Commit Graph

183 Commits

Author SHA1 Message Date
harshal.patil
f138411fd7 mbedtls/port: added stream_block parameter sanity check 2023-01-25 15:40:45 +05:30
harshal.patil
119ac05b5e mbedtls: fix esp_aes_crypt_ctr writing to null stream block 2023-01-25 15:40:45 +05:30
harshal.patil
342671a943 mbedtls: added SOC_AES_SUPPORT_AES_192 check in esp_aes_gcm_setkey() 2023-01-25 15:40:45 +05:30
Aditya Patwardhan
861c3f5025 esp_rsa_sign_alt: Fix esp_init_ds_data_ctx API to not modify user defined data when it is given directory from flash 2022-08-23 13:32:12 +05:30
Jiang Jiang Jian
c65f973e64 Merge branch 'bugfix/mbedtls_dynamic_buffer_crash_on_ssl_server_v4.3' into 'release/v4.3'
fix(mbedtls): fix ssl server memory leak when enable mbedtls dynamic buffer (backport v4.3)

See merge request espressif/esp-idf!17876
2022-06-09 17:26:16 +08:00
Li Jingyi
24feccbd80 mbedtls: fix ssl server crash when enable mbedtls dynamic buffer
Not free keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods, because keycert will be used to parse client key exchange.
2022-06-09 04:37:35 +00:00
Li Jingyi
ffef57c580 fix(mbedtls): fix ssl server memory leak when enable mbedtls dynamic buffer function 2022-05-19 16:28:53 +08:00
Laukik Hase
bdd329ff02 ci: Fix issues for build stage
- Fixed logs expecting different format specifier
- Updated ignore list for check_public_header test
- Updated functions ported from mbedTLS
- Fix for make-system build errors
2022-02-02 15:07:50 +05:30
Laukik Hase
df9f101792 mbedtls: Added option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT
  (config was kept for backward compatibility)
- Combined mbedTLS v2.28.x related options under a separate Kconfig menu
2022-02-02 11:00:32 +05:30
Laukik Hase
92c0c09514 mbedtls: Moved mbedtls_mpi_mul_int to port layer 2022-02-02 11:00:32 +05:30
Laukik Hase
29b6d229c1 mbedtls: Added config options for v2.28.0 upgrade 2022-02-02 11:00:32 +05:30
Marius Vikhammer
6e9d90d6e1 soc: Added support for specify the maximum descriptor length when setting up the DMA descriptor link 2022-01-06 08:11:57 +08:00
Marius Vikhammer
2a28ec3522 crypto: also apply cache writeback/invalidate for SPIRAM_USE_MEMMAP
Closes https://github.com/espressif/esp-idf/issues/7944
2022-01-06 08:11:57 +08:00
Marius Vikhammer
b957692888 crypto: allocate all DMA descriptors to DMA capable memory.
These were previously placed on the stack, but the stack could be placed in
RTC RAM which is not DMA capable.
2022-01-06 08:11:57 +08:00
Li Jingyi
e3b39381fd fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable MBEDTLS_DYNAMIC_BUFFER feature when MBEDTLS_SSL_PROTO_DTLS is selected 2021-12-23 15:34:18 +08:00
Li Jingyi
32e29580de feat(mbedtls): modify __wrap_mbedtls_ssl_setup to decrease SSL peak heap cost 2021-12-21 15:19:29 +08:00
Mahavir Jain
7a8c8f8576 esp_bignum: move check for supported MPI bits at start of API
This can allow hardware MPI API to return as soon as it identifies
that it can handle require bitlength operation.
2021-12-02 15:08:42 +05:30
Mahavir Jain
0befb28237 mbedtls: fix hardware MPI (bignum) related regression
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
2021-12-02 15:08:37 +05:30
Marius Vikhammer
1c9f018891 aes: fix potential unaligned access in aes-gcm 2021-11-04 10:59:53 +08:00
Marius Vikhammer
d5d126b73e aes/sha: fixed driver reseting the wrong GDMA channel
Driver was using the channel ID from tx when reseting rx.
But since rx and tx is not necessarily from the same pair this could lead
to the driver reseting the wrong DMA channel.
2021-08-30 17:06:13 +08:00
Mahavir Jain
dd12e9f8cd Merge branch 'cert/skipping_keyelements_validation' into 'master'
MbedTLS: Add config option for key elements and key element extension for SSL connection

See merge request espressif/esp-idf!12898

(cherry picked from commit 76bd33e9a4)

38d67725 mbedtls: Add config option key element and key element ext
2021-07-14 16:43:58 +08:00
kapil.gupta
ae35d70359 wpa_supplicant: Write Crypto API based on mbedtls
This commit add following crypto changes

1. Update current crypto code with upstream supplicant code
2. Add a proper porting layer to use mbedtls APIs for all the crypto
   operations used by supplicant.

Internal crypto will be used when USE_MBEDLTS flag is disabled
in supplicant's menuconfig.

This commit also removes the clutter in crypto files due to partial
porting of some APIs to mbedtls, all the code from those files have
been removed and rewritten in a generic way, this is inspired from
current upstream code.

This also reduces the lib size significantly, supplicant's lib
size reduces around ~567kb after this change(NB: lib size doesn't
indicate reduction in final bin size).
2021-06-29 14:34:48 +08:00
yuanjm
6d32eec165 mbedtls: Fix mbedtls_ssl_send_alert_message crash due to ssl->out_iv is NULL 2021-04-30 02:01:51 +00:00
liuhan
9bf4d44235 mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS 2021-04-22 12:34:00 +00:00
Angus Gratton
e6b8bc6ecb mbedtls aes dma: Fix bug where DMA would complete when the first output descriptor was done, not the last 2021-03-25 15:28:45 +11:00
Marius Vikhammer
1c8fd4041e aes/sha: use a shared lazy allocated GDMA channel for AES and SHA
Removed the old dynamically allocated GDMA channel approach.
It proved too unreliable as we couldn't not ensure consumers of the mbedtls
would properly free the channels after use.

