Commit Graph

355 Commits

Author SHA1 Message Date
Marius Vikhammer
37369a8a57 crypto: SHA and AES accelerator bring up for S2
Brings up, fixes and enables AES and SHA hardware acceleration.

Closes IDF-714
Closes IDF-716
2020-03-11 15:09:45 +08:00
Renz Bagaporo
71c02394e5 esp32s2: remove esp_intr.h header 2020-03-05 16:15:59 +08:00
Sachin Parekh
301dacfb33 Exception handlers for LoadStoreError and LoadStoreAlignmentError
Configurable option to use IRAM as byte accessible memory (in single core mode) using
load-store (non-word aligned and non-word size IRAM access specific) exception handlers.
This allows to use IRAM for use-cases where certain performance penalty
(upto 170 cpu cycles per load or store operation) is acceptable. Additional configuration
option has been provided to redirect mbedTLS specific in-out content length buffers to
IRAM (in single core mode), allows to save 20KB per TLS connection.
2020-02-26 20:21:59 +08:00
morris
e30cd361a8 global: rename esp32s2beta to esp32s2 2020-01-22 12:14:38 +08:00
morris
1c2cc5430e global: bring up esp32s2(not beta) 2020-01-16 17:41:31 +08:00
David Cermak
2efb3288a0 mbedtls: fix hw accelerated big-num mul if operand and result overlap
this issue is mainly exposed when using larger (4096) client key in TLS mutual auth,
since it uses multiplications > 2048 when mbedtls_mpi_mul_mpi is used in recursion,
which works only if both operands point to different location than result since
mpi_mult_mpi_overlong() called mbedtls_mpi_grow() to reallocate buffers used in previous
pointer arithmetics and thus corrupting it. Fixed by growing the mpi buffer before
calling mpi_mult_mpi_overlong()
2020-01-09 18:11:18 +00:00
Marius Vikhammer
c63684cf6c hw crypto: activated hardware acceleration for esp32s2beta
Activated AES, RSA and SHA hardware acceleration for esp32s2 and enabled related unit tests.

Updated with changes made for ESP32 from 0a04034, 961f59f and caea288.

Added performance targets for esp32s2beta

Closes IDF-757
2019-12-12 12:37:29 +08:00
Ryan Kurte
4ee78f8496 added KConfig option to allow loading CA certs with unsupported extensions
Close https://github.com/espressif/esp-idf/pull/4445
2019-12-10 08:47:26 +05:30
Shubham Kulkarni
c741dd0535 Fixed warnings for components driver, esp32 and mbedtls 2019-11-15 08:51:16 +00:00
Angus Gratton
5b33d6cf94 Merge branch 'feature/mbedtls_add_faster_modexp' into 'master'
mbedtls: Add a new (X^Y) mod M implementation (HAC 14.94)

Closes IDF-965

See merge request espressif/esp-idf!6418
2019-11-06 15:51:28 +08:00
KonstantinKondrashov
5ed8388f6b mbedtls: Add Montgomery exponentiation implementation (HAC 14.94)
It gave us a better performance of RSA operations. (2~11 times)

The old modexp implementation (Z = X ^ Y mod M) loaded all the data into
the hw registers and was waiting for completion, but due to
the hardware RSA implementation, the calculations always started with 4096 bit,
which took a lot of time.
Measurement results (measurements were made for keys: 2048, 3072 and 4096 bits)
(Old) - Sliding-window exponentiation (HAC 14.85):
keysize = 2048 bits
RSA key operation (performance): public [93206 us], private [280189 us]
keysize = 3072 bits
RSA key operation (performance): public [293614 us], private [858157 us]
 keysize = 4096 bits
RSA key operation (performance): public [653192 us], private [1912126 us]

Instead (Old) - Sliding-window exponentiation (HAC 14.85) was implemented
(New) - Montgomery exponentiation (HAC 14.94) which showed
better performance on private and public keys.
keysize = 2048 bits
RSA key operation (performance): public [14504 us], private [149456 us]
keysize = 3072 bits
RSA key operation (performance): public [35073 us], private [392743 us]
keysize = 4096 bits
RSA key operation (performance): public [58650 us], private [787186 us]

For this reason, the old implementation was removed
and the MBEDTLS_HARDWARE_MPI option was turned on by default.

