diff --git a/vendors/espressif/boards/components/esp_http_server/CMakeLists.txt b/vendors/espressif/boards/components/esp_http_server/CMakeLists.txt new file mode 100644 index 00000000000..f1cc208f75c --- /dev/null +++ b/vendors/espressif/boards/components/esp_http_server/CMakeLists.txt @@ -0,0 +1 @@ +# Nothing to do, esp_http_server component can not be supported with FreeRTOS TCP stack diff --git a/vendors/espressif/boards/components/esp_http_server/component.mk b/vendors/espressif/boards/components/esp_http_server/component.mk new file mode 100644 index 00000000000..84596388d2f --- /dev/null +++ b/vendors/espressif/boards/components/esp_http_server/component.mk @@ -0,0 +1,2 @@ +# Nothing to do, esp_http_server component can not be supported with FreeRTOS TCP stack +COMPONENT_CONFIG_ONLY := 1 diff --git a/vendors/espressif/boards/esp32/components/freertos/CMakeLists.txt b/vendors/espressif/boards/components/freertos/CMakeLists.txt similarity index 94% rename from vendors/espressif/boards/esp32/components/freertos/CMakeLists.txt rename to vendors/espressif/boards/components/freertos/CMakeLists.txt index 888d0f8c7e3..750832b75cb 100644 --- a/vendors/espressif/boards/esp32/components/freertos/CMakeLists.txt +++ b/vendors/espressif/boards/components/freertos/CMakeLists.txt @@ -11,13 +11,13 @@ set( if(AFR_ENABLE_TESTS) list(APPEND include_dirs - "${CMAKE_CURRENT_LIST_DIR}/../../aws_tests/config_files" + "${CMAKE_CURRENT_LIST_DIR}/../../esp32/aws_tests/config_files" "${AMAZON_FREERTOS_FREERTOS_PLUS_DIR}/standard/freertos_plus_posix/include" "${AMAZON_FREERTOS_3RDPARTY_DIR}/unity/src" ) else() list(APPEND include_dirs - "${CMAKE_CURRENT_LIST_DIR}/../../aws_demos/config_files") + "${CMAKE_CURRENT_LIST_DIR}/../../esp32/aws_demos/config_files") endif() # Edit following two lines to set component requirements (see docs) diff --git a/vendors/espressif/boards/esp32/components/freertos/Kconfig b/vendors/espressif/boards/components/freertos/Kconfig similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/Kconfig rename to vendors/espressif/boards/components/freertos/Kconfig diff --git a/vendors/espressif/boards/esp32/components/freertos/component.mk b/vendors/espressif/boards/components/freertos/component.mk similarity index 87% rename from vendors/espressif/boards/esp32/components/freertos/component.mk rename to vendors/espressif/boards/components/freertos/component.mk index d61a7f11eaa..e1236a38c1c 100644 --- a/vendors/espressif/boards/esp32/components/freertos/component.mk +++ b/vendors/espressif/boards/components/freertos/component.mk @@ -1,9 +1,9 @@ -AMAZON_FREERTOS_LIB_DIR := ../../../../../../libraries -AMAZON_FREERTOS_KERNEL_DIR := ../../../../../../freertos_kernel +AMAZON_FREERTOS_LIB_DIR := ../../../../../libraries +AMAZON_FREERTOS_KERNEL_DIR := ../../../../../freertos_kernel ifndef AMAZON_FREERTOS_ENABLE_UNIT_TEST -AMAZON_FREERTOS_ESP32 := ../../../../../../vendors/espressif/boards/esp32/aws_demos +AMAZON_FREERTOS_ESP32 := ../../../../../vendors/espressif/boards/esp32/aws_demos else -AMAZON_FREERTOS_ESP32 := ../../../../../../vendors/espressif/boards/esp32/aws_tests +AMAZON_FREERTOS_ESP32 := ../../../../../vendors/espressif/boards/esp32/aws_tests endif diff --git a/vendors/espressif/boards/esp32/components/freertos/extra.c b/vendors/espressif/boards/components/freertos/extra.c similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/extra.c rename to vendors/espressif/boards/components/freertos/extra.c diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/FreeRTOS.h b/vendors/espressif/boards/components/freertos/include/freertos/FreeRTOS.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/FreeRTOS.h rename to vendors/espressif/boards/components/freertos/include/freertos/FreeRTOS.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/FreeRTOSConfig.h b/vendors/espressif/boards/components/freertos/include/freertos/FreeRTOSConfig.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/FreeRTOSConfig.h rename to vendors/espressif/boards/components/freertos/include/freertos/FreeRTOSConfig.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/event_groups.h b/vendors/espressif/boards/components/freertos/include/freertos/event_groups.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/event_groups.h rename to vendors/espressif/boards/components/freertos/include/freertos/event_groups.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/list.h b/vendors/espressif/boards/components/freertos/include/freertos/list.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/list.h rename to vendors/espressif/boards/components/freertos/include/freertos/list.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/portable.h b/vendors/espressif/boards/components/freertos/include/freertos/portable.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/portable.h rename to vendors/espressif/boards/components/freertos/include/freertos/portable.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/portmacro.h b/vendors/espressif/boards/components/freertos/include/freertos/portmacro.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/portmacro.h rename to vendors/espressif/boards/components/freertos/include/freertos/portmacro.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/queue.h b/vendors/espressif/boards/components/freertos/include/freertos/queue.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/queue.h rename to vendors/espressif/boards/components/freertos/include/freertos/queue.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/semphr.h b/vendors/espressif/boards/components/freertos/include/freertos/semphr.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/semphr.h rename to vendors/espressif/boards/components/freertos/include/freertos/semphr.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/task.h b/vendors/espressif/boards/components/freertos/include/freertos/task.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/task.h rename to vendors/espressif/boards/components/freertos/include/freertos/task.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/timers.h b/vendors/espressif/boards/components/freertos/include/freertos/timers.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/timers.h rename to vendors/espressif/boards/components/freertos/include/freertos/timers.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/xtensa_api.h b/vendors/espressif/boards/components/freertos/include/freertos/xtensa_api.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/xtensa_api.h rename to vendors/espressif/boards/components/freertos/include/freertos/xtensa_api.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/xtensa_context.h b/vendors/espressif/boards/components/freertos/include/freertos/xtensa_context.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/xtensa_context.h rename to vendors/espressif/boards/components/freertos/include/freertos/xtensa_context.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/xtensa_rtos.h b/vendors/espressif/boards/components/freertos/include/freertos/xtensa_rtos.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/xtensa_rtos.h rename to vendors/espressif/boards/components/freertos/include/freertos/xtensa_rtos.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos/xtensa_timer.h b/vendors/espressif/boards/components/freertos/include/freertos/xtensa_timer.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos/xtensa_timer.h rename to vendors/espressif/boards/components/freertos/include/freertos/xtensa_timer.h diff --git a/vendors/espressif/boards/esp32/components/freertos/include/freertos_tasks_c_additions.h b/vendors/espressif/boards/components/freertos/include/freertos_tasks_c_additions.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/include/freertos_tasks_c_additions.h rename to vendors/espressif/boards/components/freertos/include/freertos_tasks_c_additions.h diff --git a/vendors/espressif/boards/esp32/components/freertos/linker.lf b/vendors/espressif/boards/components/freertos/linker.lf similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos/linker.lf rename to vendors/espressif/boards/components/freertos/linker.lf diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/ethernet/CMakeLists.txt b/vendors/espressif/boards/components/freertos_tcpip/ethernet/CMakeLists.txt similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/ethernet/CMakeLists.txt rename to vendors/espressif/boards/components/freertos_tcpip/ethernet/CMakeLists.txt diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/ethernet/component.mk b/vendors/espressif/boards/components/freertos_tcpip/ethernet/component.mk similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/ethernet/component.mk rename to vendors/espressif/boards/components/freertos_tcpip/ethernet/component.mk diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/ethernet/include/esp_eth.h b/vendors/espressif/boards/components/freertos_tcpip/ethernet/include/esp_eth.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/ethernet/include/esp_eth.h rename to vendors/espressif/boards/components/freertos_tcpip/ethernet/include/esp_eth.h diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/ethernet/port.c b/vendors/espressif/boards/components/freertos_tcpip/ethernet/port.c similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/ethernet/port.c rename to vendors/espressif/boards/components/freertos_tcpip/ethernet/port.c diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/freertos_plus_tcp/CMakeLists.txt b/vendors/espressif/boards/components/freertos_tcpip/freertos_plus_tcp/CMakeLists.txt similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/freertos_plus_tcp/CMakeLists.txt rename to vendors/espressif/boards/components/freertos_tcpip/freertos_plus_tcp/CMakeLists.txt diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/freertos_plus_tcp/component.mk b/vendors/espressif/boards/components/freertos_tcpip/freertos_plus_tcp/component.mk similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/freertos_plus_tcp/component.mk rename to vendors/espressif/boards/components/freertos_tcpip/freertos_plus_tcp/component.mk diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/mdns/CMakeLists.txt b/vendors/espressif/boards/components/freertos_tcpip/mdns/CMakeLists.txt similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/mdns/CMakeLists.txt rename to vendors/espressif/boards/components/freertos_tcpip/mdns/CMakeLists.txt diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/mdns/component.mk b/vendors/espressif/boards/components/freertos_tcpip/mdns/component.mk similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/mdns/component.mk rename to vendors/espressif/boards/components/freertos_tcpip/mdns/component.mk diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/smartconfig_ack/CMakeLists.txt b/vendors/espressif/boards/components/freertos_tcpip/smartconfig_ack/CMakeLists.txt similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/smartconfig_ack/CMakeLists.txt rename to vendors/espressif/boards/components/freertos_tcpip/smartconfig_ack/CMakeLists.txt diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/smartconfig_ack/component.mk b/vendors/espressif/boards/components/freertos_tcpip/smartconfig_ack/component.mk similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/smartconfig_ack/component.mk rename to vendors/espressif/boards/components/freertos_tcpip/smartconfig_ack/component.mk diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/smartconfig_ack/include/smartconfig_ack.h b/vendors/espressif/boards/components/freertos_tcpip/smartconfig_ack/include/smartconfig_ack.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/smartconfig_ack/include/smartconfig_ack.h rename to vendors/espressif/boards/components/freertos_tcpip/smartconfig_ack/include/smartconfig_ack.h diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/smartconfig_ack/smartconfig_ack.c b/vendors/espressif/boards/components/freertos_tcpip/smartconfig_ack/smartconfig_ack.c similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/smartconfig_ack/smartconfig_ack.c rename to vendors/espressif/boards/components/freertos_tcpip/smartconfig_ack/smartconfig_ack.c diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/tcpip_adapter/CMakeLists.txt b/vendors/espressif/boards/components/freertos_tcpip/tcpip_adapter/CMakeLists.txt similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/tcpip_adapter/CMakeLists.txt rename to vendors/espressif/boards/components/freertos_tcpip/tcpip_adapter/CMakeLists.txt diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/tcpip_adapter/component.mk b/vendors/espressif/boards/components/freertos_tcpip/tcpip_adapter/component.mk similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/tcpip_adapter/component.mk rename to vendors/espressif/boards/components/freertos_tcpip/tcpip_adapter/component.mk diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/tcpip_adapter/include/tcpip_adapter.h b/vendors/espressif/boards/components/freertos_tcpip/tcpip_adapter/include/tcpip_adapter.h similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/tcpip_adapter/include/tcpip_adapter.h rename to vendors/espressif/boards/components/freertos_tcpip/tcpip_adapter/include/tcpip_adapter.h diff --git a/vendors/espressif/boards/esp32/components/freertos_tcpip/tcpip_adapter/tcpip_adapter.c b/vendors/espressif/boards/components/freertos_tcpip/tcpip_adapter/tcpip_adapter.c similarity index 100% rename from vendors/espressif/boards/esp32/components/freertos_tcpip/tcpip_adapter/tcpip_adapter.c rename to vendors/espressif/boards/components/freertos_tcpip/tcpip_adapter/tcpip_adapter.c diff --git a/vendors/espressif/boards/components/mbedtls/CMakeLists.txt b/vendors/espressif/boards/components/mbedtls/CMakeLists.txt new file mode 100644 index 00000000000..31338a9e71d --- /dev/null +++ b/vendors/espressif/boards/components/mbedtls/CMakeLists.txt @@ -0,0 +1,101 @@ +idf_component_register() + +set(FREERTOS_COMPONENT_DIR "${CMAKE_CURRENT_LIST_DIR}/../freertos") +set(MBEDTLS_DIR "${AFR_VENDORS_DIR}/espressif/esp-idf/components/mbedtls") + +string(FIND "${AFR_BOARD_NAME}" "esp32s2" SOC_NAME_ESP32S2) +string(FIND "${AFR_BOARD_NAME}" "esp32" SOC_NAME_ESP32) + +if (NOT(${SOC_NAME_ESP32S2} EQUAL -1)) + set(SOC_NAME "esp32s2") +elseif(NOT($SOC_NAME_ESP32) EQUAL -1) + set(SOC_NAME "esp32") +endif() + +target_compile_options( + afr_3rdparty_mbedtls + PUBLIC + ${IDF_COMPILE_OPTIONS} + $<$:${IDF_C_COMPILE_OPTIONS}> + $<$:${IDF_CXX_COMPILE_OPTIONS}> + "-Wno-maybe-uninitialized" +) + +set( + include_dirs + ${IDF_INCLUDE_DIRECTORIES} + ${MBEDTLS_DIR}/port/include + "${AFR_VENDORS_DIR}/espressif/esp-idf/components/xtensa/include" + "${AFR_VENDORS_DIR}/espressif/esp-idf/components/soc/soc/include" +) + +if("${SOC_NAME}" STREQUAL "esp32s2") + list(APPEND include_dirs + "${AFR_VENDORS_DIR}/espressif/esp-idf/components/soc/src/esp32s2/include" + "${AFR_VENDORS_DIR}/espressif/esp-idf/components/esp32s2/include" + ) +else() + list(APPEND include_dirs + "${AFR_VENDORS_DIR}/espressif/esp-idf/components/soc/src/esp32/include" + ) +endif() + +target_include_directories( + afr_3rdparty_mbedtls + BEFORE + PRIVATE + "${AFR_VENDORS_DIR}/espressif/esp-idf/components/vfs/include" + "${AFR_VENDORS_DIR}/espressif/esp-idf/components/soc/soc/include/soc" + ${FREERTOS_COMPONENT_DIR}/include + PUBLIC + ${include_dirs} +) + +set( + mbedtls_srcs + "${MBEDTLS_DIR}/port/esp_bignum.c" + "${MBEDTLS_DIR}/port/esp_mem.c" + "${MBEDTLS_DIR}/port/esp_hardware.c" + "${MBEDTLS_DIR}/port/mbedtls_debug.c" + "${MBEDTLS_DIR}/port/esp_aes_xts.c" +) + +if("${SOC_NAME}" STREQUAL "esp32s2") + list(APPEND mbedtls_srcs + "${MBEDTLS_DIR}/port/esp32s2/aes.c" + "${MBEDTLS_DIR}/port/esp32s2/sha.c" + "${MBEDTLS_DIR}/port/esp32s2/bignum.c" + "${MBEDTLS_DIR}/port/esp32s2/esp_sha1.c" + "${MBEDTLS_DIR}/port/esp32s2/esp_sha512.c" + "${MBEDTLS_DIR}/port/esp32s2/esp_sha256.c" + "${AFR_VENDORS_DIR}/espressif/esp-idf/components/esp32s2/esp_crypto_lock.c" + ) +else() + list(APPEND mbedtls_srcs + "${MBEDTLS_DIR}/port/esp32/aes.c" + "${MBEDTLS_DIR}/port/esp32/sha.c" + "${MBEDTLS_DIR}/port/esp32/bignum.c" + "${MBEDTLS_DIR}/port/esp32/esp_sha1.c" + "${MBEDTLS_DIR}/port/esp32/esp_sha512.c" + "${MBEDTLS_DIR}/port/esp32/esp_sha256.c" + ) +endif() + +target_sources( + afr_3rdparty_mbedtls + PUBLIC + ${mbedtls_srcs} +) + +target_compile_definitions( + afr_3rdparty_mbedtls + PUBLIC + ${IDF_COMPILE_DEFINITIONS} + -DMBEDTLS_CONFIG_FILE="${MBEDTLS_DIR}/port/include/mbedtls/esp_config.h" +) + +target_link_libraries( + ${COMPONENT_TARGET} + INTERFACE + afr_3rdparty_mbedtls +) diff --git a/vendors/espressif/boards/esp32/components/mbedtls/Kconfig b/vendors/espressif/boards/components/mbedtls/Kconfig similarity index 94% rename from vendors/espressif/boards/esp32/components/mbedtls/Kconfig rename to vendors/espressif/boards/components/mbedtls/Kconfig index e9d75794826..e4fea5f0ce8 100644 --- a/vendors/espressif/boards/esp32/components/mbedtls/Kconfig +++ b/vendors/espressif/boards/components/mbedtls/Kconfig @@ -181,6 +181,19 @@ config MBEDTLS_HAVE_TIME_DATE It is suggested that you should get the real time by "SNTP". +config MBEDTLS_ECDSA_DETERMINISTIC + bool "Enable deterministic ECDSA" + default y + help + Standard ECDSA is "fragile" in the sense that lack of entropy when signing + may result in a compromise of the long-term signing key. + +config MBEDTLS_SHA512_C + bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms" + default y + help + Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512. + choice MBEDTLS_TLS_MODE bool "TLS Protocol Role" default MBEDTLS_TLS_SERVER_AND_CLIENT @@ -589,4 +602,25 @@ config MBEDTLS_ECP_NIST_OPTIM # end of Elliptic Curve options +config MBEDTLS_THREADING_C + bool "Enable the threading abstraction layer" + default n + help + If you do intend to use contexts between threads, you will need to enable + this layer to prevent race conditions. + +config MBEDTLS_THREADING_ALT + bool "Enable threading alternate implementation" + depends on MBEDTLS_THREADING_C + default y + help + Enable threading alt to allow your own alternate threading implementation. + +config MBEDTLS_THREADING_PTHREAD + bool "Enable threading pthread implementation" + depends on MBEDTLS_THREADING_C + default n + help + Enable the pthread wrapper layer for the threading layer. + endmenu # mbedTLS diff --git a/vendors/espressif/boards/components/mbedtls/Makefile.projbuild b/vendors/espressif/boards/components/mbedtls/Makefile.projbuild new file mode 100644 index 00000000000..18e2a8c55c3 --- /dev/null +++ b/vendors/espressif/boards/components/mbedtls/Makefile.projbuild @@ -0,0 +1,5 @@ +# Anyone compiling mbedTLS code needs the name of the +# alternative config file +MBEDTLS_DIR := ../../../esp-idf/components/mbedtls/port/include +CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"$(MBEDTLS_DIR)/mbedtls/esp_config.h"' + diff --git a/vendors/espressif/boards/esp32/components/mbedtls/component.mk b/vendors/espressif/boards/components/mbedtls/component.mk similarity index 53% rename from vendors/espressif/boards/esp32/components/mbedtls/component.mk rename to vendors/espressif/boards/components/mbedtls/component.mk index 2de38d92c8f..f10b0a32a2c 100644 --- a/vendors/espressif/boards/esp32/components/mbedtls/component.mk +++ b/vendors/espressif/boards/components/mbedtls/component.mk @@ -1,9 +1,10 @@ -AMAZON_FREERTOS_LIB_DIR := ../../../../../../libraries +AMAZON_FREERTOS_LIB_DIR := ../../../../../libraries +MBEDTLS_DIR := ../../../esp-idf/components/mbedtls -COMPONENT_SRCDIRS := $(AMAZON_FREERTOS_LIB_DIR)/3rdparty/mbedtls/library port \ - $(AMAZON_FREERTOS_LIB_DIR)/3rdparty/mbedtls_utils +COMPONENT_SRCDIRS := $(AMAZON_FREERTOS_LIB_DIR)/3rdparty/mbedtls/library $(MBEDTLS_DIR)/port \ + $(MBEDTLS_DIR)/port/esp32 $(AMAZON_FREERTOS_LIB_DIR)/3rdparty/mbedtls_utils -COMPONENT_ADD_INCLUDEDIRS := port/include $(AMAZON_FREERTOS_LIB_DIR)/3rdparty/mbedtls/include +COMPONENT_ADD_INCLUDEDIRS := $(MBEDTLS_DIR)/port/include $(AMAZON_FREERTOS_LIB_DIR)/3rdparty/mbedtls/include libraries/3rdparty/mbedtls/library/hmac_drbg.o: CFLAGS += -Wno-maybe-uninitialized libraries/3rdparty/mbedtls/library/x509_crt.o: CFLAGS += -Wno-maybe-uninitialized diff --git a/vendors/espressif/boards/esp32/components/nghttp/CMakeLists.txt b/vendors/espressif/boards/components/nghttp/CMakeLists.txt similarity index 100% rename from vendors/espressif/boards/esp32/components/nghttp/CMakeLists.txt rename to vendors/espressif/boards/components/nghttp/CMakeLists.txt diff --git a/vendors/espressif/boards/esp32/components/nghttp/component.mk b/vendors/espressif/boards/components/nghttp/component.mk