272 Commits

Author SHA1 Message Date
nilesh.kale
ef7a749367 feat(mbedtls): updated mbedtls version from 3.5.2 to 3.6.0
This MR updated MbedTLS version to latest version 3.6.0.
2024-05-15 11:43:54 +05:30
harshal.patil
c367de40ba
fix(mbedtls/gcm): Add support for software fallback for non-AES ciphers in a GCM operation
- Even if the config MBEDTLS_HARDWARE_AES is enabled, we now support fallback
to software implementation of GCM operations when non-AES ciphers are used.
2024-03-12 13:47:25 +05:30
harshal.patil
74eb2add93 fix(mbedtls/gcm): Avoid using GCM hardware when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-23 11:26:21 +08:00
jim
dfe28ce029 mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation 2024-01-08 14:37:41 +08:00
Daniel Mangum
3ef1cf7edb
mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding
Updates config to define the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY
option, which replaced the previously used
MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be
used as the new one exceeds the maximum length for an option name in
esp-idf.

See https://github.com/Mbed-TLS/mbedtls/pull/4490 for more information.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2024-01-02 11:22:38 +05:30
harshal.patil
206af07ad4
fix(mbedtls/aes): fix AES interrupt allocation for AES-GCM operations 2023-12-01 16:49:47 +05:30
harshal.patil
b72804340c
fix(mbedtls): move interrupt allocation during initialization phase 2023-12-01 16:49:47 +05:30
Kapil Gupta
973aca32be change(esp_wifi): Port fast_pbkdf2 implementation for mbedlts
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.

Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
2023-11-01 21:56:56 +05:30
Jiang Guang Ming
883d7e793f feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM 2023-10-26 20:56:29 +08:00
Jiang Jiang Jian
5293a3e403 Merge branch 'feature/mbedtls_3_5_0_update_v5.0' into 'release/v5.0'
feat(mbedtls): update to 3.5.0 release (v5.0)

See merge request espressif/esp-idf!26477
2023-10-26 17:58:51 +08:00
Mahavir Jain
3e90ed6428 fix(mbedtls): remove deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
This config has been removed in the upstream mbedTLS starting 3.0
release. Please see mbedTLS changelog for more details.
2023-10-16 03:54:57 +00:00
Mahavir Jain
088c546964 fix(mbedtls): dynamic buffer feature issue with mbedtls 3.5.0
Set max TLS version in the SSL context during setup phase. Dynamic
buffer feature overrides the `mbedtls_ssl_setup` API and hence
this change is required per upstream 3.5.0 codebase change.
2023-10-16 03:54:57 +00:00
Mahavir Jain
97fe016e4e feat(mbedtls): update to 3.5.0 release
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
2023-10-16 03:54:57 +00:00
harshal.patil
6fdbd027c5
feat(esp_hw_support): Add locking layer for the ECC peripheral 2023-09-29 11:24:34 +05:30
Mahavir Jain
aba35cd526
fix(aes): correct the linking of the DMA descriptors
For certain data lengths, the last input descriptor was not getting appended
correctly and hence the EOF flag in the DMA descriptor link list was
set at incorrect location. This was resulting in the peripheral being
stalled expecting more data and eventually the code used to timeout
waiting for the AES completion interrupt.

Required configs for this issue:

CONFIG_MBEDTLS_HARDWARE_AES
CONFIG_SOC_AES_SUPPORT_DMA

This observation is similar to the issue reported in:
https://github.com/espressif/esp-idf/issues/10647

To recreate this issue, start the AES-GCM DMA operation with data length
12280 bytes and this should stall the operation forever.

In this fix, we are tracing the entire descriptor list and then appending the
extra bytes descriptor at correct position (as the last node).
2023-09-06 08:30:00 +05:30
Mahavir Jain
29be69d797
fix(aes-gcm): correct the DMA completion wait condition for hardware GCM case
DMA operation completion must wait until the last DMA descriptor
ownership has been changed to hardware, that is hardware is completed
the write operation for entire data. Earlier for the hardware GCM case,
the first DMA descriptor was checked and it could have resulted in some
race condition for non interrupt (MBEDTLS_AES_USE_INTERRUPT disabled) case.
2023-09-06 08:29:57 +05:30
Jiang Jiang Jian
095f1f259b Merge branch 'bugfix/sha_dma_mode_incorrect_result_v5.0' into 'release/v5.0'
fix(sha): DMA mode iteration calculation issue for certain data lengths (v5.0)

See merge request espressif/esp-idf!25128
2023-08-21 10:40:15 +08:00
Jiang Guang Ming
b554ee475c feat(mbedtls): support ecp fixed-point multiplication configurable 2023-08-09 16:54:28 +08:00
Mahavir Jain
66b718ac82 fix(sha): DMA mode iteration calculation issue for certain data lengths
SHA hardware DMA mode calculation had off-by-one error for specific
input lengths. This was causing last chunk of the input data not being
fed to the hardware accelerator and hence resulting in an incorrect
final result.

