Commit Graph

574 Commits

Author SHA1 Message Date
Marius Vikhammer
1b6891c5d8 mbedtls: merge changes from C3 2020-12-29 10:56:13 +08:00
Marius Vikhammer
0a95151a75 unit_test: Refactor all performance tests that rely on cache compensated timer
There is no ccomp timer on C3, which means our performance tests will start
failing again due to variance caused by cache misses.

This MR adds TEST_PERFORMANCE_CCOMP_ macro that will only fail
performance test if CCOMP timer is supported on the target
2020-12-22 18:56:24 +11:00
Mahavir Jain
b85c534130 mbedtls: upgrade to v2.16.9 release
For details release notes please refer to:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9
2020-12-17 14:15:41 +05:30
Marius Vikhammer
457ce080ae AES: refactor and add HAL layer
Refactor the AES driver and add HAL, LL and caps.

Add better support for running AES-GCM fully in hardware.
2020-12-10 09:04:47 +00:00
Marius Vikhammer
7e0f362149 esp_crt_bundle: add additional unit tests
Add unit test for:
 * Trusted certificate with weak hash algorithm signature
 * Certificate with wrong signature

Merges https://github.com/espressif/esp-idf/pull/6117
2020-12-08 10:11:31 +08:00
Jeff Epler
a79cb9f8cd esp_crt_bundle: Allow verify_callback to correct BADCERT_BAD_MD 2020-12-03 14:53:53 +08:00
Angus Gratton
5228d9f9ce esp32c3: Apply one-liner/small changes for ESP32-C3 2020-12-01 10:58:50 +11:00
Angus Gratton
d6bdd1cb32 Merge branch 'bugfix/small_cleanups' into 'master'
Small cleanups

See merge request espressif/esp-idf!11141
2020-11-23 17:23:53 +08:00
Dong Heng
1c9592efc4 fix(mbedtls): fix mbedtls dynamic resource memory leaks and RSA cert drop earlier
RX process caches the session information in "ssl->in_ctr" not in "ssl->in_buf".
So when freeing the SSL, can't free the "ssl->in_ctr", because the "ssl->in_buf"
is empty.

Make the RX process like TX process, and cache the session information in
"ssl->in_buf", so that the cache buffer can be freed when freeing the SSL.

Closes https://github.com/espressif/esp-idf/issues/6104
2020-11-19 07:31:50 +00:00
Marius Vikhammer
09e1d104ba SHA: fix dma lldesc going out of scope issue
DMA process didnt wait for idle before returning.
This meant that there was a potential for the dma
descriptors which were on the stack to be reclaimed
before the DMA operation finished.
2020-11-18 06:04:31 +00:00
Angus Gratton
b798158b4c mbedtls: Avoid malloc in esp_sha() function 2020-11-17 22:51:32 +00:00
Angus Gratton
a4fb6c0173 mbedtls: Add missing sha_caps includes 2020-11-17 22:51:07 +00:00
Marius Vikhammer
488f46acf5 SHA/RSA: moved all caps to soc_caps.h 2020-11-12 02:15:46 +00:00
Angus Gratton
66fb5a29bb Whitespace: Automated whitespace fixes (large commit)
Apply the pre-commit hook whitespace fixes to all files in the repo.

(Line endings, blank lines at end of file, trailing whitespace)
2020-11-11 07:36:35 +00:00
Konstantin Kondrashov
9386cafbc3 time: Fix gettimeofday for ESP32-S3 2020-10-20 14:09:32 +08:00
Marius Vikhammer
949fb8e63a SHA: add HAL layer and refactor driver
Add a LL and HAL layer for SHA.
2020-10-09 08:24:08 +00:00
David Čermák
28d2b7a9b3 Merge branch 'bugfix/esp_netif_non_lwip' into 'master'
esp-netif: Enable use of the ESP-IDF with a non-LWIP (and non-BSD-style) IP stack.

Closes IDFGH-3971

See merge request espressif/esp-idf!10472
2020-10-05 16:16:11 +08:00
Angus Gratton
1eefe6494c Merge branch 'feature/rsa_caps' into 'master'
RSA: add max RSA bit len as a soc caps

See merge request espressif/esp-idf!10594
2020-10-05 12:56:28 +08:00
Aditya Patwardhan
db3cbf91f9 mbedtls: Fixed target library linking when using the DS peripheral 2020-09-28 12:58:54 +05:30
Renz Bagaporo
6462f9bfe1 esp32, esp32s2: create esp_pm component 2020-09-25 05:24:10 +00:00
Marius Vikhammer
3c14900a95 RSA: add max RSA bit len as a soc caps 2020-09-24 16:52:50 +08:00
Mahavir Jain
4a3b5b73a8 Merge branch 'feature/esp_ds_sw_support' into 'master'
Added support for  RSA  sign using DS peripheral (only for ESP32-S2)

Closes IDF-1626

See merge request espressif/esp-idf!9477
2020-09-23 20:39:04 +08:00
Aditya Patwardhan
47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Marius Vikhammer
bff0016eb8 crypto accelerator support on esp32s3
SHA: passing unit tests
RSA: pass tests
AES: tests passing
2020-09-22 15:15:03 +08:00
morris
61f89b97c6 bringup esp32-s3 on FPGA 2020-09-22 15:15:03 +08:00
cnlohr
507c08251e esp_netif: Enable use of the ESP-IDF with a non-LWIP (and non-BSD-style) IP stack.
Note: besides the esp-netif component, this commit also disables
net_sockets.c from mbedtls, which is one of the base components and uses BSD API (not specifically lwIP). This might be refactored to use CONFIG_SUPPORT_BSD_API instead of CONFIG_ESP_NETIF_TCPIP_LWIP
in the future.
It also disables smartconfig_ack.c and wifi_init.c from esp_wifi
component for referencing some lwIP config options (smartconfig_ack.c changes might be also
updated to check CONFIG_SUPPORT_BSD_API)

Merges https://github.com/espressif/esp-idf/pull/5856
2020-09-18 15:10:55 +02:00
Jakob Hasse
20c068ef3b cmock: added cmock as component
* changing dependencies from unity->cmock
* added component.mk and Makefile.projbuild
* ignore test dir in gen_esp_err_to_name.py
* added some brief introduction of CMock in IDF
2020-09-02 16:38:37 +08:00
Michal Vácha
e4820fc447 Fixed TLS 1.1 still being enables even if disabled via config.
Fixed MBEDTLS_SSL_PROTO_TLS1_1 still being defined even ifCONFIG_MBEDTLS_SSL_PROTO_TLS1_1 is not

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>

Merges https://github.com/espressif/esp-idf/pull/5675
2020-08-05 03:38:51 +00:00
Angus Gratton
75402afcae Merge branch 'feature/esp32s3_clk_memory_layout' into 'master'
esp32s3: memory layout

See merge request espressif/esp-idf!9753
2020-07-29 13:48:25 +08:00
morris
2917651478 esp_rom: extract common ets apis into esp_rom_sys.h 2020-07-27 15:27:01 +08:00
morris
19761e3113 esp32s3: clk, memory layout 2020-07-27 13:05:22 +08:00
Angus Gratton
a62689a351 Merge branch 'bugfix/mbedtls_mpi_exp_mod' into 'master'
mbedtls: Fix a case for mpi_montgomery_exp_calc() when Z is not init

Closes IDF-1870

See merge request espressif/esp-idf!9496
2020-07-24 00:02:13 +08:00
Mahavir Jain
603e0883a1 mbedtls: update to mbedtls release v2.16.7
For detailed release notes, please refer to:
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.7
2020-07-20 15:50:20 +05:30
KonstantinKondrashov
11844a54f4 mbedtls: Fix a case for mpi_montgomery_exp_calc() when Z is not init
Closes: IDF-1870
2020-07-13 22:46:05 +08:00
Angus Gratton
22d9ff5b05 Merge branch 'feature/block_sha_fallback' into 'master'
esp32s2 SHA: fallback to hashing block by block for non DMA memory

Closes IDF-1529

See merge request espressif/esp-idf!8293
2020-06-25 09:30:39 +08:00
Marius Vikhammer
b75edc84e3 esp32s2 SHA: fallback to hashing block by block for non DMA memory
Also adds unit test for SHA with input buffer in flash