similarity index 100% rename from vendors/espressif/boards/esp32/components/nghttp/component.mk rename to vendors/espressif/boards/components/nghttp/component.mk diff --git a/vendors/espressif/boards/components/protocomm/CMakeLists.txt b/vendors/espressif/boards/components/protocomm/CMakeLists.txt new file mode 100644 index 00000000000..bc4241cbea4 --- /dev/null +++ b/vendors/espressif/boards/components/protocomm/CMakeLists.txt @@ -0,0 +1 @@ +# Nothing to do, protocomm component can not be supported with FreeRTOS TCP stack diff --git a/vendors/espressif/boards/components/protocomm/component.mk b/vendors/espressif/boards/components/protocomm/component.mk new file mode 100644 index 00000000000..c8465cbc1b1 --- /dev/null +++ b/vendors/espressif/boards/components/protocomm/component.mk @@ -0,0 +1,2 @@ +# Nothing to do, protocomm component can not be supported with FreeRTOS TCP stack +COMPONENT_CONFIG_ONLY := 1 diff --git a/vendors/espressif/boards/esp32/components/secure_sockets/CMakeLists.txt b/vendors/espressif/boards/components/secure_sockets/CMakeLists.txt similarity index 100% rename from vendors/espressif/boards/esp32/components/secure_sockets/CMakeLists.txt rename to vendors/espressif/boards/components/secure_sockets/CMakeLists.txt diff --git a/vendors/espressif/boards/esp32/components/secure_sockets/component.mk b/vendors/espressif/boards/components/secure_sockets/component.mk similarity index 79% rename from vendors/espressif/boards/esp32/components/secure_sockets/component.mk rename to vendors/espressif/boards/components/secure_sockets/component.mk index 904d681b7df..0a32df2d929 100644 --- a/vendors/espressif/boards/esp32/components/secure_sockets/component.mk +++ b/vendors/espressif/boards/components/secure_sockets/component.mk @@ -1,5 +1,5 @@ -AMAZON_FREERTOS_ABSTRACTIONS_DIR := ../../../../../../libraries/abstractions -AMAZON_FREERTOS_3RD_PARTY_DIR := ../../../../../../libraries/3rdparty +AMAZON_FREERTOS_ABSTRACTIONS_DIR := ../../../../../libraries/abstractions +AMAZON_FREERTOS_3RD_PARTY_DIR := ../../../../../libraries/3rdparty AMAZON_FREERTOS_PORTS_DIR := ../../ports ifndef AFR_ESP_FREERTOS_TCP diff --git a/vendors/espressif/boards/esp32/components/secure_sockets/include/netdb.h b/vendors/espressif/boards/components/secure_sockets/include/netdb.h similarity index 100% rename from vendors/espressif/boards/esp32/components/secure_sockets/include/netdb.h rename to vendors/espressif/boards/components/secure_sockets/include/netdb.h diff --git a/vendors/espressif/boards/esp32/components/secure_sockets/include/sockets.h b/vendors/espressif/boards/components/secure_sockets/include/sockets.h similarity index 100% rename from vendors/espressif/boards/esp32/components/secure_sockets/include/sockets.h rename to vendors/espressif/boards/components/secure_sockets/include/sockets.h diff --git a/vendors/espressif/boards/components/wifi_provisioning/CMakeLists.txt b/vendors/espressif/boards/components/wifi_provisioning/CMakeLists.txt new file mode 100644 index 00000000000..fe70ed7ab89 --- /dev/null +++ b/vendors/espressif/boards/components/wifi_provisioning/CMakeLists.txt @@ -0,0 +1 @@ +# Nothing to do, wifi_provisioning component can not be supported with FreeRTOS TCP stack diff --git a/vendors/espressif/boards/components/wifi_provisioning/component.mk b/vendors/espressif/boards/components/wifi_provisioning/component.mk new file mode 100644 index 00000000000..93c86e48144 --- /dev/null +++ b/vendors/espressif/boards/components/wifi_provisioning/component.mk @@ -0,0 +1,2 @@ +# Nothing to do, wifi_provisioning component can not be supported with FreeRTOS TCP stack +COMPONENT_CONFIG_ONLY := 1 diff --git a/vendors/espressif/boards/esp32/CMakeLists.txt b/vendors/espressif/boards/esp32/CMakeLists.txt index 7a2468aafa0..10625582d6c 100644 --- a/vendors/espressif/boards/esp32/CMakeLists.txt +++ b/vendors/espressif/boards/esp32/CMakeLists.txt @@ -59,8 +59,8 @@ target_link_options( # ------------------------------------------------------------------------------------------------- # FreeRTOS portable layers # ------------------------------------------------------------------------------------------------- -set(afr_ports_dir "${CMAKE_CURRENT_LIST_DIR}/ports") -set(extra_components_dir "${CMAKE_CURRENT_LIST_DIR}/components") +set(afr_ports_dir "${CMAKE_CURRENT_LIST_DIR}/../ports") +set(extra_components_dir "${CMAKE_CURRENT_LIST_DIR}/../components") set(board_demos_dir "${CMAKE_CURRENT_LIST_DIR}/aws_demos") set(board_tests_dir "${CMAKE_CURRENT_LIST_DIR}/aws_tests") set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}) @@ -90,13 +90,14 @@ set( "${esp_idf_dir}/components/nvs_flash/include" "${esp_idf_dir}/components/pthread/include" "${esp_idf_dir}/components/newlib/platform_include" + "${esp_idf_dir}/components/soc/src/esp32/include" "${esp_idf_dir}/components/soc/soc/esp32/include" "${esp_idf_dir}/components/soc/include" "${esp_idf_dir}/components/spi_flash/include" "${esp_idf_dir}/components/vfs/include" "${esp_idf_dir}/components/esp_ringbuf/include/" "${extra_components_dir}/freertos/include" - "${extra_components_dir}/mbedtls/port/include" + "${esp_idf_dir}/components/mbedtls/port/include" "${esp_idf_dir}/components/xtensa/esp32/include/xtensa" "${esp_idf_dir}/components/xtensa/esp32/include" "${esp_idf_dir}/components/xtensa/include" diff --git a/vendors/espressif/boards/esp32/aws_demos/application_code/espressif_code/amazon-freertos-common/component.mk b/vendors/espressif/boards/esp32/aws_demos/application_code/espressif_code/amazon-freertos-common/component.mk index a715abdaebc..b9e316d2c0f 100644 --- a/vendors/espressif/boards/esp32/aws_demos/application_code/espressif_code/amazon-freertos-common/component.mk +++ b/vendors/espressif/boards/esp32/aws_demos/application_code/espressif_code/amazon-freertos-common/component.mk @@ -12,7 +12,7 @@ AMAZON_FREERTOS_3RD_PARTY_DIR := ../../../../../../../../libraries/3rdparty AMAZON_FREERTOS_ABSTRACTIONS_DIR := ../../../../../../../../libraries/abstractions AMAZON_FREERTOS_ARF_PLUS_DIR := ../../../../../../../../libraries/freertos_plus AMAZON_FREERTOS_ARF_KERNEL := ../../../../../../../../freertos_kernel -AMAZON_FREERTOS_ARF_PORTS := ../../../../../../../../vendors/espressif/boards/esp32/ports +AMAZON_FREERTOS_ARF_PORTS := ../../../../../../../../vendors/espressif/boards/ports AMAZON_FREERTOS_TESTS_DIR := ../../../../../../../../tests AMAZON_FREERTOS_DEMOS_DIR := ../../../../../../../../demos @@ -96,7 +96,7 @@ COMPONENT_PRIV_INCLUDEDIRS := $(AMAZON_FREERTOS_ABSTRACTIONS_DIR)/pkcs11 \ lib/greengrass/aws_greengrass_discovery.o: CFLAGS+=-Wno-format lib/common/aws_logging_task_dynamic_buffers.o: CFLAGS+=-Wno-format -Wno-uninitialized libraries/c_sdk/aws/defender/src/aws_iot_defender_api.o: CFLAGS+=-Wno-unused-but-set-variable -vendors/espressif/boards/esp32/ports/ble/iot_ble_hal_gatt_server.o: CFLAGS+=-Wno-stringop-overflow +vendors/espressif/boards/ports/ble/iot_ble_hal_gatt_server.o: CFLAGS+=-Wno-stringop-overflow ifdef AMAZON_FREERTOS_ENABLE_UNIT_TEST COMPONENT_SRCDIRS += ../.. \ diff --git a/vendors/espressif/boards/esp32/aws_tests/application_code/espressif_code/amazon-freertos-tests/component.mk b/vendors/espressif/boards/esp32/aws_tests/application_code/espressif_code/amazon-freertos-tests/component.mk index 6d61a516868..f9083cbf8b0 100644 --- a/vendors/espressif/boards/esp32/aws_tests/application_code/espressif_code/amazon-freertos-tests/component.mk +++ b/vendors/espressif/boards/esp32/aws_tests/application_code/espressif_code/amazon-freertos-tests/component.mk @@ -12,7 +12,7 @@ AMAZON_FREERTOS_3RD_PARTY_DIR := ../../../../../../../../libraries/3rdparty AMAZON_FREERTOS_ABSTRACTIONS_DIR := ../../../../../../../../libraries/abstractions AMAZON_FREERTOS_ARF_PLUS_DIR := ../../../../../../../../libraries/freertos_plus AMAZON_FREERTOS_ARF_KERNEL := ../../../../../../../../freertos_kernel -AMAZON_FREERTOS_ARF_PORTS := ../../../../../../../../vendors/espressif/boards/esp32/ports +AMAZON_FREERTOS_ARF_PORTS := ../../../../../../../../vendors/espressif/boards/ports AMAZON_FREERTOS_TESTS_DIR := ../../../../../../../../tests AMAZON_FREERTOS_DEMOS_DIR := ../../../../../../../../demos @@ -157,7 +157,7 @@ tests/common/ota/aws_test_ota_pal.o: CFLAGS+=-Wno-pointer-sign -Wno-sizeof-point tests/common/ota/aws_test_ota_agent.o: CFLAGS+=-Wno-pointer-sign libraries/c_sdk/standard/mqtt/test/unit/iot_tests_mqtt_metrics.o: CFLAGS+=-Wno-nonnull libraries/freertos_plus/standard/tls/test/iot_test_tls.o: CFLAGS+=-Wno-nonnull -vendors/espressif/boards/esp32/ports/ble/iot_ble_hal_gatt_server.o: CFLAGS+=-Wno-stringop-overflow +vendors/espressif/boards/ports/ble/iot_ble_hal_gatt_server.o: CFLAGS+=-Wno-stringop-overflow else COMPONENT_SRCDIRS += ../.. \ diff --git a/vendors/espressif/boards/esp32/components/mbedtls/CMakeLists.txt b/vendors/espressif/boards/esp32/components/mbedtls/CMakeLists.txt deleted file mode 100644 index 9488f0bf2da..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/CMakeLists.txt +++ /dev/null @@ -1,54 +0,0 @@ -idf_component_register() - -set(FREERTOS_COMPONENT_DIR "${CMAKE_CURRENT_LIST_DIR}/../freertos") - -target_compile_options( - afr_3rdparty_mbedtls - PUBLIC - ${IDF_COMPILE_OPTIONS} - $<$:${IDF_C_COMPILE_OPTIONS}> - $<$:${IDF_CXX_COMPILE_OPTIONS}> - "-Wno-maybe-uninitialized" -) - -target_include_directories( - afr_3rdparty_mbedtls - BEFORE - PRIVATE - "${AFR_VENDORS_DIR}/espressif/esp-idf/components/vfs/include" - "${AFR_VENDORS_DIR}/espressif/esp-idf/components/soc/soc/include/soc" - ${FREERTOS_COMPONENT_DIR}/include - PUBLIC - ${IDF_INCLUDE_DIRECTORIES} - ${CMAKE_CURRENT_LIST_DIR}/port/include - "${AFR_VENDORS_DIR}/espressif/esp-idf/components/xtensa/include" - "${AFR_VENDORS_DIR}/espressif/esp-idf/components/soc/soc/include" - "${AFR_VENDORS_DIR}/espressif/esp-idf/components/soc/src/esp32/include" -) - -target_sources( - afr_3rdparty_mbedtls - PUBLIC - "${CMAKE_CURRENT_LIST_DIR}/port/esp_bignum.c" - "${CMAKE_CURRENT_LIST_DIR}/port/esp_mem.c" - "${CMAKE_CURRENT_LIST_DIR}/port/esp_sha256.c" - "${CMAKE_CURRENT_LIST_DIR}/port/esp_hardware.c" - "${CMAKE_CURRENT_LIST_DIR}/port/esp_sha1.c" - "${CMAKE_CURRENT_LIST_DIR}/port/esp_sha512.c" - "${CMAKE_CURRENT_LIST_DIR}/port/mbedtls_debug.c" - "${CMAKE_CURRENT_LIST_DIR}/port/aes.c" - "${CMAKE_CURRENT_LIST_DIR}/port/sha.c" -) - -target_compile_definitions( - afr_3rdparty_mbedtls - PUBLIC - ${IDF_COMPILE_DEFINITIONS} - -DMBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/port/include/mbedtls/esp_config.h" -) - -target_link_libraries( - ${COMPONENT_TARGET} - INTERFACE - afr_3rdparty_mbedtls -) diff --git a/vendors/espressif/boards/esp32/components/mbedtls/Makefile.projbuild b/vendors/espressif/boards/esp32/components/mbedtls/Makefile.projbuild deleted file mode 100644 index ec9d6f2ce7e..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/Makefile.projbuild +++ /dev/null @@ -1,4 +0,0 @@ -# Anyone compiling mbedTLS code needs the name of the -# alternative config file -CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"' - diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/aes.c b/vendors/espressif/boards/esp32/components/mbedtls/port/aes.c deleted file mode 100644 index 3ac78397c86..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/aes.c +++ /dev/null @@ -1,754 +0,0 @@ -/** - * \brief AES block cipher, ESP32 hardware accelerated version - * Based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. - * - * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf - * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf - */ -#include -#include "mbedtls/aes.h" -#include "mbedtls/platform_util.h" -#include "aes.h" -#include "soc/hwcrypto_periph.h" -#include - -#include - -#include "soc/cpu.h" -#include -#include "driver/periph_ctrl.h" - - -/* AES uses a spinlock mux not a lock as the underlying block operation - only takes 208 cycles (to write key & compute block), +600 cycles - for DPORT protection but +3400 cycles again if you use a full sized lock. - - For CBC, CFB, etc. this may mean that interrupts are disabled for a longer - period of time for bigger lengths. However at the moment this has to happen - anyway due to DPORT protection... -*/ -static portMUX_TYPE aes_spinlock = portMUX_INITIALIZER_UNLOCKED; - -static inline bool valid_key_length(const esp_aes_context *ctx) -{ - return ctx->key_bytes == 128/8 || ctx->key_bytes == 192/8 || ctx->key_bytes == 256/8; -} - -void esp_aes_acquire_hardware( void ) -{ - portENTER_CRITICAL(&aes_spinlock); - - /* Enable AES hardware */ - periph_module_enable(PERIPH_AES_MODULE); -} - -void esp_aes_release_hardware( void ) -{ - /* Disable AES hardware */ - periph_module_disable(PERIPH_AES_MODULE); - - portEXIT_CRITICAL(&aes_spinlock); -} - -void esp_aes_init( esp_aes_context *ctx ) -{ - bzero( ctx, sizeof( esp_aes_context ) ); -} - -void esp_aes_free( esp_aes_context *ctx ) -{ - if ( ctx == NULL ) { - return; - } - - bzero( ctx, sizeof( esp_aes_context ) ); -} - - - -/* - * AES key schedule (same for encryption or decryption, as hardware handles schedule) - * - */ -int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, - unsigned int keybits ) -{ - if (keybits != 128 && keybits != 192 && keybits != 256) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - ctx->key_bytes = keybits / 8; - memcpy(ctx->key, key, ctx->key_bytes); - ctx->key_in_hardware = 0; - return 0; -} - -/* - * Helper function to copy key from esp_aes_context buffer - * to hardware key registers. - * - * Call only while holding esp_aes_acquire_hardware(). - */ -static void esp_aes_setkey_hardware(esp_aes_context *ctx, int mode) -{ - const uint32_t MODE_DECRYPT_BIT = 4; - unsigned mode_reg_base = (mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT; - - ctx->key_in_hardware = 0; - - for (int i = 0; i < ctx->key_bytes/4; ++i) { - DPORT_REG_WRITE(AES_KEY_BASE + i * 4, *(((uint32_t *)ctx->key) + i)); - ctx->key_in_hardware += 4; - } - - DPORT_REG_WRITE(AES_MODE_REG, mode_reg_base + ((ctx->key_bytes / 8) - 2)); - - /* Fault injection check: all words of key data should have been written to hardware */ - if (ctx->key_in_hardware < 16 - || ctx->key_in_hardware != ctx->key_bytes) { - abort(); - } -} - -/* Run a single 16 byte block of AES, using the hardware engine. - * - * Call only while holding esp_aes_acquire_hardware(). - */ -static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output) -{ - const uint32_t *input_words = (const uint32_t *)input; - uint32_t i0, i1, i2, i3; - uint32_t *output_words = (uint32_t *)output; - - /* If no key is written to hardware yet, either the user hasn't called - mbedtls_aes_setkey_enc/mbedtls_aes_setkey_dec - meaning we also don't - know which mode to use - or a fault skipped the - key write to hardware. Treat this as a fatal error and zero the output block. - */ - if (ctx->key_in_hardware != ctx->key_bytes) { - bzero(output, 16); - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - } - - /* Storing i0,i1,i2,i3 in registers not an array - helps a lot with optimisations at -Os level */ - i0 = input_words[0]; - DPORT_REG_WRITE(AES_TEXT_BASE, i0); - - i1 = input_words[1]; - DPORT_REG_WRITE(AES_TEXT_BASE + 4, i1); - - i2 = input_words[2]; - DPORT_REG_WRITE(AES_TEXT_BASE + 8, i2); - - i3 = input_words[3]; - DPORT_REG_WRITE(AES_TEXT_BASE + 12, i3); - - DPORT_REG_WRITE(AES_START_REG, 1); - - while (DPORT_REG_READ(AES_IDLE_REG) != 1) { } - - esp_dport_access_read_buffer(output_words, AES_TEXT_BASE, 4); - - /* Physical security check: Verify the AES accelerator actually ran, and wasn't - skipped due to external fault injection while starting the peripheral. - - Note that i0,i1,i2,i3 are copied from input buffer in case input==output. - - Bypassing this check requires at least one additional fault. - */ - if(i0 == output_words[0] && i1 == output_words[1] && i2 == output_words[2] && i3 == output_words[3]) { - // calling zeroing functions to narrow the - // window for a double-fault of the abort step, here - memset(output, 0, 16); - mbedtls_platform_zeroize(output, 16); - abort(); - } - - return 0; -} - -/* - * AES-ECB block encryption - */ -int esp_internal_aes_encrypt( esp_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - int r; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - r = esp_aes_block(ctx, input, output); - esp_aes_release_hardware(); - return r; -} - -/* - * AES-ECB block decryption - */ - -int esp_internal_aes_decrypt( esp_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - int r; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - esp_aes_setkey_hardware(ctx, ESP_AES_DECRYPT); - r = esp_aes_block(ctx, input, output); - esp_aes_release_hardware(); - return r; -} - -/* - * AES-ECB block encryption/decryption - */ -int esp_aes_crypt_ecb( esp_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) -{ - int r; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - esp_aes_setkey_hardware(ctx, mode); - r = esp_aes_block(ctx, input, output); - esp_aes_release_hardware(); - - return r; -} - - -/* - * AES-CBC buffer encryption/decryption - */ -int esp_aes_crypt_cbc( esp_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - int i; - uint32_t *output_words = (uint32_t *)output; - const uint32_t *input_words = (const uint32_t *)input; - uint32_t *iv_words = (uint32_t *)iv; - unsigned char temp[16]; - - if ( length % 16 ) { - return ( ERR_ESP_AES_INVALID_INPUT_LENGTH ); - } - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - - esp_aes_setkey_hardware(ctx, mode); - - if ( mode == ESP_AES_DECRYPT ) { - while ( length > 0 ) { - memcpy(temp, input_words, 16); - esp_aes_block(ctx, input_words, output_words); - - for ( i = 0; i < 4; i++ ) { - output_words[i] = output_words[i] ^ iv_words[i]; - } - - memcpy( iv_words, temp, 16 ); - - input_words += 4; - output_words += 4; - length -= 16; - } - } else { // ESP_AES_ENCRYPT - while ( length > 0 ) { - - for ( i = 0; i < 4; i++ ) { - output_words[i] = input_words[i] ^ iv_words[i]; - } - - esp_aes_block(ctx, output_words, output_words); - memcpy( iv_words, output_words, 16 ); - - input_words += 4; - output_words += 4; - length -= 16; - } - } - - esp_aes_release_hardware(); - - return 0; -} - -/* - * AES-CFB128 buffer encryption/decryption - */ -int esp_aes_crypt_cfb128( esp_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - int c; - size_t n = *iv_off; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - - if ( mode == ESP_AES_DECRYPT ) { - while ( length-- ) { - if ( n == 0 ) { - esp_aes_block(ctx, iv, iv); - } - - c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); - iv[n] = (unsigned char) c; - - n = ( n + 1 ) & 0x0F; - } - } else { - while ( length-- ) { - if ( n == 0 ) { - esp_aes_block(ctx, iv, iv); - } - - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); - - n = ( n + 1 ) & 0x0F; - } - } - - *iv_off = n; - - esp_aes_release_hardware(); - - return 0; -} - -/* - * AES-CFB8 buffer encryption/decryption - */ -int esp_aes_crypt_cfb8( esp_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - unsigned char c; - unsigned char ov[17]; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - - while ( length-- ) { - memcpy( ov, iv, 16 ); - esp_aes_block(ctx, iv, iv); - - if ( mode == ESP_AES_DECRYPT ) { - ov[16] = *input; - } - - c = *output++ = (unsigned char)( iv[0] ^ *input++ ); - - if ( mode == ESP_AES_ENCRYPT ) { - ov[16] = c; - } - - memcpy( iv, ov + 1, 16 ); - } - - esp_aes_release_hardware(); - - return 0; -} - -/* - * AES-CTR buffer encryption/decryption - */ -int esp_aes_crypt_ctr( esp_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) -{ - int c, i; - size_t n = *nc_off; - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - ctx->key_in_hardware = 0; - - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - - while ( length-- ) { - if ( n == 0 ) { - esp_aes_block(ctx, nonce_counter, stream_block); - - for ( i = 16; i > 0; i-- ) - if ( ++nonce_counter[i - 1] != 0 ) { - break; - } - } - c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); - - n = ( n + 1 ) & 0x0F; - } - - *nc_off = n; - - esp_aes_release_hardware(); - - return 0; -} - -/* - * AES-OFB (Output Feedback Mode) buffer encryption/decryption - */ -int esp_aes_crypt_ofb( esp_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - int ret = 0; - size_t n; - - if ( ctx == NULL || iv_off == NULL || iv == NULL || - input == NULL || output == NULL ) { - return MBEDTLS_ERR_AES_BAD_INPUT_DATA; - } - - n = *iv_off; - - if( n > 15 ) { - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); - } - - if (!valid_key_length(ctx)) { - return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; - } - - esp_aes_acquire_hardware(); - - esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT); - - while( length-- ) { - if( n == 0 ) { - esp_aes_block(ctx, iv, iv); - } - *output++ = *input++ ^ iv[n]; - - n = ( n + 1 ) & 0x0F; - } - - *iv_off = n; - - esp_aes_release_hardware(); - - return( ret ); -} - -/* Below XTS implementation is copied aes.c of mbedtls library. - * When MBEDTLS_AES_ALT is defined mbedtls expects alternate - * definition of XTS functions to be available. Even if this - * could have been avoided, it is done for consistency reason. - */ - -void esp_aes_xts_init( esp_aes_xts_context *ctx ) -{ - esp_aes_init( &ctx->crypt ); - esp_aes_init( &ctx->tweak ); -} - -void esp_aes_xts_free( esp_aes_xts_context *ctx ) -{ - esp_aes_free( &ctx->crypt ); - esp_aes_free( &ctx->tweak ); -} - -static int esp_aes_xts_decode_keys( const unsigned char *key, - unsigned int keybits, - const unsigned char **key1, - unsigned int *key1bits, - const unsigned char **key2, - unsigned int *key2bits ) -{ - const unsigned int half_keybits = keybits / 2; - const unsigned int half_keybytes = half_keybits / 8; - - switch( keybits ) - { - case 256: break; - case 512: break; - default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); - } - - *key1bits = half_keybits; - *key2bits = half_keybits; - *key1 = &key[0]; - *key2 = &key[half_keybytes]; - - return 0; -} - -int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ - int ret; - const unsigned char *key1, *key2; - unsigned int key1bits, key2bits; - - ret = esp_aes_xts_decode_keys( key, keybits, &key1, &key1bits, - &key2, &key2bits ); - if( ret != 0 ) - return( ret ); - - /* Set the tweak key. Always set tweak key for the encryption mode. */ - ret = esp_aes_setkey( &ctx->tweak, key2, key2bits ); - if( ret != 0 ) - return( ret ); - - /* Set crypt key for encryption. */ - return esp_aes_setkey( &ctx->crypt, key1, key1bits ); -} - -int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ - int ret; - const unsigned char *key1, *key2; - unsigned int key1bits, key2bits; - - ret = esp_aes_xts_decode_keys( key, keybits, &key1, &key1bits, - &key2, &key2bits ); - if( ret != 0 ) - return( ret ); - - /* Set the tweak key. Always set tweak key for encryption. */ - ret = esp_aes_setkey( &ctx->tweak, key2, key2bits ); - if( ret != 0 ) - return( ret ); - - /* Set crypt key for decryption. */ - return esp_aes_setkey( &ctx->crypt, key1, key1bits ); -} - -/* Endianess with 64 bits values */ -#ifndef GET_UINT64_LE -#define GET_UINT64_LE(n,b,i) \ -{ \ - (n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \ - | ( (uint64_t) (b)[(i) + 6] << 48 ) \ - | ( (uint64_t) (b)[(i) + 5] << 40 ) \ - | ( (uint64_t) (b)[(i) + 4] << 32 ) \ - | ( (uint64_t) (b)[(i) + 3] << 24 ) \ - | ( (uint64_t) (b)[(i) + 2] << 16 ) \ - | ( (uint64_t) (b)[(i) + 1] << 8 ) \ - | ( (uint64_t) (b)[(i) ] ); \ -} -#endif - -#ifndef PUT_UINT64_LE -#define PUT_UINT64_LE(n,b,i) \ -{ \ - (b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) ] = (unsigned char) ( (n) ); \ -} -#endif - -typedef unsigned char esp_be128[16]; - -/* - * GF(2^128) multiplication function - * - * This function multiplies a field element by x in the polynomial field - * representation. It uses 64-bit word operations to gain speed but compensates - * for machine endianess and hence works correctly on both big and little - * endian machines. - */ -static void esp_gf128mul_x_ble( unsigned char r[16], - const unsigned char x[16] ) -{ - uint64_t a, b, ra, rb; - - GET_UINT64_LE( a, x, 0 ); - GET_UINT64_LE( b, x, 8 ); - - ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) ); - rb = ( a >> 63 ) | ( b << 1 ); - - PUT_UINT64_LE( ra, r, 0 ); - PUT_UINT64_LE( rb, r, 8 ); -} - -/* - * AES-XTS buffer encryption/decryption - */ -int esp_aes_crypt_xts( esp_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ) -{ - int ret; - size_t blocks = length / 16; - size_t leftover = length % 16; - unsigned char tweak[16]; - unsigned char prev_tweak[16]; - unsigned char tmp[16]; - - /* Sectors must be at least 16 bytes. */ - if( length < 16 ) - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - - /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */ - if( length > ( 1 << 20 ) * 16 ) - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - - /* Compute the tweak. */ - ret = esp_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, - data_unit, tweak ); - if( ret != 0 ) - return( ret ); - - while( blocks-- ) - { - size_t i; - - if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 ) - { - /* We are on the last block in a decrypt operation that has - * leftover bytes, so we need to use the next tweak for this block, - * and this tweak for the lefover bytes. Save the current tweak for - * the leftovers and then update the current tweak for use on this, - * the last full block. */ - memcpy( prev_tweak, tweak, sizeof( tweak ) ); - esp_gf128mul_x_ble( tweak, tweak ); - } - - for( i = 0; i < 16; i++ ) - tmp[i] = input[i] ^ tweak[i]; - - ret = esp_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); - if( ret != 0 ) - return( ret ); - - for( i = 0; i < 16; i++ ) - output[i] = tmp[i] ^ tweak[i]; - - /* Update the tweak for the next block. */ - esp_gf128mul_x_ble( tweak, tweak ); - - output += 16; - input += 16; - } - - if( leftover ) - { - /* If we are on the leftover bytes in a decrypt operation, we need to - * use the previous tweak for these bytes (as saved in prev_tweak). */ - unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak; - - /* We are now on the final part of the data unit, which doesn't divide - * evenly by 16. It's time for ciphertext stealing. */ - size_t i; - unsigned char *prev_output = output - 16; - - /* Copy ciphertext bytes from the previous block to our output for each - * byte of cyphertext we won't steal. At the same time, copy the - * remainder of the input for this final round (since the loop bounds - * are the same). */ - for( i = 0; i < leftover; i++ ) - { - output[i] = prev_output[i]; - tmp[i] = input[i] ^ t[i]; - } - - /* Copy ciphertext bytes from the previous block for input in this - * round. */ - for( ; i < 16; i++ ) - tmp[i] = prev_output[i] ^ t[i]; - - ret = esp_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); - if( ret != 0 ) - return ret; - - /* Write the result back to the previous block, overriding the previous - * output we copied. */ - for( i = 0; i < 16; i++ ) - prev_output[i] = tmp[i] ^ t[i]; - } - - return( 0 ); -} diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_bignum.c b/vendors/espressif/boards/esp32/components/mbedtls/port/esp_bignum.c deleted file mode 100644 index 40032de8e56..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_bignum.c +++ /dev/null @@ -1,685 +0,0 @@ -/** - * \brief Multi-precision integer library, ESP32 hardware accelerated parts - * - * based on mbedTLS implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#include -#include -#include -#include -#include -#include -#include -#include "esp32/rom/bigint.h" -#include "soc/hwcrypto_periph.h" -#include "esp_system.h" -#include "esp_log.h" -#include "esp_intr_alloc.h" -#include "esp_attr.h" - -#include - -#include "soc/dport_reg.h" - -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/semphr.h" -#include "driver/periph_ctrl.h" - -/* Some implementation notes: - * - * - Naming convention x_words, y_words, z_words for number of words (limbs) used in a particular - * bignum. This number may be less than the size of the bignum - * - * - Naming convention hw_words for the hardware length of the operation. This number is always - * rounded up to a 512 bit multiple, and may be larger than any of the numbers involved in the - * calculation. - * - * - Timing behaviour of these functions will depend on the length of the inputs. This is fundamentally - * the same constraint as the software mbedTLS implementations, and relies on the same - * countermeasures (exponent blinding, etc) which are used in mbedTLS. - */ - -static const __attribute__((unused)) char *TAG = "bignum"; - -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ - -#if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT) -static SemaphoreHandle_t op_complete_sem; - -static IRAM_ATTR void rsa_complete_isr(void *arg) -{ - BaseType_t higher_woken; - DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1); - xSemaphoreGiveFromISR(op_complete_sem, &higher_woken); - if (higher_woken) { - portYIELD_FROM_ISR(); - } -} - -static void rsa_isr_initialise() -{ - if (op_complete_sem == NULL) { - op_complete_sem = xSemaphoreCreateBinary(); - esp_intr_alloc(ETS_RSA_INTR_SOURCE, 0, rsa_complete_isr, NULL, NULL); - } -} - -#endif /* CONFIG_MBEDTLS_MPI_USE_INTERRUPT */ - -static _lock_t mpi_lock; - -void esp_mpi_acquire_hardware( void ) -{ - /* newlib locks lazy initialize on ESP-IDF */ - _lock_acquire(&mpi_lock); - - /* Enable RSA hardware */ - periph_module_enable(PERIPH_RSA_MODULE); - DPORT_REG_CLR_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD); - - while(DPORT_REG_READ(RSA_CLEAN_REG) != 1); - // Note: from enabling RSA clock to here takes about 1.3us - -#ifdef CONFIG_MBEDTLS_MPI_USE_INTERRUPT - rsa_isr_initialise(); -#endif -} - -void esp_mpi_release_hardware( void ) -{ - DPORT_REG_SET_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD); - - /* Disable RSA hardware */ - periph_module_disable(PERIPH_RSA_MODULE); - - _lock_release(&mpi_lock); -} - -/* Convert bit count to word count - */ -static inline size_t bits_to_words(size_t bits) -{ - return (bits + 31) / 32; -} - -/* Round up number of words to nearest - 512 bit (16 word) block count. -*/ -static inline size_t hardware_words(size_t words) -{ - return (words + 0xF) & ~0xF; -} - -/* Number of words used to hold 'mpi'. - - Equivalent of bits_to_words(mbedtls_mpi_bitlen(mpi)), but uses less cycles if the - exact bit count is not needed. - - Note that mpi->n (size of memory buffer) may be higher than this - number, if the high bits are mostly zeroes. -*/ -static inline size_t word_length(const mbedtls_mpi *mpi) -{ - for(size_t i = mpi->n; i > 0; i--) { - if( mpi->p[i - 1] != 0 ) { - return i; - } - } - return 0; -} - -/* Copy mbedTLS MPI bignum 'mpi' to hardware memory block at 'mem_base'. - - If hw_words is higher than the number of words in the bignum then - these additional words will be zeroed in the memory buffer. - -*/ -static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t hw_words) -{ - uint32_t *pbase = (uint32_t *)mem_base; - uint32_t copy_words = hw_words < mpi->n ? hw_words : mpi->n; - - /* Copy MPI data to memory block registers */ - for (int i = 0; i < copy_words; i++) { - pbase[i] = mpi->p[i]; - } - - /* Zero any remaining memory block data */ - for (int i = copy_words; i < hw_words; i++) { - pbase[i] = 0; - } - - /* Note: not executing memw here, can do it before we start a bignum operation */ -} - -/* Read mbedTLS MPI bignum back from hardware memory block. - - Reads num_words words from block. - - Bignum 'x' should already be grown to at least num_words by caller (can be done while - calculation is in progress, to save some cycles) -*/ -static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_words) -{ - assert(x->n >= num_words); - - /* Copy data from memory block registers */ - esp_dport_access_read_buffer(x->p, mem_base, num_words); - - /* Zero any remaining limbs in the bignum, if the buffer is bigger - than num_words */ - for(size_t i = num_words; i < x->n; i++) { - x->p[i] = 0; - } -} - - -/** - * - * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, - * where B^-1(B-1) mod N=1. Actually, only the least significant part of - * N' is needed, hence the definition N0'=N' mod b. We reproduce below the - * simple algorithm from an article by Dusse and Kaliski to efficiently - * find N0' from N0 and b - */ -static mbedtls_mpi_uint modular_inverse(const mbedtls_mpi *M) -{ - int i; - uint64_t t = 1; - uint64_t two_2_i_minus_1 = 2; /* 2^(i-1) */ - uint64_t two_2_i = 4; /* 2^i */ - uint64_t N = M->p[0]; - - for (i = 2; i <= 32; i++) { - if ((mbedtls_mpi_uint) N * t % two_2_i >= two_2_i_minus_1) { - t += two_2_i_minus_1; - } - - two_2_i_minus_1 <<= 1; - two_2_i <<= 1; - } - - return (mbedtls_mpi_uint)(UINT32_MAX - t + 1); -} - -/* Calculate Rinv = RR^2 mod M, where: - * - * R = b^n where b = 2^32, n=num_words, - * R = 2^N (where N=num_bits) - * RR = R^2 = 2^(2*N) (where N=num_bits=num_words*32) - * - * This calculation is computationally expensive (mbedtls_mpi_mod_mpi) - * so caller should cache the result where possible. - * - * DO NOT call this function while holding esp_mpi_acquire_hardware(). - * - */ -static int calculate_rinv(mbedtls_mpi *Rinv, const mbedtls_mpi *M, int num_words) -{ - int ret; - size_t num_bits = num_words * 32; - mbedtls_mpi RR; - mbedtls_mpi_init(&RR); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&RR, num_bits * 2, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(Rinv, &RR, M)); - - cleanup: - mbedtls_mpi_free(&RR); - return ret; -} - - -/* Begin an RSA operation. op_reg specifies which 'START' register - to write to. -*/ -static inline void start_op(uint32_t op_reg) -{ - /* Clear interrupt status */ - DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1); - - /* Note: above REG_WRITE includes a memw, so we know any writes - to the memory blocks are also complete. */ - - DPORT_REG_WRITE(op_reg, 1); -} - -/* Wait for an RSA operation to complete. -*/ -static inline void wait_op_complete(uint32_t op_reg) -{ -#ifdef CONFIG_MBEDTLS_MPI_USE_INTERRUPT - if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) { - ESP_LOGE(TAG, "Timed out waiting for RSA operation (op_reg 0x%x int_reg 0x%x)", - op_reg, DPORT_REG_READ(RSA_INTERRUPT_REG)); - abort(); /* indicates a fundamental problem with driver */ - } -#else - while(DPORT_REG_READ(RSA_INTERRUPT_REG) != 1) - { } - - /* clear the interrupt */ - DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1); -#endif - -} - -/* Sub-stages of modulo multiplication/exponentiation operations */ -inline static int modular_multiply_finish(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t hw_words, size_t z_words); - -/* Z = (X * Y) mod M - - Not an mbedTLS function -*/ -int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M) -{ - int ret; - size_t x_bits = mbedtls_mpi_bitlen(X); - size_t y_bits = mbedtls_mpi_bitlen(Y); - size_t m_bits = mbedtls_mpi_bitlen(M); - size_t z_bits = MIN(m_bits, x_bits + y_bits); - size_t x_words = bits_to_words(x_bits); - size_t y_words = bits_to_words(y_bits); - size_t m_words = bits_to_words(m_bits); - size_t z_words = bits_to_words(z_bits); - size_t hw_words = hardware_words(MAX(x_words, MAX(y_words, m_words))); /* longest operand */ - mbedtls_mpi Rinv; - mbedtls_mpi_uint Mprime; - - /* Calculate and load the first stage montgomery multiplication */ - mbedtls_mpi_init(&Rinv); - MBEDTLS_MPI_CHK(calculate_rinv(&Rinv, M, hw_words)); - Mprime = modular_inverse(M); - - esp_mpi_acquire_hardware(); - - /* Load M, X, Rinv, Mprime (Mprime is mod 2^32) */ - mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, hw_words); - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words); - mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, &Rinv, hw_words); - DPORT_REG_WRITE(RSA_M_DASH_REG, (uint32_t)Mprime); - - /* "mode" register loaded with number of 512-bit blocks, minus 1 */ - DPORT_REG_WRITE(RSA_MULT_MODE_REG, (hw_words / 16) - 1); - - /* Execute first stage montgomery multiplication */ - start_op(RSA_MULT_START_REG); - - wait_op_complete(RSA_MULT_START_REG); - - /* execute second stage */ - ret = modular_multiply_finish(Z, X, Y, hw_words, z_words); - - esp_mpi_release_hardware(); - - cleanup: - mbedtls_mpi_free(&Rinv); - return ret; -} - -#if defined(MBEDTLS_MPI_EXP_MOD_ALT) - -/* - * Sliding-window exponentiation: Z = X^Y mod M (HAC 14.85) - * - * _Rinv is optional pre-calculated version of Rinv (via calculate_rinv()). - * - * (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv) - * - */ -int mbedtls_mpi_exp_mod( mbedtls_mpi* Z, const mbedtls_mpi* X, const mbedtls_mpi* Y, const mbedtls_mpi* M, mbedtls_mpi* _Rinv ) -{ - int ret = 0; - size_t x_words = word_length(X); - size_t y_words = word_length(Y); - size_t m_words = word_length(M); - - /* "all numbers must be the same length", so choose longest number - as cardinal length of operation... - */ - size_t hw_words = hardware_words(MAX(m_words, MAX(x_words, y_words))); - - mbedtls_mpi Rinv_new; /* used if _Rinv == NULL */ - mbedtls_mpi *Rinv; /* points to _Rinv (if not NULL) othwerwise &RR_new */ - mbedtls_mpi_uint Mprime; - - if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - if (mbedtls_mpi_cmp_int(Y, 0) < 0) { - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - } - - if (mbedtls_mpi_cmp_int(Y, 0) == 0) { - return mbedtls_mpi_lset(Z, 1); - } - - if (hw_words * 32 > 4096) { - return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; - } - - /* Determine RR pointer, either _RR for cached value - or local RR_new */ - if (_Rinv == NULL) { - mbedtls_mpi_init(&Rinv_new); - Rinv = &Rinv_new; - } else { - Rinv = _Rinv; - } - if (Rinv->p == NULL) { - MBEDTLS_MPI_CHK(calculate_rinv(Rinv, M, hw_words)); - } - - Mprime = modular_inverse(M); - - esp_mpi_acquire_hardware(); - - /* "mode" register loaded with number of 512-bit blocks, minus 1 */ - DPORT_REG_WRITE(RSA_MODEXP_MODE_REG, (hw_words / 16) - 1); - - /* Load M, X, Rinv, M-prime (M-prime is mod 2^32) */ - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words); - mpi_to_mem_block(RSA_MEM_Y_BLOCK_BASE, Y, hw_words); - mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, hw_words); - mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Rinv, hw_words); - DPORT_REG_WRITE(RSA_M_DASH_REG, Mprime); - - start_op(RSA_START_MODEXP_REG); - - /* X ^ Y may actually be shorter than M, but unlikely when used for crypto */ - if ((ret = mbedtls_mpi_grow(Z, m_words)) != 0) { - esp_mpi_release_hardware(); - goto cleanup; - } - - wait_op_complete(RSA_START_MODEXP_REG); - - mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, m_words); - esp_mpi_release_hardware(); - - // Compensate for negative X - if (X->s == -1 && (Y->p[0] & 1) != 0) { - Z->s = -1; - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z)); - } else { - Z->s = 1; - } - - cleanup: - if (_Rinv == NULL) { - mbedtls_mpi_free(&Rinv_new); - } - - return ret; -} - -#endif /* MBEDTLS_MPI_EXP_MOD_ALT */ - -/* Second & final step of a modular multiply - load second multiplication - * factor Y, run the operation (modular inverse), read back the result - * into Z. - * - * Called from both mbedtls_mpi_exp_mod and mbedtls_mpi_mod_mpi. - * - * @param Z result value - * @param X first multiplication factor (used to set sign of result). - * @param Y second multiplication factor. - * @param hw_words Size of the hardware operation, in words - * @param z_words Size of the expected result, in words (may be less than hw_words). - * Z will be grown to at least this length. - * - * Caller must have already called esp_mpi_acquire_hardware(). - */ -static int modular_multiply_finish(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t hw_words, size_t z_words) -{ - int ret = 0; - - /* Load Y to X input memory block, rerun */ - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, Y, hw_words); - - start_op(RSA_MULT_START_REG); - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); - - wait_op_complete(RSA_MULT_START_REG); - - mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words); - - Z->s = X->s * Y->s; - - cleanup: - return ret; -} - -#if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */ - -static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words); -static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t Y_bits, size_t z_words); - -/* Z = X * Y */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y ) -{ - int ret = 0; - size_t x_bits = mbedtls_mpi_bitlen(X); - size_t y_bits = mbedtls_mpi_bitlen(Y); - size_t x_words = bits_to_words(x_bits); - size_t y_words = bits_to_words(y_bits); - size_t z_words = bits_to_words(x_bits + y_bits); - size_t hw_words = hardware_words(MAX(x_words, y_words)); // length of one operand in hardware - - /* Short-circuit eval if either argument is 0 or 1. - - This is needed as the mpi modular division - argument will sometimes call in here when one - argument is too large for the hardware unit, but the other - argument is zero or one. - */ - if (x_bits == 0 || y_bits == 0) { - mbedtls_mpi_lset(Z, 0); - return 0; - } - if (x_bits == 1) { - ret = mbedtls_mpi_copy(Z, Y); - Z->s *= X->s; - return ret; - } - if (y_bits == 1) { - ret = mbedtls_mpi_copy(Z, X); - Z->s *= Y->s; - return ret; - } - - /* If either factor is over 