Commit Graph

658 Commits

Author SHA1 Message Date
harshal.patil
83dd60307f
feat(mbedtls/esp_crypto_shared_gdma): support AXI-DMA in the crypto shared gdma layer
- In case of AXI-DMA, the DMA descriptors need to be 8 bytes aligned
lldesc_t do not satify this condition thus we need to replace it with
dma_descriptor_t (align(4) and align(8)) in esp_crypto_shared_gdma.

- Added new shared gdma start API that supports the dma_descriptor_t
DMA descriptor.

- Added some generic dma descriptor macros and helper functions

- replace lldesc_t with dma_descriptor_t
2024-03-13 15:22:06 +05:30
harshal.patil
2c570ed53b
change(mbedtls/aes): moved esp_aes_internal.h to be a private header
- Also enable AES-GCM test in the hal crypto test app for all targets
2024-03-13 15:22:06 +05:30
Mahavir Jain
6dd040a61b Merge branch 'update/update_certs_bundle' into 'master'
Update esp_crt_bundle certificates

See merge request espressif/esp-idf!29562
2024-03-13 15:42:31 +08:00
harshal.patil
343a6f47ab
fix(mbedtls/aes-gcm): Fix null pointer derefernce coverity reports
- Also fixed a tcp_transport and https_server report
2024-03-12 12:36:00 +05:30
wuzhenghui
92849e660e
fix(mbedtls): fixing ecdsa's dependence on ecc_mult clock 2024-03-12 10:10:42 +08:00
Espressif BOT
bebdf7b989 change(mbedtls/crt_bundle): Update esp_crt_bundle certificates 2024-03-12 10:00:36 +08:00
nilesh.kale
f6a7fb13cd feat: re enables tests on p4
This commit re-enables mbedtls and hal/crypto testapos on p4.
2024-03-05 17:48:05 +08:00
harshal.patil
a21a16f34f
ci(mbedtls/gcm): Added test to verify software fallback for non-AES cipher GCM operations 2024-02-23 10:47:30 +05:30
harshal.patil
8977be856d
fix(mbedtls/gcm): Add support for software fallback for non-AES ciphers in a GCM operation
- Even if the config MBEDTLS_HARDWARE_AES is enabled, we now support fallback
to software implementation of GCM operations when non-AES ciphers are used.
2024-02-23 10:47:30 +05:30
nilesh.kale
aab3f604ec feat(hal/testapps): Added AES and SHA testcases with DMA support 2024-02-09 14:23:06 +05:30
nilesh.kale
8472bcb7d3 feat(mbedtls): updated mbedtls version from 3.5.0 to 3.5.2
This updates the submodule mbedtls to its latest version 3.5.2.
2024-02-01 10:43:16 +05:30
Aditya Patwardhan
4dc2ace0b7
fix(esp_hw_support): Update key manager support
1) Added new Key Manager APIs
    2) Added crypto locking layer for Key Manager
    3) Remove support for deploying known key
    4) Format key manager support
    5) Fix build header error
    6) Updated the key_mgr_types.h file
    7) Added key manager tests
2024-01-23 10:24:39 +05:30
Marius Vikhammer
a792c24b2a ci(mbedtls): remove duplicated build-rules 2024-01-16 17:14:12 +08:00
Fu Hanxi
9a9b1cd11f
ci(ecdsa): migrate from .gitlab/ci/rules.yml to .build-test-rules.yml 2024-01-10 15:29:43 +01:00
Aditya Patwardhan
1220c36f96 Merge branch 'fix/build_failure_when_hardware_gcm_is_disabled' into 'master'
fix(mbedtls/gcm): Fix build failure when config `MBEDTLS_HARDWARE_GCM` is disabled

See merge request espressif/esp-idf!28149
2024-01-08 13:35:04 +08:00
Mahavir Jain
7c004fd7f8 Merge branch 'bugfix/fix_dynamic_mbedtls_crash' into 'master'
mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation

