blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-12 18:49:08 -04:00
Code Issues Projects Releases Wiki Activity
36,262 Commits 20 Branches 159 Tags
Commit Graph

615 Commits

Author SHA1 Message Date
Aditya Patwardhan
4c281f8eee Merge branch 'feature/esp32h2_eco5_ecc_v5.2' into 'release/v5.2' 
feat(ecc): enable ECC constant time mode for ESP32-H2 ECO5 (v5.2)

See merge request espressif/esp-idf!36586
 2025-02-11 09:54:03 +08:00
Aditya Patwardhan
e2086d518e
feat(docs): Update minimizing binary size 
The ESP32-H2 software countermeasure may not be necessary
        for ESP32-H2 v1.2 and above, this commit updates
        the relevant documentation
 2025-02-10 21:25:07 +05:30
Aditya Patwardhan
9b8a21d128
fix(soc): Fixed ECDSA register compatibility 2025-02-10 21:25:06 +05:30
Aditya Patwardhan
1c9146f0c2
fix(hal): Make the ECDSA countermeasure dynamically applicable 
This commit makes the ECDSA countermeasure dynamically applicable
    across different revisions of the ESP32H2 SoC.
 2025-02-10 21:24:58 +05:30
Mahavir Jain
84d2a8818c
feat(ecc): enable ECC constant time mode for ESP32-H2 ECO5 2025-02-06 08:14:50 +05:30
harshal.patil
e8a0496d36
feat(hal/aes): Enable pseudo rounds function during AES operations 2025-01-17 14:00:14 +05:30
Harshit Malpani
5a0324ad89
fix: Fixed build errors with TLS 1.3 only configuration 2024-11-28 09:49:03 +05:30
Mahavir Jain
2ea33342b9 Merge branch 'feat/mbedtls_size_optimization_v5.2' into 'release/v5.2' 
Fix the increase in build size of mbedtls while upgrading to v3.x (v5.2)

See merge request espressif/esp-idf!34253
 2024-10-28 11:17:10 +08:00
Mahavir Jain
e8058df59f Merge branch 'fix/mbedtls_fs_io_dependency_on_vfs_v5.2' into 'release/v5.2' 
fix(mbedtls): Fix the MBEDTLS_FS_IO dependency on vfs (v5.2)

See merge request espressif/esp-idf!34270
 2024-10-23 17:34:51 +08:00
Aditya Patwardhan
60a825e154 fix(mbedtls): Fix the MBEDTLS_FS_IO dependency on vfs 
By default MBEDTLS_FS_IO option in mbedtls uses the filesystem supported
added by vfs component.
If the vfs support is disabled by user then mbedtls raises a warning
that the filesystem realted operation shall always fail
This commit fixes the behaviour by enabling respective depedency check for the
MBEDTLS_FS_IO option

Closes https://github.com/espressif/esp-idf/issues/14409
 2024-10-23 11:04:13 +08:00
nilesh.kale
52a694abb9 feat(mbedtls): update mbedtls version to 3.6.2 2024-10-22 13:23:59 +05:30
harshal.patil
db38b93c8d
fix(mbedtls): Fix the increase in build size of mbedtls when upgrading to v3.x 2024-10-17 14:53:55 +05:30
harshal.patil
b5d25bd0b8
feat(mbedtls/esp_crt_bundle): Move dummy cert to .rodata to save 408B from dram 
Co-authored-by: Hanno <h.binder@web.de>
 2024-10-16 16:39:37 +05:30
nilesh.kale
2bc43825eb feat(mbedtls): updated mbedtls version to 3.6.1 2024-09-29 22:37:58 +05:30
Jiang Jiang Jian
3f72cc5410 Merge branch 'feat/bringup_esp32c2_rom_mbedtls_to_formal_feature_v5.2' into 'release/v5.2' 
feat(mbedtls): bringup rom mbedtls feature to formal (v5.2)

See merge request espressif/esp-idf!33801
 2024-09-27 12:15:51 +08:00
Aditya Patwardhan
2aad80cd92 Merge branch 'fix/ecdsa_verify_check_hash_len_v5.2' into 'release/v5.2' 
Wrap some mbedtls' ECDSA verification related APIs (v5.2)