Why the MPI_INTERRUPT option is removed:
the old implementation used calculations on the hardware and
it took a lot of time (10ms - 500ms). And in order not to stand idle
while waiting for completion, an interrupt option was added.
This made it possible to carry out other tasks during the calculation,
and this one to block. The new method is free from such a drawback and
the maximum duration of one RSA HW operation does not exceed 70us (usually 2-70 μs).
This option is no longer needed.

Closes: IDF-965
2019-11-05 16:33:11 +08:00
Angus Gratton
8675a818f9 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-22 13:51:49 +11:00
Kedar Sovani
87c3decc12 Remove check for would_block in mbedtls
Basically, in the portability layer, it is checked if the socket is
NON-block, and if not, then even the EAGAIN and EWOULDBLOCK errors are
diverted to a RECV error. This causes a problem for sockets with
receive timeouts set. When such a timeout is set, the condition for
NON_BLOCK isn't met and hence a hard error is returned.

Searching for EAGAIN and EWOULDBLOCK in lwip returns only 3 results
(accept, recvfrom, close) and all of them look to be genuine cases for
EWOULDBLOCK. So removing this check to make receive timeout with TLS
work.
2019-10-17 16:36:18 +05:30
Ivan Grokhotkov
5830f529d8 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-02 19:01:39 +02:00
Prasad Alatkar
fe08f435dc NimBLE: Add optional mbedTLS support to NimBLE
- Additional menuconfig option to select either mbedTLS or Tinycrypt from NimBLE.
- Addition of `CMAC` and `ECP_RESTARTABLE` to mbedTLS menuconfig option and
  `esp_config.h`.
- Changes NimBLE `component.mk` and `CMakeLists.txt` to support mbedTLS option.
- Minor changes to `app_mesh.c` application.
2019-09-30 14:15:43 +08:00
Angus Gratton
adfc06a530 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-20 10:28:37 +10:00
Angus Gratton
c41b2b0415 mbedtls: Remove esp_aes_encrypt/decrypt
Deprecated in ESP-IDF V3.1

Anyone reading this should please include mbedtls/aes.h and use mbedTLS APIs,
not the ESP-specific APIs.
2019-09-13 09:44:07 +10:00
Michael (XIAO Xufeng)
b76d5d74d9 mbedtls: support esp32s2beta 2019-09-04 10:53:25 +10:00
Angus Gratton
6990a7cd54 Merge branch 'master' into feature/esp32s2beta_update 2019-08-19 15:03:43 +10:00
Angus Gratton
9a2e29e068 esp32s2beta: Invert RSA_CONSTANT_TIME_DISABLE_REG to RSA_CONSTANT_TIME_REG 2019-08-13 17:14:16 +10:00
Angus Gratton
80a4a11808 Merge branch 'bugfix/fix_mbedtls_net_sockets_error_handling' into 'master'
mbedtls: use `errno` instead of `SO_ERROR` for getting socket errors

See merge request espressif/esp-idf!5727
2019-08-13 14:38:28 +08:00
Angus Gratton
aa3c988c17 sha: Add fault injection checks reading hash digest state
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 11:16:33 +10:00
Angus Gratton
caea2889c8 aes: Add fault injection checks when writing key to hardware
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 11:16:33 +10:00
Mahavir Jain
ab6ad844b1 mbedtls: use errno instead of SO_ERROR for getting socket errors
As per upgrade notes of lwIP v2.1.0:
socket API: according to the standard, SO_ERROR now only returns asynchronous errors.
All other/normal/synchronous errors are (and always were) available via 'errno'.
LWIP_SOCKET_SET_ERRNO has been removed - 'errno' is always set - and required!