Closes IDF-8529

See merge request espressif/esp-idf!28086
2024-01-08 11:39:39 +08:00
harshal.patil
8ac4d9ab99
fix(mbedtls/gcm): Avoid using GCM hardware when config MBEDTLS_HARDWARE_GCM is disabled 2024-01-04 12:20:11 +05:30
harshal.patil
c1ed825d3e
fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled 2024-01-04 12:20:10 +05:30
Armando
3c5a4f9e8a ci(p4): added todo jira for disabled tests on p4 2024-01-04 09:36:38 +08:00
Armando
907b876354 ci(p4): temporarily disable failed ci tests on p4 2024-01-04 09:36:06 +08:00
jim
b0b6980421 mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation 2023-12-22 17:23:42 +08:00
Mahavir Jain
01f50ee7f5
refactor: migrate atecc608a_ecdsa example to crypto authlib repository
- ESP32-WROOM-32SE has been discontinued and marked as NRND
- This change removes all references to ESP32-WROOM-32SE from IDF
- The example has been migrated to esp-cryptoauthlib repository and it
  can be used through the component manager
  (https://components.espressif.com/components/espressif/esp-cryptoauthlib)
2023-12-22 09:11:41 +05:30
Mahavir Jain
d3afab15bd Merge branch 'update/update_certs_bundle' into 'master'
Update esp_crt_bundle certificates

See merge request espressif/esp-idf!27932
2023-12-20 20:36:23 +08:00
Ivan Grokhotkov
a596ca56a8
fix(mbedtls): fix -Wstrict-prototypes warning when compiling on Linux 2023-12-19 13:29:15 +01:00
Espressif BOT
8f0f7f007c change(mbedtls/crt_bundle): Update esp_crt_bundle certificates 2023-12-19 14:40:56 +08:00
Darian
e3191df37a Merge branch 'change/deprecate_legacy_xtensa_include_path' into 'master'
change(xtensa): Deprecate legacy include paths

Closes IDF-7230

See merge request espressif/esp-idf!26725
2023-12-05 15:05:29 +08:00
Darian Leung
8c2949a97e change(xtensa): Deprecate ".../xtensa_timer.h" include path
This commit deprecates the "freertos/xtensa_timer.h" and "xtensa/xtensa_timer.h"
include paths. Users should use "xtensa_timer.h" instead.

- Replace legacy include paths
- Removed some unnecessary includes of "xtensa_timer.h"
- Add warning to compatibility header
2023-11-30 21:58:52 +08:00
harshal.patil
47821f6299
fix(mbedtls/aes): fix AES interrupt allocation for AES-GCM operations 2023-11-30 11:59:59 +05:30
Mahavir Jain
7505667e7d Merge branch 'bugfix/esp32h2_ecdsa_hardware_k' into 'master'
fix(esp32h2): program use_hardware_k efuse bit for ECDSA key purpose

Closes IDF-8508 and IDF-8506

See merge request espressif/esp-idf!26918
2023-11-17 15:10:12 +08:00
Aditya Patwardhan
ae05f3f140 fix(mbedtls): Removed redundant menuconfig entry 2023-11-15 04:59:52 +00:00
Mahavir Jain
fec7fc30f1
fix(api-docs): include in the ECDSA APIs for doxygen build 2023-11-15 09:42:27 +05:30
Mahavir Jain
7bb29086df
docs: add ECDSA peripheral chapter for H2/P4
- Add ECDSA peripheral chapter and instructions to program efuse key block
- Update security guide for ECDSA peripheral mention for device identity
- Link with ESP-TLS guide about using ECDSA peripheral in TLS connection
2023-11-15 09:42:26 +05:30
Mahavir Jain
f9501f6ea9
fix(ecdsa): remove unused k_mode from the ECDSA HAL/LL API
For ESP32-H2 case, the hardware k mode is always enforced through
efuse settings (done in startup code).

