Commit Graph

195 Commits

Author SHA1 Message Date
Mahavir Jain
2a1ede3f9d Merge branch 'update_v4.4/mbedtls_v2.28.2' into 'release/v4.4'
mbedtls: Update to release v2.28.2 (v4.4)

See merge request espressif/esp-idf!21896
2023-02-02 22:27:22 +08:00
harshal.patil
ecdd202285 mbedtls/port: added stream_block parameter sanity check 2023-01-25 15:38:28 +05:30
harshal.patil
734724ba79 mbedtls: fix esp_aes_crypt_ctr writing to null stream block 2023-01-25 15:38:28 +05:30
harshal.patil
865a72eb8f mbedtls: added SOC_AES_SUPPORT_AES_192 check in esp_aes_gcm_setkey() 2023-01-25 15:38:28 +05:30
Laukik Hase
0f46f0cfa4
mbedtls: Update config options as per v2.28.2 release 2023-01-04 15:36:24 +05:30
Aditya Patwardhan
606ada809a esp_rsa_sign_alt: Fix esp_init_ds_data_ctx API to not modify user defined data when it is given directory from flash 2022-08-23 13:27:03 +05:30
Laukik Hase
e114850dda
mbedtls: Acquire lock before enabling MPI (RSA) hardware
- For ESP32-S3
2022-06-23 16:32:26 +05:30
Li Jingyi
4896d0c8f3 mbedtls: fix ssl server crash when enable mbedtls dynamic buffer
Not free keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods, because keycert will be used to parse client key exchange.
2022-06-08 14:27:41 +08:00
Li Jingyi
81c195fed2 fix(mbedtls): fix ssl server memory leak when enable mbedtls dynamic buffer function 2022-05-19 10:41:40 +08:00
Laukik Hase
51fc67f5fa ci: Fix issues for build stage
- Fixed logs expecting different format specifier
- Updated ignore list for check_public_header test
- Updated functions ported from mbedTLS
- Fix for make-system build errors
2022-02-02 15:03:48 +05:30
Laukik Hase
11366d643f mbedtls: Added option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT
  (config was kept for backward compatibility)
- Combined mbedTLS v2.28.x related options under a separate Kconfig menu
2022-02-02 10:56:48 +05:30
Laukik Hase
76b9beff3c mbedtls: Moved mbedtls_mpi_mul_int to port layer 2022-02-02 10:56:48 +05:30
Laukik Hase
76658d5066 mbedtls: Added config options for v2.28.0 upgrade 2022-02-02 10:56:48 +05:30
Li Jingyi
c91afab332 fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable MBEDTLS_SSL_PROTO_DTLS when open MBEDTLS_DYNAMIC_BUFFER 2021-12-21 16:31:47 +08:00
Jiang Jiang Jian
141c1cd004 Merge branch 'bugfix/crypto_allocate_lldesc_v4.4' into 'release/v4.4'
crypto: dont create DMA descriptors on the stack (v4.4)

See merge request espressif/esp-idf!16323
2021-12-08 13:31:41 +00:00
Marius Vikhammer
a1ee43fe9d crypto: also apply cache writeback/invalidate for SPIRAM_USE_MEMMAP
Closes https://github.com/espressif/esp-idf/issues/7944
2021-12-08 16:10:19 +08:00
Marius Vikhammer
3b3826b61c crypto: allocate all DMA descriptors to DMA capable memory.
These were previously placed on the stack, but the stack could be placed in
RTC RAM which is not DMA capable.
2021-12-08 16:10:18 +08:00
Li Jingyi
03b7ffdf4a feat(mbedtls): modify __wrap_mbedtls_ssl_setup to decrease SSL peak heap cost 2021-12-06 17:07:11 +08:00
Mahavir Jain
7fe9d41e33 esp_bignum: move check for supported MPI bits at start of API
This can allow hardware MPI API to return as soon as it identifies
that it can handle require bitlength operation.
2021-12-02 15:07:08 +05:30
Mahavir Jain
99c9637e9b mbedtls: fix hardware MPI (bignum) related regression
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
2021-12-02 15:07:08 +05:30
Marius Vikhammer
e3a771511a aes: fix potential unaligned access in aes-gcm 2021-11-12 12:28:28 +08:00
Sachin Billore
667017d517 ESP32S3 support for ESP-MQTT SSL Mutual Authentication with Digital Signature
Closes IDF-3859
2021-09-06 11:17:30 +05:30
Marius Vikhammer
63280dfec0 aes/sha: fixed driver reseting the wrong GDMA channel
Driver was using the channel ID from tx when reseting rx.
But since rx and tx is not necessarily from the same pair this could lead
to the driver reseting the wrong DMA channel.
2021-08-30 10:37:03 +08:00
Marius Vikhammer
bf21cf0c99 aes/sha: change gdma transfer ability for sram to be 1 byte aligned
Previously GDMA transfer ability was set to 4 bytes, but buffers might
be not fulfill these requirements
2021-08-05 11:02:17 +08:00
morris
d9819bc7ae gdma: set transfer ability 2021-07-16 14:47:09 +08:00
morris
3176ba11d8 gdma: update DMA soc data for esp32-s3 2021-07-16 14:47:09 +08:00
Kapil Gupta
38d6772507 mbedtls: Add config option key element and key element ext 2021-07-08 09:23:22 +05:30
Shu Chen
6fce2930d0 esp32h2: enable more components to support esp32h2
Involved components:
 * app_trace
 * esp-tls
 * esp_adc_cal
 * esp_pm
 * esp_serial_slave_link
 * esp_timer
 * freertos
 * idf_test
 * log
 * mbedtls
 * newlib
 * perfmon
 * spi_flash
 * spiffs
 * ulp
 * unity
 * vfs
2021-07-01 19:53:11 +08:00
Marius Vikhammer
19a492bc8d soc: add base support for ESP32-S3
Updates the following with changes from verification branches:

