Commit Graph

101 Commits

Author SHA1 Message Date
jgujarathi
2d0ef53e94 Removed some occurences of the RC4 cipher suite(deprecated now) 2022-11-25 10:07:56 +05:30
Sachin Parekh
44d626a596
mbedtls: Override ecp_mul_restartable_internal
ECDSA verification uses ecp_mul_restartable_internal instead
of the public API mbedtls_ecp_mul_restartable
2022-08-26 11:46:55 +05:30
Marius Vikhammer
f4c79687f8 SHA: added hardware support for SHA on C2. 2022-06-23 11:01:16 +08:00
Laukik Hase
28ac0b12fb
mbedtls: Remove deprecated options from mbedtls/esp_config.h
- Removed options related to RC4 ciphersuite, SSL3 and TLS1
  (as per mbedtls v3.1.0)
2022-05-28 10:21:06 +05:30
Mahavir Jain
93987e6b79 Merge branch 'fix/remove_test_cert_files_from_mbedtls_port_directory' into 'master'
mbedtls: Remove certs.c and certs.h from port directory

Closes IDF-4709

See merge request espressif/esp-idf!17485
2022-03-18 16:47:53 +08:00
Aditya Patwardhan
f31d8dd295 mbedtls: Remove certs.c and certs.h from port directory 2022-03-15 17:16:07 +05:30
Laukik Hase
1c65ab5307
mbedtls: Add config for MBEDTLS_PLATFORM_TIME_ALT 2022-03-14 09:42:33 +05:30
Sachin Parekh
32a6550e87 mbedtls: Added ECC hardware accelerator support on ESP32C2
ESP32C2 has a ECC hardware accelerator capable of performing point
multiplication and point verification with a significant performance
boost
2022-03-08 14:05:23 +00:00
Aditya Patwardhan
4582af75b8 mbedtls: Update licenses of files updated in mbedtls-3.1 update 2022-03-04 05:18:58 +00:00
Aditya Patwardhan
8cbfb18037 mbedtls-3.x: Update Kconfig macros 2022-03-03 01:37:10 +05:30
Aditya Patwardhan
8111286668 Add entropy_poll.h in port directory 2022-03-03 01:37:10 +05:30
Aditya Patwardhan
66a9243d3b mbedtls 3.X update:
*MBEDTLS_ECDH_LEGACY_CONTEXT is now disabled by default.
*Fixed MBEDTLS_ECDH_LEGACY_CONTEXT issue for protocomm component.
*Removed all code under MBEDTLS_DEPRECATED_REMOVED
2022-03-03 01:37:10 +05:30
Laukik Hase
3925365351 ci: Fix pre-check stage failing tests
- Updated license headers
- Re-enabled public headers and static analysis checks
- Fix public header file check failure

Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326 mbedtls-3.0: Fixed ESP32 build issues
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0 mbedtls-3 update:
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
0483bfbbfe Initial Changes for updating mbedtls to v3.0 2022-03-03 01:37:09 +05:30
Laukik Hase
285790e5aa mbedtls: Added config options for v2.28.0 upgrade 2022-01-25 10:51:27 +05:30
laokaiyao
cf049e15ed esp8684: rename target to esp32c2 2022-01-19 11:08:57 +08:00
Marius Vikhammer
a9a7160cb6 MPI: add kconfig option for doing intr-based exp-mod operations 2021-12-29 18:55:48 +08:00
Mahavir Jain
c097e6bcab mbedtls: fix hardware MPI (bignum) related regression
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
2021-11-29 15:13:05 +08:00
Cao Sen Miao
5add6593f4 ESP8684: Add esp_gdbstub, mbedtls, esp_timer 2021-11-06 17:33:45 +08:00
Mahavir Jain
8c9a3da695 mbedtls: disable Diffie-Hellman key exchange modes by default
Using these ciphers can constitute a security risk if the server
uses a weak prime for the key exchange.

Footprint impact:
Roughly 3K saved in text+rodata in default https_request example
2021-11-02 15:52:09 +08:00
Kapil Gupta
38d6772507 mbedtls: Add config option key element and key element ext 2021-07-08 09:23:22 +05:30
kapil.gupta
ad7cb5f5c1 wpa_supplicant: Write Crypto API based on mbedtls
This commit add following crypto changes

1. Update current crypto code with upstream supplicant code
2. Add a proper porting layer to use mbedtls APIs for all the crypto
   operations used by supplicant.

Internal crypto will be used when USE_MBEDLTS flag is disabled
in supplicant's menuconfig.

This commit also removes the clutter in crypto files due to partial
porting of some APIs to mbedtls, all the code from those files have
been removed and rewritten in a generic way, this is inspired from
current upstream code.

