Commit Graph

373 Commits

Author SHA1 Message Date
Mahavir Jain
aee6e63337 Merge branch 'feature/gcm_operation_using_ctr_based_calculation_v4.4' into 'release/v4.4'
GCM operation optimisation (v4.4)

See merge request espressif/esp-idf!26523
2023-10-26 17:23:07 +08:00
LiPeng
72e67e3cf7
mbedtls: GCM implementation is replaced with CTR-based calculation
- GCM operation in mbedtls used ECB, which calculated only 16 bytes of data each time.
	- Therefore, when processing a large amount of data, it is necessary to frequently set hardware acceleration calculations,
	- which could not make good use of the AES DMA function to improve efficiency.
	- Hence, GCM implementation is replaced with CTR-based calculation which utilizes AES DMA to improve efficiency.
2023-10-25 18:02:47 +05:30
Harshit Malpani
967cae5892
feat(mbedtls): Update to release v2.28.5 2023-10-17 15:09:36 +05:30
Mahavir Jain
4636443b49
fix(aes): correct the linking of the DMA descriptors
For certain data lengths, the last input descriptor was not getting appended
correctly and hence the EOF flag in the DMA descriptor link list was
set at incorrect location. This was resulting in the peripheral being
stalled expecting more data and eventually the code used to timeout
waiting for the AES completion interrupt.

Required configs for this issue:

CONFIG_MBEDTLS_HARDWARE_AES
CONFIG_SOC_AES_SUPPORT_DMA

This observation is similar to the issue reported in:
https://github.com/espressif/esp-idf/issues/10647

To recreate this issue, start the AES-GCM DMA operation with data length
12280 bytes and this should stall the operation forever.

In this fix, we are tracing the entire descriptor list and then appending the
extra bytes descriptor at correct position (as the last node).
2023-09-06 08:30:37 +05:30
Mahavir Jain
b64670b51e
fix(aes-gcm): correct the DMA completion wait condition for hardware GCM case
DMA operation completion must wait until the last DMA descriptor
ownership has been changed to hardware, that is hardware is completed
the write operation for entire data. Earlier for the hardware GCM case,
the first DMA descriptor was checked and it could have resulted in some
race condition for non interrupt (MBEDTLS_AES_USE_INTERRUPT disabled) case.
2023-09-06 08:30:37 +05:30
Aditya Patwardhan
ab260561ab Merge branch 'bugfix/sha_dma_mode_incorrect_result_v4.4' into 'release/v4.4'
fix(sha): DMA mode iteration calculation issue for certain data lengths (v4.4)

See merge request espressif/esp-idf!25129
2023-08-21 14:33:44 +08:00
Harshit Malpani
c112914dac
feat(mbedtls): Update to release v2.28.4 2023-08-17 10:37:19 +05:30
Mahavir Jain
847722e21c
ci(test): add SHA DMA mode test for large data in PSRAM
Covers a test scenario described in following issue:
https://github.com/espressif/esp-idf/issues/11915
2023-08-02 10:19:31 +05:30
Mahavir Jain
2aa5963bbd
fix(sha): DMA mode iteration calculation issue for certain data lengths
SHA hardware DMA mode calculation had off-by-one error for specific
input lengths. This was causing last chunk of the input data not being
fed to the hardware accelerator and hence resulting in an incorrect
final result.

Closes: https://github.com/espressif/esp-idf/issues/11915
2023-08-02 10:18:12 +05:30
harshal.patil
ae3026a60b fix(mbedtls): Fixed the transmission of return values of the esp-aes APIs
- Earlier, some intermediate return values were not stored and returned,
thus incorrect return values used to get transmitted to the upper layer of APIs.

- Also, zeroised the output buffer in case of error condition.
2023-07-20 18:54:37 +05:30
Aditya Patwardhan
6afa8e4347 Merge branch 'bugfix/aes_dma_align_issue_v4.4' into 'release/v4.4'
aes: fix DMA descriptor calculation for the alignment case (v4.4)

See merge request espressif/esp-idf!24095
2023-06-14 16:55:42 +08:00
Mahavir Jain
98c53234fc
aes: fix DMA descriptor calculation for the alignment case
The number of the DMA descriptors allocated for certain length (e.g.,
8176) were not sufficient (off by 1 error). This used to result in the
dynamic memory corruption as the region was modified beyond the
allocated range.

