Commit Graph

95 Commits

Author SHA1 Message Date
Jiang Guang Ming
5bb93061a3 feat(mbedtls): support rom mbedtls threading layer 2024-09-06 19:27:57 +08:00
harshal.patil
488b2a741d change(esp_security): Move the crypto locking layer into the security component 2024-08-20 12:35:22 +08:00
Mahavir Jain
a2de1ca576
fix(mbedtls): link esp-cryptoauthlib to mbedcrypto library
If the certificate bundle feature is disabled then the mbedtls
component library becomes interface only component and hence
adding esp-cryptoauthlib as its PRIVATE dependency does not work.

Instead the esp-cryptoauthlib should be added as PRIVATE dependency
for mbedcrypto library (for alternate ECDSA implementation).
2024-08-09 15:30:35 +05:30
Alexey Lapshin
ed6e497c6f feat(build): add COMPILER_STATIC_ANALYZER option 2024-06-18 14:25:37 +08:00
harshal.patil
3eb6487bb5
fix(bootloader_support): Make esp_flash_encrypt.h independent of spi_flash_mmap.h header 2024-05-13 16:54:45 +05:30
harshal.patil
5dfbc47192
fix(mbedtls/crypto_shared_gdma): Enable AXI-DMA enable external memory AES-ECC access
- When external memory encryption is enabled, set the aes_ecc bit of AXI-DMA to enable memory access
2024-05-13 16:54:45 +05:30
harshal.patil
70ef80d974
feat(mbedtls/ecdsa): Add support for deterministic ECDSA signature generation 2024-03-29 12:14:11 +05:30
harshal.patil
2abb656ba2
feat(mbedtls/aes): Support AES-DMA operations by satisfying L1 cache alignment requirements
- Use DMA RX done interrupt status bit while waiting for DMA rx transfer
2024-03-13 15:22:07 +05:30
harshal.patil
9b15189583
change(mbedtls): replace Cache ROM APIs usage with APIs from esp_cache.h
- Only APIs used in esp_crypto_shared_gdma and aes have been replaced
- Get dcache line size using cache api instead of Kconfig
2024-03-13 15:22:07 +05:30
harshal.patil
2c570ed53b
change(mbedtls/aes): moved esp_aes_internal.h to be a private header
- Also enable AES-GCM test in the hal crypto test app for all targets
2024-03-13 15:22:06 +05:30
harshal.patil
c1ed825d3e
fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled 2024-01-04 12:20:10 +05:30
Mahavir Jain
5b047057ca
feat(mbedtls): add new deprecated cert list and relevant config
Cert bundle is periodically updated with the upstream Mozilla's NSS
root cert store. Retracted certs are moved to deprecated list now and
an additional config allows to include them in the default bundle. New
config is kept default disabled but can be enabled if one would like
to ensure 100% compatibility w.r.t. cert bundle across IDF minor or
patch releases. In IDF major release the deprecated list shall be reset.
2023-10-29 12:21:22 +05:30
Mahavir Jain
804ed172dd
fix(mbedtls): allow to use built in entropy implementation for linux target 2023-10-26 15:12:42 +05:30
Jiang Guang Ming
37ec1cc592 feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM 2023-10-23 13:10:44 +08:00
Mahavir Jain
9ca8f3d45b feat(mbedtls): update to 3.5.0 release
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
2023-10-11 09:32:32 +00:00
Jakob Hasse
ac2515e199 refactor(lwip): Added on/off switch for LwIP stack
* This switch allows applications to replace lwip with a different
  IP stack or just make it build if it is a dependency but not
  actually needed.
2023-09-22 10:03:13 +08:00
Harshit Malpani
692e1a9e61
feat: ECDSA peripheral while performing http connection with mutual auth 2023-09-08 12:22:41 +05:30
Marius Vikhammer
d17248ecdf build-system: replace ADDITIONAL_MAKE_CLEAN_FILES with ADDITIONAL_CLEAN_FILES
ADDITIONAL_MAKE_CLEAN_FILES is deprecated and only worked with make.
Replaced with the new ADDITIONAL_CLEAN_FILES (CMake 3.15) which also works with ninja.
2023-05-08 15:51:48 +08:00
harshal.patil
4ae1ea7b9f bignum: refactored the hardware abstraction of the mpi peripheral
- `<target>/bignum.c` is replaced by mpi_ll.h ll layer.
- added the mpi hal layer.
2023-04-24 16:15:11 +05:30
harshal.patil
c403affd98 mbedtls: fix ci failures for update v3.4.0
- While updating to mbedtls release/v3.4.0, building mbedtls/library/psa_crypto.c,
clang produced an unreachable-code warning, so added `-Wno-unreachable-code` compile option for clang.
- In `mbedtls/v3.4.0`, the ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
only when `MBEDTLS_ECDSA_SIGN_ALT` was not defined.
- added a patch in mbedtls library to fix it.
2023-04-17 12:55:04 +05:30
Sachin Parekh
d2940c5ff3 mbedtls: Add port layer for ECDSA peripheral 2023-03-24 10:43:40 +05:30
Harshit Malpani
e215ede439
mbedtls: Add support to build for linux target 2023-01-04 11:17:29 +05:30
LiPeng
5c93fe47cb mbedtls: GCM implementation is replaced with CTR-based calculation
- GCM operation in mbedtls used ECB, which calculated only 16 bytes of data each time.
	- Therefore, when processing a large amount of data, it is necessary to frequently set hardware acceleration calculations,
	- which could not make good use of the AES DMA function to improve efficiency.
	- Hence, GCM implementation is replaced with CTR-based calculation which utilizes AES DMA to improve efficiency.
2022-12-28 12:14:29 +05:30
Laukik Hase
9b290e3668
mbedtls/port: Fix dynamic buffers feature for v3.2.1
Co-authored-by: Li Jingyi <lijingyi@espressif.com>
2022-08-24 11:59:34 +05:30
Mahavir Jain
203830e12b
esp-cryptoautlib: remove submodule and use from IDF component manager 2022-08-12 11:24:02 +05:30
Mahavir Jain
a94c74c26b
mbedtls: remove dependency on driver component
- keep `esp_pm` dependency conditional in mbedtls
- refactor `bt` cmakelist to keep dependencies as private