Refer: https://www.nongnu.org/lwip/2_1_x/upgrading.html

Fixes https://github.com/espressif/esp-azure/issues/51
2019-08-08 12:17:32 +00:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Jon Shallow
1aaec808da Add DTLS support to libcoap using MbedTLS
This update supports DTLS, TLS is a future TODO

components/coap/CMakeLists.txt:
components/coap/component.mk:

Add in the new files that have to be built
Replace libcoap/src/coap_notls.c with libcoap/src/coap_mbedtls.c

components/coap/libcoap:

Update the version to include the current version for supporting MbedTLS

components/coap/port/coap_debug.c:
components/coap/port/coap_mbedtls.c:
components/coap/port/include/coap/coap_dtls.h:

New port files for DTLS

components/coap/port/include/coap_config_posix.h:

Include building with MbedTLS

examples/protocols/coap_client/README.md:
examples/protocols/coap_client/main/CMakeLists.txt:
examples/protocols/coap_client/main/Kconfig.projbuild:
examples/protocols/coap_client/main/coap_client_example_main.c:
examples/protocols/coap_client/main/component.mk:

Update CoAP client to support DTLS

examples/protocols/coap_client/main/coap_ca.pem
examples/protocols/coap_client/main/coap_client.crt
examples/protocols/coap_client/main/coap_client.key

New PKI Certs for CoAP client (copied from wpa2_enterprise example)

examples/protocols/coap_server/README.md:
examples/protocols/coap_server/main/CMakeLists.txt:
examples/protocols/coap_server/main/Kconfig.projbuild:
examples/protocols/coap_server/main/coap_server_example_main.c:
examples/protocols/coap_server/main/component.mk:

Update CoAP server to support DTLS
Change "no data" to "Hello World!" to prevent confusion

examples/protocols/coap_server/main/coap_ca.pem
examples/protocols/coap_server/main/coap_server.crt
examples/protocols/coap_server/main/coap_server.key

New PKI Certs for CoAP server (copied from wpa2_enterprise example)

Closes https://github.com/espressif/esp-idf/pull/3345
Closes https://github.com/espressif/esp-idf/issues/1379
2019-08-06 10:37:40 +05:30
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
hemal.gujarathi
1dec976fba Update esp_config and add new feature
Closes https://github.com/espressif/esp-idf/issues/3372
2019-07-12 11:42:48 +05:30
Konstantin Kondrashov
0a040345cc mbedtls: Fix Z->s in mbedtls_mpi_exp_mod()
Z->s should never be zero, only 1 or -1.
Added additional checks for X, Y and M args to correctly set Z->s.

Closes: https://github.com/espressif/esp-idf/issues/1681
Closes: https://github.com/espressif/esp-idf/issues/3603
Closes: IDFGH-1313
2019-06-17 07:19:54 +00:00
suda-morris
84b2f9f14d build and link hello-world for esp32s2beta 2019-06-11 13:07:37 +08:00
suda-morris
b146104885 add esp32s2beta component 2019-06-11 13:06:32 +08:00
Angus Gratton
045aaf6fb0 Merge branch 'feature/add_xxx_periph_h' into 'master'
soc: Add xxx_periph.h for all modules

Closes IDF-192

See merge request idf/esp-idf!4952
2019-06-04 13:24:14 +08:00
Konstantin Kondrashov
399d2d2605 all: Using xxx_periph.h
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .

Cleaned up header files from unnecessary headers (releated to soc/... headers).
2019-06-03 14:15:08 +08:00
Stephen Bird
058c6afd3c Add option to disable server side SSL session tickets as well as client
Closes https://github.com/espressif/esp-idf/pull/2570
2019-05-29 18:02:18 +05:30
Angus Gratton
af98ca6b46 hwcrypto: Add AES fault injection check
Hardware AES-CBC performance changes:

Release config 11.0MB/sec -> 10.8MB/sec
Debug config 9.4MB/sec -> 9.8MB/sec

(Unrolling the loop to optimize the check improves
performance at -Og, even with the fault check.)
2019-05-21 12:41:42 +10:00
Konstantin Kondrashov
bbdeff1da1 esp32: Rewrite esp_sha function
It removes using a STALL_OTHER_CPU while sha operations.
It improves performance with SHA.
2019-05-13 12:32:45 +08:00
morris
f5b03c9ea3 misc adjustment of esp32 component 2019-04-03 19:57:46 +08:00
morris
709a320f33 move hwcrypto from esp32 to mbedtls 2019-03-26 16:24:22 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Angus Gratton
b7ee11231d mbedtls: Fix esp_debug not including its dependencies
As reported on forum: https://esp32.com/viewtopic.php?f=13&t=9782&p=40464#p40464
2019-03-21 10:48:55 +11:00
Renz Christian Bagaporo
0908fba1a3 mbedtls: import mbedtls project w/o modification 2018-11-27 13:59:26 +08:00
Konstantin Kondrashov
8bba348528 aes/sha/mpi: Bugfix a use of shared registers.
This commit resolves a blocking in esp_aes_block function.

Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.

Fix some related issue with shared using of AES SHA RSA accelerators.

Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
2018-11-05 04:22:47 +00:00
Angus Gratton
96cd3b75cd Merge branch 'feature/mbedtls_mem_alloc_options' into 'master'
mbedtls: configurable options for controlling dynamic memory allocations

See merge request idf/esp-idf!3343
2018-09-25 08:24:29 +08:00
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30
Mahavir Jain
54382277b6 mbedtls: configurable options for controlling dynamic memory allocations
Modifies https://github.com/espressif/esp-idf/pull/2237
2018-09-24 11:17:48 +05:30
Angus Gratton
83a179abb0 esp32: Add esp_fill_random() function
Convenience function to fill a buffer with random bytes.

Add some unit tests (only sanity checks, really.)
2018-09-03 04:39:45 +00:00
Angus Gratton
961f59ff57 mbedtls: Don't unnecessarily grow the result of a hardware bignum operation
Avoids growing the result of hardware bignum operations
(particularly for multiplication)

Fixes bugs where some Elliptic Curve operations fail or corrupt memory,
as they assume length of the number is never greater than the number of
non-zero limbs.

Includes some general refactoring to standardize terminology.

Closes https://github.com/espressif/esp-idf/issues/1556

Fixes TW12984

Adds test cases for both these issues.
2018-08-28 09:08:43 +00:00
Jason von Nieda
d7a17ac941 Adds a Kconfig option for mbedtls' MBEDTLS_PLATFORM_MEMORY define. This makes it possible to override the mbedtls allocator with your own.
Merges https://github.com/espressif/esp-idf/pull/2237
2018-08-01 11:28:28 +10:00
Alexey Gerenkov
c2dc09304c gcc8_newlib3: Compilation warnings and errors not specific to newlib v3 2018-07-09 13:22:24 +03:00
Konstantin Kondrashov
8f80cc733d soc: Change DPORT access
When two CPUs read the area of the DPORT and the area of the APB, the result is corrupted for the CPU that read the APB area.
And another CPU has valid data.

The method of eliminating this error.
Before reading the registers of the DPORT, make a preliminary reading of the APB register.
In this case, the joint access of the two CPUs to the registers of the APB and the DPORT is successful.
2018-05-14 17:54:57 +05:00
Ivan Grokhotkov
dbc919eff5 mbedtls: update usage of mbedtls_aes_encrypt/decrypt 2018-05-09 23:15:28 +08:00
Ivan Grokhotkov
aad51ea8a0 mbedtls/port: don’t re-declare mbedtls_shaX functions
ALT header files for sha1, sha256, sha512 are only supposed to declare
mbedtls_sha1_context data structure. Function prototypes should come
from original header files.
2018-05-09 23:15:28 +08:00
Ivan Grokhotkov
254e29aca4 mbedtls: update usage of deprecated mbedtls_shaX APIs
The following mbedTLS APIs have been deprecated and replaced with the
new ones which return error codes:

mbedtls_shaX_starts -> mbedtls_shaX_starts_ret
mbedtls_shaX_update -> mbedtls_shaX_update_ret
mbedtls_shaX_finish -> mbedtls_shaX_finish_ret
mbedtls_shaX_process -> mbedtls_shaX_internal_process