Closes: https://github.com/espressif/esp-idf/issues/11915
2023-08-02 04:48:48 +00:00
Mahavir Jain
1315845d75 Merge branch 'fix/mbedtls_internal_shaX_process_api_port_v5.0' into 'release/v5.0'
fix(mbedtls): Fix the port for mbedtls_internal_shaX_process api (v5.0)

See merge request espressif/esp-idf!24810
2023-07-17 17:00:44 +08:00
harshal.patil
f1ee3e41aa refactor(mbedtls): refactored the return values check in some esp-aes APIs 2023-07-14 21:00:16 +05:30
harshal.patil
3a73b1bf9b fix(mbedtls): Fix the port for the mbedtls_internal_shaX_process API
- Also added the fix to update intermediate SHA state in the mbedtls_shaX_update API
2023-07-14 14:18:10 +05:30
harshal.patil
400e220f06 fix(mbedtls): Fixed the transmission of return values of the esp-aes APIs
- Earlier, some intermediate return values were not stored and returned,
thus incorrect return values used to get transmitted to the upper layer of APIs.

- Also, zeroised the output buffer in case of error condition.
2023-07-14 13:41:13 +05:30
Laukik Hase
4da3e20855
fix(mbedtls): Fix incorrect assert for H/W MPI operations
- Closes https://github.com/espressif/esp-idf/issues/11850
2023-07-13 16:24:57 +05:30
Jiang Jiang Jian
faf54ca1d6 Merge branch 'bugfix/aes_dma_align_issue_v5.0' into 'release/v5.0'
aes: fix DMA descriptor calculation for the alignment case (v5.0)

See merge request espressif/esp-idf!24094
2023-06-13 10:09:16 +08:00
Mahavir Jain
94e139e639
aes: fix DMA descriptor calculation for the alignment case
The number of the DMA descriptors allocated for certain length (e.g.,
8176) were not sufficient (off by 1 error). This used to result in the
dynamic memory corruption as the region was modified beyond the
allocated range.

This change fixes the DMA descriptor calculation part and allocates
sufficient DMA descriptors based on the data length alignment considerations.

Test has also been added to cover the specific scenario in the CI.

Closes https://github.com/espressif/esp-idf/issues/11310
2023-06-07 09:26:30 +05:30
Christoph Baechler
ebf4abca14
esp_ds: ignore releasing mutex if not called from same task 2023-05-19 08:31:45 +05:30
harshal.patil
c293708409 mbedtls: replace low-level sha apis with md apis in esp_ssl_tls 2023-04-24 12:03:55 +05:30
harshal.patil
8017e23611 mbedtls: Update config options as per release/v3.4.0
- Added a Kconfig option for the newly added mbedtls option MBEDTLS_PKCS7_C
2023-04-24 12:03:55 +05:30
Laukik Hase
d53d4ec930 esp32/mpi: Added alternate workaround for MPI data corruption issue
- Use DPORT_WRITE_REG (volatile writes) wrappers to write to the
  MPI peripheral
- Updated the previous workaround added for the same issue as it
  was failing in some long runs and with `COMPILER_OPTIMIZATION_PERF`
  enabled.
- The test performance numbers had to be updated due to the
  performance penalty introduced by this fix.

Closes https://github.com/espressif/esp-idf/issues/10403
2023-03-06 06:43:17 +00:00
Laukik Hase
db99f311fc mbedtls: Fix build with dynamic buffers feature 2023-02-19 03:53:02 +00:00
Laukik Hase
8b5ab6820f mbedtls: Update config options as per v3.3.0 release 2023-02-19 03:53:02 +00:00
Mahavir Jain
dcae357500 Merge branch 'fix/hardware_ecc_port_v5.0' into 'release/v5.0'
mbedtls/ecp: Fix incorrect ECP parameter value

