Commit Graph

242 Commits

Author SHA1 Message Date
Laukik Hase
db99f311fc mbedtls: Fix build with dynamic buffers feature 2023-02-19 03:53:02 +00:00
Laukik Hase
8b5ab6820f mbedtls: Update config options as per v3.3.0 release 2023-02-19 03:53:02 +00:00
Mahavir Jain
dcae357500 Merge branch 'fix/hardware_ecc_port_v5.0' into 'release/v5.0'
mbedtls/ecp: Fix incorrect ECP parameter value

See merge request espressif/esp-idf!22112
2023-02-19 11:49:14 +08:00
Sachin Parekh
131faba944 mbedtls/ecp: Fix incorrect ECP parameter value
- Add sanity checks in mbedtls port
- Add ECP test cases covering shorter scalar values
2023-02-08 21:35:49 +05:30
harshal.patil
3ca447956c mbedtls: fix null pointer dereference of variable iv_off
iv_off gets dereferenced before being check for NULL
2023-01-25 15:32:56 +05:30
harshal.patil
79fb21952e mbedtls/port: refactor sanity checks and their return values
Refactored and returned correct error codes for sanity checks
present in port layer esp_aes.c and esp_aes_gcm.c
2023-01-25 15:30:20 +05:30
harshal.patil
7e00b1f356 mbedtls/port: added stream_block parameter sanity check 2023-01-25 15:30:20 +05:30
LiPeng
3c1ac62969 mbedtls: GCM implementation is replaced with CTR-based calculation
- GCM operation in mbedtls used ECB, which calculated only 16 bytes of data each time.
	- Therefore, when processing a large amount of data, it is necessary to frequently set hardware acceleration calculations,
	- which could not make good use of the AES DMA function to improve efficiency.
	- Hence, GCM implementation is replaced with CTR-based calculation which utilizes AES DMA to improve efficiency.
2023-01-09 18:37:07 +05:30
harshal.patil
f111ed2d9a mbedtls: fix esp_aes_gcm_update_ad() API implementation
Closes IDFGH-10467
2023-01-09 18:35:25 +05:30
harshal.patil
40f2caa950 mbedtls: fix esp_aes_crypt_ctr writing to null stream block 2023-01-02 12:02:47 +05:30
harshal.patil
ea07ce9367 mbedtls: added SOC_AES_SUPPORT_AES_192 check in esp_aes_gcm_setkey() 2023-01-02 12:02:47 +05:30
harshal.patil
1c0e11efc0 mbedtls: populate mbedtls_gcm_update() output_length paramater 2023-01-02 12:02:47 +05:30
jgujarathi
2d0ef53e94 Removed some occurences of the RC4 cipher suite(deprecated now) 2022-11-25 10:07:56 +05:30
Mahavir Jain
84b0254fbf
esp32: mpi: add workaround for data corruption issue observed with IDF 5.x toolchain
This fix adds a workaround to disable compiler optimization flag "-ftree-loop-distribute-patterns"
for `mpi_to_mem_block` routine. It was observed that compiler with release configuration was falling
back to `memset` call from ROM library causing an issue in correctly zero initializing MPI peripheral
block.

Please see following linked issue for more discussion and context on this issue.

Closes https://github.com/espressif/esp-idf/issues/8710
Closes https://github.com/espressif/esp-idf/issues/9371
Closes https://github.com/espressif/esp-idf/issues/9256
Closes IDFGH-7102
Closes IDFGH-7842
Closes IDFGH-7714
Closes IDFCI-1452
Closes IDF-6029
2022-10-27 09:54:26 +05:30
Sachin Parekh
44d626a596
mbedtls: Override ecp_mul_restartable_internal
ECDSA verification uses ecp_mul_restartable_internal instead
of the public API mbedtls_ecp_mul_restartable
2022-08-26 11:46:55 +05:30
Laukik Hase
0c60328953
mbedtls/port: Fix dynamic buffers feature for v3.2.1
Co-authored-by: Li Jingyi <lijingyi@espressif.com>
2022-08-26 11:46:55 +05:30
Aditya Patwardhan
0dd55387ea esp_rsa_sign_alt: Fix esp_init_ds_data_ctx API to not modify user defined data when it is given directory from flash 2022-08-23 11:50:47 +05:30
Darian Leung
781d06af73 esp_hw_support: Remove compare_set.h API
This function removes the following legacy atomic CAS functions:

From compare_set.h (file removed):
- compare_and_set_native()
- compare_and_set_extram()

From portmacro.h
- uxPortCompareSet()
- uxPortCompareSetExtram()

Users should call esp_cpu_compare_and_set() instead as this function hides the details
of atomic CAS on internal and external RAM addresses.

Due to the removal of compare_set.h, some missing header includes are also fixed in this commit.
2022-07-22 00:06:06 +08:00
Mahavir Jain
a94c74c26b
mbedtls: remove dependency on driver component
- keep `esp_pm` dependency conditional in mbedtls
- refactor `bt` cmakelist to keep dependencies as private

Related: IDF-1265
2022-07-18 21:10:51 +05:30
Mahavir Jain
dd24639215 Merge branch 'esp32h2/enable_ecc_accelerator' into 'master'
esp32h2: Enable ECC accelerator

Closes IDF-3397

See merge request espressif/esp-idf!18647
2022-06-23 20:06:26 +08:00
Sachin Parekh
6cfc9c365f esp32h2: Enable ECC accelerator 2022-06-23 12:59:13 +05:30
Marius Vikhammer
7e60e07a0a Merge branch 'feature/esp8684_sha' into 'master'
mbedtls: enable hw support for SHA on C2