Related: IDF-1265
2022-07-18 21:10:51 +05:30
Marius Vikhammer
f4c79687f8 SHA: added hardware support for SHA on C2. 2022-06-23 11:01:16 +08:00
Marius Vikhammer
cf1b222cac build system: removed target component
After refactoring the target components (e.g. esp32) no longer contained any real functionality.
What remained in these components have been moved elsewhere and the component itself deleted from the
build system.
2022-05-24 09:12:59 +08:00
Ivan Grokhotkov
47659be5b8
build system: remove lwip from common requirements
lwip was added to common requirements list to provide "sys/socket.h"
header to all components without additional requirements specified.

However, lwip pulls in a lot of dependencies on other components.
This commit removes lwip from common requirements to reduce the number
of components in G1-only apps.

To compensate for this removal, the following changes are made:
- newlib (which is a common requirement) has a public dependency on
  lwip if lwip is present in the build. This ensures that sys/socket.h
  is available as long as lwip component is included into the build.
- lwip is now a public requirement of esp-tls since esp_tls.h includes
  sys/socket.h header.
- lwip is now a public requirement o esp_http_client because
  sys/socket.h is included from esp_http_client.h
- lwip is now a private requirement of esp_wifi for "smartconfig_ack"
- lwip is now a private requirement of mqtt for socket functions
- lwip is now a public requirement of tcp_transport because
  esp_transport_tcp.h includes sys/socket.h header.
- mbedtls checks if lwip component is present in the build. If yes,
  net_sockets.c is added to the build, along with the dependency on
  lwip. Previously lwip was a public requirement of mbedtls
  unconditionally.

system/g1_components test app is updated to reflect the changes

Default public dependencies of a component before and after this
change, except common requirements:

- esp_timer (public dependency of freertos)
- bootloader_support (public dependency of esp_hw_support)
- vfs (public dependency of lwip)
- esp_wifi (public dependency of lwip)
- esp_event (public dependency of esp_wifi)
- esp_netif (public dependency of esp_event)
- esp_eth (public dependency of esp_netif)
- esp_phy (public dependency of esp_wifi)

After:

- esp_timer (public dependency of freertos)
- bootloader_support (public dependency of esp_hw_support)

Altogether, the following components have been always added as
public requirements to all other components, and are not added now
([breaking-change]):

- lwip
- vfs
- esp_wifi
- esp_event
- esp_netif
- esp_eth
- esp_phy

Application components now need to explicitly declare dependencies on
these components.
2022-05-02 20:47:17 +02:00
Mahavir Jain
b3d3f74a67 esp_crt_bundle: Fix build problems if MBEDTLS_CERTIFICATE_BUNDLE is disabled
Exclude source and include file from build list if certificate bundle feature
is disabled.