See merge request espressif/esp-idf!22112
2023-02-19 11:49:14 +08:00
Sachin Parekh
131faba944 mbedtls/ecp: Fix incorrect ECP parameter value
- Add sanity checks in mbedtls port
- Add ECP test cases covering shorter scalar values
2023-02-08 21:35:49 +05:30
harshal.patil
3ca447956c mbedtls: fix null pointer dereference of variable iv_off
iv_off gets dereferenced before being check for NULL
2023-01-25 15:32:56 +05:30
harshal.patil
79fb21952e mbedtls/port: refactor sanity checks and their return values
Refactored and returned correct error codes for sanity checks
present in port layer esp_aes.c and esp_aes_gcm.c
2023-01-25 15:30:20 +05:30
harshal.patil
7e00b1f356 mbedtls/port: added stream_block parameter sanity check 2023-01-25 15:30:20 +05:30
LiPeng
3c1ac62969 mbedtls: GCM implementation is replaced with CTR-based calculation
- GCM operation in mbedtls used ECB, which calculated only 16 bytes of data each time.
	- Therefore, when processing a large amount of data, it is necessary to frequently set hardware acceleration calculations,
	- which could not make good use of the AES DMA function to improve efficiency.
	- Hence, GCM implementation is replaced with CTR-based calculation which utilizes AES DMA to improve efficiency.
2023-01-09 18:37:07 +05:30
harshal.patil
f111ed2d9a mbedtls: fix esp_aes_gcm_update_ad() API implementation
Closes IDFGH-10467
2023-01-09 18:35:25 +05:30
harshal.patil
40f2caa950 mbedtls: fix esp_aes_crypt_ctr writing to null stream block 2023-01-02 12:02:47 +05:30
harshal.patil
ea07ce9367 mbedtls: added SOC_AES_SUPPORT_AES_192 check in esp_aes_gcm_setkey() 2023-01-02 12:02:47 +05:30
harshal.patil
1c0e11efc0 mbedtls: populate mbedtls_gcm_update() output_length paramater 2023-01-02 12:02:47 +05:30
jgujarathi
2d0ef53e94 Removed some occurences of the RC4 cipher suite(deprecated now) 2022-11-25 10:07:56 +05:30
Mahavir Jain
84b0254fbf
esp32: mpi: add workaround for data corruption issue observed with IDF 5.x toolchain
This fix adds a workaround to disable compiler optimization flag "-ftree-loop-distribute-patterns"
for `mpi_to_mem_block` routine. It was observed that compiler with release configuration was falling
back to `memset` call from ROM library causing an issue in correctly zero initializing MPI peripheral
block.

Please see following linked issue for more discussion and context on this issue.

Closes https://github.com/espressif/esp-idf/issues/8710
Closes https://github.com/espressif/esp-idf/issues/9371
Closes https://github.com/espressif/esp-idf/issues/9256
Closes IDFGH-7102
Closes IDFGH-7842
Closes IDFGH-7714
Closes IDFCI-1452
Closes IDF-6029
2022-10-27 09:54:26 +05:30
Sachin Parekh
44d626a596
mbedtls: Override ecp_mul_restartable_internal
ECDSA verification uses ecp_mul_restartable_internal instead
of the public API mbedtls_ecp_mul_restartable
2022-08-26 11:46:55 +05:30
Laukik Hase
0c60328953
mbedtls/port: Fix dynamic buffers feature for v3.2.1
Co-authored-by: Li Jingyi <lijingyi@espressif.com>
2022-08-26 11:46:55 +05:30
Aditya Patwardhan
0dd55387ea esp_rsa_sign_alt: Fix esp_init_ds_data_ctx API to not modify user defined data when it is given directory from flash 2022-08-23 11:50:47 +05:30
Darian Leung
781d06af73 esp_hw_support: Remove compare_set.h API
This function removes the following legacy atomic CAS functions:

From compare_set.h (file removed):
- compare_and_set_native()
- compare_and_set_extram()

From portmacro.h
- uxPortCompareSet()
- uxPortCompareSetExtram()

Users should call esp_cpu_compare_and_set() instead as this function hides the details
of atomic CAS on internal and external RAM addresses.

Due to the removal of compare_set.h, some missing header includes are also fixed in this commit.
2022-07-22 00:06:06 +08:00
Mahavir Jain
a94c74c26b
mbedtls: remove dependency on driver component
- keep `esp_pm` dependency conditional in mbedtls
- refactor `bt` cmakelist to keep dependencies as private

Related: IDF-1265
2022-07-18 21:10:51 +05:30
Mahavir Jain
dd24639215 Merge branch 'esp32h2/enable_ecc_accelerator' into 'master'
esp32h2: Enable ECC accelerator

Closes IDF-3397

See merge request espressif/esp-idf!18647
2022-06-23 20:06:26 +08:00