 * esp_rom linker files
 * rtc_cntl and system reg and struct headers

Also updates:
 * GDMA driver with new register layout
 * esptool submodule commit
2021-06-07 10:40:14 +08:00
Marius Vikhammer
9b4ba3d707 crypto: initial S3 Beta 3 bringup and testing for SHA/AES/RSA/flash enc 2021-05-18 11:25:41 +08:00
kapil.gupta
ad7cb5f5c1 wpa_supplicant: Write Crypto API based on mbedtls
This commit add following crypto changes

1. Update current crypto code with upstream supplicant code
2. Add a proper porting layer to use mbedtls APIs for all the crypto
   operations used by supplicant.

Internal crypto will be used when USE_MBEDLTS flag is disabled
in supplicant's menuconfig.

This commit also removes the clutter in crypto files due to partial
porting of some APIs to mbedtls, all the code from those files have
been removed and rewritten in a generic way, this is inspired from
current upstream code.

This also reduces the lib size significantly, supplicant's lib
size reduces around ~567kb after this change(NB: lib size doesn't
indicate reduction in final bin size).
2021-05-04 10:54:57 +00:00
yuanjm
93604b1a11 mbedtls: Fix mbedtls_ssl_send_alert_message crash due to ssl->out_iv is NULL 2021-04-22 09:33:59 +00:00
liuhan
e87c64dc44 mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS 2021-04-14 06:42:13 +00:00
Marius Vikhammer
fe71a8e340 aes/sha: use a shared lazy allocated GDMA channel for AES and SHA
Removed the old dynamically allocated GDMA channel approach.
It proved too unreliable as we couldn't not ensure consumers of the mbedtls
would properly free the channels after use.

Replaced by a single shared GDMA channel for AES and SHA, which won't be
released unless user specifically calls API for releasing it.
2021-03-09 09:23:05 +08:00
Angus Gratton
3ddfe1e8ac Merge branch 'bugfix/asserts_disabled' into 'master'
core: Fix assert path embedding, warnings when asserts are disabled

Closes IDFGH-4477

See merge request espressif/esp-idf!12371
2021-03-03 08:20:54 +00:00
Angus Gratton
d6f4d99d93 core system: Fix warnings in compilation when assertions are disabled
Adds a CI config for hello world that sets this, to catch future regressions
2021-03-03 10:26:57 +11:00
KonstantinKondrashov
f3dd0a37c7 mbedtls: Fix rsa test 2021-03-02 03:18:58 +08:00
Aditya Patwardhan
bf513b6f31 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
Angus Gratton
e7563fe704 mbedtls aes dma: Fix bug where DMA would complete when the first output descriptor was done, not the last 2021-02-12 04:08:12 +00:00
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Jiang Jiang Jian
ea79091725 Merge branch 'bugfix/esp32c3_wpa4096_cert_support' into 'master'
MbedTLS: Add software fallback for Modular Exponentiation for larger bignum operations

Closes WIFI-3257 and IDFGH-132

See merge request espressif/esp-idf!11928
2021-01-21 12:45:19 +08:00
Marius Vikhammer
51169b0e0c AES/SHA: use GDMA driver instead of LL 2021-01-19 11:02:51 +08:00
kapil.gupta
de22f3a4e5 MbedTLS: Add software fallback implementation for exp mod
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
2021-01-18 18:47:51 +05:30
morris
753a929525 global: fix sign-compare warnings 2021-01-12 14:05:08 +08:00
Marius Vikhammer
1b6891c5d8 mbedtls: merge changes from C3 2020-12-29 10:56:13 +08:00
Marius Vikhammer
457ce080ae AES: refactor and add HAL layer
Refactor the AES driver and add HAL, LL and caps.

Add better support for running AES-GCM fully in hardware.
2020-12-10 09:04:47 +00:00
Angus Gratton
5228d9f9ce esp32c3: Apply one-liner/small changes for ESP32-C3 2020-12-01 10:58:50 +11:00
Angus Gratton
d6bdd1cb32 Merge branch 'bugfix/small_cleanups' into 'master'
Small cleanups

See merge request espressif/esp-idf!11141
2020-11-23 17:23:53 +08:00
Dong Heng
1c9592efc4 fix(mbedtls): fix mbedtls dynamic resource memory leaks and RSA cert drop earlier
RX process caches the session information in "ssl->in_ctr" not in "ssl->in_buf".
So when freeing the SSL, can't free the "ssl->in_ctr", because the "ssl->in_buf"
is empty.

Make the RX process like TX process, and cache the session information in
"ssl->in_buf", so that the cache buffer can be freed when freeing the SSL.

Closes https://github.com/espressif/esp-idf/issues/6104
2020-11-19 07:31:50 +00:00
Marius Vikhammer
09e1d104ba SHA: fix dma lldesc going out of scope issue
DMA process didnt wait for idle before returning.
This meant that there was a potential for the dma
descriptors which were on the stack to be reclaimed
before the DMA operation finished.
2020-11-18 06:04:31 +00:00