Replaced by a single shared GDMA channel for AES and SHA, which won't be
released unless user specifically calls API for releasing it.
2021-03-10 09:40:35 +08:00
Aditya Patwardhan
947e445e02 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-03-05 09:53:19 +05:30
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Jiang Jiang Jian
ea79091725 Merge branch 'bugfix/esp32c3_wpa4096_cert_support' into 'master'
MbedTLS: Add software fallback for Modular Exponentiation for larger bignum operations

Closes WIFI-3257 and IDFGH-132

See merge request espressif/esp-idf!11928
2021-01-21 12:45:19 +08:00
Marius Vikhammer
51169b0e0c AES/SHA: use GDMA driver instead of LL 2021-01-19 11:02:51 +08:00
kapil.gupta
de22f3a4e5 MbedTLS: Add software fallback implementation for exp mod
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
2021-01-18 18:47:51 +05:30
morris
753a929525 global: fix sign-compare warnings 2021-01-12 14:05:08 +08:00
Marius Vikhammer
1b6891c5d8 mbedtls: merge changes from C3 2020-12-29 10:56:13 +08:00
Marius Vikhammer
457ce080ae AES: refactor and add HAL layer
Refactor the AES driver and add HAL, LL and caps.

Add better support for running AES-GCM fully in hardware.
2020-12-10 09:04:47 +00:00
Angus Gratton
5228d9f9ce esp32c3: Apply one-liner/small changes for ESP32-C3 2020-12-01 10:58:50 +11:00
Angus Gratton
d6bdd1cb32 Merge branch 'bugfix/small_cleanups' into 'master'
Small cleanups

See merge request espressif/esp-idf!11141
2020-11-23 17:23:53 +08:00
Dong Heng
1c9592efc4 fix(mbedtls): fix mbedtls dynamic resource memory leaks and RSA cert drop earlier
RX process caches the session information in "ssl->in_ctr" not in "ssl->in_buf".
So when freeing the SSL, can't free the "ssl->in_ctr", because the "ssl->in_buf"
is empty.

Make the RX process like TX process, and cache the session information in
"ssl->in_buf", so that the cache buffer can be freed when freeing the SSL.

Closes https://github.com/espressif/esp-idf/issues/6104
2020-11-19 07:31:50 +00:00
Marius Vikhammer
09e1d104ba SHA: fix dma lldesc going out of scope issue
DMA process didnt wait for idle before returning.
This meant that there was a potential for the dma
descriptors which were on the stack to be reclaimed
before the DMA operation finished.
2020-11-18 06:04:31 +00:00
Angus Gratton
b798158b4c mbedtls: Avoid malloc in esp_sha() function 2020-11-17 22:51:32 +00:00
Angus Gratton
a4fb6c0173 mbedtls: Add missing sha_caps includes 2020-11-17 22:51:07 +00:00
Marius Vikhammer
488f46acf5 SHA/RSA: moved all caps to soc_caps.h 2020-11-12 02:15:46 +00:00
Angus Gratton
66fb5a29bb Whitespace: Automated whitespace fixes (large commit)
Apply the pre-commit hook whitespace fixes to all files in the repo.

(Line endings, blank lines at end of file, trailing whitespace)
2020-11-11 07:36:35 +00:00
Marius Vikhammer
949fb8e63a SHA: add HAL layer and refactor driver
Add a LL and HAL layer for SHA.
2020-10-09 08:24:08 +00:00
David Čermák
28d2b7a9b3 Merge branch 'bugfix/esp_netif_non_lwip' into 'master'
esp-netif: Enable use of the ESP-IDF with a non-LWIP (and non-BSD-style) IP stack.

Closes IDFGH-3971

See merge request espressif/esp-idf!10472
2020-10-05 16:16:11 +08:00
Marius Vikhammer
3c14900a95 RSA: add max RSA bit len as a soc caps 2020-09-24 16:52:50 +08:00
Mahavir Jain
4a3b5b73a8 Merge branch 'feature/esp_ds_sw_support' into 'master'
Added support for  RSA  sign using DS peripheral (only for ESP32-S2)

Closes IDF-1626

See merge request espressif/esp-idf!9477
2020-09-23 20:39:04 +08:00
Aditya Patwardhan
47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Marius Vikhammer
bff0016eb8 crypto accelerator support on esp32s3
SHA: passing unit tests
RSA: pass tests
AES: tests passing
2020-09-22 15:15:03 +08:00
morris
61f89b97c6 bringup esp32-s3 on FPGA 2020-09-22 15:15:03 +08:00
cnlohr
507c08251e esp_netif: Enable use of the ESP-IDF with a non-LWIP (and non-BSD-style) IP stack.
Note: besides the esp-netif component, this commit also disables
net_sockets.c from mbedtls, which is one of the base components and uses BSD API (not specifically lwIP). This might be refactored to use CONFIG_SUPPORT_BSD_API instead of CONFIG_ESP_NETIF_TCPIP_LWIP
in the future.
It also disables smartconfig_ack.c and wifi_init.c from esp_wifi
component for referencing some lwIP config options (smartconfig_ack.c changes might be also
updated to check CONFIG_SUPPORT_BSD_API)

Merges https://github.com/espressif/esp-idf/pull/5856
2020-09-18 15:10:55 +02:00