For ESP32-P4 case, the software k mode is not supported in the peripheral
itself and code was redundant.
2023-11-15 09:42:26 +05:30
harshal.patil
d3be7bda05
fix(mbedtls): move interrupt allocation during initialization phase 2023-11-06 11:20:53 +05:30
Marius Vikhammer
95703297a6 Merge branch 'ci/psram_config_fix' into 'master'
ci: fix warnings for invalid kconfig option

See merge request espressif/esp-idf!23250
2023-11-02 13:44:04 +08:00
Marius Vikhammer
77bb19c49e ci(build): fixed/ignored warnings from unknown symbols in sdkconfig.defaults 2023-11-01 01:14:00 +00:00
Mahavir Jain
5b047057ca
feat(mbedtls): add new deprecated cert list and relevant config
Cert bundle is periodically updated with the upstream Mozilla's NSS
root cert store. Retracted certs are moved to deprecated list now and
an additional config allows to include them in the default bundle. New
config is kept default disabled but can be enabled if one would like
to ensure 100% compatibility w.r.t. cert bundle across IDF minor or
patch releases. In IDF major release the deprecated list shall be reset.
2023-10-29 12:21:22 +05:30
Espressif BOT
24446bfab1
change(esp_crt_bundle): Update esp_crt_bundle certificates 2023-10-29 12:21:21 +05:30
Mahavir Jain
804ed172dd
fix(mbedtls): allow to use built in entropy implementation for linux target 2023-10-26 15:12:42 +05:30
Jiang Guang Ming
e882782f0d feat(mbedtls): add new option CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL for mbedtls pytest 2023-10-23 13:10:44 +08:00
Jiang Guang Ming
37ec1cc592 feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM 2023-10-23 13:10:44 +08:00
Mahavir Jain
dbc33ca7aa Merge branch 'feature/add_intr_priority_config_option' into 'master'
feat(mbedtls): Add config for interrupt priority in AES and RSA

Closes IDF-7963 and IDF-7964

See merge request espressif/esp-idf!26190
2023-10-16 11:33:03 +08:00
Mahavir Jain
6b62065b92 Merge branch 'fix/crypto_periphs_use_rcc_atomic_blocks' into 'master'
Use rcc atomic blocks to enable/reset crypto peripherals

See merge request espressif/esp-idf!25811
2023-10-13 22:37:58 +08:00
nilesh.kale
cf4a7bb09d feat(mbedtls): Add config for interrupt priority in AES and RSA(MPI) 2023-10-12 11:06:13 +05:30
Mahavir Jain
0c3ed4f540 fix(mbedtls): remove deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
This config has been removed in the upstream mbedTLS starting 3.0
release. Please see mbedTLS changelog for more details.
2023-10-11 09:32:32 +00:00
Mahavir Jain
e9094cef66 fix(mbedtls): dynamic buffer feature issue with mbedtls 3.5.0
Set max TLS version in the SSL context during setup phase. Dynamic
buffer feature overrides the `mbedtls_ssl_setup` API and hence
this change is required per upstream 3.5.0 codebase change.
2023-10-11 09:32:32 +00:00
Mahavir Jain
9ca8f3d45b feat(mbedtls): update to 3.5.0 release
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
2023-10-11 09:32:32 +00:00
harshal.patil
57d10477da
feat(ecdsa): use RCC atomic block to enable/reset the ECDSA peripheral 2023-10-11 14:59:04 +05:30
harshal.patil
1c6ff8ce9f
feat(ecc): use RCC atomic block to enable/reset the ECC peripheral 2023-10-11 14:59:04 +05:30
harshal.patil
c5cc4f488a
feat(mpi): use RCC atomic block to enable/reset the MPI peripheral 2023-10-11 14:59:03 +05:30
Alexey Lapshin
71713bcdb5 fix(mbedtls): fix gcc 13.1.0 warnings 2023-10-09 12:13:02 +04:00
Mahavir Jain
ab74fb4d92 Merge branch 'feature/locking_layer_for_ecdsa' into 'master'
feat(esp_hw_support): Added locking mechanism for the ECDSA and ECC peripherals