Closes IDF-1529
2020-06-10 15:09:20 +08:00
Marius Vikhammer
c343323863 Fixes issues with gen_crt_bundle.py for unicode chars
gen_crt_bundle.py could fail to parse the certificates if it contained a non-ascii character.
2020-06-08 18:27:03 +08:00
Angus Gratton
33bfe2393a Merge branch 'bugfix/wpa_supplicant_no_hw_mpi' into 'master'
wpa_supplicant: Allow building with mbedTLS integration but no hardware MPI

Closes IDFGH-3344

See merge request espressif/esp-idf!8822
2020-06-01 14:48:06 +08:00
Angus Gratton
59f29cbca8 Merge branch 'feature/allow_rtc_memory_for_task_stacks' into 'master'
Add RTC Fast Memory to Dynamic Memory Pool

See merge request espressif/esp-idf!8390
2020-05-29 14:07:01 +08:00
Angus Gratton
94f5129bf8 mbedtls: Don't compile hardware MPI & SHA files if disabled in config
Fixes bug where hardware accelerated mbedtls_mpi API was always used, even when
disabled in config.
2020-05-26 03:37:46 +00:00
Ivan Grokhotkov
a2d7e8cbba Merge branch 'bugfix/crt_bundle_no_config_file' into 'master'
esp_crt_bundle: fixes the "No CA Chain is set" error

See merge request espressif/esp-idf!8851
2020-05-22 09:34:32 +08:00
Aditya Patwardhan
423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Marius Vikhammer
f72d259622 esp_crt_bundle: fixes the "No CA Chain is set" error
When compiling esp_crt_bundle.c, it would end up with a different struct layout due
to configuration options from "mbedtls/esp_config.h" not being considered.

This lead to ca_chain potentially not being set correctly.
2020-05-21 15:19:49 +08:00
Bryan Hunt
4553f6c95d Add cryptoauthlib as a component with mbedtls integration
* Add options to mbedtls for hardware acceleration
* Disable mbedtls EC curves if hardware acceleration is selected
since the hardware will have to define the curves supported
* Add a hardware ecdsa example
2020-05-20 22:52:37 +05:30
Angus Gratton
0927ec029e wpa_supplicant: Allow building with mbedTLS integration but no hardware MPI
Also disable the relevant function in bignum.h based on config, so fails at
compile not link time.

Closes https://github.com/espressif/esp-idf/issues/5321
2020-05-20 12:06:07 +10:00
Mahavir Jain
be3b6b7cb8 Merge branch 'feature/mbedtls_dynamic_memory' into 'master'
feat(mbedtls): add dynamic buffer and local resource managment to decrease SSL heap cost

See merge request espressif/esp-idf!8313
2020-05-18 13:55:05 +08:00
Shubham Kulkarni
ca3daa50de mbedtls: Add configuration options 2020-05-15 11:27:44 +05:30
Mahavir Jain
0d208aabab mbedtls: esp32s2: check and reallocate output buffer if its from non-DMA range
Earlier check was for only input buffer but it is quite likely to have
output buffer also from non-DMA memory range and hence requirement to
reallocate and then copy data from AES engine.
2020-05-14 13:12:26 +00:00
Dong Heng
3d57bf30a2 feat(mbedtls): add dynamic buffer and local resource managment to decrease SSL heap cost 2020-05-14 11:45:09 +00:00
Piyush Shah
43b3def711 mbedtls_hkdf: Add a config option to enable HKDF 2020-05-11 11:49:14 +05:30
Piyush Shah
62e1d6712b mbedtls: Add config options for chacha20, poly1305 and chachapoly 2020-05-05 16:41:31 +00:00
Angus Gratton
433c1c9ee1 Merge branch 'bugfix/ds_mpi_lock' into 'master'
crypto: DS uses RSA peripheral, added shared lock

See merge request espressif/esp-idf!8274
2020-04-15 15:15:25 +08:00
kangping
4883010f40 mbedtls: add configuration options for EC-JPAKE
Closes https://github.com/espressif/esp-idf/pull/5106
2020-04-14 12:22:16 +00:00
Marius Vikhammer
71ab83cdfb aes: increase timeout for "mbedtls AES performance" test
Timeout increased to 60 sec from default 30 sec.

Test would occasionally timeout on S2 due to cache misses.
2020-04-10 15:49:40 +08:00
Marius Vikhammer
a2a204c2b9 crypto: DS uses RSA peripheral, added shared lock 2020-04-09 11:11:04 +00:00
Ivan Grokhotkov
8bf18d868a Merge branch 'bugfix/crt_bundle_mem_leak' into 'master'
cert bundle: Fix memory leak during cert verification

Closes IDFGH-2950

See merge request espressif/esp-idf!8117
2020-04-09 05:41:41 +08:00
Angus Gratton
2bdf22b25d Merge branch 'bugfix/sha_alloc_fallback' into 'master'
sha: add fallback for when memory alloc fails

See merge request espressif/esp-idf!8177
2020-04-08 14:15:52 +08:00
Marius Vikhammer
832599718d cert bundle: add server_root.pem incase bundle needs to be regenerated 2020-04-07 18:51:26 +08:00
Marius Vikhammer
9ccc5e6d84 cert bundle: Fix memory leak during cert verification
Also refactors the unit tests and fixes the test case, as it was giving false positives.

Closes IDFGH-2950

Closes https://github.com/espressif/esp-idf/issues/4983
2020-04-07 18:50:30 +08:00
Marius Vikhammer
1863a8ce82 sha: add fallback for when memory alloc fails 2020-04-01 02:07:44 +00:00
Marius Vikhammer
d1d91ec3dd crypto tests: fix mallocs that were missing MALLOC_CAP_8BIT
Tests had the potential to fail they got non byte-accessible memory allocated.
2020-03-30 10:40:59 +07:00
Marius Vikhammer
32f16e8c30 crypto tests: fix mallocs that were missing MALLOC_CAP_8BIT
Tests had the potential to fail they got non byte-accessible memory allocated.
2020-03-30 11:12:20 +08:00
Jeroen Domburg
419848549e Add fixes for gcc8 psram fix improvement 2020-03-27 20:04:47 +07:00
Jakob Hasse
ea47bbb118 HMAC: adding upstream message support 2020-03-26 19:00:27 +08:00
Angus Gratton
62426a6c90 Merge branch 'refactor/use_new_component_registration_functions' into 'master'
CMake: Use new component registration function

See merge request espressif/esp-idf!8068
2020-03-25 08:02:42 +08:00
Marius Vikhammer
32fd9d6c63 s2 crypto: update perf test to use cache comp timer
Updated S2 hardware accelerated crypto to use the cache compensated timer.

Re-enabled RSA performance test and set lower targets now that results are more stable

Closes: IDF-1174
2020-03-23 11:30:55 +08:00
Renz Bagaporo
3d0967a58a test: declare requirements and include dirs private 2020-03-23 10:58:50 +08:00
Ivan Grokhotkov
6330b3345e Merge branch 'bugfix/disable_rsa_perf_test' into 'master'
rsa: ignore performance test in CI

See merge request espressif/esp-idf!8026
2020-03-20 15:09:15 +08:00
Marius Vikhammer
2f5e4601ef rsa: ignore performance test in CI
Even with a static key the performance vary a lot between different builds.
2020-03-19 14:16:39 +08:00
Marius Vikhammer
ffb9010cbe aes: Fixed tag sometime being wrong for HW GCM
The GCM hardware accelerated algorithm for S2 would sometimes output
the wrong tag.

Added additional tests for AES and GCM

Re-enable HW GCM as default option
2020-03-18 08:44:38 +08:00
Angus Gratton
9c430a17aa Merge branch 'feature/mpi_accel_s2' into 'master'
MPI/RSA accelerator bringup for S2 and bignum refactor

Closes IDF-803 and IDF-1174

See merge request espressif/esp-idf!7915
2020-03-17 13:16:05 +08:00
Marius Vikhammer
7e824508a9 mpi: refactor bignum into common and hw specific components
Closes IDF-1174
2020-03-16 19:44:30 +08:00
Marius Vikhammer
16b6a7a903 s2 sha hw: Fix bug where alloc would fail if input were of len 0 2020-03-16 19:29:59 +08:00
Marius Vikhammer
e21bef3f28 mpi: active hw accel for S2
Actives MPI/RSA hardware acceleratio for ESP32 S2.