2048 bits, we can't use the standard hardware multiplier - (it assumes result is double longest factor, and result is max 4096 bits.) - - However, we can fail over to mod_mult for up to 4096 bits of result (modulo - multiplication doesn't have the same restriction, so result is simply the - number of bits in X plus number of bits in in Y.) - */ - if (hw_words * 32 > 2048) { - if (z_words * 32 <= 4096) { - /* Note: it's possible to use mpi_mult_mpi_overlong - for this case as well, but it's very slightly - slower and requires a memory allocation. - */ - return mpi_mult_mpi_failover_mod_mult(Z, X, Y, z_words); - } else { - /* Still too long for the hardware unit... */ - if(y_words > x_words) { - return mpi_mult_mpi_overlong(Z, X, Y, y_words, z_words); - } else { - return mpi_mult_mpi_overlong(Z, Y, X, x_words, z_words); - } - } - } - - /* Otherwise, we can use the (faster) multiply hardware unit */ - - esp_mpi_acquire_hardware(); - - /* Copy X (right-extended) & Y (left-extended) to memory block */ - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words); - mpi_to_mem_block(RSA_MEM_Z_BLOCK_BASE + hw_words * 4, Y, hw_words); - /* NB: as Y is left-extended, we don't zero the bottom words_mult words of Y block. - This is OK for now because zeroing is done by hardware when we do esp_mpi_acquire_hardware(). - */ - - DPORT_REG_WRITE(RSA_M_DASH_REG, 0); - - /* "mode" register loaded with number of 512-bit blocks in result, - plus 7 (for range 9-12). (this is ((N~ / 32) - 1) + 8)) - */ - DPORT_REG_WRITE(RSA_MULT_MODE_REG, ((hw_words * 2) / 16) + 7); - - start_op(RSA_MULT_START_REG); - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); - - wait_op_complete(RSA_MULT_START_REG); - - /* Read back the result */ - mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words); - - Z->s = X->s * Y->s; - - cleanup: - esp_mpi_release_hardware(); - - return ret; -} - -/* Special-case of mbedtls_mpi_mult_mpi(), where we use hardware montgomery mod - multiplication to calculate an mbedtls_mpi_mult_mpi result where either - A or B are >2048 bits so can't use the standard multiplication method. - - Result (z_words, based on A bits + B bits) must still be less than 4096 bits. - - This case is simpler than the general case modulo multiply of - esp_mpi_mul_mpi_mod() because we can control the other arguments: - - * Modulus is chosen with M=(2^num_bits - 1) (ie M=R-1), so output - isn't actually modulo anything. - * Mprime and Rinv are therefore predictable as follows: - Mprime = 1 - Rinv = 1 - - (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv) -*/ -static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words) -{ - int ret = 0; - size_t hw_words = hardware_words(z_words); - - /* Load coefficients to hardware */ - esp_mpi_acquire_hardware(); - - /* M = 2^num_words - 1, so block is entirely FF */ - for(int i = 0; i < hw_words; i++) { - DPORT_REG_WRITE(RSA_MEM_M_BLOCK_BASE + i * 4, UINT32_MAX); - } - /* Mprime = 1 */ - DPORT_REG_WRITE(RSA_M_DASH_REG, 1); - - /* "mode" register loaded with number of 512-bit blocks, minus 1 */ - DPORT_REG_WRITE(RSA_MULT_MODE_REG, (hw_words / 16) - 1); - - /* Load X */ - mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words); - - /* Rinv = 1 */ - DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE, 1); - for(int i = 1; i < hw_words; i++) { - DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE + i * 4, 0); - } - - start_op(RSA_MULT_START_REG); - - wait_op_complete(RSA_MULT_START_REG); - - /* finish the modular multiplication */ - ret = modular_multiply_finish(Z, X, Y, hw_words, z_words); - - esp_mpi_release_hardware(); - - return ret; -} - -/* Deal with the case when X & Y are too long for the hardware unit, by splitting one operand - into two halves. - - Y must be the longer operand - - Slice Y into Yp, Ypp such that: - Yp = lower 'b' bits of Y - Ypp = upper 'b' bits of Y (right shifted) - - Such that - Z = X * Y - Z = X * (Yp + Ypp<p, - .n = words_slice, - .s = Y->s - }; - /* Ypp holds upper bits of Y, right shifted (also reuses Y's array contents) */ - const mbedtls_mpi Ypp = { - .p = Y->p + words_slice, - .n = y_words - words_slice, - .s = Y->s - }; - mbedtls_mpi_init(&Ztemp); - - /* Grow Z to result size early, avoid interim allocations */ - mbedtls_mpi_grow(Z, z_words); - - /* Get result Ztemp = Yp * X (need temporary variable Ztemp) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) ); - - /* Z = Ypp * Y */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(Z, X, &Ypp) ); - - /* Z = Z << b */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l(Z, words_slice * 32) ); - - /* Z += Ztemp */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(Z, Z, &Ztemp) ); - - cleanup: - mbedtls_mpi_free(&Ztemp); - - return ret; -} - -#endif /* MBEDTLS_MPI_MUL_MPI_ALT */ - diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_hardware.c b/vendors/espressif/boards/esp32/components/mbedtls/port/esp_hardware.c deleted file mode 100644 index a919ca34030..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_hardware.c +++ /dev/null @@ -1,26 +0,0 @@ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include -#include -#include - -#include "mbedtls/entropy_poll.h" - -#ifndef MBEDTLS_ENTROPY_HARDWARE_ALT -#error "MBEDTLS_ENTROPY_HARDWARE_ALT should always be set in ESP-IDF" -#endif - -int mbedtls_hardware_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ - esp_fill_random(output, len); - *olen = len; - return 0; -} - - diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_mem.c b/vendors/espressif/boards/esp32/components/mbedtls/port/esp_mem.c deleted file mode 100644 index ef9392e25b4..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_mem.c +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright 2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include -#include -#include -#include "esp_mem.h" - -#ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC - -IRAM_ATTR void *esp_mbedtls_mem_calloc(size_t n, size_t size) -{ -#ifdef CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC - return heap_caps_calloc(n, size, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT); -#elif CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC - return heap_caps_calloc(n, size, MALLOC_CAP_SPIRAM|MALLOC_CAP_8BIT); -#elif CONFIG_MBEDTLS_IRAM_8BIT_MEM_ALLOC -#ifdef CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN - if ((n*size) >= CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN || (n*size) >= CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN) { -#else - if ((n*size) >= CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN) { -#endif - return heap_caps_calloc_prefer(n, size, 2, MALLOC_CAP_INTERNAL|MALLOC_CAP_IRAM_8BIT, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT); - } else { - return heap_caps_calloc(n, size, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT); - } -#else - return calloc(n, size); -#endif -} - -IRAM_ATTR void esp_mbedtls_mem_free(void *ptr) -{ - return heap_caps_free(ptr); -} - -#endif /* !CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC */ diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha1.c b/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha1.c deleted file mode 100644 index fddc32dd5d3..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha1.c +++ /dev/null @@ -1,451 +0,0 @@ -/* - * SHA-1 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The SHA-1 standard was published by NIST in 1993. - * - * http://www.itl.nist.gov/fipspubs/fip180-1.htm - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) - -#include "mbedtls/sha1.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "hwcrypto/sha.h" - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) -{ - if( ctx == NULL ) - return; - - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_unlock_engine(SHA1); - } - mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ) -{ - *dst = *src; - - if (src->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - /* Copy hardware digest state out to cloned state, - which will be a software digest. - */ - esp_sha_read_digest_state(SHA1, dst->state); - dst->mode = ESP_MBEDTLS_SHA1_SOFTWARE; - } -} - - -/* - * SHA-1 context setup - */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xEFCDAB89; - ctx->state[2] = 0x98BADCFE; - ctx->state[3] = 0x10325476; - ctx->state[4] = 0xC3D2E1F0; - - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_unlock_engine(SHA1); - } - ctx->mode = ESP_MBEDTLS_SHA1_UNUSED; - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) -{ - mbedtls_sha1_starts_ret( ctx ); -} -#endif - -static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); - -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) -{ - bool first_block = false; - if (ctx->mode == ESP_MBEDTLS_SHA1_UNUSED) { - /* try to use hardware for this digest */ - if (esp_sha_try_lock_engine(SHA1)) { - ctx->mode = ESP_MBEDTLS_SHA1_HARDWARE; - first_block = true; - } else { - ctx->mode = ESP_MBEDTLS_SHA1_SOFTWARE; - } - } - - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_block(SHA1, data, first_block); - } else { - mbedtls_sha1_software_process(ctx, data); - } - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha1_process( ctx, data ); -} -#endif - - -static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) -{ - uint32_t temp, W[16], A, B, C, D, E; - - GET_UINT32_BE( W[ 0], data, 0 ); - GET_UINT32_BE( W[ 1], data, 4 ); - GET_UINT32_BE( W[ 2], data, 8 ); - GET_UINT32_BE( W[ 3], data, 12 ); - GET_UINT32_BE( W[ 4], data, 16 ); - GET_UINT32_BE( W[ 5], data, 20 ); - GET_UINT32_BE( W[ 6], data, 24 ); - GET_UINT32_BE( W[ 7], data, 28 ); - GET_UINT32_BE( W[ 8], data, 32 ); - GET_UINT32_BE( W[ 9], data, 36 ); - GET_UINT32_BE( W[10], data, 40 ); - GET_UINT32_BE( W[11], data, 44 ); - GET_UINT32_BE( W[12], data, 48 ); - GET_UINT32_BE( W[13], data, 52 ); - GET_UINT32_BE( W[14], data, 56 ); - GET_UINT32_BE( W[15], data, 60 ); - -#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) - -#define R(t) \ -( \ - temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \ - W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \ - ( W[t & 0x0F] = S(temp,1) ) \ -) - -#define P(a,b,c,d,e,x) \ -{ \ - e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ -} - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - E = ctx->state[4]; - -#define F(x,y,z) (z ^ (x & (y ^ z))) -#define K 0x5A827999 - - P( A, B, C, D, E, W[0] ); - P( E, A, B, C, D, W[1] ); - P( D, E, A, B, C, W[2] ); - P( C, D, E, A, B, W[3] ); - P( B, C, D, E, A, W[4] ); - P( A, B, C, D, E, W[5] ); - P( E, A, B, C, D, W[6] ); - P( D, E, A, B, C, W[7] ); - P( C, D, E, A, B, W[8] ); - P( B, C, D, E, A, W[9] ); - P( A, B, C, D, E, W[10] ); - P( E, A, B, C, D, W[11] ); - P( D, E, A, B, C, W[12] ); - P( C, D, E, A, B, W[13] ); - P( B, C, D, E, A, W[14] ); - P( A, B, C, D, E, W[15] ); - P( E, A, B, C, D, R(16) ); - P( D, E, A, B, C, R(17) ); - P( C, D, E, A, B, R(18) ); - P( B, C, D, E, A, R(19) ); - -#undef K -#undef F - -#define F(x,y,z) (x ^ y ^ z) -#define K 0x6ED9EBA1 - - P( A, B, C, D, E, R(20) ); - P( E, A, B, C, D, R(21) ); - P( D, E, A, B, C, R(22) ); - P( C, D, E, A, B, R(23) ); - P( B, C, D, E, A, R(24) ); - P( A, B, C, D, E, R(25) ); - P( E, A, B, C, D, R(26) ); - P( D, E, A, B, C, R(27) ); - P( C, D, E, A, B, R(28) ); - P( B, C, D, E, A, R(29) ); - P( A, B, C, D, E, R(30) ); - P( E, A, B, C, D, R(31) ); - P( D, E, A, B, C, R(32) ); - P( C, D, E, A, B, R(33) ); - P( B, C, D, E, A, R(34) ); - P( A, B, C, D, E, R(35) ); - P( E, A, B, C, D, R(36) ); - P( D, E, A, B, C, R(37) ); - P( C, D, E, A, B, R(38) ); - P( B, C, D, E, A, R(39) ); - -#undef K -#undef F - -#define F(x,y,z) ((x & y) | (z & (x | y))) -#define K 0x8F1BBCDC - - P( A, B, C, D, E, R(40) ); - P( E, A, B, C, D, R(41) ); - P( D, E, A, B, C, R(42) ); - P( C, D, E, A, B, R(43) ); - P( B, C, D, E, A, R(44) ); - P( A, B, C, D, E, R(45) ); - P( E, A, B, C, D, R(46) ); - P( D, E, A, B, C, R(47) ); - P( C, D, E, A, B, R(48) ); - P( B, C, D, E, A, R(49) ); - P( A, B, C, D, E, R(50) ); - P( E, A, B, C, D, R(51) ); - P( D, E, A, B, C, R(52) ); - P( C, D, E, A, B, R(53) ); - P( B, C, D, E, A, R(54) ); - P( A, B, C, D, E, R(55) ); - P( E, A, B, C, D, R(56) ); - P( D, E, A, B, C, R(57) ); - P( C, D, E, A, B, R(58) ); - P( B, C, D, E, A, R(59) ); - -#undef K -#undef F - -#define F(x,y,z) (x ^ y ^ z) -#define K 0xCA62C1D6 - - P( A, B, C, D, E, R(60) ); - P( E, A, B, C, D, R(61) ); - P( D, E, A, B, C, R(62) ); - P( C, D, E, A, B, R(63) ); - P( B, C, D, E, A, R(64) ); - P( A, B, C, D, E, R(65) ); - P( E, A, B, C, D, R(66) ); - P( D, E, A, B, C, R(67) ); - P( C, D, E, A, B, R(68) ); - P( B, C, D, E, A, R(69) ); - P( A, B, C, D, E, R(70) ); - P( E, A, B, C, D, R(71) ); - P( D, E, A, B, C, R(72) ); - P( C, D, E, A, B, R(73) ); - P( B, C, D, E, A, R(74) ); - P( A, B, C, D, E, R(75) ); - P( E, A, B, C, D, R(76) ); - P( D, E, A, B, C, R(77) ); - P( C, D, E, A, B, R(78) ); - P( B, C, D, E, A, R(79) ); - -#undef K -#undef F - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; - ctx->state[4] += E; -} - -/* - * SHA-1 process buffer - */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) -{ - int ret; - size_t fill; - uint32_t left; - - if( ilen == 0 ) - return 0; - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - - if ( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) { - return ret; - } - - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - if ( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 ) { - return ret; - } - - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha1_update_ret( ctx, input, ilen ); -} -#endif - -static const unsigned char sha1_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* -* SHA-1 final digest - */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) -{ - int ret; - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_BE( high, msglen, 0 ); - PUT_UINT32_BE( low, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) { - goto out; - } - if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) { - goto out; - } - - /* if state is in hardware, read it out */ - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_read_digest_state(SHA1, ctx->state); - } - - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); - -out: - if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) { - esp_sha_unlock_engine(SHA1); - ctx->mode = ESP_MBEDTLS_SHA1_SOFTWARE; - } - - return ret; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ - mbedtls_sha1_finish_ret( ctx, output ); -} -#endif - -#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha256.c b/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha256.c deleted file mode 100644 index 4eb37c077db..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha256.c +++ /dev/null @@ -1,422 +0,0 @@ -/* - * SHA-256 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/* - * The SHA-256 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT) - -#include "mbedtls/sha256.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "hwcrypto/sha.h" - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -do { \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} while( 0 ) -#endif - -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); -} - -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) -{ - if( ctx == NULL ) - return; - - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_unlock_engine(SHA2_256); - } - mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); -} - -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ) -{ - *dst = *src; - - if (src->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - /* Copy hardware digest state out to cloned state, - which will become a software digest. - */ - esp_sha_read_digest_state(SHA2_256, dst->state); - dst->mode = ESP_MBEDTLS_SHA256_SOFTWARE; - } -} - -/* - * SHA-256 context setup - */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - if( is224 == 0 ) - { - /* SHA-256 */ - ctx->state[0] = 0x6A09E667; - ctx->state[1] = 0xBB67AE85; - ctx->state[2] = 0x3C6EF372; - ctx->state[3] = 0xA54FF53A; - ctx->state[4] = 0x510E527F; - ctx->state[5] = 0x9B05688C; - ctx->state[6] = 0x1F83D9AB; - ctx->state[7] = 0x5BE0CD19; - } - else - { - /* SHA-224 */ - ctx->state[0] = 0xC1059ED8; - ctx->state[1] = 0x367CD507; - ctx->state[2] = 0x3070DD17; - ctx->state[3] = 0xF70E5939; - ctx->state[4] = 0xFFC00B31; - ctx->state[5] = 0x68581511; - ctx->state[6] = 0x64F98FA7; - ctx->state[7] = 0xBEFA4FA4; - } - - ctx->is224 = is224; - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_unlock_engine(SHA2_256); - } - ctx->mode = ESP_MBEDTLS_SHA256_UNUSED; - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, - int is224 ) -{ - mbedtls_sha256_starts_ret( ctx, is224 ); -} -#endif - -static const uint32_t K[] = -{ - 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, - 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, - 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, - 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, - 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, - 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, - 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, - 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, - 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, - 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, - 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, - 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, - 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, - 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, - 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, - 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, -}; - -#define SHR(x,n) ((x & 0xFFFFFFFF) >> n) -#define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) - -#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) -#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) - -#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) -#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) - -#define F0(x,y,z) ((x & y) | (z & (x | y))) -#define F1(x,y,z) (z ^ (x & (y ^ z))) - -#define R(t) \ -( \ - W[t] = S1(W[t - 2]) + W[t - 7] + \ - S0(W[t - 15]) + W[t - 16] \ -) - -#define P(a,b,c,d,e,f,g,h,x,K) \ -{ \ - temp1 = h + S3(e) + F1(e,f,g) + K + x; \ - temp2 = S2(a) + F0(a,b,c); \ - d += temp1; h = temp1 + temp2; \ -} - -static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); - -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) -{ - bool first_block = false; - - if (ctx->mode == ESP_MBEDTLS_SHA256_UNUSED) { - /* try to use hardware for this digest */ - if (!ctx->is224 && esp_sha_try_lock_engine(SHA2_256)) { - ctx->mode = ESP_MBEDTLS_SHA256_HARDWARE; - first_block = true; - } else { - ctx->mode = ESP_MBEDTLS_SHA256_SOFTWARE; - } - } - - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_block(SHA2_256, data, first_block); - } else { - mbedtls_sha256_software_process(ctx, data); - } - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha256_process( ctx, data ); -} -#endif - -static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) -{ - uint32_t temp1, temp2, W[64]; - uint32_t A[8]; - unsigned int i; - - for( i = 0; i < 8; i++ ) - A[i] = ctx->state[i]; - -#if defined(MBEDTLS_SHA256_SMALLER) - for( i = 0; i < 64; i++ ) - { - if( i < 16 ) - GET_UINT32_BE( W[i], data, 4 * i ); - else - R( i ); - - P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] ); - - temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3]; - A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1; - } -#else /* MBEDTLS_SHA256_SMALLER */ - for( i = 0; i < 16; i++ ) - GET_UINT32_BE( W[i], data, 4 * i ); - - for( i = 0; i < 16; i += 8 ) - { - P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] ); - P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] ); - P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] ); - P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] ); - P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] ); - P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] ); - P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] ); - P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] ); - } - - for( i = 16; i < 64; i += 8 ) - { - P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] ); - P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] ); - P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] ); - P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] ); - P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] ); - P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] ); - P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] ); - P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] ); - } -#endif /* MBEDTLS_SHA256_SMALLER */ - - for( i = 0; i < 8; i++ ) - ctx->state[i] += A[i]; -} - -/* - * SHA-256 process buffer - */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ) -{ - int ret; - size_t fill; - uint32_t left; - - if( ilen == 0 ) - return 0; - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - - if ( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) { - return ret; - } - - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - if ( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) { - return ret; - } - - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha256_update_ret( ctx, input, ilen ); -} -#endif - -static const unsigned char sha256_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-256 final digest - */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) -{ - int ret; - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_BE( high, msglen, 0 ); - PUT_UINT32_BE( low, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) { - goto out; - } - - if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) { - goto out; - } - - /* if state is in hardware, read it out */ - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_read_digest_state(SHA2_256, ctx->state); - } - - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); - PUT_UINT32_BE( ctx->state[5], output, 20 ); - PUT_UINT32_BE( ctx->state[6], output, 24 ); - - if( ctx->is224 == 0 ) - PUT_UINT32_BE( ctx->state[7], output, 28 ); - -out: - if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) { - esp_sha_unlock_engine(SHA2_256); - ctx->mode = ESP_MBEDTLS_SHA256_SOFTWARE; - } - - return ret; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ - mbedtls_sha256_finish_ret( ctx, output ); -} -#endif - -#endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */ diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha512.c b/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha512.c deleted file mode 100644 index a61f5f5c2e8..