This change fixes the DMA descriptor calculation part and allocates
sufficient DMA descriptors based on the data length alignment considerations.

Test has also been added to cover the specific scenario in the CI.

Closes https://github.com/espressif/esp-idf/issues/11310
2023-06-07 09:20:20 +05:30
Christoph Baechler
d007b0ebb2
esp_ds: ignore releasing mutex if not called from same task 2023-05-19 08:32:00 +05:30
harshal.patil
617d935b44 mbedtls: Update to release v2.28.3
- Release Notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
2023-04-03 14:28:12 +05:30
Mahavir Jain
2a1ede3f9d Merge branch 'update_v4.4/mbedtls_v2.28.2' into 'release/v4.4'
mbedtls: Update to release v2.28.2 (v4.4)

See merge request espressif/esp-idf!21896
2023-02-02 22:27:22 +08:00
harshal.patil
ecdd202285 mbedtls/port: added stream_block parameter sanity check 2023-01-25 15:38:28 +05:30
harshal.patil
734724ba79 mbedtls: fix esp_aes_crypt_ctr writing to null stream block 2023-01-25 15:38:28 +05:30
harshal.patil
865a72eb8f mbedtls: added SOC_AES_SUPPORT_AES_192 check in esp_aes_gcm_setkey() 2023-01-25 15:38:28 +05:30
Laukik Hase
0f46f0cfa4
mbedtls: Update config options as per v2.28.2 release 2023-01-04 15:36:24 +05:30
Laukik Hase
e7fb0dbdaa
mbedtls: Update to v2.28.2
- Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
2023-01-04 14:05:56 +05:30
Aditya Patwardhan
606ada809a esp_rsa_sign_alt: Fix esp_init_ds_data_ctx API to not modify user defined data when it is given directory from flash 2022-08-23 13:27:03 +05:30
Roland Dobai
f935c17a95 Tools: Fix Python style warnings 2022-08-09 14:30:52 +02:00
Laukik Hase
f7c20f3718
mbedtls: Update to release v2.28.1
- Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1
2022-07-14 10:01:39 +05:30
Laukik Hase
9e2369cb79
ci: Enable custom certificate bundle test for ESP32-S3
- Increase leakage limit for `test performance RSA key operations`
  UT by 64 bytes
2022-06-23 16:32:26 +05:30
Laukik Hase
e114850dda
mbedtls: Acquire lock before enabling MPI (RSA) hardware
- For ESP32-S3
2022-06-23 16:32:26 +05:30
Mahavir Jain
660b876465
esp_crt_bundle: Fix build problems if MBEDTLS_CERTIFICATE_BUNDLE is disabled
Exclude source and include file from build list if certificate bundle feature
is disabled.

Closes https://github.com/espressif/esp-idf/issues/8714
Closes IDFGH-7106
2022-06-12 09:29:12 +05:30
Li Jingyi
4896d0c8f3 mbedtls: fix ssl server crash when enable mbedtls dynamic buffer
Not free keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods, because keycert will be used to parse client key exchange.
2022-06-08 14:27:41 +08:00
Espressif BOT
2d91698324 Update esp_crt_bundle certificates 2022-06-02 11:03:24 +05:30
Aditya Patwardhan
a1d5a9b971 esp_crt_bundle: Add bounds checking for the "esp_crt_bundle_set" API.
Closes https://github.com/espressif/esp-idf/issues/8397
2022-06-01 15:09:50 +05:30
Mahavir Jain
ec0f7850a0 mbedtls: move locally managed root certificates to separate file
Purpose:
This will allow for easily automating periodic updates to
"cacrt_all.pem" file.