Closes IDF-803
2020-03-13 18:33:18 +08:00
Ivan Grokhotkov
64ceab0069 Merge branch 'feature/aes_sha_accel_s2' into 'master'
crypto: SHA and AES accelerator bring up for S2

Closes IDF-1443, IDF-714, and IDF-716

See merge request espressif/esp-idf!7825
2020-03-13 18:21:09 +08:00
Mahavir Jain
453b65a608 Merge branch 'feature/upgrade_mbedtls_to_v2.16.4' into 'master'
mbedtls: upgrade to release v2.16.5

Closes IDFGH-2638

See merge request espressif/esp-idf!7607
2020-03-12 18:08:33 +08:00
Marius Vikhammer
3351376a11 AES: optimize AES-GCM
HW acceleration for GCM is now enabled by default

Closes IDF-1443
2020-03-12 10:20:24 +08:00
Aditya Patwardhan
874e987a3b esp_tls: change argument pointer type to (void *) for esp_crt_bundle_attach 2020-03-11 15:54:05 +05:30
Marius Vikhammer
37369a8a57 crypto: SHA and AES accelerator bring up for S2
Brings up, fixes and enables AES and SHA hardware acceleration.

Closes IDF-714
Closes IDF-716
2020-03-11 15:09:45 +08:00
Mahavir Jain
02d2903e39 mbedtls: upgrade to release v2.16.5
For detailed release notes please refer to:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released

Closes: IDFGH-2638
Closes: https://github.com/espressif/esp-idf/issues/4716
2020-03-11 05:17:33 +00:00
Angus Gratton
f393938c22 Merge branch 'bugfix/remove_esp32s2_esp_intr_header' into 'master'
esp32s2: remove esp_intr.h header

See merge request espressif/esp-idf!7883
2020-03-06 14:30:28 +08:00
Renz Bagaporo
71c02394e5 esp32s2: remove esp_intr.h header 2020-03-05 16:15:59 +08:00
Marius Vikhammer
947e3e94ed Add ESP certificate bundle feature
Adds the ESP certificate bundle feature that enables users to bundle a
root certificate bundle together with their application.

Default bundle includes all Mozilla root certificates

Closes IDF-296
2020-03-04 10:51:43 +08:00
Sachin Parekh
301dacfb33 Exception handlers for LoadStoreError and LoadStoreAlignmentError
Configurable option to use IRAM as byte accessible memory (in single core mode) using
load-store (non-word aligned and non-word size IRAM access specific) exception handlers.
This allows to use IRAM for use-cases where certain performance penalty
(upto 170 cpu cycles per load or store operation) is acceptable. Additional configuration
option has been provided to redirect mbedTLS specific in-out content length buffers to
IRAM (in single core mode), allows to save 20KB per TLS connection.
2020-02-26 20:21:59 +08:00
michael
2529eda907 ci: disable failed cases for s2 temporarily 2020-02-15 18:28:25 +08:00
Ivan Grokhotkov
6e527fb763 mbedtls: temporary disable HW crypto for ESP32S2
To be re-enabled once HW crypto accelerators support is merged:
IDF-714, IDF-716, IDF-803.
2020-01-23 18:14:10 +01:00
morris
e30cd361a8 global: rename esp32s2beta to esp32s2 2020-01-22 12:14:38 +08:00
morris
2422c52851 global: hello world on real esp32-s2 2020-01-16 17:43:59 +08:00
morris
1c2cc5430e global: bring up esp32s2(not beta) 2020-01-16 17:41:31 +08:00
David Cermak
2efb3288a0 mbedtls: fix hw accelerated big-num mul if operand and result overlap
this issue is mainly exposed when using larger (4096) client key in TLS mutual auth,
since it uses multiplications > 2048 when mbedtls_mpi_mul_mpi is used in recursion,
which works only if both operands point to different location than result since
mpi_mult_mpi_overlong() called mbedtls_mpi_grow() to reallocate buffers used in previous
pointer arithmetics and thus corrupting it. Fixed by growing the mpi buffer before
calling mpi_mult_mpi_overlong()
2020-01-09 18:11:18 +00:00
David Cermak
b0a714476a mbedtls: added mpi multiplication test for large numbers 2020-01-09 18:11:18 +00:00
David Cermak
1acf4d46ef mbedtls: bugnum test for rsa operations with blinding 2020-01-09 18:11:18 +00:00
Angus Gratton
65dad0d46f build system: Remove some dependencies from esp32 & esp32s2beta
Possible now that wifi related source files are all in esp_wifi
2020-01-08 18:13:12 +11:00
michael
4220752aed ut: Move tests back from "esp32" subfolder
DISABLED_FOR_TARGETS macros are used

Partly revert "ci: disable unavailable tests for esp32s2beta"

This partly reverts commit 76a3a5fb48.

Partly revert "ci: disable UTs for esp32s2beta without runners"

This partly reverts commit eb158e9a22.

Partly revert "fix unit test and examples for s2beta"

This partly reverts commit 9baa7826be.

Partly revert "efuse: Add support for esp32s2beta"

This partly reverts commit db84ba868c.
2020-01-06 17:13:53 +08:00
Marius Vikhammer
c63684cf6c hw crypto: activated hardware acceleration for esp32s2beta
Activated AES, RSA and SHA hardware acceleration for esp32s2 and enabled related unit tests.

Updated with changes made for ESP32 from 0a04034, 961f59f and caea288.

Added performance targets for esp32s2beta

Closes IDF-757
2019-12-12 12:37:29 +08:00
Ryan Kurte
4ee78f8496 added KConfig option to allow loading CA certs with unsupported extensions
Close https://github.com/espressif/esp-idf/pull/4445
2019-12-10 08:47:26 +05:30
Shubham Kulkarni
c741dd0535 Fixed warnings for components driver, esp32 and mbedtls 2019-11-15 08:51:16 +00:00
Angus Gratton
6f761dd62d cmake: Fix some uninitialized variable warnings 2019-11-08 12:50:28 +08:00
Anton Maklakov
f8bfa69060 rsa test: fix a warning 2019-11-06 18:21:39 +07:00
Angus Gratton
5b33d6cf94 Merge branch 'feature/mbedtls_add_faster_modexp' into 'master'
mbedtls: Add a new (X^Y) mod M implementation (HAC 14.94)

Closes IDF-965

See merge request espressif/esp-idf!6418
2019-11-06 15:51:28 +08:00
KonstantinKondrashov
e8d3b80e4b mbedtls: Add an UT for performance RSA key operations
(New) - Montgomery exponentiation: Z = X ^ Y mod M  (HAC 14.94)
keysize = 2048 bits
RSA key operation (performance): public [21894 us], private [199119 us]
RSA key operation (performance): public [18768 us], private [189051 us]
RSA key operation (performance): public [16242 us], private [190821 us]
keysize = 3072 bits
RSA key operation (performance): public [39762 us], private [437480 us]
RSA key operation (performance): public [36550 us], private [449422 us]
RSA key operation (performance): public [40536 us], private [443451 us]
keysize = 4096 bits
RSA key operation (performance): public [65671 us], private [885215 us]
RSA key operation (performance): public [60770 us], private [880936 us]
RSA key operation (performance): public [68951 us], private [872027 us]

(Old) - Sliding-window exponentiation: Z = X ^ Y mod M  (HAC 14.85)
keysize = 2048 bits
RSA key operation (performance): public [93206 us], private [280189 us]
RSA key operation (performance): public [93060 us], private [278893 us]
RSA key operation (performance): public [97520 us], private [283252 us]
keysize = 3072 bits
RSA key operation (performance): public [293614 us], private [858157 us]
RSA key operation (performance): public [289902 us], private [843701 us]
RSA key operation (performance): public [291495 us], private [845232 us]
keysize = 4096 bits
RSA key operation (performance): public [653192 us], private [1912126 us]
RSA key operation (performance): public [656661 us], private [1901792 us]
RSA key operation (performance): public [641390 us], private [1938911 us]
2019-11-05 16:33:11 +08:00
KonstantinKondrashov
5ed8388f6b mbedtls: Add Montgomery exponentiation implementation (HAC 14.94)
It gave us a better performance of RSA operations. (2~11 times)

The old modexp implementation (Z = X ^ Y mod M) loaded all the data into
the hw registers and was waiting for completion, but due to
the hardware RSA implementation, the calculations always started with 4096 bit,
which took a lot of time.
Measurement results (measurements were made for keys: 2048, 3072 and 4096 bits)
(Old) - Sliding-window exponentiation (HAC 14.85):
keysize = 2048 bits
RSA key operation (performance): public [93206 us], private [280189 us]
keysize = 3072 bits
RSA key operation (performance): public [293614 us], private [858157 us]
 keysize = 4096 bits
RSA key operation (performance): public [653192 us], private [1912126 us]

Instead (Old) - Sliding-window exponentiation (HAC 14.85) was implemented
(New) - Montgomery exponentiation (HAC 14.94) which showed
better performance on private and public keys.
keysize = 2048 bits
RSA key operation (performance): public [14504 us], private [149456 us]
keysize = 3072 bits
RSA key operation (performance): public [35073 us], private [392743 us]
keysize = 4096 bits
RSA key operation (performance): public [58650 us], private [787186 us]

For this reason, the old implementation was removed
and the MBEDTLS_HARDWARE_MPI option was turned on by default.