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/esp_sha512.c +++ /dev/null @@ -1,469 +0,0 @@ -/* - * SHA-512 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/* - * The SHA-512 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT) - -#include "mbedtls/sha512.h" - -#if defined(_MSC_VER) || defined(__WATCOMC__) - #define UL64(x) x##ui64 -#else - #define UL64(x) x##ULL -#endif - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "hwcrypto/sha.h" - -inline static esp_sha_type sha_type(const mbedtls_sha512_context *ctx) -{ - return ctx->is384 ? SHA2_384 : SHA2_512; -} - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * 64-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT64_BE -#define GET_UINT64_BE(n,b,i) \ -{ \ - (n) = ( (uint64_t) (b)[(i) ] << 56 ) \ - | ( (uint64_t) (b)[(i) + 1] << 48 ) \ - | ( (uint64_t) (b)[(i) + 2] << 40 ) \ - | ( (uint64_t) (b)[(i) + 3] << 32 ) \ - | ( (uint64_t) (b)[(i) + 4] << 24 ) \ - | ( (uint64_t) (b)[(i) + 5] << 16 ) \ - | ( (uint64_t) (b)[(i) + 6] << 8 ) \ - | ( (uint64_t) (b)[(i) + 7] ); \ -} -#endif /* GET_UINT64_BE */ - -#ifndef PUT_UINT64_BE -#define PUT_UINT64_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 7] = (unsigned char) ( (n) ); \ -} -#endif /* PUT_UINT64_BE */ - -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) -{ - if( ctx == NULL ) - return; - - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_unlock_engine(sha_type(ctx)); - } - mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ) -{ - *dst = *src; - - if (src->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - /* Copy hardware digest state out to cloned state, - which will be a software digest. - - Always read 512 bits of state, even for SHA-384 - (SHA-384 state is identical to SHA-512, only - digest is truncated.) - */ - esp_sha_read_digest_state(SHA2_512, dst->state); - dst->mode = ESP_MBEDTLS_SHA512_SOFTWARE; - } -} - - -/* - * SHA-512 context setup - */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - if( is384 == 0 ) - { - /* SHA-512 */ - ctx->state[0] = UL64(0x6A09E667F3BCC908); - ctx->state[1] = UL64(0xBB67AE8584CAA73B); - ctx->state[2] = UL64(0x3C6EF372FE94F82B); - ctx->state[3] = UL64(0xA54FF53A5F1D36F1); - ctx->state[4] = UL64(0x510E527FADE682D1); - ctx->state[5] = UL64(0x9B05688C2B3E6C1F); - ctx->state[6] = UL64(0x1F83D9ABFB41BD6B); - ctx->state[7] = UL64(0x5BE0CD19137E2179); - } - else - { - /* SHA-384 */ - ctx->state[0] = UL64(0xCBBB9D5DC1059ED8); - ctx->state[1] = UL64(0x629A292A367CD507); - ctx->state[2] = UL64(0x9159015A3070DD17); - ctx->state[3] = UL64(0x152FECD8F70E5939); - ctx->state[4] = UL64(0x67332667FFC00B31); - ctx->state[5] = UL64(0x8EB44A8768581511); - ctx->state[6] = UL64(0xDB0C2E0D64F98FA7); - ctx->state[7] = UL64(0x47B5481DBEFA4FA4); - } - - ctx->is384 = is384; - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_unlock_engine(sha_type(ctx)); - } - ctx->mode = ESP_MBEDTLS_SHA512_UNUSED; - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, - int is384 ) -{ - mbedtls_sha512_starts_ret( ctx, is384 ); -} -#endif - -/* - * Round constants - */ -static const uint64_t K[80] = -{ - UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), - UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), - UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), - UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), - UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), - UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), - UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), - UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), - UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), - UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), - UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), - UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), - UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), - UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), - UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), - UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), - UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), - UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), - UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), - UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), - UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), - UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), - UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), - UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), - UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), - UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), - UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), - UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), - UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), - UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), - UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), - UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), - UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), - UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), - UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), - UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), - UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), - UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), - UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), - UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) -}; - -static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); - -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) -{ - bool first_block = false; - - if (ctx->mode == ESP_MBEDTLS_SHA512_UNUSED) { - /* try to use hardware for this digest */ - if (esp_sha_try_lock_engine(sha_type(ctx))) { - ctx->mode = ESP_MBEDTLS_SHA512_HARDWARE; - first_block = true; - } else { - ctx->mode = ESP_MBEDTLS_SHA512_SOFTWARE; - } - } - - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_block(sha_type(ctx), data, first_block); - } else { - mbedtls_sha512_software_process(ctx, data); - } - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ - mbedtls_internal_sha512_process( ctx, data ); -} -#endif - - -static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) -{ - int i; - uint64_t temp1, temp2, W[80]; - uint64_t A, B, C, D, E, F, G, H; - -#define SHR(x,n) (x >> n) -#define ROTR(x,n) (SHR(x,n) | (x << (64 - n))) - -#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) -#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6)) - -#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) -#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) - -#define F0(x,y,z) ((x & y) | (z & (x | y))) -#define F1(x,y,z) (z ^ (x & (y ^ z))) - -#define P(a,b,c,d,e,f,g,h,x,K) \ -{ \ - temp1 = h + S3(e) + F1(e,f,g) + K + x; \ - temp2 = S2(a) + F0(a,b,c); \ - d += temp1; h = temp1 + temp2; \ -} - - for( i = 0; i < 16; i++ ) - { - GET_UINT64_BE( W[i], data, i << 3 ); - } - - for( ; i < 80; i++ ) - { - W[i] = S1(W[i - 2]) + W[i - 7] + - S0(W[i - 15]) + W[i - 16]; - } - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - E = ctx->state[4]; - F = ctx->state[5]; - G = ctx->state[6]; - H = ctx->state[7]; - i = 0; - - do - { - P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++; - P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++; - P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++; - P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++; - P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++; - P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++; - P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++; - P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++; - } - while( i < 80 ); - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; - ctx->state[4] += E; - ctx->state[5] += F; - ctx->state[6] += G; - ctx->state[7] += H; -} - -/* - * SHA-512 process buffer - */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ) -{ - int ret; - size_t fill; - unsigned int left; - - if( ilen == 0 ) - return 0; - - left = (unsigned int) (ctx->total[0] & 0x7F); - fill = 128 - left; - - ctx->total[0] += (uint64_t) ilen; - - if( ctx->total[0] < (uint64_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - if ( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) { - return ret; - } - - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 128 ) - { - if ( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) { - return ret; - } - - input += 128; - ilen -= 128; - } - - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); - - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha512_update_ret( ctx, input, ilen ); -} -#endif - - -static const unsigned char sha512_padding[128] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-512 final digest - */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) -{ - int ret; - size_t last, padn; - uint64_t high, low; - unsigned char msglen[16]; - - high = ( ctx->total[0] >> 61 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT64_BE( high, msglen, 0 ); - PUT_UINT64_BE( low, msglen, 8 ); - - last = (size_t)( ctx->total[0] & 0x7F ); - padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - - if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) { - goto out; - } - - if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) { - goto out; - } - - /* if state is in hardware, read it out */ - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_read_digest_state(sha_type(ctx), ctx->state); - } - - PUT_UINT64_BE( ctx->state[0], output, 0 ); - PUT_UINT64_BE( ctx->state[1], output, 8 ); - PUT_UINT64_BE( ctx->state[2], output, 16 ); - PUT_UINT64_BE( ctx->state[3], output, 24 ); - PUT_UINT64_BE( ctx->state[4], output, 32 ); - PUT_UINT64_BE( ctx->state[5], output, 40 ); - - if( ctx->is384 == 0 ) - { - PUT_UINT64_BE( ctx->state[6], output, 48 ); - PUT_UINT64_BE( ctx->state[7], output, 56 ); - } - -out: - if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) { - esp_sha_unlock_engine(sha_type(ctx)); - ctx->mode = ESP_MBEDTLS_SHA512_SOFTWARE; - } - - return ret; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ - mbedtls_sha512_finish_ret( ctx, output ); -} -#endif - -#endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */ diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/aes.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/aes.h deleted file mode 100644 index f423b8a7ff4..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/aes.h +++ /dev/null @@ -1,353 +0,0 @@ -/** - * \brief AES block cipher, ESP32 hardware accelerated version - * Based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * - */ - -#ifndef ESP_AES_H -#define ESP_AES_H - -#include "esp_types.h" -#include "esp32/rom/aes.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* padlock.c and aesni.c rely on these values! */ -#define ESP_AES_ENCRYPT 1 -#define ESP_AES_DECRYPT 0 - -#define ERR_ESP_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ -#define ERR_ESP_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ - -/** - * \brief AES context structure - * - */ -typedef struct { - uint8_t key_bytes; - volatile uint8_t key_in_hardware; /* This variable is used for fault injection checks, so marked volatile to avoid optimisation */ - uint8_t key[32]; -} esp_aes_context; - -/** - * \brief The AES XTS context-type definition. - */ -typedef struct -{ - esp_aes_context crypt; /*!< The AES context to use for AES block - encryption or decryption. */ - esp_aes_context tweak; /*!< The AES context used for tweak - computation. */ -} esp_aes_xts_context; - - -/** - * \brief Lock access to AES hardware unit - * - * AES hardware unit can only be used by one - * consumer at a time. - * - * esp_aes_xxx API calls automatically manage locking & unlocking of - * hardware, this function is only needed if you want to call - * ets_aes_xxx functions directly. - */ -void esp_aes_acquire_hardware( void ); - -/** - * \brief Unlock access to AES hardware unit - * - * esp_aes_xxx API calls automatically manage locking & unlocking of - * hardware, this function is only needed if you want to call - * ets_aes_xxx functions directly. - */ -void esp_aes_release_hardware( void ); - -/** - * \brief Initialize AES context - * - * \param ctx AES context to be initialized - */ -void esp_aes_init( esp_aes_context *ctx ); - -/** - * \brief Clear AES context - * - * \param ctx AES context to be cleared - */ -void esp_aes_free( esp_aes_context *ctx ); - -/** - * \brief This function initializes the specified AES XTS context. - * - * It must be the first API called before using - * the context. - * - * \param ctx The AES XTS context to initialize. - */ -void esp_aes_xts_init( esp_aes_xts_context *ctx ); - -/** - * \brief This function releases and clears the specified AES XTS context. - * - * \param ctx The AES XTS context to clear. - */ -void esp_aes_xts_free( esp_aes_xts_context *ctx ); - -/** - * \brief AES set key schedule (encryption or decryption) - * - * \param ctx AES context to be initialized - * \param key encryption key - * \param keybits must be 128, 192 or 256 - * - * \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH - */ -int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits ); - -/** - * \brief AES-ECB block encryption/decryption - * - * \param ctx AES context - * \param mode AES_ENCRYPT or AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block - * - * \return 0 if successful - */ -int esp_aes_crypt_ecb( esp_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] ); - -/** - * \brief AES-CBC buffer encryption/decryption - * Length should be a multiple of the block - * size (16 bytes) - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode AES_ENCRYPT or AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful, or ERR_AES_INVALID_INPUT_LENGTH - */ -int esp_aes_crypt_cbc( esp_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - - -/** - * \brief AES-CFB128 buffer encryption/decryption. - * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode AES_ENCRYPT or AES_DECRYPT - * \param length length of the input data - * \param iv_off offset in IV (updated after use) - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful - */ -int esp_aes_crypt_cfb128( esp_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief AES-CFB8 buffer encryption/decryption. - * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode AES_ENCRYPT or AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful - */ -int esp_aes_crypt_cfb8( esp_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief AES-CTR buffer encryption/decryption - * - * Warning: You have to keep the maximum use of your counter in mind! - * - * Note: Due to the nature of CTR you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. - * - * \param ctx AES context - * \param length The length of the data - * \param nc_off The offset in the current stream_block (for resuming - * within current cipher stream). The offset pointer to - * should be 0 at the start of a stream. - * \param nonce_counter The 128-bit nonce and counter. - * \param stream_block The saved stream-block for resuming. Is overwritten - * by the function. - * \param input The input data stream - * \param output The output data stream - * - * \return 0 if successful - */ -int esp_aes_crypt_ctr( esp_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function prepares an XTS context for encryption and - * sets the encryption key. - * - * \param ctx The AES XTS context to which the key should be bound. - * \param key The encryption key. This is comprised of the XTS key1 - * concatenated with the XTS key2. - * \param keybits The size of \p key passed in bits. Valid options are: - *
  • 256 bits (each of key1 and key2 is a 128-bit key)
    • - *
  • 512 bits (each of key1 and key2 is a 256-bit key)
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); - -/** - * \brief This function performs an AES-OFB (Output Feedback Mode) - * encryption or decryption operation. - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param length The length of the input data. - * \param iv_off The offset in IV (updated after use). - * It must point to a valid \c size_t. - * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of \c 16 Bytes. - * \param input The buffer holding the input data. - * It must be readable and of size \p length Bytes. - * \param output The buffer holding the output data. - * It must be writeable and of size \p length Bytes. - * - * \return \c 0 on success. - */ -int esp_aes_crypt_ofb( esp_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); - -/** - * \brief This function prepares an XTS context for decryption and - * sets the decryption key. - * - * \param ctx The AES XTS context to which the key should be bound. - * \param key The decryption key. This is comprised of the XTS key1 - * concatenated with the XTS key2. - * \param keybits The size of \p key passed in bits. Valid options are: - *
  • 256 bits (each of key1 and key2 is a 128-bit key)
    • - *
  • 512 bits (each of key1 and key2 is a 256-bit key)