See merge request espressif/esp-idf!33784
 2024-09-26 15:13:28 +08:00
Mahavir Jain
b20225d06a Merge branch 'feat/support_esp32c2_eco4_rom_mbedtls_v3.6.0_lts_v5.2' into 'release/v5.2' 
feat(mbedtls): support esp32c2 eco4 rom mbedtls v3.6.0 lts v5.2 (backport v5.2)

See merge request espressif/esp-idf!33421
 2024-09-26 11:02:28 +08:00
JiangGuangMing
3bfe43fb68 feat(mbedtls): bringup rom mbedtls feature to formal 2024-09-25 11:52:35 +08:00
harshal.patil
52cf97ebd5
feat(mbedtls): Wrap mbedtls_ecdsa_read_signature to use ECDSA hardware when possible 2024-09-24 16:50:38 +05:30
harshal.patil
a14ed03c11
fix(mbedtls/port): Check signature hash length before using ECDSA hardware 2024-09-24 16:50:28 +05:30
Aditya Patwardhan
5b6d8812d1
feat(hal): Add countermeasure for ECDSA generate signature 
The ECDSA peripheral before ECO5 of esp32h2 does not perform the ECDSA
    sign operation in constant time. This allows an attacker to read the
    power signature of the ECDSA sign operation and then calculate the
    ECDSA key stored inside the eFuse. The commit adds a countermeasure
    for this attack. In this case the real ECDSA sign operation is
    masked under dummy ECDSA sign operations to hide its real power
    signature
 2024-09-23 19:28:12 +05:30
Jiang Guang Ming
3340050eae feat(mbedtls): support rom mbedtls threading layer 2024-09-10 10:20:29 +08:00
Jiang Guang Ming
d4dea72f24 feat(mbedtls): select MBEDTLS_CMAC_C when MBEDTLS_USE_CRYPTO_ROM_IMPL enabled 2024-09-10 10:20:23 +08:00
Jiang Guang Ming
4c567bd203 feat(mbedtls): support ROM mbedtls v3.6.0 on C2 rev2.0(ECO4) 2024-09-10 10:20:14 +08:00
Richard Allen
cda82f8ee8 change(mbedtls/port): optimize gcm_mult() 
1) pre-shift GCM last4 to use 32-bit shift

On 32-bit architectures like Aarch32, RV32, Xtensa,
shifting a 64-bit variable by 32-bits is free,
since it changes the register representing half of the 64-bit var.
Pre-shift the last4 array to take advantage of this.

2) unroll first GCM iteration

The first loop of gcm_mult() is different from
the others. By unrolling it separately from the
others, the other iterations may take advantage
of the zero-overhead loop construct, in addition
to saving a conditional branch in the loop.
 2024-08-21 18:26:08 +05:30
Mahavir Jain
adea6829b3 fix(hal): correct the power up sequence for MPI/ECC peripherals in ESP32-C5 2024-07-02 13:36:54 +05:30
nilesh.kale
5d5113c5f9 feat(mbedtls): updated mbedtls version from 3.5.2 to 3.6.0 
This MR updated MbedTLS version to latest version 3.6.0.
 2024-05-07 14:16:37 +05:30
harshal.patil
bd826801ba
fix(mbedtls/ecdsa): Fix dependant peripheral's enable and reset 2024-04-11 13:46:59 +05:30
harshal.patil
85186042c3
feat(hal/ecdsa): Add HAL API for operation successful check 2024-04-11 12:33:06 +05:30
Aditya Patwardhan
b359cd85f1 Merge branch 'feature/mbedtls_error_str_config_v5.2' into 'release/v5.2' 
feat(mbedtls): add kconfig option for MBEDTLS_ERROR_C (v5.2)