Why the MPI_INTERRUPT option is removed:
the old implementation used calculations on the hardware and
it took a lot of time (10ms - 500ms). And in order not to stand idle
while waiting for completion, an interrupt option was added.
This made it possible to carry out other tasks during the calculation,
and this one to block. The new method is free from such a drawback and
the maximum duration of one RSA HW operation does not exceed 70us (usually 2-70 μs).
This option is no longer needed.

Closes: IDF-965
2019-11-05 16:33:11 +08:00
Ivan Grokhotkov
71b73e61e1 mbedtls: Enable SHA hardware acceleration by default 2019-11-04 10:48:08 +01:00
Ivan Grokhotkov
589a1f216f mbedtls: add SHA performance test
Results with this revision:

SHA256 rate 2.599MB/sec Debug 240MHz SW
SHA256 rate 1.147MB/sec Release 80MHz SW
SHA256 rate 3.469MB/sec Release 240MHz SW
SHA256 rate 2.687MB/sec Release 240MHz SW + PSRAM workaround

SHA256 rate 9.433MB/sec Debug 240MHz HW rev1
SHA256 rate 3.727MB/sec Release 80MHz HW rev1
SHA256 rate 10.961MB/sec Release 240MHz HW rev1
SHA256 rate 9.966MB/sec Release 240MHz HW rev1 + PRAM workaround

SHA256 rate 10.974MB/sec Debug 240MHz HW rev3
SHA256 rate 4.362MB/sec Release 80MHz HW rev3
SHA256 rate 13.207MB/sec Release 240MHz HW rev3

Debug = Og, assertions enabled
Release = O2, assertions disabled
2019-11-04 10:48:08 +01:00
Angus Gratton
8675a818f9 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-22 13:51:49 +11:00
Kedar Sovani
87c3decc12 Remove check for would_block in mbedtls
Basically, in the portability layer, it is checked if the socket is
NON-block, and if not, then even the EAGAIN and EWOULDBLOCK errors are
diverted to a RECV error. This causes a problem for sockets with
receive timeouts set. When such a timeout is set, the condition for
NON_BLOCK isn't met and hence a hard error is returned.

Searching for EAGAIN and EWOULDBLOCK in lwip returns only 3 results
(accept, recvfrom, close) and all of them look to be genuine cases for
EWOULDBLOCK. So removing this check to make receive timeout with TLS
work.
2019-10-17 16:36:18 +05:30
Ivan Grokhotkov
5830f529d8 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-02 19:01:39 +02:00
Prasad Alatkar
fe08f435dc NimBLE: Add optional mbedTLS support to NimBLE
- Additional menuconfig option to select either mbedTLS or Tinycrypt from NimBLE.
- Addition of `CMAC` and `ECP_RESTARTABLE` to mbedTLS menuconfig option and
  `esp_config.h`.
- Changes NimBLE `component.mk` and `CMakeLists.txt` to support mbedTLS option.
- Minor changes to `app_mesh.c` application.
2019-09-30 14:15:43 +08:00
Angus Gratton
adfc06a530 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-20 10:28:37 +10:00
Angus Gratton
438d513a95 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-16 16:18:48 +10:00
Angus Gratton
c41b2b0415 mbedtls: Remove esp_aes_encrypt/decrypt
Deprecated in ESP-IDF V3.1

Anyone reading this should please include mbedtls/aes.h and use mbedTLS APIs,
not the ESP-specific APIs.
2019-09-13 09:44:07 +10:00
Michael (XIAO Xufeng)
76a3a5fb48 ci: disable unavailable tests for esp32s2beta 2019-09-04 10:53:25 +10:00
Michael (XIAO Xufeng)
b76d5d74d9 mbedtls: support esp32s2beta 2019-09-04 10:53:25 +10:00
Angus Gratton
6123f78897 mbedtls: Make ECDHE-PSK config item depend on ECDHE 2019-08-30 15:01:53 +10:00
Mahavir Jain
5582878f8e mbedtls: keep asymmetric tls buffer length option enabled by default 2019-08-28 06:23:33 +00:00
Angus Gratton
6990a7cd54 Merge branch 'master' into feature/esp32s2beta_update 2019-08-19 15:03:43 +10:00
Angus Gratton
a50ae86707 Merge branch 'bugfix/mbedtls_add_source_files_to_appropriate_library' into 'master'
mbedtls: add source files to appropriate library

See merge request espressif/esp-idf!5761
2019-08-15 13:32:20 +08:00
Renz Christian Bagaporo
6875080b9b mbedtls: add source files to appropriate library 2019-08-15 12:43:45 +08:00
Angus Gratton
9a2e29e068 esp32s2beta: Invert RSA_CONSTANT_TIME_DISABLE_REG to RSA_CONSTANT_TIME_REG 2019-08-13 17:14:16 +10:00
Angus Gratton
80a4a11808 Merge branch 'bugfix/fix_mbedtls_net_sockets_error_handling' into 'master'
mbedtls: use `errno` instead of `SO_ERROR` for getting socket errors

See merge request espressif/esp-idf!5727
2019-08-13 14:38:28 +08:00
Angus Gratton
aa3c988c17 sha: Add fault injection checks reading hash digest state
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 11:16:33 +10:00
Angus Gratton
caea2889c8 aes: Add fault injection checks when writing key to hardware
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 11:16:33 +10:00
Mahavir Jain
ab6ad844b1 mbedtls: use errno instead of SO_ERROR for getting socket errors
As per upgrade notes of lwIP v2.1.0:
socket API: according to the standard, SO_ERROR now only returns asynchronous errors.
All other/normal/synchronous errors are (and always were) available via 'errno'.
LWIP_SOCKET_SET_ERRNO has been removed - 'errno' is always set - and required!

Refer: https://www.nongnu.org/lwip/2_1_x/upgrading.html

Fixes https://github.com/espressif/esp-azure/issues/51
2019-08-08 12:17:32 +00:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Jon Shallow
1aaec808da Add DTLS support to libcoap using MbedTLS
This update supports DTLS, TLS is a future TODO

components/coap/CMakeLists.txt:
components/coap/component.mk:

Add in the new files that have to be built
Replace libcoap/src/coap_notls.c with libcoap/src/coap_mbedtls.c

components/coap/libcoap:

Update the version to include the current version for supporting MbedTLS

components/coap/port/coap_debug.c:
components/coap/port/coap_mbedtls.c:
components/coap/port/include/coap/coap_dtls.h:

New port files for DTLS

components/coap/port/include/coap_config_posix.h:

Include building with MbedTLS

examples/protocols/coap_client/README.md:
examples/protocols/coap_client/main/CMakeLists.txt:
examples/protocols/coap_client/main/Kconfig.projbuild:
examples/protocols/coap_client/main/coap_client_example_main.c:
examples/protocols/coap_client/main/component.mk:

Update CoAP client to support DTLS

examples/protocols/coap_client/main/coap_ca.pem
examples/protocols/coap_client/main/coap_client.crt
examples/protocols/coap_client/main/coap_client.key

New PKI Certs for CoAP client (copied from wpa2_enterprise example)

examples/protocols/coap_server/README.md:
examples/protocols/coap_server/main/CMakeLists.txt:
examples/protocols/coap_server/main/Kconfig.projbuild:
examples/protocols/coap_server/main/coap_server_example_main.c:
examples/protocols/coap_server/main/component.mk:

Update CoAP server to support DTLS
Change "no data" to "Hello World!" to prevent confusion

examples/protocols/coap_server/main/coap_ca.pem
examples/protocols/coap_server/main/coap_server.crt
examples/protocols/coap_server/main/coap_server.key

New PKI Certs for CoAP server (copied from wpa2_enterprise example)

Closes https://github.com/espressif/esp-idf/pull/3345
Closes https://github.com/espressif/esp-idf/issues/1379
2019-08-06 10:37:40 +05:30
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
hemal.gujarathi
1dec976fba Update esp_config and add new feature
Closes https://github.com/espressif/esp-idf/issues/3372
2019-07-12 11:42:48 +05:30
Xia Xiaotian
99ef587a05 run WiFi on ESP32SBETA 2019-06-28 11:34:49 +08:00
Renz Christian Bagaporo
0872efa4ef mbedtls: remove component CMake file workarounds 2019-06-26 08:41:02 +00:00
Angus Gratton
c404f8b6e9 Merge branch 'feature/upgrade_mbedtls_to_v2.16.1' into 'master'
mbedtls: upgrade to v2.16.2 release

Closes IDF-664

See merge request idf/esp-idf!5130
2019-06-26 08:40:43 +08:00
Mahavir Jain
adfe16d928 mbedtls: upgrade to v2.16.2 release
For detailed release notes please refer to:
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.2
2019-06-24 06:02:59 +00:00
Renz Christian Bagaporo
9eccd7c082 components: use new component registration api 2019-06-21 19:53:29 +08:00
Konstantin Kondrashov
bc8c8c68dd mbedtls: Add UTs for modexp 2019-06-17 07:19:54 +00:00
Konstantin Kondrashov
0a040345cc mbedtls: Fix Z->s in mbedtls_mpi_exp_mod()
Z->s should never be zero, only 1 or -1.
Added additional checks for X, Y and M args to correctly set Z->s.

Closes: https://github.com/espressif/esp-idf/issues/1681
Closes: https://github.com/espressif/esp-idf/issues/3603
Closes: IDFGH-1313
2019-06-17 07:19:54 +00:00
Renz Christian Bagaporo
3882e48e8a cmake: use new signature form of target_link_library to link components
!4452 used setting LINK_LIBRARIES and INTERFACE_LINK_LIBRARIES to link
components built under ESP-IDF build system. However, LINK_LIBRARIES does
not produce behavior same as linking PRIVATE. This MR uses the new
signature for target_link_libraries directly instead. This also moves
setting dependencies during component registration rather than after all
components have been processed.

The consequence is that internally, components have to use the new
signature form as well. This does not affect linking the components to
external targets, such as with idf_as_lib example. This only affects
linking additional libraries to ESP-IDF libraries outside component processing (after
idf_build_process), which is not even possible for CMake<v3.13 as
target_link_libraries is not valid for targets not created in current
directory. See https://cmake.org/cmake/help/v3.13/policy/CMP0079.html#policy:CMP0079
2019-06-11 18:09:26 +08:00
Renz Christian Bagaporo
70dfcb35d4 mbedtls: component CMakeLists.txt corrections
Since !4452 the common component requirements automatically get
privately linked to libraries built under ESP-IDF build system (this
includes targets from third-party libraries). This removes a variable
that was used for that purpose before !4452.

Since the internal target names were changed, the compile definition for
warning on using deprecated functions is not being passed. Since using
the internal name is unreliable, prefer passing this compile definition
from the test itself.
2019-06-11 18:09:26 +08:00
suda-morris
84b2f9f14d build and link hello-world for esp32s2beta 2019-06-11 13:07:37 +08:00
suda-morris
b146104885 add esp32s2beta component 2019-06-11 13:06:32 +08:00
Mahavir Jain
0a5dfd3717 mbedtls: add config option for setting debug level
Closes https://github.com/espressif/esp-idf/issues/3521
2019-06-06 18:28:19 +05:30
Angus Gratton
045aaf6fb0 Merge branch 'feature/add_xxx_periph_h' into 'master'
soc: Add xxx_periph.h for all modules

Closes IDF-192

See merge request idf/esp-idf!4952
2019-06-04 13:24:14 +08:00
Konstantin Kondrashov
399d2d2605 all: Using xxx_periph.h
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .

Cleaned up header files from unnecessary headers (releated to soc/... headers).
2019-06-03 14:15:08 +08:00
Stephen Bird
058c6afd3c Add option to disable server side SSL session tickets as well as client
Closes https://github.com/espressif/esp-idf/pull/2570
2019-05-29 18:02:18 +05:30
Roland Dobai
0ae53691ba Rename Kconfig options (components/esp32) 2019-05-21 09:09:01 +02:00
Angus Gratton
af98ca6b46 hwcrypto: Add AES fault injection check
Hardware AES-CBC performance changes:

Release config 11.0MB/sec -> 10.8MB/sec
Debug config 9.4MB/sec -> 9.8MB/sec

(Unrolling the loop to optimize the check improves
performance at -Og, even with the fault check.)
2019-05-21 12:41:42 +10:00
Angus Gratton
c9edb7c8a9 mbedtls: Add AES-CBC performance test
Hardware AES engine gets 11.0MB/sec on Release config
Software AES is around 2.3MB/sec on Release config
2019-05-21 12:41:40 +10:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
Konstantin Kondrashov
bbdeff1da1 esp32: Rewrite esp_sha function
It removes using a STALL_OTHER_CPU while sha operations.
It improves performance with SHA.
2019-05-13 12:32:45 +08:00
Michael (XIAO Xufeng)
562af8f65e global: move the soc component out of the common list
This MR removes the common dependency from every IDF components to the SOC component.

Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.

In CMAKE, we have two kinds of header visibilities (set by include path visibility):

(Assume component A --(depends on)--> B, B is the current component)

1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)

and we have two kinds of depending ways:

(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)

1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)

1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)

This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:

- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h

The major broken include chain includes:

1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h

some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h

BREAKING CHANGE
2019-04-16 13:21:15 +08:00
morris
f5b03c9ea3 misc adjustment of esp32 component 2019-04-03 19:57:46 +08:00
morris
709a320f33 move hwcrypto from esp32 to mbedtls 2019-03-26 16:24:22 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Angus Gratton
b7ee11231d mbedtls: Fix esp_debug not including its dependencies
As reported on forum: https://esp32.com/viewtopic.php?f=13&t=9782&p=40464#p40464
2019-03-21 10:48:55 +11:00
Roland Dobai
37126d3451 Correct Kconfigs according to the coding style 2019-01-29 13:37:01 +01:00
Angus Gratton
f3277cf2dc hwcrypto sha: Allow SHA contexts to be shared between tasks
Previously, hardware SHA engine "locks" were mutex semaphores. This meant that the task which
started a particular SHA session (in hardware) needed to finalise that session, or an invalid
FreeRTOS state was created.

Replace with binary semaphore which can be shared between tasks.

Includes a unit test, but unit test doesn't crash even without this fix
(some other unknown condition is required).
2019-01-23 04:59:44 +00:00
Renz Christian Bagaporo
d3799c8682 mbedtls: fix unix makefile build on windows command line 2018-12-20 18:23:55 +08:00
Renz Christian Bagaporo
72cd1ac43f mbedtls: fix issue with non idf.py build on windows 2018-12-13 20:44:29 +08:00
Renz Christian Bagaporo
d411175e47 mbedtls, cmake: set host as unix when building in msys 2018-12-05 07:54:59 +08:00
Mahavir Jain
907b1a9032 mbedtls: align CMake build with corresponding component.mk 2018-11-29 16:23:06 +05:30
Renz Christian Bagaporo
0908fba1a3 mbedtls: import mbedtls project w/o modification 2018-11-27 13:59:26 +08:00
Renz Christian Bagaporo
37d30c7a6e cmake: separate app from idf lib project
mbedtls: import mbedtls using unmodified cmake file
2018-11-27 13:59:24 +08:00
Ivan Grokhotkov
8027adaf81 esp32, mbedtls: check component name when enabling test flags
Otherwise flags get enabled even when building tests for other components.
2018-11-20 01:27:24 +08:00
Ivan Grokhotkov
6091021e83 unity: separate common and IDF specific functionality
New unity component can be used for testing other applications.
Upstream version of Unity is included as a submodule.
Utilities specific to ESP-IDF unit tests (partitions, leak checking
setup/teardown functions, etc) are kept only in unit-test-app.
Kconfig options are added to allow disabling certain Unity features.
2018-11-19 12:36:31 +08:00
Konstantin Kondrashov
8bba348528 aes/sha/mpi: Bugfix a use of shared registers.
This commit resolves a blocking in esp_aes_block function.

Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.

Fix some related issue with shared using of AES SHA RSA accelerators.

Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
2018-11-05 04:22:47 +00:00
Peter Meerwald-Stadler
6a197d305f Fix some typos related to ethernet documentation and Kconfig. Closes https://github.com/espressif/esp-idf/pull/2642 2018-10-28 21:12:09 +01:00
Renz Bagaporo
cc774111bf cmake: Add support for test build 2018-10-20 12:07:24 +08:00
Ivan Grokhotkov
71b5ce55d3 Merge branch 'feature/mbedtls_2_13_1' into 'master'
mbedtls: update to 2.13.1

See merge request idf/esp-idf!3301
2018-09-27 14:15:25 +08:00
Angus Gratton
96cd3b75cd Merge branch 'feature/mbedtls_mem_alloc_options' into 'master'
mbedtls: configurable options for controlling dynamic memory allocations

See merge request idf/esp-idf!3343
2018-09-25 08:24:29 +08:00
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30
Mahavir Jain
54382277b6 mbedtls: configurable options for controlling dynamic memory allocations
Modifies https://github.com/espressif/esp-idf/pull/2237
2018-09-24 11:17:48 +05:30
Ivan Grokhotkov
9188cb066a mbedtls: update to 2.13.1
See release notes:
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.13.0
2018-09-20 04:35:45 +00:00
Sagar Bijwe
112244bac4 wpa_supplicant: Implement BIGNUM and ECC crypto wrapper apis for ESP using mbedtls 2018-09-19 11:10:28 +05:30
Renz Christian Bagaporo
d9939cedd9 cmake: make main a component again 2018-09-11 09:44:12 +08:00
Angus Gratton
b355854d4d Merge branch 'master' into feature/cmake 2018-09-05 10:35:04 +08:00
Angus Gratton
83a179abb0 esp32: Add esp_fill_random() function
Convenience function to fill a buffer with random bytes.

Add some unit tests (only sanity checks, really.)
2018-09-03 04:39:45 +00:00
Angus Gratton
a9c4ed7139 Merge branch 'master' into feature/cmake 2018-08-30 18:51:01 +08:00
Angus Gratton
961f59ff57 mbedtls: Don't unnecessarily grow the result of a hardware bignum operation
Avoids growing the result of hardware bignum operations
(particularly for multiplication)

Fixes bugs where some Elliptic Curve operations fail or corrupt memory,
as they assume length of the number is never greater than the number of
non-zero limbs.

Includes some general refactoring to standardize terminology.

Closes https://github.com/espressif/esp-idf/issues/1556

Fixes TW12984

Adds test cases for both these issues.
2018-08-28 09:08:43 +00:00
Angus Gratton
ff2404a272 Merge branch 'master' into feature/cmake 2018-08-16 17:14:17 +10:00
Ivan Grokhotkov
98255f4225 Merge branch 'feature/mbedtls_2_12_0' into 'master'
mbedtls: update to 2.12.0

See merge request idf/esp-idf!2879
2018-08-01 14:56:50 +08:00
Jason von Nieda
d7a17ac941 Adds a Kconfig option for mbedtls' MBEDTLS_PLATFORM_MEMORY define. This makes it possible to override the mbedtls allocator with your own.
Merges https://github.com/espressif/esp-idf/pull/2237
2018-08-01 11:28:28 +10:00
Ivan Grokhotkov
5b9feaa1fd mbedtls: update to 2.12.0 2018-07-30 09:11:16 +03:00
Alexey Gerenkov
c2dc09304c gcc8_newlib3: Compilation warnings and errors not specific to newlib v3 2018-07-09 13:22:24 +03:00
Angus Gratton
6b9784cc45 Merge branch 'master' into feature/cmake_update 2018-05-31 14:46:23 +10:00
Angus Gratton
f4f305bdbd Merge branch 'bugfix/mbedtls_submodule' into 'master'
mbedtls: Add submodule check at build time

See merge request idf/esp-idf!2395
2018-05-16 19:52:45 +08:00
Konstantin Kondrashov
8f80cc733d soc: Change DPORT access
When two CPUs read the area of the DPORT and the area of the APB, the result is corrupted for the CPU that read the APB area.
And another CPU has valid data.

The method of eliminating this error.
Before reading the registers of the DPORT, make a preliminary reading of the APB register.
In this case, the joint access of the two CPUs to the registers of the APB and the DPORT is successful.
2018-05-14 17:54:57 +05:00
Angus Gratton
c94a5ecfdd mbedtls: Add mbedtls submodule check to build system 2018-05-14 16:07:18 +08:00
Ivan Grokhotkov
7dada45d60 mbedtls: enable deprecation warnings when building unit tests 2018-05-09 23:15:28 +08:00
Ivan Grokhotkov
dbc919eff5 mbedtls: update usage of mbedtls_aes_encrypt/decrypt 2018-05-09 23:15:28 +08:00
Ivan Grokhotkov
aad51ea8a0 mbedtls/port: don’t re-declare mbedtls_shaX functions
ALT header files for sha1, sha256, sha512 are only supposed to declare
mbedtls_sha1_context data structure. Function prototypes should come
from original header files.
2018-05-09 23:15:28 +08:00
Ivan Grokhotkov
254e29aca4 mbedtls: update usage of deprecated mbedtls_shaX APIs
The following mbedTLS APIs have been deprecated and replaced with the
new ones which return error codes:

mbedtls_shaX_starts -> mbedtls_shaX_starts_ret
mbedtls_shaX_update -> mbedtls_shaX_update_ret
mbedtls_shaX_finish -> mbedtls_shaX_finish_ret
mbedtls_shaX_process -> mbedtls_shaX_internal_process

Update hardware implementations of SHA functions, and other IDF
components which used above functions, to use new versions.
2018-05-09 23:15:28 +08:00
Ivan Grokhotkov
e9cbf96bd1 mbedtls: re-add version 2.9.0 as a submodule 2018-05-09 23:15:28 +08:00
Angus Gratton
1cb5712463 cmake: Add component dependency support
Components should set the COMPONENT_REQUIRES & COMPONENT_PRIVATE_REQUIRES variables to define their
requirements.
2018-04-30 09:59:20 +10:00
Angus Gratton
88df8fd293 cmake: Use cmake_lint project, tidy up all CMake source files 2018-04-30 09:59:20 +10:00
Angus Gratton
ce6748873d cmake: Add embedding files in components support
Add subscribe_publish AWS example and fixes to allow it to build.
2018-04-30 09:59:20 +10:00
Angus Gratton
c671a0c3eb build system: Initial cmake support, work in progress 2018-04-30 09:59:20 +10:00
Paul Reimer
8a47679d04 Add #include guards and __cplusplus guards to esp_debug.h
Merges https://github.com/espressif/esp-idf/pull/1358
2017-12-07 10:25:57 +11:00
Ivan Grokhotkov
744896bde2 Merge branch 'bugfix/hardware_mpi_sign' into 'master'
hwcrypto mpi: Fix losing sign when multiplying by -1 (github PR)

Contribution from github: https://github.com/espressif/esp-idf/pull/1181/

See merge request !1471
2017-11-07 19:30:31 +08:00
Alexey Skalozub
5405255928 Fix losing sign when multiplying by -1 2017-10-28 03:47:00 +03:00
Andreas Pokorny
2a1906cf50 Ensure that C++ and C compilers get the same preprocessor setup
CPPFLAGS is applied for both languages while CFLAGS only for C

Signed-off-by: Andreas Pokorny <andreas.pokorny@siemens.com>
2017-10-26 13:04:41 +02:00
Angus Gratton
c503a01388 mbedtls: Rename net to net_sockets (in line with 2.4.0 API change) 2017-09-07 18:02:39 +10:00
Angus Gratton
3a08ec7b3d mbedtls: Re-apply: MBEDTLS_SHA512_ALT also replaces mbedtls_sha512_process()
IDF-specific patch.
2017-09-07 18:02:26 +10:00
Angus Gratton
3142997830 mbedtls: Re-apply ECP memory leak fix
Fix not yet submitted upstream.