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); - - -/** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see AES_ENCRYPT_ALT) - * - * \param ctx AES context - * \param input Plaintext block - * \param output Output (ciphertext) block - */ -int esp_internal_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); - -/** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see AES_DECRYPT_ALT) - * - * \param ctx AES context - * \param input Ciphertext block - * \param output Output (plaintext) block - */ -int esp_internal_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); - -/** AES-XTS buffer encryption/decryption */ -int esp_aes_crypt_xts( esp_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output ); - -#ifdef __cplusplus -} -#endif - -#endif /* aes.h */ diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/aes_alt.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/aes_alt.h deleted file mode 100644 index 9e38fccf2d9..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/aes_alt.h +++ /dev/null @@ -1,66 +0,0 @@ -/** - * \file aes_alt.h - * - * \brief AES block cipher - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * - */ -#ifndef AES_ALT_H -#define AES_ALT_H - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_AES_ALT) -#include "aes.h" - -typedef esp_aes_context mbedtls_aes_context; - -#define mbedtls_aes_init esp_aes_init -#define mbedtls_aes_free esp_aes_free -#define mbedtls_aes_setkey_enc esp_aes_setkey -#define mbedtls_aes_setkey_dec esp_aes_setkey -#define mbedtls_aes_crypt_ecb esp_aes_crypt_ecb -#if defined(MBEDTLS_CIPHER_MODE_CBC) -#define mbedtls_aes_crypt_cbc esp_aes_crypt_cbc -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) -#define mbedtls_aes_crypt_cfb128 esp_aes_crypt_cfb128 -#define mbedtls_aes_crypt_cfb8 esp_aes_crypt_cfb8 -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) -#define mbedtls_aes_crypt_ctr esp_aes_crypt_ctr -#endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) -typedef esp_aes_xts_context mbedtls_aes_xts_context; -#define mbedtls_aes_xts_init esp_aes_xts_init -#define mbedtls_aes_xts_free esp_aes_xts_free -#define mbedtls_aes_xts_setkey_enc esp_aes_xts_setkey_enc -#define mbedtls_aes_xts_setkey_dec esp_aes_xts_setkey_dec -#define mbedtls_aes_crypt_xts esp_aes_crypt_xts -#endif -#define mbedtls_internal_aes_encrypt esp_internal_aes_encrypt -#define mbedtls_internal_aes_decrypt esp_internal_aes_decrypt -#endif /* MBEDTLS_AES_ALT */ - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/esp_mem.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/esp_mem.h deleted file mode 100644 index da740830478..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/esp_mem.h +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright 2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#pragma once - -#include - -void *esp_mbedtls_mem_calloc(size_t n, size_t size); -void esp_mbedtls_mem_free(void *ptr); diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/bignum.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/bignum.h deleted file mode 100644 index 23cd56348a7..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/bignum.h +++ /dev/null @@ -1,78 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -#ifndef __ESP_MBEDTLS_BIGNUM_H__ -#define __ESP_MBEDTLS_BIGNUM_H__ - -#include_next "mbedtls/bignum.h" - -/** - * This is a wrapper for the main mbedtls/bignum.h. This wrapper - * provides a few additional ESP32-only functions. - * - * This is because we don't set MBEDTLS_BIGNUM_ALT in the same way we - * do for AES, SHA, etc. Because we still use most of the bignum.h - * implementation and just replace a few hardware accelerated - * functions (see MBEDTLS_MPI_EXP_MOD_ALT & MBEDTLS_MPI_MUL_MPI_ALT in - * esp_config.h). - * - * @note Unlike the other hardware accelerator support functions in esp32/hwcrypto, there is no - * generic "hwcrypto/bignum.h" header for using these functions without mbedTLS. The reason for this - * is that all of the function implementations depend strongly upon the mbedTLS MPI implementation. - */ - -/** - * @brief Lock access to RSA Accelerator (MPI/bignum operations) - * - * RSA Accelerator hardware unit can only be used by one - * consumer at a time. - * - * @note This function is non-recursive (do not call it twice from the - * same task.) - * - * @note You do not need to call this if you are using the mbedTLS bignum.h - * API or esp_mpi_xxx functions. This function is only needed if you - * want to call ROM RSA functions or access the registers directly. - * - */ -void esp_mpi_acquire_hardware(void); - -/** - * @brief Unlock access to RSA Accelerator (MPI/bignum operations) - * - * Has to be called once for each call to esp_mpi_acquire_hardware(). - * - * @note You do not need to call this if you are using the mbedTLS bignum.h - * API or esp_mpi_xxx functions. This function is only needed if you - * want to call ROM RSA functions or access the registers directly. - */ -void esp_mpi_release_hardware(void); - -/* @brief MPI modular mupltiplication function - * - * Calculates Z = (X * Y) mod M using MPI hardware acceleration. - * - * This is not part of the standard mbedTLS bignum API. - * - * @note All of X, Y & Z should be less than 4096 bit long or an error is returned. - * - * @param Z Result bignum, should be pre-initialised with mbedtls_mpi_init(). - * @param X First multiplication argument. - * @param Y Second multiplication argument. - * @param M Modulus value for result. - * - * @return 0 on success, mbedTLS MPI error codes on failure. - */ -int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M); - -#endif diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/config.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/config.h deleted file mode 100644 index cf3d904de02..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/config.h +++ /dev/null @@ -1,9 +0,0 @@ -/* This shim header is added so that any application code - which includes "mbedtls/config.h" directly gets the correct - config. */ -#pragma once -#if !defined(MBEDTLS_CONFIG_FILE) -#include_next "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/esp_config.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/esp_config.h deleted file mode 100644 index 1458310a73f..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/esp_config.h +++ /dev/null @@ -1,2770 +0,0 @@ -/** - * - * \brief Default mbedTLS configuration options for esp-idf - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -#include "sdkconfig.h" - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#ifdef CONFIG_MEDTLS_USE_AFR_MEMORY - #include - - extern void pvCalloc( size_t xNumElements, - size_t xSize ) ; - extern void vPortFree( void ); - MBEDTLS_PLATFORM_STD_CALLOC pvCalloc - MBEDTLS_PLATFORM_STD_FREE vPortFree -#endif - -/** - * \name SECTION: System support - * - * This section sets system specific settings. - * \{ - */ - -/** - * \def MBEDTLS_HAVE_ASM - * - * The compiler has support for asm(). - * - * Requires support for asm() in compiler. - * - * Used in: - * library/timing.c - * library/padlock.c - * include/mbedtls/bn_mul.h - * - * Comment to disable the use of assembly code. - */ -#define MBEDTLS_HAVE_ASM - -/** - * \def MBEDTLS_HAVE_SSE2 - * - * CPU supports SSE2 instruction set. - * - * Uncomment if the CPU supports SSE2 (IA-32 specific). - */ -//#define MBEDTLS_HAVE_SSE2 - -/** - * \def MBEDTLS_HAVE_TIME - * - * System has time.h and time(). - * The time does not need to be correct, only time differences are used, - * by contrast with MBEDTLS_HAVE_TIME_DATE - * - * Comment if your system does not support time functions - */ -#ifdef CONFIG_MBEDTLS_HAVE_TIME -#define MBEDTLS_HAVE_TIME -#endif - -/** - * \def MBEDTLS_HAVE_TIME_DATE - * - * System has time.h and time(), gmtime() and the clock is correct. - * The time needs to be correct (not necesarily very accurate, but at least - * the date should be correct). This is used to verify the validity period of - * X.509 certificates. - * - * Comment if your system does not have a correct clock. - */ -#ifdef CONFIG_MBEDTLS_HAVE_TIME_DATE -#define MBEDTLS_HAVE_TIME_DATE -#endif - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -#define MBEDTLS_PLATFORM_MEMORY - -/** Override calloc(), free() except for case where memory allocation scheme is not set to custom */ -#ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC -#include "esp_mem.h" -#define MBEDTLS_PLATFORM_STD_CALLOC esp_mbedtls_mem_calloc -#define MBEDTLS_PLATFORM_STD_FREE esp_mbedtls_mem_free -#endif - -/** - * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - * - * Do not assign standard functions in the platform layer (e.g. calloc() to - * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) - * - * This makes sure there are no linking errors on platforms that do not support - * these functions. You will HAVE to provide alternatives, either at runtime - * via the platform_set_xxx() functions or at compile time by setting - * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a - * MBEDTLS_PLATFORM_XXX_MACRO. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Uncomment to prevent default assignment of standard functions in the - * platform layer. - */ -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - -/** - * \def MBEDTLS_PLATFORM_EXIT_ALT - * - * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the - * function in the platform abstraction layer. - * - * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will - * provide a function "mbedtls_platform_set_printf()" that allows you to set an - * alternative printf function pointer. - * - * All these define require MBEDTLS_PLATFORM_C to be defined! - * - * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; - * it will be enabled automatically by check_config.h - * - * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as - * MBEDTLS_PLATFORM_XXX_MACRO! - * - * Uncomment a macro to enable alternate implementation of specific base - * platform function - */ -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT - -/** - * \def MBEDTLS_DEPRECATED_WARNING - * - * Mark deprecated functions so that they generate a warning if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * This only works with GCC and Clang. With other compilers, you may want to - * use MBEDTLS_DEPRECATED_REMOVED - * - * Uncomment to get warnings on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_WARNING - -/** - * \def MBEDTLS_DEPRECATED_REMOVED - * - * Remove deprecated functions so that they generate an error if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * Uncomment to get errors on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_REMOVED - -/* \} name SECTION: System support */ - -/** - * \name SECTION: mbed TLS feature support - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/** - * \def MBEDTLS_TIMING_ALT - * - * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), - * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() - * - * Only works if you have MBEDTLS_TIMING_C enabled. - * - * You will need to provide a header "timing_alt.h" and an implementation at - * compile time. - */ -//#define MBEDTLS_TIMING_ALT - -/** - * \def MBEDTLS_AES_ALT - * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternate core implementation of a symmetric crypto or hash module (e.g. - * platform specific assembly optimized implementations). Keep in mind that - * the function prototypes should remain the same. - * - * This replaces the whole module. If you only want to replace one of the - * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer - * provide the "struct mbedtls_aes_context" definition and omit the base function - * declarations and implementations. "aes_alt.h" will be included from - * "aes.h" to include the new function definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * module. - */ -//#define MBEDTLS_ARC4_ALT -//#define MBEDTLS_BLOWFISH_ALT -//#define MBEDTLS_CAMELLIA_ALT -//#define MBEDTLS_DES_ALT -//#define MBEDTLS_XTEA_ALT -//#define MBEDTLS_MD2_ALT -//#define MBEDTLS_MD4_ALT -//#define MBEDTLS_MD5_ALT -//#define MBEDTLS_RIPEMD160_ALT - -/* The following units have ESP32 hardware support, - uncommenting each _ALT macro will use the - hardware-accelerated implementation. */ -#ifdef CONFIG_MBEDTLS_HARDWARE_AES -#define MBEDTLS_AES_ALT -#endif - -/* MBEDTLS_SHAxx_ALT to enable hardware SHA support - with software fallback. -*/ -#ifdef CONFIG_MBEDTLS_HARDWARE_SHA -#define MBEDTLS_SHA1_ALT -#define MBEDTLS_SHA256_ALT -#define MBEDTLS_SHA512_ALT -#endif - -/* The following MPI (bignum) functions have ESP32 hardware support, - Uncommenting these macros will use the hardware-accelerated - implementations. -*/ -#ifdef CONFIG_MBEDTLS_HARDWARE_MPI -#define MBEDTLS_MPI_EXP_MOD_ALT -#define MBEDTLS_MPI_MUL_MPI_ALT -#endif - -/** - * \def MBEDTLS_MD2_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - */ -//#define MBEDTLS_MD2_PROCESS_ALT -//#define MBEDTLS_MD4_PROCESS_ALT -//#define MBEDTLS_MD5_PROCESS_ALT -//#define MBEDTLS_RIPEMD160_PROCESS_ALT -//#define MBEDTLS_SHA1_PROCESS_ALT -//#define MBEDTLS_SHA256_PROCESS_ALT -//#define MBEDTLS_SHA512_PROCESS_ALT -//#define MBEDTLS_DES_SETKEY_ALT -//#define MBEDTLS_DES_CRYPT_ECB_ALT -//#define MBEDTLS_DES3_CRYPT_ECB_ALT -//#define MBEDTLS_AES_SETKEY_ENC_ALT -//#define MBEDTLS_AES_SETKEY_DEC_ALT -//#define MBEDTLS_AES_ENCRYPT_ALT -//#define MBEDTLS_AES_DECRYPT_ALT - -/** - * \def MBEDTLS_ECP_RESTARTABLE - * - * Enable "non-blocking" ECC operations that can return early and be resumed. - * - * This allows various functions to pause by returning - * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in - * order to further progress and eventually complete their operation. This is - * controlled through mbedtls_ecp_set_max_ops() which limits the maximum - * number of ECC operations a function may perform before pausing; see - * mbedtls_ecp_set_max_ops() for more information. - * - * This is useful in non-threaded environments if you want to avoid blocking - * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. - * - * Uncomment this macro to enable restartable ECC computations. - * - * \note This option only works with the default software implementation of - * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. - */ -#ifdef CONFIG_MBEDTLS_ECP_RESTARTABLE -#define MBEDTLS_ECP_RESTARTABLE -#endif - -/** - * \def MBEDTLS_CMAC_C - * - * Enable the CMAC (Cipher-based Message Authentication Code) mode for block - * ciphers. - * - * Module: library/cmac.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C - * - */ -#ifdef CONFIG_MBEDTLS_CMAC_C -#define MBEDTLS_CMAC_C -#endif - -/** - * \def MBEDTLS_ENTROPY_HARDWARE_ALT - * - * Uncomment this macro to let mbed TLS use your own implementation of a - * hardware entropy collector. - * - * Your function must be called \c mbedtls_hardware_poll(), have the same - * prototype as declared in entropy_poll.h, and accept NULL as first argument. - * - * Uncomment to use your own hardware entropy collector. - */ -#define MBEDTLS_ENTROPY_HARDWARE_ALT - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Store the AES tables in ROM. - * - * Uncomment this macro to store the AES tables in ROM. - */ -#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_CAMELLIA_SMALL_MEMORY - * - * Use less ROM for the Camellia implementation (saves about 768 bytes). - * - * Uncomment this macro to use less memory for Camellia. - */ -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY - -/** - * \def MBEDTLS_CIPHER_MODE_CBC - * - * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CBC - -/** - * \def MBEDTLS_CIPHER_MODE_CFB - * - * Enable Cipher Feedback mode (CFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CFB - -/** - * \def MBEDTLS_CIPHER_MODE_CTR - * - * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CTR - -/** - * \def MBEDTLS_CIPHER_MODE_XTS - * - * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. - */ -#define MBEDTLS_CIPHER_MODE_XTS - -/** - * \def MBEDTLS_CIPHER_NULL_CIPHER - * - * Enable NULL cipher. - * Warning: Only do so when you know what you are doing. This allows for - * encryption or channels without any security! - * - * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable - * the following ciphersuites: - * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA - * - * Uncomment this macro to enable the NULL cipher and ciphersuites - */ -//#define MBEDTLS_CIPHER_NULL_CIPHER - -/** - * \def MBEDTLS_CIPHER_PADDING_PKCS7 - * - * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for - * specific padding modes in the cipher layer with cipher modes that support - * padding (e.g. CBC) - * - * If you disable all padding modes, only full blocks can be used with CBC. - * - * Enable padding modes in the cipher layer. - */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS - -/** - * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES - * - * Enable weak ciphersuites in SSL / TLS. - * Warning: Only do so when you know what you are doing. This allows for - * channels with virtually no security at all! - * - * This enables the following ciphersuites: - * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA - * - * Uncomment this macro to enable weak ciphersuites - */ -//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES - -/** - * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES - * - * Remove RC4 ciphersuites by default in SSL / TLS. - * This flag removes the ciphersuites based on RC4 from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to - * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them - * explicitly. - * - * Uncomment this macro to remove RC4 ciphersuites by default. - */ -#ifdef CONFIG_MBEDTLS_RC4_ENABLED -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES -#endif - -/** - * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED - * - * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve - * module. By default all supported curves are enabled. - * - * Comment macros to disable the curve and functions for it - */ -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#endif - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#ifdef CONFIG_MBEDTLS_ECP_NIST_OPTIM -#define MBEDTLS_ECP_NIST_OPTIM -#endif - -/** - * \def MBEDTLS_ECDSA_DETERMINISTIC - * - * Enable deterministic ECDSA (RFC 6979). - * Standard ECDSA is "fragile" in the sense that lack of entropy when signing - * may result in a compromise of the long-term signing key. This is avoided by - * the deterministic variant. - * - * Requires: MBEDTLS_HMAC_DRBG_C - * - * Comment this macro to disable deterministic ECDSA. - */ -//#define MBEDTLS_ECDSA_DETERMINISTIC - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_PSK -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - * - * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Requires: MBEDTLS_ECJPAKE_C - * MBEDTLS_SHA256_C - * MBEDTLS_ECP_DP_SECP256R1_ENABLED - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_GENPRIME - * - * Enable the prime-number generation code. - * - * Requires: MBEDTLS_BIGNUM_C - */ -#define MBEDTLS_GENPRIME - -/** - * \def MBEDTLS_FS_IO - * - * Enable functions that use the filesystem. - */ -#define MBEDTLS_FS_IO - -/** - * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - * Do not add default entropy sources. These are the platform specific, - * mbedtls_timing_hardclock and HAVEGE based poll functions. - * - * This is useful to have more control over the added entropy sources in an - * application. - * - * Uncomment this macro to prevent loading of default entropy functions. - */ -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_FORCE_SHA256 - * - * Force the entropy accumulator to use a SHA-256 accumulator instead of the - * default SHA-512 based one (if both are available). - * - * Requires: MBEDTLS_SHA256_C - * - * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option - * if you have performance concerns. - * - * This option is only useful if both MBEDTLS_SHA256_C and - * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. - */ -//#define MBEDTLS_ENTROPY_FORCE_SHA256 - -/** - * \def MBEDTLS_MEMORY_DEBUG - * - * Enable debugging of buffer allocator memory issues. Automatically prints - * (to stderr) all (fatal) messages on memory allocation issues. Enables - * function for 'debug output' of allocated memory. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Uncomment this macro to let the buffer allocator print out error messages. - */ -//#define MBEDTLS_MEMORY_DEBUG - -/** - * \def MBEDTLS_MEMORY_BACKTRACE - * - * Include backtrace information with each allocated block. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * GLIBC-compatible backtrace() an backtrace_symbols() support - * - * Uncomment this macro to include backtrace information - */ -//#define MBEDTLS_MEMORY_BACKTRACE - -/** - * \def MBEDTLS_PK_RSA_ALT_SUPPORT - * - * Support external private RSA keys (eg from a HSM) in the PK layer. - * - * Comment this macro to disable support for external private RSA keys. - */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT - -/** - * \def MBEDTLS_PKCS1_V15 - * - * Enable support for PKCS#1 v1.5 encoding. - * - * Requires: MBEDTLS_RSA_C - * - * This enables support for PKCS#1 v1.5 operations. - */ -#define MBEDTLS_PKCS1_V15 - -/** - * \def MBEDTLS_PKCS1_V21 - * - * Enable support for PKCS#1 v2.1 encoding. - * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C - * - * This enables support for RSAES-OAEP and RSASSA-PSS operations. - */ -#define MBEDTLS_PKCS1_V21 - -/** - * \def MBEDTLS_RSA_NO_CRT - * - * Do not use the Chinese Remainder Theorem for the RSA private operation. - * - * Uncomment this macro to disable the use of CRT in RSA. - * - */ -//#define MBEDTLS_RSA_NO_CRT - -/** - * \def MBEDTLS_SELF_TEST - * - * Enable the checkup functions (*_self_test). - */ -#define MBEDTLS_SELF_TEST - -/** - * \def MBEDTLS_SHA256_SMALLER - * - * Enable an implementation of SHA-256 that has lower ROM footprint but also - * lower performance. - * - * The default implementation is meant to be a reasonnable compromise between - * performance and size. This version optimizes more aggressively for size at - * the expense of performance. Eg on Cortex-M4 it reduces the size of - * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about - * 30%. - * - * Uncomment to enable the smaller implementation of SHA256. - */ -//#define MBEDTLS_SHA256_SMALLER - -/** - * \def MBEDTLS_SSL_AEAD_RANDOM_IV - * - * Generate a random IV rather than using the record sequence number as a - * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). - * - * Using the sequence number is generally recommended. - * - * Uncomment this macro to always use random IVs with AEAD ciphersuites. - */ -//#define MBEDTLS_SSL_AEAD_RANDOM_IV - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** - * \def MBEDTLS_SSL_DEBUG_ALL - * - * Enable the debug messages in SSL module for all issues. - * Debug messages have been disabled in some places to prevent timing - * attacks due to (unbalanced) debugging function calls. - * - * If you need all error reporting you should enable this during debugging, - * but remove this for production servers that should log as well. - * - * Uncomment this macro to report all debug messages on errors introducing - * a timing side-channel. - * - */ -//#define MBEDTLS_SSL_DEBUG_ALL - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#ifdef CONFIG_MBEDTLS_TLS_ENABLED -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC -#endif - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for Extended Master Secret, aka Session Hash - * (draft-ietf-tls-session-hash-02). - * - * This was introduced as "the proper fix" to the Triple Handshake familiy of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#ifdef CONFIG_MBEDTLS_TLS_ENABLED -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#endif - -/** - * \def MBEDTLS_SSL_FALLBACK_SCSV - * - * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). - * - * For servers, it is recommended to always enable this, unless you support - * only one version of TLS, or know for sure that none of your clients - * implements a fallback strategy. - * - * For clients, you only need this if you're using a fallback strategy, which - * is not recommended in the first place, unless you absolutely need it to - * interoperate with buggy (version-intolerant) servers. - * - * Comment this macro to disable support for FALLBACK_SCSV - */ -#define MBEDTLS_SSL_FALLBACK_SCSV - -/** - * \def MBEDTLS_SSL_HW_RECORD_ACCEL - * - * Enable hooking functions in SSL module for hardware acceleration of - * individual records. - * - * Uncomment this macro to enable hooking functions. - */ -//#define MBEDTLS_SSL_HW_RECORD_ACCEL - -/** - * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING - * - * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. - * - * This is a countermeasure to the BEAST attack, which also minimizes the risk - * of interoperability issues compared to sending 0-length records. - * - * Comment this macro to disable 1/n-1 record splitting. - */ -#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING -#endif - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Disable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Comment this to disable support for renegotiation. - */ -#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION -#define MBEDTLS_SSL_RENEGOTIATION -#endif - -/** - * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - * - * Enable support for receiving and parsing SSLv2 Client Hello messages for the - * SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to enable support for SSLv2 Client Hello messages. - */ -//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - -/** - * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - * - * Pick the ciphersuite according to the client's preferences rather than ours - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to respect client's ciphersuite order - */ -//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_SSL3 - * - * Enable support for SSL 3.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for SSL 3.0 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_SSL3 -#define MBEDTLS_SSL_PROTO_SSL3 -#endif - -/** - * \def MBEDTLS_SSL_PROTO_TLS1 - * - * Enable support for TLS 1.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.0 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1 -#define MBEDTLS_SSL_PROTO_TLS1 -#endif - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_1 - * - * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1 -#define MBEDTLS_SSL_PROTO_TLS1_1 -#endif - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C - * (Depends on ciphersuites) - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_TLS1_2 -#endif - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, - * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_1 - * or MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_PROTO_DTLS -#endif - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#ifdef CONFIG_MBEDTLS_SSL_ALPN -#define MBEDTLS_SSL_ALPN -#endif - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#endif - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can ba a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -#endif - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#endif - -/** - * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT - * - * Enable support for a limit of records with bad MAC. - * - * See mbedtls_ssl_conf_dtls_badmac_limit(). - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT -#endif - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintainance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#ifdef CONFIG_MBEDTLS_SSL_SESSION_TICKETS -#define MBEDTLS_SSL_SESSION_TICKETS -#endif - -/** - * \def MBEDTLS_SSL_EXPORT_KEYS - * - * Enable support for exporting key block and master secret. - * This is required for certain users of TLS, e.g. EAP-TLS. - * - * Comment this macro to disable support for key export - */ -#define MBEDTLS_SSL_EXPORT_KEYS - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC - -/** - * \def MBEDTLS_THREADING_ALT - * - * Provide your own alternate threading implementation. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to allow your own alternate threading implementation. - */ -#define MBEDTLS_THREADING_ALT - -/** - * \def MBEDTLS_THREADING_PTHREAD - * - * Enable the pthread wrapper layer for the threading layer. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to enable pthread mutexes. - */ -//#define MBEDTLS_THREADING_PTHREAD - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an extension in a v1 or v2 certificate. - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - -/** - * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an unknown critical extension. - * - * \warning Depending on your PKI use, enabling this can be a security risk! - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT - -/** - * \def MBEDTLS_ZLIB_SUPPORT - * - * If set, the SSL/TLS module uses ZLIB to support compression and - * decompression of packet data. - * - * \warning TLS-level compression MAY REDUCE SECURITY! See for example the - * CRIME attack. Before enabling this option, you should examine with care if - * CRIME or similar exploits may be a applicable to your use case. - * - * \note Currently compression can't be used with DTLS. - * - * Used in: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This feature requires zlib library and headers to be present. - * - * Uncomment to enable use of ZLIB - */ -//#define MBEDTLS_ZLIB_SUPPORT -/* \} name SECTION: mbed TLS feature support */ - -/** - * \name SECTION: mbed TLS modules - * - * This section enables or disables entire modules in mbed TLS - * \{ - */ - -/** - * \def MBEDTLS_AESNI_C - * - * Enable AES-NI support on x86-64. - * - * Module: library/aesni.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the AES-NI instructions on x86-64 - */ -#define MBEDTLS_AESNI_C - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/ssl_tls.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#ifdef CONFIG_MBEDTLS_AES_C -#define MBEDTLS_AES_C -#endif - -/** - * \def MBEDTLS_ARC4_C - * - * Enable the ARCFOUR stream cipher. - * - * Module: library/arc4.c - * Caller: library/ssl_tls.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - */ -#if defined(CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT) || defined(CONFIG_MBEDTLS_RC4_ENABLED) -#define MBEDTLS_ARC4_C -#endif - -/** - * \def MBEDTLS_ASN1_PARSE_C - * - * Enable the generic ASN1 parser. - * - * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c - * library/pkcs12.c - * library/pkcs5.c - * library/pkparse.c - */ -#define MBEDTLS_ASN1_PARSE_C - -/** - * \def MBEDTLS_ASN1_WRITE_C - * - * Enable the generic ASN1 writer. - * - * Module: library/asn1write.c - * Caller: library/ecdsa.c - * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - */ -#define MBEDTLS_ASN1_WRITE_C - -/** - * \def MBEDTLS_BASE64_C - * - * Enable the Base64 module. - * - * Module: library/base64.c - * Caller: library/pem.c - * - * This module is required for PEM support (required by X.509). - */ -#define MBEDTLS_BASE64_C - -/** - * \def MBEDTLS_BIGNUM_C - * - * Enable the multi-precision integer library. - * - * Module: library/bignum.c - * Caller: library/dhm.c - * library/ecp.c - * library/ecdsa.c - * library/rsa.c - * library/ssl_tls.c - * - * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. - */ -#define MBEDTLS_BIGNUM_C - -/** - * \def MBEDTLS_BLOWFISH_C - * - * Enable the Blowfish block cipher. - * - * Module: library/blowfish.c - */ -#ifdef CONFIG_MBEDTLS_BLOWFISH_C -#define MBEDTLS_BLOWFISH_C -#endif - -/** - * \def MBEDTLS_CAMELLIA_C - * - * Enable the Camellia block cipher. - * - * Module: library/camellia.c - * Caller: library/ssl_tls.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#ifdef CONFIG_MBEDTLS_CAMELLIA_C -#define MBEDTLS_CAMELLIA_C -#endif - -/** - * \def MBEDTLS_CCM_C - * - * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. - * - * Module: library/ccm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-CCM ciphersuites, if other requisites are - * enabled as well. - */ -#ifdef CONFIG_MBEDTLS_CCM_C -#define MBEDTLS_CCM_C -#endif - -/** - * \def MBEDTLS_CERTS_C - * - * Enable the test certificates. - * - * Module: library/certs.c - * Caller: - * - * This module is used for testing (ssl_client/server). - */ -#define MBEDTLS_CERTS_C - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ssl_tls.c - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-256-based random generator. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C - * - * This module provides the CTR_DRBG AES-256 random number generator. - */ -#define MBEDTLS_CTR_DRBG_C - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module provides debugging functions. - */ -#if CONFIG_MBEDTLS_DEBUG -#define MBEDTLS_DEBUG_C -#endif - -/** - * \def MBEDTLS_DES_C - * - * Enable the DES block cipher. - * - * Module: library/des.c - * Caller: library/pem.c - * library/ssl_tls.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * - * PEM_PARSE uses DES/3DES for decrypting encrypted keys. - */ -#ifdef CONFIG_MBEDTLS_DES_C -#define MBEDTLS_DES_C -#endif - -/** - * \def MBEDTLS_DHM_C - * - * Enable the Diffie-Hellman-Merkle module. - * - * Module: library/dhm.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * DHE-RSA, DHE-PSK - */ -#define MBEDTLS_DHM_C - -/** - * \def MBEDTLS_ECDH_C - * - * Enable the elliptic curve Diffie-Hellman library. - * - * Module: library/ecdh.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK - * - * Requires: MBEDTLS_ECP_C - */ -#ifdef CONFIG_MBEDTLS_ECDH_C -#define MBEDTLS_ECDH_C -#endif - -/** - * \def MBEDTLS_ECDSA_C - * - * Enable the elliptic curve DSA library. - * - * Module: library/ecdsa.c - * Caller: - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C - */ -#ifdef CONFIG_MBEDTLS_ECDSA_C -#define MBEDTLS_ECDSA_C -#endif - -/** - * \def MBEDTLS_ECJPAKE_C - * - * Enable the elliptic curve J-PAKE library. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Module: library/ecjpake.c - * Caller: - * - * This module is used by the following key exchanges: - * ECJPAKE - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C - */ -//#define MBEDTLS_ECJPAKE_C - -/** - * \def MBEDTLS_ECP_C - * - * Enable the elliptic curve over GF(p) library. - * - * Module: library/ecp.c - * Caller: library/ecdh.c - * library/ecdsa.c - * library/ecjpake.c - * - * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED - */ -#ifdef CONFIG_MBEDTLS_ECP_C -#define MBEDTLS_ECP_C -#endif - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_GCM_C - * - * Enable the Galois/Counter Mode (GCM) for AES. - * - * Module: library/gcm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other - * requisites are enabled as well. - */ -#ifdef CONFIG_MBEDTLS_GCM_C -#define MBEDTLS_GCM_C -#endif - -/** - * \def MBEDTLS_HAVEGE_C - * - * Enable the HAVEGE random generator. - * - * Warning: the HAVEGE random generator is not suitable for virtualized - * environments - * - * Warning: the HAVEGE random generator is dependent on timing and specific - * processor traits. It is therefore not advised to use HAVEGE as - * your applications primary random generator or primary entropy pool - * input. As a secondary input to your entropy pool, it IS able add - * the (limited) extra entropy it provides. - * - * Module: library/havege.c - * Caller: - * - * Requires: MBEDTLS_TIMING_C - * - * Uncomment to enable the HAVEGE random generator. - */ -//#define MBEDTLS_HAVEGE_C - -/** - * \def MBEDTLS_HMAC_DRBG_C - * - * Enable the HMAC_DRBG random generator. - * - * Module: library/hmac_drbg.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * Uncomment to enable the HMAC_DRBG random number geerator. - */ -#define MBEDTLS_HMAC_DRBG_C - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic message digest layer. - * - * Module: library/mbedtls_md.c - * Caller: - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C - -/** - * \def MBEDTLS_MD2_C - * - * Enable the MD2 hash algorithm. - * - * Module: library/mbedtls_md2.c - * Caller: - * - * Uncomment to enable support for (rare) MD2-signed X.509 certs. - */ -//#define MBEDTLS_MD2_C - -/** - * \def MBEDTLS_MD4_C - * - * Enable the MD4 hash algorithm. - * - * Module: library/mbedtls_md4.c - * Caller: - * - * Uncomment to enable support for (rare) MD4-signed X.509 certs. - */ -//#define MBEDTLS_MD4_C - -/** - * \def MBEDTLS_MD5_C - * - * Enable the MD5 hash algorithm. - * - * Module: library/mbedtls_md5.c - * Caller: library/mbedtls_md.c - * library/pem.c - * library/ssl_tls.c - * - * This module is required for SSL/TLS and X.509. - * PEM_PARSE uses MD5 for decrypting encrypted keys. - */ -#define MBEDTLS_MD5_C - -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP/IP networking routines. - * - * Module: library/net.c - * - * This module provides TCP/IP networking routines. - */ -//#define MBEDTLS_NET_C - -/** - * \def MBEDTLS_OID_C - * - * Enable the OID database. - * - * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - * - * This modules translates between OIDs and internal values. - */ -#define MBEDTLS_OID_C - -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - -/** - * \def MBEDTLS_PEM_PARSE_C - * - * Enable PEM decoding / parsing. - * - * Module: library/pem.c - * Caller: library/dhm.c - * library/pkparse.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for decoding / parsing PEM files. - */ -#ifdef CONFIG_MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PEM_PARSE_C -#endif - -/** - * \def MBEDTLS_PEM_WRITE_C - * - * Enable PEM encoding / writing. - * - * Module: library/pem.c - * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for encoding / writing PEM files. - */ -#ifdef CONFIG_MBEDTLS_PEM_WRITE_C -#define MBEDTLS_PEM_WRITE_C -#endif - -/** - * \def MBEDTLS_PK_C - * - * Enable the generic public (asymetric) key layer. - * - * Module: library/pk.c - * Caller: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C - * - * Uncomment to enable generic public key wrappers. - */ -#define MBEDTLS_PK_C - -/** - * \def MBEDTLS_PK_PARSE_C - * - * Enable the generic public (asymetric) key parser. - * - * Module: library/pkparse.c - * Caller: library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key parse functions. - */ -#define MBEDTLS_PK_PARSE_C - -/** - * \def MBEDTLS_PK_WRITE_C - * - * Enable the generic public (asymetric) key writer. - * - * Module: library/pkwrite.c - * Caller: library/x509write.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key write functions. - */ -#define MBEDTLS_PK_WRITE_C - -/** - * \def MBEDTLS_PKCS5_C - * - * Enable PKCS#5 functions. - * - * Module: library/pkcs5.c - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the PKCS#5 functions. - */ -#define MBEDTLS_PKCS5_C - -/** - * \def MBEDTLS_PKCS11_C - * - * Enable wrapper for PKCS#11 smartcard support. - * - * Module: library/pkcs11.c - * Caller: library/pk.c - * - * Requires: MBEDTLS_PK_C - * - * This module enables SSL/TLS PKCS #11 smartcard support. - * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) - */ -//#define MBEDTLS_PKCS11_C - -/** - * \def MBEDTLS_PKCS12_C - * - * Enable PKCS#12 PBE functions. - * Adds algorithms for parsing PKCS#8 encrypted private keys - * - * Module: library/pkcs12.c - * Caller: library/pkparse.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * Can use: MBEDTLS_ARC4_C - * - * This module enables PKCS#12 functions. - */ -#define MBEDTLS_PKCS12_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_RIPEMD160_C - * - * Enable the RIPEMD-160 hash algorithm. - * - * Module: library/mbedtls_ripemd160.c - * Caller: library/mbedtls_md.c - * - */ -#ifdef CONFIG_MBEDTLS_RIPEMD160_C -#define MBEDTLS_RIPEMD160_C -#endif - -/** - * \def MBEDTLS_RSA_C - * - * Enable the RSA public-key cryptosystem. - * - * Module: library/rsa.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509.c - * - * This module is used by the following key exchanges: - * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C - */ -#define MBEDTLS_RSA_C - -/** - * \def MBEDTLS_SHA1_C - * - * Enable the SHA1 cryptographic hash algorithm. - * - * Module: library/mbedtls_sha1.c - * Caller: library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509write_crt.c - * - * This module is required for SSL/TLS and SHA1-signed certificates. - */ -#define MBEDTLS_SHA1_C - -/** - * \def MBEDTLS_SHA256_C - * - * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. - * - * Module: library/mbedtls_sha256.c - * Caller: library/entropy.c - * library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module adds support for SHA-224 and SHA-256. - * This module is required for the SSL/TLS 1.2 PRF function. - */ -#define MBEDTLS_SHA256_C - -/** - * \def MBEDTLS_SHA512_C - * - * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. - * - * Module: library/mbedtls_sha512.c - * Caller: library/entropy.c - * library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This module adds support for SHA-384 and SHA-512. - */ -//#define MBEDTLS_SHA512_C - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: MBEDTLS_CIPHER_C - */ -#define MBEDTLS_SSL_TICKET_C - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl_cli.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS client support. - */ -#ifdef CONFIG_MBEDTLS_TLS_CLIENT -#define MBEDTLS_SSL_CLI_C -#endif - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl_srv.