See merge request espressif/esp-idf!30104
 2024-04-11 11:53:24 +08:00
Mahavir Jain
b6f5573e0f
feat(mbedtls): add kconfig option for MBEDTLS_ERROR_C 
Disabling this config can reduce footprint for the cases where
mbedtls_strerror() is used and hence the debug strings are getting
pulled into the application image.
 2024-04-08 16:02:21 +05:30
harshal.patil
c97d3aed45
fix(mbedtls/aes-gcm): Fix null pointer derefernce coverity reports 
- Also fixed a tcp_transport report
 2024-03-13 11:42:03 +05:30
harshal.patil
0f7c9a29a2
ci(mbedtls/gcm): Added test to verify software fallback for non-AES cipher GCM operations 2024-02-26 14:29:20 +05:30
harshal.patil
ca4f560f2b
fix(mbedtls/gcm): Add support for software fallback for non-AES ciphers in a GCM operation 
- Even if the config MBEDTLS_HARDWARE_AES is enabled, we now support fallback
to software implementation of GCM operations when non-AES ciphers are used.
 2024-02-26 14:29:18 +05:30
harshal.patil
5862b981ed
fix(mbedtls/gcm): Avoid using GCM hardware when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-16 11:54:39 +05:30
harshal.patil
38f13b15d3
fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-16 11:54:37 +05:30
nilesh.kale
7d358754a2 feat(mbedtls): updated mbedtls version from 3.5.0 to 3.5.2 
This updates the submodule mbedtls to its latest version 3.5.2.
 2024-02-05 12:50:27 +05:30
jim
5a234cf642 mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation 2024-01-08 14:23:32 +08:00
Darian Leung
b85e6d3dd8 change(xtensa): Deprecate ".../xtensa_timer.h" include path 
This commit deprecates the "freertos/xtensa_timer.h" and "xtensa/xtensa_timer.h"
include paths. Users should use "xtensa_timer.h" instead.

- Replace legacy include paths
- Removed some unnecessary includes of "xtensa_timer.h"
- Add warning to compatibility header
 2023-12-05 18:04:52 +08:00
harshal.patil
b94656115e
fix(mbedtls/aes): fix AES interrupt allocation for AES-GCM operations 2023-12-01 16:34:49 +05:30
Aditya Patwardhan
c1779ff8b7
fix(mbedtls): Removed redundant menuconfig entry 2023-11-29 09:50:12 +05:30
Jiang Jiang Jian
df7ba090f3 Merge branch 'bugfix/esp32h2_ecdsa_hardware_k_v5.2' into 'release/v5.2' 
fix(esp32h2): program use_hardware_k efuse bit for ECDSA key purpose (v5.2)

See merge request espressif/esp-idf!27234
 2023-11-21 11:13:37 +08:00
Mahavir Jain
f207ce15df fix(api-docs): include in the ECDSA APIs for doxygen build 2023-11-17 07:13:53 +00:00
Mahavir Jain
2882b6f68b docs: add ECDSA peripheral chapter for H2/P4 
- Add ECDSA peripheral chapter and instructions to program efuse key block
- Update security guide for ECDSA peripheral mention for device identity
- Link with ESP-TLS guide about using ECDSA peripheral in TLS connection
 2023-11-17 07:13:53 +00:00
Mahavir Jain
f434d21f4a fix(ecdsa): remove unused k_mode from the ECDSA HAL/LL API 
For ESP32-H2 case, the hardware k mode is always enforced through
efuse settings (done in startup code).

For ESP32-P4 case, the software k mode is not supported in the peripheral
itself and code was redundant.
 2023-11-17 07:13:53 +00:00
harshal.patil
9bf48e77f0
fix(mbedtls): move interrupt allocation during initialization phase 2023-11-16 16:16:57 +05:30
Jiang Guang Ming
e882782f0d feat(mbedtls): add new option CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL for mbedtls pytest 2023-10-23 13:10:44 +08:00
Jiang Guang Ming
37ec1cc592 feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM 2023-10-23 13:10:44 +08:00
Mahavir Jain
dbc33ca7aa Merge branch 'feature/add_intr_priority_config_option' into 'master' 
feat(mbedtls): Add config for interrupt priority in AES and RSA

Closes IDF-7963 and IDF-7964

See merge request espressif/esp-idf!26190
 2023-10-16 11:33:03 +08:00
Mahavir Jain
6b62065b92 Merge branch 'fix/crypto_periphs_use_rcc_atomic_blocks' into 'master' 
Use rcc atomic blocks to enable/reset crypto peripherals

See merge request espressif/esp-idf!25811
 2023-10-13 22:37:58 +08:00