Closes https://github.com/espressif/esp-idf/issues/8714
Closes IDFGH-7106
2022-04-06 05:10:43 +00:00
Mahavir Jain
3af2d15216 mbedtls: Fix build failures for ESP32-C2 with hardware SHA
Clean support for SHA peripheral will appear with IDF-3830
2022-03-22 02:06:30 +00:00
Mahavir Jain
0621a6f513 mbedtls: use soc capability macros in build CMakeLists 2022-03-22 02:06:30 +00:00
Mahavir Jain
5f646b1d43 mbedtls: move locally managed root certificates to separate file
Purpose:
This will allow for easily automating periodic updates to
"cacrt_all.pem" file.

Note:
For now newly created "cacrt_local.pem" contains single "DST Root CA X3"
which we are keeping to manage compatibility with endpoints like
"howsmyssl.com". Please note this Root CA is expired and is not part of
Mozilla’s NSS root certificate store.
2022-03-21 22:39:24 +05:30
Aditya Patwardhan
f31d8dd295 mbedtls: Remove certs.c and certs.h from port directory 2022-03-15 17:16:07 +05:30
Sachin Parekh
32a6550e87 mbedtls: Added ECC hardware accelerator support on ESP32C2
ESP32C2 has a ECC hardware accelerator capable of performing point
multiplication and point verification with a significant performance
boost
2022-03-08 14:05:23 +00:00
Ivan Grokhotkov
c19203be0e
mbedtls: disable files generation, specify Python interpreter to use
When GEN_FILES is enabled, Perl interpreter should be available. There
is a check in mbedTLS that disables GEN_FILES on Windows (where Perl
is not available by default) but it is broken for recent CMake
versions.

Also set Python interpreter to the one IDF uses, just to avoid calling
into some other Python version which CMake might manage to find.
2022-03-03 15:56:15 +01:00
Aditya Patwardhan
8111286668 Add entropy_poll.h in port directory 2022-03-03 01:37:10 +05:30
Laukik Hase
3925365351 ci: Fix pre-check stage failing tests
- Updated license headers
- Re-enabled public headers and static analysis checks
- Fix public header file check failure

Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
0483bfbbfe Initial Changes for updating mbedtls to v3.0 2022-03-03 01:37:09 +05:30
Mahavir Jain
c097e6bcab mbedtls: fix hardware MPI (bignum) related regression
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
2021-11-29 15:13:05 +08:00
Li Jingyi
b8892137f5 mbedtls: Add CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 for support GMSSL component
The configure will be enabled for GMSSL component and disabled as default because of it doesn't provide by IDF project.
2021-07-28 19:54:58 +08:00
Renz Bagaporo
7c22cccb9c esp32: cleanup build script 2021-07-16 20:14:27 +08:00
Marius Vikhammer
01664923f6 mbedtls: fixed CMake build warning
Building mbedtls with CMake would warn that:

"A private source from a directory other than that of target "mbedcrypto
 has a relative path"

This happened due to some of the CMake variables listing sources could be empty.

Changed to only use target_sources in the code-path where we set the sources,
so we only call target_sources will non-empty variables.

Closes https://github.com/espressif/esp-idf/issues/6767
2021-05-17 17:15:38 +08:00
liuhan
e87c64dc44 mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS 2021-04-14 06:42:13 +00:00
Marius Vikhammer
fe71a8e340 aes/sha: use a shared lazy allocated GDMA channel for AES and SHA
Removed the old dynamically allocated GDMA channel approach.
It proved too unreliable as we couldn't not ensure consumers of the mbedtls
would properly free the channels after use.

Replaced by a single shared GDMA channel for AES and SHA, which won't be
released unless user specifically calls API for releasing it.
2021-03-09 09:23:05 +08:00
Marius Vikhammer
04df1f3a42 CI: enable example builds for C3
Enables building C3 examples in CI.

Fixes related warnings/errors and disables examples that cannot run.
2021-02-09 12:04:02 +08:00
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Jiang Jiang Jian
ea79091725 Merge branch 'bugfix/esp32c3_wpa4096_cert_support' into 'master'
MbedTLS: Add software fallback for Modular Exponentiation for larger bignum operations

Closes WIFI-3257 and IDFGH-132

See merge request espressif/esp-idf!11928
2021-01-21 12:45:19 +08:00
Marius Vikhammer
51169b0e0c AES/SHA: use GDMA driver instead of LL 2021-01-19 11:02:51 +08:00
kapil.gupta
de22f3a4e5 MbedTLS: Add software fallback implementation for exp mod
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
2021-01-18 18:47:51 +05:30