partitions: IDF-5137

- test_vfs: IDF-5139

- test_freertos: IDF-5140

- test_wpa_supplicant: IDF-5046

- test_mbedtls: IDF-5141

- test_pthread: IDF-5142

- test_protocomm: IDF-5143

- test_lightsleep: IDF-5053

- test_taskwdt: IDF-5055

- test_tcp_transport: IDF-5144

- test_app_update: IDF-5145

- test_timer: IDF-5052

- test_spi: IDF-5146

- test_rtc_clk: IDF-5060

- test_heap: IDF-5167

ci: fixed issues for tests of libgcc, ets_timer, newlib

test_pm: support on C2
2022-06-02 14:23:35 +08:00
Li Jingyi
6d58008119 esp-tls: add api to free client session
Free session with mbedtls api to avoid mem-leak
2022-05-23 16:28:40 +08:00
Aditya Patwardhan
aa9de02259 esp_tls.h: Clean up included header files. 2022-05-11 07:09:34 +00:00
Aditya Patwardhan
788c9ddf8d esp_tls: Added getter function for esp_tls ssl ctx. 2022-05-11 07:09:34 +00:00
Aditya Patwardhan
434e74ff73 esp_tls: Make esp_tls_t as private structure. 2022-05-11 07:09:34 +00:00
Ivan Grokhotkov
47659be5b8
build system: remove lwip from common requirements
lwip was added to common requirements list to provide "sys/socket.h"
header to all components without additional requirements specified.

However, lwip pulls in a lot of dependencies on other components.
This commit removes lwip from common requirements to reduce the number
of components in G1-only apps.

To compensate for this removal, the following changes are made:
- newlib (which is a common requirement) has a public dependency on
  lwip if lwip is present in the build. This ensures that sys/socket.h
  is available as long as lwip component is included into the build.
- lwip is now a public requirement of esp-tls since esp_tls.h includes
  sys/socket.h header.
- lwip is now a public requirement o esp_http_client because
  sys/socket.h is included from esp_http_client.h
- lwip is now a private requirement of esp_wifi for "smartconfig_ack"
- lwip is now a private requirement of mqtt for socket functions
- lwip is now a public requirement of tcp_transport because
  esp_transport_tcp.h includes sys/socket.h header.
- mbedtls checks if lwip component is present in the build. If yes,
  net_sockets.c is added to the build, along with the dependency on
  lwip. Previously lwip was a public requirement of mbedtls
  unconditionally.

system/g1_components test app is updated to reflect the changes

Default public dependencies of a component before and after this
change, except common requirements:

- esp_timer (public dependency of freertos)
- bootloader_support (public dependency of esp_hw_support)
- vfs (public dependency of lwip)
- esp_wifi (public dependency of lwip)
- esp_event (public dependency of esp_wifi)
- esp_netif (public dependency of esp_event)
- esp_eth (public dependency of esp_netif)
- esp_phy (public dependency of esp_wifi)

After:

- esp_timer (public dependency of freertos)
- bootloader_support (public dependency of esp_hw_support)

Altogether, the following components have been always added as
public requirements to all other components, and are not added now
([breaking-change]):

- lwip
- vfs
- esp_wifi
- esp_event
- esp_netif
- esp_eth
- esp_phy

Application components now need to explicitly declare dependencies on
these components.
2022-05-02 20:47:17 +02:00
Laukik Hase
864c59c091
esp_tls: Remove deprecated API
- Removed deprecated esp_tls_conn_new() viz. duplicated by
  esp_tls_conn_new_sync()
- Removed deprecated esp_tls_conn_delete()
- Marked esp_tls_conn_http_new() as deprecated, added alternative
  esp_tls_conn_http_new_sync() (similar to esp_tls_conn_http_new_async())
2022-04-20 12:18:25 +05:30
Laukik Hase
d7090b4d52 https_server: Add config option to min. cert. auth mode
- Added a config option to set the minimum Certificate Verification
  mode to Optional
- When this option is enabled, the peer (the client) certificate
  is checked by the server, however the handshake continues even if
  verification failed.
- By default, the peer certificate is not checked and ignored by the server.