(Previously applied in ffefeef5ea)
2017-09-07 18:02:26 +10:00
Angus Gratton
736db688a8 mbedtls: Re-apply MBEDTLS_BIGNUM_ALT & related macros for custom bignum functions
(IDF-specific patch.)
2017-09-07 18:02:26 +10:00
Angus Gratton
ae382b3bfa mbedtls: Update to 2.6.0 release (without IDF-specific patches) 2017-09-07 18:02:26 +10:00
Angus Gratton
8ce09c2c1c mbedtls: Don't assign ctx->fd until connect() or bind() has succeeded
Avoid leaking closed file descriptors via ctx->fd

Reported: https://esp32.com/viewtopic.php?f=13&t=2910&sid=8568b1fd93a4c8d5760628a638efc48b#p13620
2017-09-05 11:08:35 +10:00
Angus Gratton
0ea4cd67dd mbedtls: Remove "unsafe" warning, enable AES by default & make SHA/MPI optional 2017-08-25 16:08:03 +10:00
Angus Gratton
2624e10055 esp32 hwcrypto: Use AES registers directly 2017-08-25 16:08:03 +10:00
Angus Gratton
99c663a6e9 mbedtls tests: utility tests for APB corruption
Used when running mbedTLS self-tests to verify DPORT protection is working correctly.
2017-08-25 16:08:03 +10:00
Angus Gratton
7be002ec0f hwcrypto bignum/MPI: Batch safe DPORT reads to improve performance 2017-08-25 16:08:02 +10:00
Ivan Grokhotkov
08287852ab esp32: add protection for DPORT registers of RSA 2017-08-25 16:08:02 +10:00
Ivan Grokhotkov
87a0ec77b5 Merge branch 'bugfix/mbedtls_config_mismatch' into 'master'
mbedtls: Add a shim header to account for including "mbedtls/config.h" directly in program

See merge request !1125
2017-08-24 14:40:39 +08:00
Ivan Grokhotkov
08e787dc4d mbedtls: remove duplicate Kconfig options 2017-08-22 15:12:35 +08:00
Angus Gratton
2c0ff0c1e1 mbedtls: Add a shim header to account for including "mbedtls/config.h" directly in program
Previously this resulted in a config mismatch between default config and esp_config.h

Closes https://github.com/espressif/esp-idf/issues/711
2017-08-21 12:37:53 +10:00
Angus Gratton
66ad84d318 mbedtls: Add more config options to disable Elliptic Curve features
Can save up to an additional 20KB when not using EC in TLS, or disable
unwanted features as needed.
2017-08-18 17:44:33 +10:00
Angus Gratton
c0f65f6680 mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
  (ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
  implications if using DER formatted certificates, RSA ciphersuites only,
  etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-18 17:15:08 +10:00
Angus Gratton
ffefeef5ea mbedtls: Fix memory leak in initial ECDH exchange if OOM/failure occurs
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and ecp_precompute_comb() fails (which can happen due to OOM), then the new array of points T was leaked.
2017-07-12 16:34:26 +08:00
Angus Gratton
fd9d889e62 mbedtls unit tests: Allow for longer timeout using software SHA
Hardware SHA runs SHA operations faster than software...
2017-07-06 15:54:01 +08:00
Angus Gratton
c35aa1d9a2 mbedtls: Temporarily disable hardware acceleration in dual-core mode
Temporary fix, until DPORT bugs in crypto accelerators are completely fixed.
2017-07-05 12:03:00 +08:00
Tian Hao
26a3cb93c7 component/soc : move dport access header files to soc
1. move dport access header files to soc
2. reduce dport register write protection. Only protect read operation
2017-05-09 18:06:00 +08:00
Tian Hao
f7e8856520 component/esp32 : fix dualcore bug
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
2017-05-08 21:53:43 +08:00
Michael Kellner
a523aa3ef5 mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets
Since mbedtls_net_errno is reset by fcntl, it is reset after calling
net_would_block, so the call to mbedtls_net_errno in mbedtls_net_recv
and mbedtls_net_send will always get back 0. This change propagates
the value returned by mbedtls_net_errno up through net_would_block,
to allow the correct error value to be used and avoid a redundant
call to mbedtls_net_errno.

Merges PR #511 https://github.com/espressif/esp-idf/pull/511
2017-04-21 10:46:34 +10:00
Ivan Grokhotkov
829800f272 Merge branch 'bugfix/mbedtls_non_blocking_sockets' into 'master'
mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets

Previous code read non-blocking status via fcntl first, which resets errno.

* Closes #424 https://github.com/espressif/esp-idf/pull/424
* Merges #425 https://github.com/espressif/esp-idf/pull/425

See merge request !575
2017-03-15 10:39:53 +08:00
Neil Kolban
16e1a2716e mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets
Previous code read non-blocking status via fcntl first, which resets errno.

Closes #424 https://github.com/espressif/esp-idf/pull/424
Merges #425 https://github.com/espressif/esp-idf/pull/425
2017-03-13 15:45:11 +08:00
Angus Gratton
74817c35f3 mbedtls: Enable filesystem support 2017-03-08 09:55:31 +11:00
Angus Gratton
0b7058d8ef mbedTLS: Add generic support for mbedTLS debug output via the esp_log functionality 2017-03-07 10:18:47 +11:00
Anne Jan Brouwer
ec31b39989 Added missing platform.h to mbedtls ssl.h
There was a missing definition of mbedtls_time_t

See for example:
https://travis-ci.org/SHA2017-badge/Firmware/jobs/202459377

Merges #348 https://github.com/espressif/esp-idf/pull/348
2017-03-03 14:59:15 +11:00
Angus Gratton
64e6e7a0ae mbedtls: Use two MPI multiplications when multiply operands too large
Allows RSA4096 via hardware crypto operations.

See github #139 https://github.com/espressif/esp-idf/issues/139
2017-01-31 14:36:26 +11:00
antti
f8b5c29346 esp32: add [ignore] tag to some unit test cases for CI
Add ignore tag on unit test cases that are not supported in CI yet
2017-01-18 17:08:20 +08:00
Ivan Grokhotkov
d6842e537c mbedtls: give SHA test slightly more time to run 2017-01-11 21:30:23 +08:00
Jeroen Domburg
bf57594ebe Merge branch 'feature/intr_alloc' into 'master'
Add dynamic interrupt allocation mechanism

This adds:
- Dynamic allocation of interrupts. Pass it the features of the interrupt you want, it'll set you up with an int.
- Shared interrupts. Enables multiple peripheral drivers to use the same interrupt. 
- Marking what interrupts are fully executable from IRAM; if an int isn't marked like that it will get disabled once flash cache gets disabled.

Also:
- Modifies driver to be in line with these changes

See merge request !254
2016-12-09 14:00:39 +08:00
Liu Han
c1802eaa98 components/mbedtls: add time and time data configuration at menuconfig 2016-12-08 13:33:47 +08:00
Jeroen Domburg
32fa94935d Changes according to merge request 2016-12-08 12:39:33 +08:00
Jeroen Domburg
655fd2986a Add interrupt allocation scheme / interrupt sharing. Also modifies drivers and examples. Also allows interrupts
to be marked specifically as having a handler that's all in IRAM.
2016-12-08 12:39:33 +08:00
Angus Gratton
88b264cfce mbedTLS SHA: Fix cloning of SHA-384 digests
Hardware unit only reads 384 bits of state for SHA-384 LOAD,
which is enough for final digest but not enough if you plan to
resume digest in software.
2016-11-25 19:26:30 +11:00
Angus Gratton
a902e2a9de mbedtls tests: Add additional MPI (bignum), SHA tests 2016-11-25 19:21:49 +11:00
Angus Gratton
d0801fdbab Merge branch 'feature/sha_tls_integration' into 'master'
SHA acceleration integrated to mbedTLS incl. TLS sessions

Uses hardware SHA acceleration where available, fails over to software where not available.

Ref TW7112

See merge request !232
2016-11-25 10:12:29 +08:00
Angus Gratton
79646f41b5 Fixes for stdlib.h inclusion
Refs:
http://esp32.com/viewtopic.php?f=13&t=550
http://esp32.com/viewtopic.php?f=13&t=551

rmt.c should include stdlib.h for malloc, esp_bignum,c &
https_request_main.c for abort().