Closes IDF-7990

See merge request espressif/esp-idf!26029
2023-09-25 18:04:21 +08:00
Jakob Hasse
ac2515e199 refactor(lwip): Added on/off switch for LwIP stack
* This switch allows applications to replace lwip with a different
  IP stack or just make it build if it is a dependency but not
  actually needed.
2023-09-22 10:03:13 +08:00
harshal.patil
6a7caa7b8e
feat(esp_hw_support): Added locking mechanism for the ECDSA and ECC peripheral 2023-09-20 16:05:50 +05:30
Jiang Jiang Jian
62720ffa8c Merge branch 'feature/pbkdf2_fast_implementation' into 'master'
esp_wifi: Port fast_pbkdf2 implementation to calculate PMK

See merge request espressif/esp-idf!24287
2023-09-12 14:06:02 +08:00
Kapil Gupta
c82a792bc3 change(esp_wifi): Port fast_pbkdf2 implementation for mbedlts
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.

Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
2023-09-11 19:33:17 +05:30
Mahavir Jain
2b3418b4a0 Merge branch 'feature/use_ecdsa_perph_while_mutual_auth' into 'master'
feat: ECDSA peripheral while performing http connection with mutual auth

Closes IDF-7390

See merge request espressif/esp-idf!25052
2023-09-11 19:41:21 +08:00
Aditya Patwardhan
a57c8dc938 Merge branch 'contrib/github_pr_12177' into 'master'
mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding (GitHub PR)

See merge request espressif/esp-idf!25826
2023-09-09 12:27:56 +08:00
Harshit Malpani
692e1a9e61
feat: ECDSA peripheral while performing http connection with mutual auth 2023-09-08 12:22:41 +05:30
Daniel Mangum
35c428b0ec
mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding
Updates config to define the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY
option, which replaced the previously used
MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be
used as the new one exceeds the maximum length for an option name in
esp-idf.

See https://github.com/Mbed-TLS/mbedtls/pull/4490 for more information.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2023-09-08 11:45:55 +05:30
harshal.patil
4c0dd8388b
feat(mbedtls): Integrate the ecdsa export public key feature in mbedtls 2023-09-06 11:07:40 +05:30
harshal.patil
d86b320892
feat(ecdsa): add ECDSA peripheral support for esp32p4 2023-09-06 11:07:37 +05:30
Mahavir Jain
5b001f9e53 Merge branch 'bugfix/aes_dma_descriptor_setup_issue' into 'master'
fix(aes): correct the linking of the DMA descriptors

See merge request espressif/esp-idf!25723
2023-09-05 17:19:28 +08:00
Mahavir Jain
9dc4b8beeb fix(aes): correct the linking of the DMA descriptors
For certain data lengths, the last input descriptor was not getting appended
correctly and hence the EOF flag in the DMA descriptor link list was
set at incorrect location. This was resulting in the peripheral being
stalled expecting more data and eventually the code used to timeout
waiting for the AES completion interrupt.

Required configs for this issue:

CONFIG_MBEDTLS_HARDWARE_AES
CONFIG_SOC_AES_SUPPORT_DMA

This observation is similar to the issue reported in:
https://github.com/espressif/esp-idf/issues/10647

To recreate this issue, start the AES-GCM DMA operation with data length
12280 bytes and this should stall the operation forever.

In this fix, we are tracing the entire descriptor list and then appending the
extra bytes descriptor at correct position (as the last node).
2023-09-04 05:35:15 +00:00
Mahavir Jain
89584cd1d0 fix(aes-gcm): correct the DMA completion wait condition for hardware GCM case
DMA operation completion must wait until the last DMA descriptor
ownership has been changed to hardware, that is hardware is completed
the write operation for entire data. Earlier for the hardware GCM case,
the first DMA descriptor was checked and it could have resulted in some
race condition for non interrupt (MBEDTLS_AES_USE_INTERRUPT disabled) case.
2023-09-04 05:35:15 +00:00
harshal.patil
b8c208cdb3
feat(ds): add Digital Signature peripheral support for esp32p4 2023-09-01 15:44:21 +05:30
Armando
7dbd3f6909 feat(ci): Enable p4 example, test_apps and unit tests CI build 2023-08-24 12:51:19 +08:00
Harshit Malpani
4c5a7de6a6
feat(mbedtls): Update to release/v3.4.1 2023-08-16 11:40:31 +05:30
nilesh.kale
b4f9dd1fa5 fix(mbedtls): IRAM optimization analyzed on mbedtls/test_apps 2023-08-10 14:05:22 +05:30
Jiang Guang Ming
3f2746688c feat(mbedtls): support ecp fixed-point multiplication configurable 2023-08-08 14:03:57 +08:00
Mahavir Jain
6f5f7fd9d8 Merge branch 'bugfix/sha_dma_mode_incorrect_result' into 'master'
fix(sha): DMA mode iteration calculation issue for certain data lengths