This also reduces the lib size significantly, supplicant's lib
size reduces around ~567kb after this change(NB: lib size doesn't
indicate reduction in final bin size).
2021-05-04 10:54:57 +00:00
liuhan
e87c64dc44 mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS 2021-04-14 06:42:13 +00:00
Marius Vikhammer
fe71a8e340 aes/sha: use a shared lazy allocated GDMA channel for AES and SHA
Removed the old dynamically allocated GDMA channel approach.
It proved too unreliable as we couldn't not ensure consumers of the mbedtls
would properly free the channels after use.

Replaced by a single shared GDMA channel for AES and SHA, which won't be
released unless user specifically calls API for releasing it.
2021-03-09 09:23:05 +08:00
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
kapil.gupta
de22f3a4e5 MbedTLS: Add software fallback implementation for exp mod
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
2021-01-18 18:47:51 +05:30
Marius Vikhammer
457ce080ae AES: refactor and add HAL layer
Refactor the AES driver and add HAL, LL and caps.

Add better support for running AES-GCM fully in hardware.
2020-12-10 09:04:47 +00:00
Angus Gratton
5228d9f9ce esp32c3: Apply one-liner/small changes for ESP32-C3 2020-12-01 10:58:50 +11:00
Angus Gratton
a4fb6c0173 mbedtls: Add missing sha_caps includes 2020-11-17 22:51:07 +00:00
Marius Vikhammer
488f46acf5 SHA/RSA: moved all caps to soc_caps.h 2020-11-12 02:15:46 +00:00
Angus Gratton
66fb5a29bb Whitespace: Automated whitespace fixes (large commit)
Apply the pre-commit hook whitespace fixes to all files in the repo.

(Line endings, blank lines at end of file, trailing whitespace)
2020-11-11 07:36:35 +00:00
Marius Vikhammer
949fb8e63a SHA: add HAL layer and refactor driver
Add a LL and HAL layer for SHA.
2020-10-09 08:24:08 +00:00
Mahavir Jain
4a3b5b73a8 Merge branch 'feature/esp_ds_sw_support' into 'master'
Added support for  RSA  sign using DS peripheral (only for ESP32-S2)

Closes IDF-1626

See merge request espressif/esp-idf!9477
2020-09-23 20:39:04 +08:00
Aditya Patwardhan
47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
morris
61f89b97c6 bringup esp32-s3 on FPGA 2020-09-22 15:15:03 +08:00
Michal Vácha
e4820fc447 Fixed TLS 1.1 still being enables even if disabled via config.
Fixed MBEDTLS_SSL_PROTO_TLS1_1 still being defined even ifCONFIG_MBEDTLS_SSL_PROTO_TLS1_1 is not

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>

Merges https://github.com/espressif/esp-idf/pull/5675
2020-08-05 03:38:51 +00:00
Angus Gratton
33bfe2393a Merge branch 'bugfix/wpa_supplicant_no_hw_mpi' into 'master'
wpa_supplicant: Allow building with mbedTLS integration but no hardware MPI

Closes IDFGH-3344

See merge request espressif/esp-idf!8822
2020-06-01 14:48:06 +08:00
Aditya Patwardhan
423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Bryan Hunt
4553f6c95d Add cryptoauthlib as a component with mbedtls integration
* Add options to mbedtls for hardware acceleration
* Disable mbedtls EC curves if hardware acceleration is selected
since the hardware will have to define the curves supported
* Add a hardware ecdsa example
2020-05-20 22:52:37 +05:30
Angus Gratton
0927ec029e wpa_supplicant: Allow building with mbedTLS integration but no hardware MPI
Also disable the relevant function in bignum.h based on config, so fails at
compile not link time.

Closes https://github.com/espressif/esp-idf/issues/5321
2020-05-20 12:06:07 +10:00
Shubham Kulkarni
ca3daa50de mbedtls: Add configuration options 2020-05-15 11:27:44 +05:30
Piyush Shah
43b3def711 mbedtls_hkdf: Add a config option to enable HKDF 2020-05-11 11:49:14 +05:30
Piyush Shah
62e1d6712b mbedtls: Add config options for chacha20, poly1305 and chachapoly 2020-05-05 16:41:31 +00:00
Angus Gratton
433c1c9ee1 Merge branch 'bugfix/ds_mpi_lock' into 'master'
crypto: DS uses RSA peripheral, added shared lock

See merge request espressif/esp-idf!8274
2020-04-15 15:15:25 +08:00
kangping
4883010f40 mbedtls: add configuration options for EC-JPAKE
Closes https://github.com/espressif/esp-idf/pull/5106
2020-04-14 12:22:16 +00:00
Marius Vikhammer
a2a204c2b9 crypto: DS uses RSA peripheral, added shared lock 2020-04-09 11:11:04 +00:00
Jakob Hasse
ea47bbb118 HMAC: adding upstream message support 2020-03-26 19:00:27 +08:00
Marius Vikhammer
ffb9010cbe aes: Fixed tag sometime being wrong for HW GCM
The GCM hardware accelerated algorithm for S2 would sometimes output
the wrong tag.

Added additional tests for AES and GCM

Re-enable HW GCM as default option
2020-03-18 08:44:38 +08:00