FreeRTOSConfig.h is only including stdlib if
CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION is set. However, it is
included for abort() so needs to be included whenever
CONFIG_FREERTOS_ASSERT_FAIL_ABORT is set.

This change includes unconditionally in FreeRTOSConfig.h. This is to
avoid this kind of bug where compiler errors are dependent on config. I
suggest we don't change this to be more selective until we have 'make
randomconfig' style tests in CI.
2016-11-24 08:20:21 +11:00
Angus Gratton
2561b68af8 hwcrypto: Fixes for disabling one hardware unit causing reset of a different unit
ROM functions reset related units, but this can have problems in a
multithreaded environment.
2016-11-22 20:42:38 +11:00
Angus Gratton
c48612e516 mbedTLS SHA acceleration: Allow concurrent digest calculation, works with TLS
SHA hardware allows each of SHA1, SHA256, SHA384&SHA512 to calculate digests
concurrently.

Currently incompatible with AES acceleration due to a hardware reset problem.

Ref TW7111.
2016-11-22 20:42:38 +11:00
antti
d390449371 add unit tests to esp-idf
rename nvs host test folder, modify .gitlab-ci.yml

remove unit-test-app build

re-format unit test files

remove extra newlines in project.mk

some refactoring for unit test part in project.mk

add build files of unit-test-app in gitignore

add README.md for unit test app

correct headings in README.md

remove files and make minor tweaks in unit test app

update .gitlab-ci.yml to use unit test app

delete unused lines in component_wrapper.mk

delete periph_i2s.h and lcd test

add text floating point in components/esp32/test/Kconfig

correct idf test build paths in .gitlab-ci.yml
2016-11-22 14:45:50 +08:00
Angus Gratton
1d47755588 mbedtls hardware bignum: Use memcpy instead of REG_WRITE/REG_READ in a loop
Removes memory barriers for better performance, thanks Ivan for pointing
this out.

Manually unrolling the loop further seemed like diminishing returns.
2016-11-21 18:09:09 +11:00
Angus Gratton
1cc0b3000b mbedtls hardware bignum: Expose ESP-only bignum API in wrapper mbedtls/bignum.h 2016-11-18 17:08:14 +11:00
Angus Gratton
36f29017b6 mbedtls hardware bignum: Support "RSA" interrupt for end of operation
Allows CPU to do other things which bignum operation is in
progress.
2016-11-18 15:53:00 +11:00
Angus Gratton
68d370542a mbedtls hardware RSA: Put into menuconfig, squash warnings
All combinations of enabling/disabling hardware acceleration no longer
show unused warnings.
2016-11-18 15:50:45 +11:00
Angus Gratton
f87be70d51 mbedtls hardware RSA: Combine methods for calculating M' & r inverse
Remove redundant gcd calculation, use consistent terminology.
Also remove leftover debugging code
2016-11-18 14:10:20 +11:00
Dong Heng
6b687b43f4 mbedtls hardware RSA: Fix "mbedtls_mpi_exp_mod" hardware calculations 2016-11-18 14:09:59 +11:00
Dong Heng
cf8c9770a0 Merge branch 'master' into feature/bignum_rsa 2016-11-15 16:39:29 +08:00
Angus Gratton
208e83def7 build system: Refactor component.mk to not need component_common.mk
New makefile component_wrapper.mk allows some variables to be set
before component.mk is evaluated. This properly fixes problems with
sdkconfig being hard to access in all phases of the build.

Including component_common.mk is no longer necessary and will print a
deprecation warning for components which use it.
2016-11-10 15:52:22 +11:00
Angus Gratton
ce7b8059de RSA Accelerator: Remove timing-sensitive optimisations
Avoid potentially leaking timing information about number of bits set in
MPI values.
2016-10-12 17:18:24 +11:00
Angus Gratton
9632c8e56c RSA Accelerator: Add mod_exp, refactor to avoid memory allocation & copying
Not fully working at the moment, mod_exp has a bug.
2016-10-12 16:19:09 +11:00
Angus Gratton
6b3bc4d8c5 hwcrypto bignum: Implement multiplication modulo
Fixes case where hardware bignum multiplication fails due to either
operand >2048 bits.
2016-10-12 15:45:08 +11:00
Angus Gratton
1a6dd44d03 hwcrypto bignum: Use mbedtls_mpi data structures for all bignum data
Still doesn't solve the problem of multiplying two numbers where one is
>2048 bits, needed for RSA support.
2016-10-12 15:45:08 +11:00
Wu Jian Gang
ed0a85ab4d Kconfig: use 4 spaces to instead 1 tab
In some Kconfig file, both 4 spaces and 1 tab are used mix, let's just
use 4 space, it will be clean in some editor.
2016-09-28 13:24:58 +08:00
Angus Gratton
aa75a71917 mbedtls: Add some initial menuconfig options 2016-09-27 10:38:00 +10:00
Jeroen Domburg
4d4c6a3694 Enable SO_REUSEADDR in LWIP 2016-09-18 16:43:48 +08:00
Angus Gratton
67a26d52ac mbedtls: Temporarily disable default hardware crypto SHA & bignum
Due to limitations referenced in the comments of the changes.
2016-09-14 17:52:39 +10:00
Angus Gratton
f01cabf71d mbedtls hwcrypto sha512: Fix redirection of function names 2016-09-14 17:52:24 +10:00
Angus Gratton
126a68ca1f mbedtls upstream tweak: Move mbedtls_sha512_process in sha512.h
Function declaration should only be included if MBEDTLS_SHA512_ALT is
not set. This matches sha1.h and sha256.h

This change should be contributed back upstream to mbedTLS project.
2016-09-14 17:51:27 +10:00
Angus Gratton
eb47a25012 mbedtls: Revert changes to upstream library sources.
This reverts part of commit 0f83831c74.
2016-09-09 14:10:44 +10:00
Angus Gratton
264b115eb0 mbedtls: Move esp_config.h file to port directory 2016-09-09 14:06:14 +10:00
Angus Gratton
a939c15723 mbedtls networking: Remove WIN32 parts, minor cleanup 2016-09-09 11:24:35 +10:00
Angus Gratton
7c58c1e06b Build system: Allow components to add to the global CFLAGS via Makefile.projbuild
Used by mbedTLS to set MBEDTLS_CONFIG_FILE in all components.

This change sets CFLAGS/etc at the project level and then exports those
variables for components, rather than setting them independently each time
a component Makefile is invoked.
2016-09-09 11:08:19 +10:00
Angus Gratton
31e6b2cdb4 Merge branch 'master' into feature/mbedtls 2016-09-09 10:29:19 +10:00
Wu Jian Gang
95defc7d32 mbedtls: Use hardware accelerated AES, SHA, bignum 2016-09-08 17:41:43 +08:00
Wu Jian Gang
fc2bfc1f49 mbedtls: just format related files
method from !46
2016-09-08 16:46:25 +08:00
liuhan
f4ff32977d components/mbedtls: modify MBEDTLS net feature
modify get the connection's 'errno' info by calling getsockopt function.
2016-09-08 16:46:21 +08:00
liuhan
1900c50d3b components/mbedtls: modify hardware encryption feature
rename "flag" and "keybites" in aes file,
rename "xxx_starts" and add license in sha file.
2016-09-08 16:45:51 +08:00
liuhan
2d80fada70 components/mbedtls: MBEDTLS Handshake result check
modify esp_config.h add some feature for support http2.0 protocol, TLS Handshake OK.
2016-09-08 16:45:44 +08:00
liuhan
0f83831c74 1. multi thread verify bignum AES and SHA 2016-09-08 16:45:23 +08:00
liuhan
98021903a2 recompile crypto and bignum function 2016-09-08 16:45:16 +08:00
liuhan
d9b660f6d4 1. add lock function for every function
2. modify some function for crypto
2016-09-08 16:44:58 +08:00
liuhan
30be5f6eb5 [t6001]: chip Use hardware acceleration of Encryption 2016-09-08 16:44:53 +08:00
Angus Gratton
4fb3f2c27e mbedtls: Fix component Makefile 2016-09-05 15:08:30 +10:00
Wu Jian Gang
ef91702100 Add mbedtls release version 2.3.0 2016-09-05 12:03:39 +10:00