Closes https://github.com/espressif/esp-idf/issues/8664
2022-03-29 08:57:36 +00:00
Aditya Patwardhan
4c58685c00 esp_https_server: Enable secure element support.
Closes https://github.com/espressif/esp-idf/issues/8286
2022-03-27 14:35:25 +05:30
Mahavir Jain
102f8e961f esp-tls: use SOC capability macros instead of target names 2022-03-22 02:06:30 +00:00
Mahavir Jain
93987e6b79 Merge branch 'fix/remove_test_cert_files_from_mbedtls_port_directory' into 'master'
mbedtls: Remove certs.c and certs.h from port directory

Closes IDF-4709

See merge request espressif/esp-idf!17485
2022-03-18 16:47:53 +08:00
Aditya Patwardhan
f31d8dd295 mbedtls: Remove certs.c and certs.h from port directory 2022-03-15 17:16:07 +05:30
Anton Maklakov
e27f1331e4 components: correct printf() placeholder for time_t
Using C99 %jd, https://en.cppreference.com/w/c/chrono/time_t
2022-03-14 14:05:47 +07:00
Aditya Patwardhan
8f67af174e Merge branch 'contrib/github_pr_8462' into 'master'
Add WolfSSL esp_tls TLS1.3 configuration option (GitHub PR)

Closes IDFGH-6838 and IDFGH-6683

See merge request espressif/esp-idf!17324
2022-03-08 10:57:05 +08:00
Alexander Klassen
a46776ad02 Add WolfSSL esp_tls TLS1.3 configuration option
Closes https://github.com/espressif/esp-idf/issues/8313
2022-03-07 09:44:23 +00:00
Sudeep Mohanty
a9fda54d39 esp_hw_support/esp_system: Re-evaluate header inclusions and include directories
This commit updates the visibility of various header files and cleans up
some unnecessary inclusions. Also, this commit removes certain header
include paths which were maintained for backward compatibility.
2022-03-07 11:18:08 +05:30
Laukik Hase
f5feb7813e mbedtls: Fix build errors related to TLS 1.3
- Kconfig: Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled
- esp-tls (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
60b167f2d6 mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE from multiple files
after they have been again made public in mbedtls-3.1

*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326 mbedtls-3.0: Fixed ESP32 build issues
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0 mbedtls-3 update:
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Mahavir Jain
8e94cf2bb1 Add http_parser (new component) dependency 2022-01-11 10:26:25 +05:30
Mahavir Jain
201e0b39a7 esp-tls: remove redundant snippet from CMakeList 2022-01-04 15:41:06 +05:30
Mahavir Jain
c26500cd5a esp-tls: mark esp_tls_conn_delete API as deprecated
It is recommended to use `esp_tls_conn_destroy` API instead
2022-01-04 15:40:07 +05:30
Jakob Hasse
16514f93f0 refactor (test_utils)!: separate file for memory check functions
Memory check (leaks and heap tracing) functions for unit tests
now have a separate file now and are renamed for more consistency.

BREAKING CHANGE: renamed memory check function names which may be used
                 in unit tests outside IDF.
2021-12-08 11:06:00 +08:00
Roland Dobai
766aa57084 Build & config: Remove leftover files from the unsupported "make" build system 2021-11-11 15:32:36 +01:00
Mahavir Jain
8c9a3da695 mbedtls: disable Diffie-Hellman key exchange modes by default
Using these ciphers can constitute a security risk if the server
uses a weak prime for the key exchange.

Footprint impact:
Roughly 3K saved in text+rodata in default https_request example
2021-11-02 15:52:09 +08:00
John Ohl
27d66c0e33 Encoding base64 with wolfSSL should produce the same result as esp_crypto_bas64_encode_mbedtls and not encode in PEM format /w new lines
Closes https://github.com/espressif/esp-idf/pull/7676
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-10-17 00:01:23 +08:00
Laukik Hase
1d2b2b5879 feature: Added user callback for esp_https_server
- Can be used to get connection or client information (SSL context)
- E.g. Client certificate, Socket FD, Connection state, etc.
- Added example callback for getting client certificate information in 'https_server/simple' example

Closes https://github.com/espressif/esp-idf/issues/7479
2021-10-11 09:41:01 +05:30