Update hardware implementations of SHA functions, and other IDF
components which used above functions, to use new versions.
2018-05-09 23:15:28 +08:00
Paul Reimer
8a47679d04 Add #include guards and __cplusplus guards to esp_debug.h
Merges https://github.com/espressif/esp-idf/pull/1358
2017-12-07 10:25:57 +11:00
Alexey Skalozub
5405255928 Fix losing sign when multiplying by -1 2017-10-28 03:47:00 +03:00
Angus Gratton
c503a01388 mbedtls: Rename net to net_sockets (in line with 2.4.0 API change) 2017-09-07 18:02:39 +10:00
Angus Gratton
ae382b3bfa mbedtls: Update to 2.6.0 release (without IDF-specific patches) 2017-09-07 18:02:26 +10:00
Angus Gratton
8ce09c2c1c mbedtls: Don't assign ctx->fd until connect() or bind() has succeeded
Avoid leaking closed file descriptors via ctx->fd

Reported: https://esp32.com/viewtopic.php?f=13&t=2910&sid=8568b1fd93a4c8d5760628a638efc48b#p13620
2017-09-05 11:08:35 +10:00
Angus Gratton
2624e10055 esp32 hwcrypto: Use AES registers directly 2017-08-25 16:08:03 +10:00
Angus Gratton
7be002ec0f hwcrypto bignum/MPI: Batch safe DPORT reads to improve performance 2017-08-25 16:08:02 +10:00
Ivan Grokhotkov
08287852ab esp32: add protection for DPORT registers of RSA 2017-08-25 16:08:02 +10:00
Angus Gratton
2c0ff0c1e1 mbedtls: Add a shim header to account for including "mbedtls/config.h" directly in program
Previously this resulted in a config mismatch between default config and esp_config.h

Closes https://github.com/espressif/esp-idf/issues/711
2017-08-21 12:37:53 +10:00
Angus Gratton
66ad84d318 mbedtls: Add more config options to disable Elliptic Curve features
Can save up to an additional 20KB when not using EC in TLS, or disable
unwanted features as needed.
2017-08-18 17:44:33 +10:00
Angus Gratton
c0f65f6680 mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
  (ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
  implications if using DER formatted certificates, RSA ciphersuites only,
  etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-18 17:15:08 +10:00
Tian Hao
26a3cb93c7 component/soc : move dport access header files to soc
1. move dport access header files to soc
2. reduce dport register write protection. Only protect read operation
2017-05-09 18:06:00 +08:00
Tian Hao
f7e8856520 component/esp32 : fix dualcore bug
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
2017-05-08 21:53:43 +08:00
Michael Kellner
a523aa3ef5 mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets
Since mbedtls_net_errno is reset by fcntl, it is reset after calling
net_would_block, so the call to mbedtls_net_errno in mbedtls_net_recv
and mbedtls_net_send will always get back 0. This change propagates
the value returned by mbedtls_net_errno up through net_would_block,
to allow the correct error value to be used and avoid a redundant
call to mbedtls_net_errno.

Merges PR #511 https://github.com/espressif/esp-idf/pull/511
2017-04-21 10:46:34 +10:00
Ivan Grokhotkov
829800f272 Merge branch 'bugfix/mbedtls_non_blocking_sockets' into 'master'
mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets

Previous code read non-blocking status via fcntl first, which resets errno.

* Closes #424 https://github.com/espressif/esp-idf/pull/424
* Merges #425 https://github.com/espressif/esp-idf/pull/425

See merge request !575
2017-03-15 10:39:53 +08:00
Neil Kolban
16e1a2716e mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets
Previous code read non-blocking status via fcntl first, which resets errno.