Note:
For now newly created "cacrt_local.pem" contains single "DST Root CA X3"
which we are keeping to manage compatibility with endpoints like
"howsmyssl.com". Please note this Root CA is expired and is not part of
Mozilla’s NSS root certificate store.
2022-06-01 15:07:31 +05:30
Laukik Hase
43d3cb37a0 esp_crt_bundle: Fix build error
- When `esp_crt_bundle.h` is included before any config,
  a build error (`esp_err_t` not defined) is observed

Closes https://github.com/espressif/esp-idf/issues/8606
2022-06-01 15:06:59 +05:30
Li Jingyi
81c195fed2 fix(mbedtls): fix ssl server memory leak when enable mbedtls dynamic buffer function 2022-05-19 10:41:40 +08:00
Laukik Hase
51fc67f5fa ci: Fix issues for build stage
- Fixed logs expecting different format specifier
- Updated ignore list for check_public_header test
- Updated functions ported from mbedTLS
- Fix for make-system build errors
2022-02-02 15:03:48 +05:30
Laukik Hase
11366d643f mbedtls: Added option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT
  (config was kept for backward compatibility)
- Combined mbedTLS v2.28.x related options under a separate Kconfig menu
2022-02-02 10:56:48 +05:30
Laukik Hase
76b9beff3c mbedtls: Moved mbedtls_mpi_mul_int to port layer 2022-02-02 10:56:48 +05:30
Laukik Hase
76658d5066 mbedtls: Added config options for v2.28.0 upgrade 2022-02-02 10:56:48 +05:30
Laukik Hase
0fdc5f7490 mbedtls: Upgrade to v2.28.0 2022-02-02 10:56:13 +05:30
Jiang Jiang Jian
7f48664eda Merge branch 'feature/mbedtls-2.16.12-integration_v4.4' into 'release/v4.4'
mbedtls: upgrade to release v2.16.12 (v4.4)

See merge request espressif/esp-idf!16483
2021-12-23 03:26:17 +00:00
Li Jingyi
c91afab332 fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable MBEDTLS_SSL_PROTO_DTLS when open MBEDTLS_DYNAMIC_BUFFER 2021-12-21 16:31:47 +08:00
Mahavir Jain
3e3e1a9a9d mbedtls: upgrade to release v2.16.12
For release notes, please refer to:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12
2021-12-21 13:58:40 +05:30
Mahavir Jain
d0b465c7cd mbedtls: small documentation update 2021-12-21 13:58:40 +05:30
Jiang Jiang Jian
141c1cd004 Merge branch 'bugfix/crypto_allocate_lldesc_v4.4' into 'release/v4.4'
crypto: dont create DMA descriptors on the stack (v4.4)

See merge request espressif/esp-idf!16323
2021-12-08 13:31:41 +00:00
Marius Vikhammer
a1ee43fe9d crypto: also apply cache writeback/invalidate for SPIRAM_USE_MEMMAP
Closes https://github.com/espressif/esp-idf/issues/7944
2021-12-08 16:10:19 +08:00
Marius Vikhammer
3b3826b61c crypto: allocate all DMA descriptors to DMA capable memory.
These were previously placed on the stack, but the stack could be placed in
RTC RAM which is not DMA capable.
2021-12-08 16:10:18 +08:00
Li Jingyi
03b7ffdf4a feat(mbedtls): modify __wrap_mbedtls_ssl_setup to decrease SSL peak heap cost 2021-12-06 17:07:11 +08:00
Mahavir Jain
a28e0bf064 mbedtls: remove wrap from component.mk as well
Note: This was not required in original MR, as master branch does
not support GNU Make.
2021-12-02 17:13:31 +05:30
Mahavir Jain
7fe9d41e33 esp_bignum: move check for supported MPI bits at start of API
This can allow hardware MPI API to return as soon as it identifies
that it can handle require bitlength operation.
2021-12-02 15:07:08 +05:30
Mahavir Jain
9cb4948a23 mbedtls: update mbedtls submodule pointer for MPI API change 2021-12-02 15:07:08 +05:30
Mahavir Jain
99c9637e9b mbedtls: fix hardware MPI (bignum) related regression
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
2021-12-02 15:07:08 +05:30
Mahavir Jain
e0e6523c09 mbedtls: update kconfig help to correct on supported MPI bits 2021-12-02 15:07:07 +05:30