Closes IDF-3830 and IDF-5141

See merge request espressif/esp-idf!18531
2022-06-23 14:18:49 +08:00
Marius Vikhammer
f4c79687f8 SHA: added hardware support for SHA on C2. 2022-06-23 11:01:16 +08:00
Laukik Hase
ff44ff8050
mbedtls: Acquire lock before enabling MPI (RSA) hardware
- For ESP32-S3
2022-06-21 10:48:17 +05:30
Laukik Hase
28ac0b12fb
mbedtls: Remove deprecated options from mbedtls/esp_config.h
- Removed options related to RC4 ciphersuite, SSL3 and TLS1
  (as per mbedtls v3.1.0)
2022-05-28 10:21:06 +05:30
Li Jingyi
c88af419a3 mbedtls: fix ssl server crash when enable mbedtls dynamic buffer
Not free keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods, because keycert will be used to parse client key exchange.
2022-05-20 11:21:48 +00:00
Li Jingyi
fa3cbf9162 fix(mbedtls): fix ssl server memory leak when enable mbedtls dynamic buffer function 2022-05-09 13:56:20 +00:00
Anton Maklakov
4a7f36a52a mbedtls: fix argument types to match mbedtls/shaXXX.h 2022-04-21 12:30:49 +07:00
Armando
c4bcf1117c esp_hw_support: move soc_memory_types.h helper functions into esp_hw_support 2022-04-08 11:46:10 +08:00
Mahavir Jain
f7fc3e2d88 esp_hw_support: cleanup crypto lock APIs for ESP32-C2 2022-03-22 02:06:30 +00:00
Mahavir Jain
93987e6b79 Merge branch 'fix/remove_test_cert_files_from_mbedtls_port_directory' into 'master'
mbedtls: Remove certs.c and certs.h from port directory

Closes IDF-4709

See merge request espressif/esp-idf!17485
2022-03-18 16:47:53 +08:00
Aditya Patwardhan
f31d8dd295 mbedtls: Remove certs.c and certs.h from port directory 2022-03-15 17:16:07 +05:30
Laukik Hase
1c65ab5307
mbedtls: Add config for MBEDTLS_PLATFORM_TIME_ALT 2022-03-14 09:42:33 +05:30
Aditya Patwardhan
bfc2fd9d5d Merge branch 'bugfix/mbedtls_tls1_3' into 'master'
mbedtls: Disable `MBEDTLS_DYNAMIC_BUFFER` when TLS 1.3 is enabled

See merge request espressif/esp-idf!17415
2022-03-12 16:24:14 +08:00
Armando (Dou Yiwen)
6ed3ffbbf1 Merge branch 'refactor/remove_redundant_rom_cache_dependency' into 'master'
cache: remove redundant rom cache dependency in bootloader

Closes IDF-4523

See merge request espressif/esp-idf!17077
2022-03-12 10:11:39 +08:00
Armando
c1cbd7bbf6 cache/mmu: implememnt cache and mmu hal APIs in bootloader 2022-03-11 22:43:11 +08:00
Laukik Hase
87d3296c37
mbedtls: Disable MBEDTLS_DYNAMIC_BUFFER when TLS 1.3 is enabled
- Resulted in a crash in the handshake stage when
  used alongside TLS 1.3 (MBEDTLS_SSL_PROTO_TLS1_3)
- Fix build error when MBEDTLS_HARDWARE_SHA=n &&
  MBEDTLS_DYNAMIC_BUFFER=y
- Fix build error when TLS 1.3 is enabled with
  MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n
2022-03-11 10:03:48 +05:30
Sachin Parekh
32a6550e87 mbedtls: Added ECC hardware accelerator support on ESP32C2
ESP32C2 has a ECC hardware accelerator capable of performing point
multiplication and point verification with a significant performance
boost
2022-03-08 14:05:23 +00:00
Sudeep Mohanty
a9fda54d39 esp_hw_support/esp_system: Re-evaluate header inclusions and include directories
This commit updates the visibility of various header files and cleans up
some unnecessary inclusions. Also, this commit removes certain header
include paths which were maintained for backward compatibility.
2022-03-07 11:18:08 +05:30
Aditya Patwardhan
4582af75b8 mbedtls: Update licenses of files updated in mbedtls-3.1 update 2022-03-04 05:18:58 +00:00
Aditya Patwardhan
8cbfb18037 mbedtls-3.x: Update Kconfig macros 2022-03-03 01:37:10 +05:30
Aditya Patwardhan
8111286668 Add entropy_poll.h in port directory 2022-03-03 01:37:10 +05:30
Aditya Patwardhan
66a9243d3b mbedtls 3.X update:
*MBEDTLS_ECDH_LEGACY_CONTEXT is now disabled by default.
*Fixed MBEDTLS_ECDH_LEGACY_CONTEXT issue for protocomm component.
*Removed all code under MBEDTLS_DEPRECATED_REMOVED
2022-03-03 01:37:10 +05:30
Laukik Hase
3925365351 ci: Fix pre-check stage failing tests
- Updated license headers
- Re-enabled public headers and static analysis checks
- Fix public header file check failure

Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
60b167f2d6 mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE from multiple files
after they have been again made public in mbedtls-3.1

*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326 mbedtls-3.0: Fixed ESP32 build issues
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0 mbedtls-3 update:
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
0483bfbbfe Initial Changes for updating mbedtls to v3.0 2022-03-03 01:37:09 +05:30
Laukik Hase
424c45df91 ci: Fix issues for build stage
- Fixed logs expecting different format specifier
- Updated ignore list for check_public_header test
- Updated functions ported from mbedTLS
2022-01-25 10:51:27 +05:30
Laukik Hase
befc93aa2d mbedtls: Added option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT
  (config was kept for backward compatibility)
- Combined mbedTLS v2.28.x related options under a separate Kconfig menu
2022-01-25 10:51:27 +05:30