Closes #424 https://github.com/espressif/esp-idf/pull/424
Merges #425 https://github.com/espressif/esp-idf/pull/425
2017-03-13 15:45:11 +08:00
Angus Gratton
74817c35f3 mbedtls: Enable filesystem support 2017-03-08 09:55:31 +11:00
Angus Gratton
0b7058d8ef mbedTLS: Add generic support for mbedTLS debug output via the esp_log functionality 2017-03-07 10:18:47 +11:00
Angus Gratton
64e6e7a0ae mbedtls: Use two MPI multiplications when multiply operands too large
Allows RSA4096 via hardware crypto operations.

See github #139 https://github.com/espressif/esp-idf/issues/139
2017-01-31 14:36:26 +11:00
Jeroen Domburg
bf57594ebe Merge branch 'feature/intr_alloc' into 'master'
Add dynamic interrupt allocation mechanism

This adds:
- Dynamic allocation of interrupts. Pass it the features of the interrupt you want, it'll set you up with an int.
- Shared interrupts. Enables multiple peripheral drivers to use the same interrupt. 
- Marking what interrupts are fully executable from IRAM; if an int isn't marked like that it will get disabled once flash cache gets disabled.

Also:
- Modifies driver to be in line with these changes

See merge request !254
2016-12-09 14:00:39 +08:00
Liu Han
c1802eaa98 components/mbedtls: add time and time data configuration at menuconfig 2016-12-08 13:33:47 +08:00
Jeroen Domburg
655fd2986a Add interrupt allocation scheme / interrupt sharing. Also modifies drivers and examples. Also allows interrupts
to be marked specifically as having a handler that's all in IRAM.
2016-12-08 12:39:33 +08:00
Angus Gratton
88b264cfce mbedTLS SHA: Fix cloning of SHA-384 digests
Hardware unit only reads 384 bits of state for SHA-384 LOAD,
which is enough for final digest but not enough if you plan to
resume digest in software.
2016-11-25 19:26:30 +11:00
Angus Gratton
d0801fdbab Merge branch 'feature/sha_tls_integration' into 'master'
SHA acceleration integrated to mbedTLS incl. TLS sessions

Uses hardware SHA acceleration where available, fails over to software where not available.

Ref TW7112

See merge request !232
2016-11-25 10:12:29 +08:00
Angus Gratton
79646f41b5 Fixes for stdlib.h inclusion
Refs:
http://esp32.com/viewtopic.php?f=13&t=550
http://esp32.com/viewtopic.php?f=13&t=551

rmt.c should include stdlib.h for malloc, esp_bignum,c &
https_request_main.c for abort().

FreeRTOSConfig.h is only including stdlib if
CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION is set. However, it is
included for abort() so needs to be included whenever
CONFIG_FREERTOS_ASSERT_FAIL_ABORT is set.

This change includes unconditionally in FreeRTOSConfig.h. This is to
avoid this kind of bug where compiler errors are dependent on config. I
suggest we don't change this to be more selective until we have 'make
randomconfig' style tests in CI.
2016-11-24 08:20:21 +11:00
Angus Gratton
2561b68af8 hwcrypto: Fixes for disabling one hardware unit causing reset of a different unit
ROM functions reset related units, but this can have problems in a
multithreaded environment.
2016-11-22 20:42:38 +11:00
Angus Gratton
c48612e516 mbedTLS SHA acceleration: Allow concurrent digest calculation, works with TLS
SHA hardware allows each of SHA1, SHA256, SHA384&SHA512 to calculate digests
concurrently.

Currently incompatible with AES acceleration due to a hardware reset problem.

Ref TW7111.
2016-11-22 20:42:38 +11:00
Angus Gratton
1d47755588 mbedtls hardware bignum: Use memcpy instead of REG_WRITE/REG_READ in a loop
Removes memory barriers for better performance, thanks Ivan for pointing
this out.

