Commit Graph

588 Commits

Author SHA1 Message Date
harshal.patil
bd826801ba
fix(mbedtls/ecdsa): Fix dependant peripheral's enable and reset 2024-04-11 13:46:59 +05:30
harshal.patil
85186042c3
feat(hal/ecdsa): Add HAL API for operation successful check 2024-04-11 12:33:06 +05:30
Aditya Patwardhan
b359cd85f1 Merge branch 'feature/mbedtls_error_str_config_v5.2' into 'release/v5.2'
feat(mbedtls): add kconfig option for MBEDTLS_ERROR_C (v5.2)

See merge request espressif/esp-idf!30104
2024-04-11 11:53:24 +08:00
Mahavir Jain
b6f5573e0f
feat(mbedtls): add kconfig option for MBEDTLS_ERROR_C
Disabling this config can reduce footprint for the cases where
mbedtls_strerror() is used and hence the debug strings are getting
pulled into the application image.
2024-04-08 16:02:21 +05:30
harshal.patil
c97d3aed45
fix(mbedtls/aes-gcm): Fix null pointer derefernce coverity reports
- Also fixed a tcp_transport report
2024-03-13 11:42:03 +05:30
harshal.patil
0f7c9a29a2
ci(mbedtls/gcm): Added test to verify software fallback for non-AES cipher GCM operations 2024-02-26 14:29:20 +05:30
harshal.patil
ca4f560f2b
fix(mbedtls/gcm): Add support for software fallback for non-AES ciphers in a GCM operation
- Even if the config MBEDTLS_HARDWARE_AES is enabled, we now support fallback
to software implementation of GCM operations when non-AES ciphers are used.
2024-02-26 14:29:18 +05:30
harshal.patil
5862b981ed
fix(mbedtls/gcm): Avoid using GCM hardware when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-16 11:54:39 +05:30
harshal.patil
38f13b15d3
fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-16 11:54:37 +05:30
nilesh.kale
7d358754a2 feat(mbedtls): updated mbedtls version from 3.5.0 to 3.5.2
This updates the submodule mbedtls to its latest version 3.5.2.
2024-02-05 12:50:27 +05:30
jim
5a234cf642 mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation 2024-01-08 14:23:32 +08:00
Darian Leung
b85e6d3dd8 change(xtensa): Deprecate ".../xtensa_timer.h" include path
This commit deprecates the "freertos/xtensa_timer.h" and "xtensa/xtensa_timer.h"
include paths. Users should use "xtensa_timer.h" instead.

- Replace legacy include paths
- Removed some unnecessary includes of "xtensa_timer.h"
- Add warning to compatibility header
2023-12-05 18:04:52 +08:00
harshal.patil
b94656115e
fix(mbedtls/aes): fix AES interrupt allocation for AES-GCM operations 2023-12-01 16:34:49 +05:30
Aditya Patwardhan
c1779ff8b7
fix(mbedtls): Removed redundant menuconfig entry 2023-11-29 09:50:12 +05:30
Jiang Jiang Jian
df7ba090f3 Merge branch 'bugfix/esp32h2_ecdsa_hardware_k_v5.2' into 'release/v5.2'
fix(esp32h2): program use_hardware_k efuse bit for ECDSA key purpose (v5.2)

See merge request espressif/esp-idf!27234
2023-11-21 11:13:37 +08:00
Mahavir Jain
f207ce15df fix(api-docs): include in the ECDSA APIs for doxygen build 2023-11-17 07:13:53 +00:00
Mahavir Jain
2882b6f68b docs: add ECDSA peripheral chapter for H2/P4
- Add ECDSA peripheral chapter and instructions to program efuse key block
- Update security guide for ECDSA peripheral mention for device identity
- Link with ESP-TLS guide about using ECDSA peripheral in TLS connection
2023-11-17 07:13:53 +00:00
Mahavir Jain
f434d21f4a fix(ecdsa): remove unused k_mode from the ECDSA HAL/LL API
For ESP32-H2 case, the hardware k mode is always enforced through
efuse settings (done in startup code).