Closes IDFGH-10690

See merge request espressif/esp-idf!25010
2023-08-01 16:44:47 +08:00
Mahavir Jain
224a308fd5
ci(test): add SHA DMA mode test for large data in PSRAM
Covers a test scenario described in following issue:
https://github.com/espressif/esp-idf/issues/11915
2023-07-28 14:23:02 +05:30
Laukik Hase
521dd35f2f
fix(mbedtls): Updated redundant assert for H/W MPI operations 2023-07-27 11:40:23 +05:30
Mahavir Jain
735c0c325b
fix(sha): DMA mode iteration calculation issue for certain data lengths
SHA hardware DMA mode calculation had off-by-one error for specific
input lengths. This was causing last chunk of the input data not being
fed to the hardware accelerator and hence resulting in an incorrect
final result.

Closes: https://github.com/espressif/esp-idf/issues/11915
2023-07-26 15:31:12 +05:30
harshal.patil
eb3dab8af4 ci(mbedtls): added a test for the mbedtls_internal_shaX_process API 2023-07-14 04:08:30 +00:00
harshal.patil
79d07f9909 fix(mbedtls): Fix the port for the mbedtls_internal_shaX_process API
- Also added the fix to update intermediate SHA state in the mbedtls_shaX_update API
2023-07-14 04:08:30 +00:00
Aditya Patwardhan
56f15ab017 Merge branch 'fix/mpi_incorrect_assert' into 'master'
fix(mbedtls): Fix incorrect assert for H/W MPI operations

Closes WIFI-5591 and IDFGH-10615

See merge request espressif/esp-idf!24737
2023-07-14 08:59:10 +08:00
Mahavir Jain
36908cc5fd Merge branch 'bugfix/mbedtls_sha_test_fail_when_run_twice' into 'master'
fix(mbedtls): sha test will fail when run twice

See merge request espressif/esp-idf!24767
2023-07-13 20:47:30 +08:00
Laukik Hase
20a3fcae48
fix(mbedtls): Fix incorrect assert for H/W MPI operations
- Closes https://github.com/espressif/esp-idf/issues/11850
2023-07-13 14:52:00 +05:30
Jiang Guang Ming
01b71b0978 fix(mbedtls): sha test will fail when run twice 2023-07-13 00:00:16 -07:00
harshal.patil
990e1e9307 refactor(mbedtls): refactored the return values check in some esp-aes APIs 2023-07-12 14:41:41 +05:30
harshal.patil
38255c048a fix(mbedtls): Fixed the transmission of return values of the esp-aes APIs
- Earlier, some intermediate return values were not stored and returned,
thus incorrect return values used to get transmitted to the upper layer of APIs.

- Also, zeroised the output buffer in case of error condition.
2023-07-12 14:41:41 +05:30
morris
56a376c696 feat(esp_gdma): add hal interface for common operations
GDMA driver will be adapted to more DMA peripherals in the future.
This commit is to extract a minimal interface in the hal layer
2023-07-10 13:45:57 +08:00
Mahavir Jain
90290507fb
fix(mbedtls): Build issue in dynamic buffer feature
Fix build issue in mbedTLS dynamic buffer feature with
`CONFIG_MBEDTLS_DHM_C` enabled case. Also added a build
configuration for the test coverage.

