MbedTLS: Add config option for key elements and key element extension for SSL connection
See merge request espressif/esp-idf!12898
(cherry picked from commit 76bd33e9a4)
38d67725 mbedtls: Add config option key element and key element ext
This commit add following crypto changes
1. Update current crypto code with upstream supplicant code
2. Add a proper porting layer to use mbedtls APIs for all the crypto
operations used by supplicant.
Internal crypto will be used when USE_MBEDLTS flag is disabled
in supplicant's menuconfig.
This commit also removes the clutter in crypto files due to partial
porting of some APIs to mbedtls, all the code from those files have
been removed and rewritten in a generic way, this is inspired from
current upstream code.
This also reduces the lib size significantly, supplicant's lib
size reduces around ~567kb after this change(NB: lib size doesn't
indicate reduction in final bin size).
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.
Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl
Closes https://github.com/espressif/esp-idf/issues/4432
* Add options to mbedtls for hardware acceleration
* Disable mbedtls EC curves if hardware acceleration is selected
since the hardware will have to define the curves supported
* Add a hardware ecdsa example
The GCM hardware accelerated algorithm for S2 would sometimes output
the wrong tag.
Added additional tests for AES and GCM
Re-enable HW GCM as default option
Adds the ESP certificate bundle feature that enables users to bundle a
root certificate bundle together with their application.
Default bundle includes all Mozilla root certificates
Closes IDF-296
Configurable option to use IRAM as byte accessible memory (in single core mode) using
load-store (non-word aligned and non-word size IRAM access specific) exception handlers.
This allows to use IRAM for use-cases where certain performance penalty
(upto 170 cpu cycles per load or store operation) is acceptable. Additional configuration
option has been provided to redirect mbedTLS specific in-out content length buffers to
IRAM (in single core mode), allows to save 20KB per TLS connection.
Activated AES, RSA and SHA hardware acceleration for esp32s2 and enabled related unit tests.
Updated with changes made for ESP32 from 0a04034, 961f59f and caea288.
Added performance targets for esp32s2beta
Closes IDF-757
It gave us a better performance of RSA operations. (2~11 times)
The old modexp implementation (Z = X ^ Y mod M) loaded all the data into
the hw registers and was waiting for completion, but due to
the hardware RSA implementation, the calculations always started with 4096 bit,
which took a lot of time.
Measurement results (measurements were made for keys: 2048, 3072 and 4096 bits)
(Old) - Sliding-window exponentiation (HAC 14.85):
keysize = 2048 bits
RSA key operation (performance): public [93206 us], private [280189 us]
keysize = 3072 bits
RSA key operation (performance): public [293614 us], private [858157 us]
keysize = 4096 bits
RSA key operation (performance): public [653192 us], private [1912126 us]
Instead (Old) - Sliding-window exponentiation (HAC 14.85) was implemented
(New) - Montgomery exponentiation (HAC 14.94) which showed
better performance on private and public keys.
keysize = 2048 bits
RSA key operation (performance): public [14504 us], private [149456 us]
keysize = 3072 bits
RSA key operation (performance): public [35073 us], private [392743 us]
keysize = 4096 bits
RSA key operation (performance): public [58650 us], private [787186 us]
For this reason, the old implementation was removed
and the MBEDTLS_HARDWARE_MPI option was turned on by default.
Why the MPI_INTERRUPT option is removed:
the old implementation used calculations on the hardware and
it took a lot of time (10ms - 500ms). And in order not to stand idle
while waiting for completion, an interrupt option was added.
This made it possible to carry out other tasks during the calculation,
and this one to block. The new method is free from such a drawback and
the maximum duration of one RSA HW operation does not exceed 70us (usually 2-70 μs).
This option is no longer needed.
Closes: IDF-965
- Additional menuconfig option to select either mbedTLS or Tinycrypt from NimBLE.
- Addition of `CMAC` and `ECP_RESTARTABLE` to mbedTLS menuconfig option and
`esp_config.h`.
- Changes NimBLE `component.mk` and `CMakeLists.txt` to support mbedTLS option.
- Minor changes to `app_mesh.c` application.
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.