For ESP32-P4 case, the software k mode is not supported in the peripheral
itself and code was redundant.
2023-11-17 07:13:53 +00:00
harshal.patil
9bf48e77f0
fix(mbedtls): move interrupt allocation during initialization phase 2023-11-16 16:16:57 +05:30
Jiang Guang Ming
e882782f0d feat(mbedtls): add new option CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL for mbedtls pytest 2023-10-23 13:10:44 +08:00
Jiang Guang Ming
37ec1cc592 feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM 2023-10-23 13:10:44 +08:00
Mahavir Jain
dbc33ca7aa Merge branch 'feature/add_intr_priority_config_option' into 'master'
feat(mbedtls): Add config for interrupt priority in AES and RSA

Closes IDF-7963 and IDF-7964

See merge request espressif/esp-idf!26190
2023-10-16 11:33:03 +08:00
Mahavir Jain
6b62065b92 Merge branch 'fix/crypto_periphs_use_rcc_atomic_blocks' into 'master'
Use rcc atomic blocks to enable/reset crypto peripherals

See merge request espressif/esp-idf!25811
2023-10-13 22:37:58 +08:00
nilesh.kale
cf4a7bb09d feat(mbedtls): Add config for interrupt priority in AES and RSA(MPI) 2023-10-12 11:06:13 +05:30
Mahavir Jain
0c3ed4f540 fix(mbedtls): remove deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
This config has been removed in the upstream mbedTLS starting 3.0
release. Please see mbedTLS changelog for more details.
2023-10-11 09:32:32 +00:00
Mahavir Jain
e9094cef66 fix(mbedtls): dynamic buffer feature issue with mbedtls 3.5.0
Set max TLS version in the SSL context during setup phase. Dynamic
buffer feature overrides the `mbedtls_ssl_setup` API and hence
this change is required per upstream 3.5.0 codebase change.
2023-10-11 09:32:32 +00:00
Mahavir Jain
9ca8f3d45b feat(mbedtls): update to 3.5.0 release
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
2023-10-11 09:32:32 +00:00
harshal.patil
57d10477da
feat(ecdsa): use RCC atomic block to enable/reset the ECDSA peripheral 2023-10-11 14:59:04 +05:30
harshal.patil
1c6ff8ce9f
feat(ecc): use RCC atomic block to enable/reset the ECC peripheral 2023-10-11 14:59:04 +05:30
harshal.patil
c5cc4f488a
feat(mpi): use RCC atomic block to enable/reset the MPI peripheral 2023-10-11 14:59:03 +05:30
Alexey Lapshin
71713bcdb5 fix(mbedtls): fix gcc 13.1.0 warnings 2023-10-09 12:13:02 +04:00
Mahavir Jain
ab74fb4d92 Merge branch 'feature/locking_layer_for_ecdsa' into 'master'
feat(esp_hw_support): Added locking mechanism for the ECDSA and ECC peripherals

Closes IDF-7990

See merge request espressif/esp-idf!26029
2023-09-25 18:04:21 +08:00
Jakob Hasse
ac2515e199 refactor(lwip): Added on/off switch for LwIP stack
* This switch allows applications to replace lwip with a different
  IP stack or just make it build if it is a dependency but not
  actually needed.
2023-09-22 10:03:13 +08:00
harshal.patil
6a7caa7b8e
feat(esp_hw_support): Added locking mechanism for the ECDSA and ECC peripheral 2023-09-20 16:05:50 +05:30
Jiang Jiang Jian
62720ffa8c Merge branch 'feature/pbkdf2_fast_implementation' into 'master'
esp_wifi: Port fast_pbkdf2 implementation to calculate PMK

See merge request espressif/esp-idf!24287
2023-09-12 14:06:02 +08:00
Kapil Gupta
c82a792bc3 change(esp_wifi): Port fast_pbkdf2 implementation for mbedlts
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.

Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
2023-09-11 19:33:17 +05:30
Mahavir Jain
2b3418b4a0 Merge branch 'feature/use_ecdsa_perph_while_mutual_auth' into 'master'
feat: ECDSA peripheral while performing http connection with mutual auth

Closes IDF-7390

See merge request espressif/esp-idf!25052
2023-09-11 19:41:21 +08:00
Aditya Patwardhan
a57c8dc938 Merge branch 'contrib/github_pr_12177' into 'master'
mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding (GitHub PR)

See merge request espressif/esp-idf!25826
2023-09-09 12:27:56 +08:00
Harshit Malpani
692e1a9e61
feat: ECDSA peripheral while performing http connection with mutual auth 2023-09-08 12:22:41 +05:30
Daniel Mangum
35c428b0ec
mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding
Updates config to define the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY
option, which replaced the previously used
MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be
used as the new one exceeds the maximum length for an option name in
esp-idf.

See https://github.com/Mbed-TLS/mbedtls/pull/4490 for more information.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2023-09-08 11:45:55 +05:30
harshal.patil
4c0dd8388b
feat(mbedtls): Integrate the ecdsa export public key feature in mbedtls 2023-09-06 11:07:40 +05:30
harshal.patil
d86b320892
feat(ecdsa): add ECDSA peripheral support for esp32p4 2023-09-06 11:07:37 +05:30
Mahavir Jain
5b001f9e53 Merge branch 'bugfix/aes_dma_descriptor_setup_issue' into 'master'
fix(aes): correct the linking of the DMA descriptors

See merge request espressif/esp-idf!25723
2023-09-05 17:19:28 +08:00
Mahavir Jain
9dc4b8beeb fix(aes): correct the linking of the DMA descriptors
For certain data lengths, the last input descriptor was not getting appended
correctly and hence the EOF flag in the DMA descriptor link list was
set at incorrect location. This was resulting in the peripheral being
stalled expecting more data and eventually the code used to timeout
waiting for the AES completion interrupt.

Required configs for this issue:

CONFIG_MBEDTLS_HARDWARE_AES
CONFIG_SOC_AES_SUPPORT_DMA

This observation is similar to the issue reported in:
https://github.com/espressif/esp-idf/issues/10647

To recreate this issue, start the AES-GCM DMA operation with data length
12280 bytes and this should stall the operation forever.

In this fix, we are tracing the entire descriptor list and then appending the
extra bytes descriptor at correct position (as the last node).
2023-09-04 05:35:15 +00:00
Mahavir Jain
89584cd1d0 fix(aes-gcm): correct the DMA completion wait condition for hardware GCM case
DMA operation completion must wait until the last DMA descriptor
ownership has been changed to hardware, that is hardware is completed
the write operation for entire data. Earlier for the hardware GCM case,
the first DMA descriptor was checked and it could have resulted in some
race condition for non interrupt (MBEDTLS_AES_USE_INTERRUPT disabled) case.
2023-09-04 05:35:15 +00:00
harshal.patil
b8c208cdb3
feat(ds): add Digital Signature peripheral support for esp32p4 2023-09-01 15:44:21 +05:30
Armando
7dbd3f6909 feat(ci): Enable p4 example, test_apps and unit tests CI build 2023-08-24 12:51:19 +08:00
Harshit Malpani
4c5a7de6a6
feat(mbedtls): Update to release/v3.4.1 2023-08-16 11:40:31 +05:30
nilesh.kale
b4f9dd1fa5 fix(mbedtls): IRAM optimization analyzed on mbedtls/test_apps 2023-08-10 14:05:22 +05:30
Jiang Guang Ming
3f2746688c feat(mbedtls): support ecp fixed-point multiplication configurable 2023-08-08 14:03:57 +08:00