Closes https://github.com/espressif/esp-idf/issues/11770
2023-06-29 13:30:30 +05:30
harshal.patil
f0ae5bd25a mbedtls: update submodule to include:
fix: mbedtls_ecdsa_can_do was not being defined when ECDSA_SIGN_ALT is defined but ECDSA_VERIFY_ALT is not defined causing mbedtls_ecdsa_verify_restartable to always fail.
feature: initial version of the sbom.yml file
2023-06-23 14:07:45 +05:30
Song Ruo Jing
921713fff4 uart: Support LP_UART port with UART driver on esp32c6 2023-06-16 07:31:40 +00:00
Konstantin Kondrashov
c350c3c504 Merge branch 'feature/cleanup_wrong_log_use' into 'master'
all: Removes unnecessary newline character in logs

Closes IDFGH-10197

See merge request espressif/esp-idf!24131
2023-06-15 21:49:49 +08:00
Marius Vikhammer
6d11c37ff1 core-system: trim build components for core-system test apps 2023-06-13 09:14:42 +08:00
KonstantinKondrashov
e72061695e all: Removes unnecessary newline character in logs
Closes https://github.com/espressif/esp-idf/issues/11465
2023-06-09 03:31:21 +08:00
Mahavir Jain
f7a01d8f90
aes: fix DMA descriptor calculation for the alignment case
The number of the DMA descriptors allocated for certain length (e.g.,
8176) were not sufficient (off by 1 error). This used to result in the
dynamic memory corruption as the region was modified beyond the
allocated range.

This change fixes the DMA descriptor calculation part and allocates
sufficient DMA descriptors based on the data length alignment considerations.

Test has also been added to cover the specific scenario in the CI.

Closes https://github.com/espressif/esp-idf/issues/11310
2023-05-31 14:19:58 +05:30
Mahavir Jain
1747f2e0d1 Merge branch 'contrib/github_pr_11402' into 'master'
esp_ds: ignore releasing mutex if not called from same task (GitHub PR)

Closes IDFGH-10131

See merge request espressif/esp-idf!23763
2023-05-19 10:59:33 +08:00
Zhang Xiao Yan
81558fb77d Merge branch 'docs/update_algorithm_and_key_from_aes-xts_to_xts-aes' into 'master'
docs: update the algorithm and key name from AES-XTS to XTS-AES

See merge request espressif/esp-idf!23742
2023-05-16 17:39:58 +08:00
Christoph Baechler
704dfc9185 esp_ds: ignore releasing mutex if not called from same task 2023-05-15 15:02:38 +02:00
Linda
65ee4992ce docs: update the algorithm and key name from AES-XTS to XTS-AES 2023-05-15 17:54:50 +08:00
Cao Sen Miao
0f83970368 ci: Delete ccomp_timer in IDF(witch has been moved to component manager) 2023-05-15 14:58:51 +08:00
Zim Kalinowski
3947688d54 Merge branch 'bugfix/make_clean_files' into 'master'
build-system: replace ADDITIONAL_MAKE_CLEAN_FILES with ADDITIONAL_CLEAN_FILES

Closes IDF-2444

See merge request espressif/esp-idf!23628
2023-05-09 16:53:18 +08:00
Marius Vikhammer
d17248ecdf build-system: replace ADDITIONAL_MAKE_CLEAN_FILES with ADDITIONAL_CLEAN_FILES
ADDITIONAL_MAKE_CLEAN_FILES is deprecated and only worked with make.
Replaced with the new ADDITIONAL_CLEAN_FILES (CMake 3.15) which also works with ninja.
2023-05-08 15:51:48 +08:00
harshal.patil
9a87b26294 mbedtls: fix sha-512 block mode build error 2023-05-08 10:27:34 +05:30
Mahavir Jain
cba923788e Merge branch 'feature/tls1_3_support' into 'master'
esp-tls: add initial support for TLS1.3 connections (client mode)

Closes IDF-7251 and IDF-7252

See merge request espressif/esp-idf!23442
2023-04-27 18:13:43 +08:00
Mahavir Jain
3fd171f092
mbedtls: fix small typo in the config file 2023-04-25 17:44:28 +05:30