Manually unrolling the loop further seemed like diminishing returns.
2016-11-21 18:09:09 +11:00
Angus Gratton
1cc0b3000b mbedtls hardware bignum: Expose ESP-only bignum API in wrapper mbedtls/bignum.h 2016-11-18 17:08:14 +11:00
Angus Gratton
36f29017b6 mbedtls hardware bignum: Support "RSA" interrupt for end of operation
Allows CPU to do other things which bignum operation is in
progress.
2016-11-18 15:53:00 +11:00
Angus Gratton
68d370542a mbedtls hardware RSA: Put into menuconfig, squash warnings
All combinations of enabling/disabling hardware acceleration no longer
show unused warnings.
2016-11-18 15:50:45 +11:00
Angus Gratton
f87be70d51 mbedtls hardware RSA: Combine methods for calculating M' & r inverse
Remove redundant gcd calculation, use consistent terminology.
Also remove leftover debugging code
2016-11-18 14:10:20 +11:00
Dong Heng
6b687b43f4 mbedtls hardware RSA: Fix "mbedtls_mpi_exp_mod" hardware calculations 2016-11-18 14:09:59 +11:00
Angus Gratton
ce7b8059de RSA Accelerator: Remove timing-sensitive optimisations
Avoid potentially leaking timing information about number of bits set in
MPI values.
2016-10-12 17:18:24 +11:00
Angus Gratton
9632c8e56c RSA Accelerator: Add mod_exp, refactor to avoid memory allocation & copying
Not fully working at the moment, mod_exp has a bug.
2016-10-12 16:19:09 +11:00
Angus Gratton
6b3bc4d8c5 hwcrypto bignum: Implement multiplication modulo
Fixes case where hardware bignum multiplication fails due to either
operand >2048 bits.
2016-10-12 15:45:08 +11:00
Angus Gratton
1a6dd44d03 hwcrypto bignum: Use mbedtls_mpi data structures for all bignum data
Still doesn't solve the problem of multiplying two numbers where one is
>2048 bits, needed for RSA support.
2016-10-12 15:45:08 +11:00
Angus Gratton
aa75a71917 mbedtls: Add some initial menuconfig options 2016-09-27 10:38:00 +10:00
Jeroen Domburg
4d4c6a3694 Enable SO_REUSEADDR in LWIP 2016-09-18 16:43:48 +08:00
Angus Gratton
67a26d52ac mbedtls: Temporarily disable default hardware crypto SHA & bignum
Due to limitations referenced in the comments of the changes.
2016-09-14 17:52:39 +10:00
Angus Gratton
f01cabf71d mbedtls hwcrypto sha512: Fix redirection of function names 2016-09-14 17:52:24 +10:00
Angus Gratton
264b115eb0 mbedtls: Move esp_config.h file to port directory 2016-09-09 14:06:14 +10:00
Angus Gratton
a939c15723 mbedtls networking: Remove WIN32 parts, minor cleanup 2016-09-09 11:24:35 +10:00
Wu Jian Gang
95defc7d32 mbedtls: Use hardware accelerated AES, SHA, bignum 2016-09-08 17:41:43 +08:00
Wu Jian Gang
fc2bfc1f49 mbedtls: just format related files
method from !46
2016-09-08 16:46:25 +08:00
liuhan
f4ff32977d components/mbedtls: modify MBEDTLS net feature
modify get the connection's 'errno' info by calling getsockopt function.
2016-09-08 16:46:21 +08:00
liuhan
1900c50d3b components/mbedtls: modify hardware encryption feature
rename "flag" and "keybites" in aes file,
rename "xxx_starts" and add license in sha file.
2016-09-08 16:45:51 +08:00
liuhan
2d80fada70 components/mbedtls: MBEDTLS Handshake result check
modify esp_config.h add some feature for support http2.0 protocol, TLS Handshake OK.
2016-09-08 16:45:44 +08:00
liuhan
98021903a2 recompile crypto and bignum function 2016-09-08 16:45:16 +08:00
liuhan
d9b660f6d4 1. add lock function for every function
2. modify some function for crypto
2016-09-08 16:44:58 +08:00
liuhan
30be5f6eb5 [t6001]: chip Use hardware acceleration of Encryption 2016-09-08 16:44:53 +08:00