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS server support. - */ -#ifdef CONFIG_MBEDTLS_TLS_SERVER -#define MBEDTLS_SSL_SRV_C -#endif - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#ifdef CONFIG_MBEDTLS_TLS_ENABLED -#define MBEDTLS_SSL_TLS_C -#endif - -/** - * \def MBEDTLS_THREADING_C - * - * Enable the threading abstraction layer. - * By default mbed TLS assumes it is used in a non-threaded environment or that - * contexts are not shared between threads. If you do intend to use contexts - * between threads, you will need to enable this layer to prevent race - * conditions. - * - * Module: library/threading.c - * - * This allows different threading implementations (self-implemented or - * provided). - * - * You will have to enable either MBEDTLS_THREADING_ALT or - * MBEDTLS_THREADING_PTHREAD. - * - * Enable this layer to allow use of mutexes within mbed TLS - */ -#define MBEDTLS_THREADING_C - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the portable timing interface. - * - * Module: library/timing.c - * Caller: library/havege.c - * - * This module is used by the HAVEGE random number generator. - */ -//#define MBEDTLS_TIMING_C - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/mbedtls_x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/mbedtls_x509_crl.c - * Caller: library/mbedtls_x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#ifdef CONFIG_MBEDTLS_X509_CRL_PARSE_C -#define MBEDTLS_X509_CRL_PARSE_C -#endif - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/mbedtls_x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#ifdef CONFIG_MBEDTLS_X509_CSR_PARSE_C -#define MBEDTLS_X509_CSR_PARSE_C -#endif - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/** - * \def MBEDTLS_XTEA_C - * - * Enable the XTEA block cipher. - * - * Module: library/xtea.c - * Caller: - */ -#ifdef CONFIG_MBEDTLS_XTEA_C -#define MBEDTLS_XTEA_C -#endif - -/* \} name SECTION: mbed TLS modules */ - -/** - * \name SECTION: Module configuration options - * - * This section allows for the setting of module specific sizes and - * configuration options. The default values are already present in the - * relevant header files and should suffice for the regular use cases. - * - * Our advice is to enable options and change their values here - * only if you have a good reason and know the consequences. - * - * Please check the respective header file for documentation on these - * parameters (to prevent duplicate documentation). - * \{ - */ - -/* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ -//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ - -/* CTR_DRBG options */ -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* HMAC_DRBG options */ -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ -//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ - -/* Entropy options */ -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ - -/* Memory buffer allocator options */ -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ - -/* Platform options */ -//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ - -/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ -/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ - -/* SSL Cache options */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ - -/* SSL options */ -#ifndef CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN - -#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ - -#else - -/** \def MBEDTLS_SSL_IN_CONTENT_LEN - * - * Maximum incoming fragment length in bytes. - * - * Uncomment to set the size of the inward TLS buffer independently of the - * outward buffer. - */ -#define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN - -/** \def MBEDTLS_SSL_OUT_CONTENT_LEN - * - * Maximum outgoing fragment length in bytes. - * - * Uncomment to set the size of the outward TLS buffer independently of the - * inward buffer. - * - * It is possible to save RAM by setting a smaller outward buffer, while keeping - * the default inward 16384 byte buffer to conform to the TLS specification. - * - * The minimum required outward buffer size is determined by the handshake - * protocol's usage. Handshaking will fail if the outward buffer is too small. - * The specific size requirement depends on the configured ciphers and any - * certificate data which is sent during the handshake. - * - * For absolute minimum RAM usage, it's best to enable - * MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This - * reduces both incoming and outgoing buffer sizes. However this is only - * guaranteed if the other end of the connection also supports the TLS - * max_fragment_len extension. Otherwise the connection may fail. - */ -#define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN - -#endif /* !CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN */ - -//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ - -/** - * Complete list of ciphersuites to use, in order of preference. - * - * \warning No dependency checking is done on that field! This option can only - * be used to restrict the set of available ciphersuites. It is your - * responsibility to make sure the needed modules are active. - * - * Use this to save a few hundred bytes of ROM (default ordering of all - * available ciphersuites) and a few to a few hundred bytes of RAM. - * - * The value below is only an example, not the default. - */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* X509 options */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ - -/** - * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake - * signature and ciphersuite selection. Without this build-time option, SHA-1 - * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. - * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by - * default. At the time of writing, there is no practical attack on the use - * of SHA-1 in handshake signatures, hence this option is turned on by default - * for compatibility with existing peers. - */ -#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE - -/* \} name SECTION: Module configuration options */ - -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif - -/* - * Allow user to override any previous default. - * - * Use two macro names for that, as: - * - with yotta the prefix YOTTA_CFG_ is forced - * - without yotta is looks weird to have a YOTTA prefix. - */ -#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) -#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE -#elif defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/esp_debug.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/esp_debug.h deleted file mode 100644 index 8e23a5ea322..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/mbedtls/esp_debug.h +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -#ifndef _ESP_DEBUG_H_ -#define _ESP_DEBUG_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "sdkconfig.h" -#ifdef CONFIG_MBEDTLS_DEBUG - -/** @brief Enable mbedTLS debug logging via the esp_log mechanism. - * - * mbedTLS internal debugging is filtered from a specified mbedTLS - * threshold level to esp_log level at runtime: - * - * - 1 - Warning - * - 2 - Info - * - 3 - Debug - * - 4 - Verbose - * - * (Note that mbedTLS debug thresholds are not always consistently used.) - * - * This function will set the esp log level for "mbedtls" to the specified mbedTLS - * threshold level that matches. However, the overall max ESP log level must be set high - * enough in menuconfig, or some messages may be filtered at compile time. - * - * @param conf mbedtls_ssl_config structure - * @param mbedTLS debug threshold, 0-4. Messages are filtered at runtime. - */ -void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold); - -/** @brief Disable mbedTLS debug logging via the esp_log mechanism. - * - */ -void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf); - - -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* __ESP_DEBUG_H__ */ diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha.h deleted file mode 100644 index 2009d198180..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha.h +++ /dev/null @@ -1,211 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -#ifndef _ESP_SHA_H_ -#define _ESP_SHA_H_ - -#include "esp32/rom/sha.h" -#include "esp_types.h" - -/** @brief Low-level support functions for the hardware SHA engine - * - * @note If you're looking for a SHA API to use, try mbedtls component - * mbedtls/shaXX.h. That API supports hardware acceleration. - * - * The API in this header provides some building blocks for implementing a - * full SHA API such as the one in mbedtls, and also a basic SHA function esp_sha(). - * - * Some technical details about the hardware SHA engine: - * - * - SHA accelerator engine calculates one digest at a time, per SHA - * algorithm type. It initialises and maintains the digest state - * internally. It is possible to read out an in-progress SHA digest - * state, but it is not possible to restore a SHA digest state - * into the engine. - * - * - The memory block SHA_TEXT_BASE is shared between all SHA digest - * engines, so all engines must be idle before this memory block is - * modified. - * - */ - -#ifdef __cplusplus -extern "C" { -#endif - -/* Defined in esp32/rom/sha.h */ -typedef enum SHA_TYPE esp_sha_type; - -/** @brief Calculate SHA1 or SHA2 sum of some data, using hardware SHA engine - * - * @note For more versatile SHA calculations, where data doesn't need - * to be passed all at once, try the mbedTLS mbedtls/shaX.h APIs. The - * hardware-accelerated mbedTLS implementation is also faster when - * hashing large amounts of data. - * - * @note It is not necessary to lock any SHA hardware before calling - * this function, thread safety is managed internally. - * - * @note If a TLS connection is open then this function may block - * indefinitely waiting for a SHA engine to become available. Use the - * mbedTLS SHA API to avoid this problem. - * - * @param sha_type SHA algorithm to use. - * - * @param input Input data buffer. - * - * @param ilen Length of input data in bytes. - * - * @param output Buffer for output SHA digest. Output is 20 bytes for - * sha_type SHA1, 32 bytes for sha_type SHA2_256, 48 bytes for - * sha_type SHA2_384, 64 bytes for sha_type SHA2_512. - */ -void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); - -/* @brief Begin to execute a single SHA block operation - * - * @note This is a piece of a SHA algorithm, rather than an entire SHA - * algorithm. - * - * @note Call esp_sha_try_lock_engine() before calling this - * function. Do not call esp_sha_lock_memory_block() beforehand, this - * is done inside the function. - * - * @param sha_type SHA algorithm to use. - * - * @param data_block Pointer to block of data. Block size is - * determined by algorithm (SHA1/SHA2_256 = 64 bytes, - * SHA2_384/SHA2_512 = 128 bytes) - * - * @param is_first_block If this parameter is true, the SHA state will - * be initialised (with the initial state of the given SHA algorithm) - * before the block is calculated. If false, the existing state of the - * SHA engine will be used. - * - * @return As a performance optimisation, this function returns before - * the SHA block operation is complete. Both this function and - * esp_sha_read_state() will automatically wait for any previous - * operation to complete before they begin. If using the SHA registers - * directly in another way, call esp_sha_wait_idle() after calling this - * function but before accessing the SHA registers. - */ -void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block); - -/** @brief Read out the current state of the SHA digest loaded in the engine. - * - * @note This is a piece of a SHA algorithm, rather than an entire SHA algorithm. - * - * @note Call esp_sha_try_lock_engine() before calling this - * function. Do not call esp_sha_lock_memory_block() beforehand, this - * is done inside the function. - * - * If the SHA suffix padding block has been executed already, the - * value that is read is the SHA digest (in big endian - * format). Otherwise, the value that is read is an interim SHA state. - * - * @note If sha_type is SHA2_384, only 48 bytes of state will be read. - * This is enough for the final SHA2_384 digest, but if you want the - * interim SHA-384 state (to continue digesting) then pass SHA2_512 instead. - * - * @param sha_type SHA algorithm in use. - * - * @param state Pointer to a memory buffer to hold the SHA state. Size - * is 20 bytes (SHA1), 32 bytes (SHA2_256), 48 bytes (SHA2_384) or 64 bytes (SHA2_512). - * - */ -void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state); - -/** - * @brief Obtain exclusive access to a particular SHA engine - * - * @param sha_type Type of SHA engine to use. - * - * Blocks until engine is available. Note: Can block indefinitely - * while a TLS connection is open, suggest using - * esp_sha_try_lock_engine() and failing over to software SHA. - */ -void esp_sha_lock_engine(esp_sha_type sha_type); - -/** - * @brief Try and obtain exclusive access to a particular SHA engine - * - * @param sha_type Type of SHA engine to use. - * - * @return Returns true if the SHA engine is locked for exclusive - * use. Call esp_sha_unlock_sha_engine() when done. Returns false if - * the SHA engine is already in use, caller should use software SHA - * algorithm for this digest. - */ -bool esp_sha_try_lock_engine(esp_sha_type sha_type); - -/** - * @brief Unlock an engine previously locked with esp_sha_lock_engine() or esp_sha_try_lock_engine() - * - * @param sha_type Type of engine to release. - */ -void esp_sha_unlock_engine(esp_sha_type sha_type); - -/** - * @brief Acquire exclusive access to the SHA shared memory block at SHA_TEXT_BASE - * - * This memory block is shared across all the SHA algorithm types. - * - * Caller should have already locked a SHA engine before calling this function. - * - * Note that it is possible to obtain exclusive access to the memory block even - * while it is in use by the SHA engine. Caller should use esp_sha_wait_idle() - * to ensure the SHA engine is not reading from the memory block in hardware. - * - * @note This function enters a critical section. Do not block while holding this lock. - * - * @note You do not need to lock the memory block before calling esp_sha_block() or esp_sha_read_digest_state(), these functions handle memory block locking internally. - * - * Call esp_sha_unlock_memory_block() when done. - */ -void esp_sha_lock_memory_block(void); - -/** - * @brief Release exclusive access to the SHA register memory block at SHA_TEXT_BASE - * - * Caller should have already locked a SHA engine before calling this function. - * - * This function releases the critical section entered by esp_sha_lock_memory_block(). - * - * Call following esp_sha_lock_memory_block(). - */ -void esp_sha_unlock_memory_block(void); - -/** @brief Wait for the SHA engine to finish any current operation - * - * @note This function does not ensure exclusive access to any SHA - * engine. Caller should use esp_sha_try_lock_engine() and - * esp_sha_lock_memory_block() as required. - * - * @note Functions declared in this header file wait for SHA engine - * completion automatically, so you don't need to use this API for - * these. However if accessing SHA registers directly, you will need - * to call this before accessing SHA registers if using the - * esp_sha_block() function. - * - * @note This function busy-waits, so wastes CPU resources. - * Best to delay calling until you are about to need it. - * - */ -void esp_sha_wait_idle(void); - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha1_alt.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha1_alt.h deleted file mode 100644 index 54b77408780..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha1_alt.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * SHA-1 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef _SHA1_ALT_H_ -#define _SHA1_ALT_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_SHA1_ALT) - -typedef enum { - ESP_MBEDTLS_SHA1_UNUSED, /* first block hasn't been processed yet */ - ESP_MBEDTLS_SHA1_HARDWARE, /* using hardware SHA engine */ - ESP_MBEDTLS_SHA1_SOFTWARE, /* using software SHA */ -} esp_mbedtls_sha1_mode; - -/** - * \brief SHA-1 context structure - */ -typedef struct -{ - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[5]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ - esp_mbedtls_sha1_mode mode; -} -mbedtls_sha1_context; - -#endif - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha256_alt.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha256_alt.h deleted file mode 100644 index 436f5324c8c..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha256_alt.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * SHA-256 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef _SHA256_ALT_H_ -#define _SHA256_ALT_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_SHA256_ALT) - -typedef enum { - ESP_MBEDTLS_SHA256_UNUSED, /* first block hasn't been processed yet */ - ESP_MBEDTLS_SHA256_HARDWARE, /* using hardware SHA engine */ - ESP_MBEDTLS_SHA256_SOFTWARE, /* using software SHA */ -} esp_mbedtls_sha256_mode; - -/** - * \brief SHA-256 context structure - */ -typedef struct -{ - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[8]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ - int is224; /*!< 0 => SHA-256, else SHA-224 */ - esp_mbedtls_sha256_mode mode; -} -mbedtls_sha256_context; - -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha512_alt.h b/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha512_alt.h deleted file mode 100644 index 36b8fc9d244..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/include/sha512_alt.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * SHA-512 implementation with hardware ESP32 support added. - * Uses mbedTLS software implementation for failover when concurrent - * SHA operations are in use. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef _SHA512_ALT_H_ -#define _SHA512_ALT_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_SHA512_ALT) - -typedef enum { - ESP_MBEDTLS_SHA512_UNUSED, /* first block hasn't been processed yet */ - ESP_MBEDTLS_SHA512_HARDWARE, /* using hardware SHA engine */ - ESP_MBEDTLS_SHA512_SOFTWARE, /* using software SHA */ -} esp_mbedtls_sha512_mode; - -/** - * \brief SHA-512 context structure - */ -typedef struct -{ - uint64_t total[2]; /*!< number of bytes processed */ - uint64_t state[8]; /*!< intermediate digest state */ - unsigned char buffer[128]; /*!< data block being processed */ - int is384; /*!< 0 => SHA-512, else SHA-384 */ - esp_mbedtls_sha512_mode mode; -} -mbedtls_sha512_context; - -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/mbedtls_debug.c b/vendors/espressif/boards/esp32/components/mbedtls/port/mbedtls_debug.c deleted file mode 100644 index f7b5541453e..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/mbedtls_debug.c +++ /dev/null @@ -1,94 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include - -#include "esp_log.h" -#include "mbedtls/platform.h" -#include "mbedtls/debug.h" -#include "mbedtls/ssl.h" -#include "mbedtls/esp_debug.h" - -#ifdef CONFIG_MBEDTLS_DEBUG -static const char *TAG = "mbedtls"; - -static void mbedtls_esp_debug(void *ctx, int level, - const char *file, int line, - const char *str); - -void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold) -{ - esp_log_level_t level = ESP_LOG_NONE; - mbedtls_debug_set_threshold(threshold); - mbedtls_ssl_conf_dbg(conf, mbedtls_esp_debug, NULL); - switch(threshold) { - case 1: - level = ESP_LOG_WARN; - break; - case 2: - level = ESP_LOG_INFO; - break; - case 3: - level = ESP_LOG_DEBUG; - break; - case 4: - level = ESP_LOG_VERBOSE; - break; - } - esp_log_level_set(TAG, level); -} - -void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf) -{ - mbedtls_ssl_conf_dbg(conf, NULL, NULL); -} - - -/* Default mbedtls debug function that translates mbedTLS debug output - to ESP_LOGx debug output. -*/ -static void mbedtls_esp_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - char *file_sep; - - /* Shorten 'file' from the whole file path to just the filename - - This is a bit wasteful because the macros are compiled in with - the full _FILE_ path in each case. - */ - file_sep = rindex(file, '/'); - if(file_sep) - file = file_sep+1; - - switch(level) { - case 1: - ESP_LOGW(TAG, "%s:%d %s", file, line, str); - break; - case 2: - ESP_LOGI(TAG, "%s:%d %s", file, line, str); - break; - case 3: - ESP_LOGD(TAG, "%s:%d %s", file, line, str); - break; - case 4: - ESP_LOGV(TAG, "%s:%d %s", file, line, str); - break; - default: - ESP_LOGE(TAG, "Unexpected log level %d: %s", level, str); - break; - } -} -#endif \ No newline at end of file diff --git a/vendors/espressif/boards/esp32/components/mbedtls/port/sha.c b/vendors/espressif/boards/esp32/components/mbedtls/port/sha.c deleted file mode 100644 index ba1e6009390..00000000000 --- a/vendors/espressif/boards/esp32/components/mbedtls/port/sha.c +++ /dev/null @@ -1,314 +0,0 @@ -/* - * ESP32 hardware accelerated SHA1/256/512 implementation - * based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The SHA-1 standard was published by NIST in 1993. - * - * http://www.itl.nist.gov/fipspubs/fip180-1.htm - */ - -#include -#include -#include -#include - -#include "freertos/FreeRTOS.h" -#include "freertos/semphr.h" - -#include "sha.h" -#include "esp32/rom/ets_sys.h" -#include "soc/hwcrypto_periph.h" -#include "driver/periph_ctrl.h" - -inline static uint32_t SHA_LOAD_REG(esp_sha_type sha_type) { - return SHA_1_LOAD_REG + sha_type * 0x10; -} - -inline static uint32_t SHA_BUSY_REG(esp_sha_type sha_type) { - return SHA_1_BUSY_REG + sha_type * 0x10; -} - -inline static uint32_t SHA_START_REG(esp_sha_type sha_type) { - return SHA_1_START_REG + sha_type * 0x10; -} - -inline static uint32_t SHA_CONTINUE_REG(esp_sha_type sha_type) { - return SHA_1_CONTINUE_REG + sha_type * 0x10; -} - -/* Single spinlock for SHA engine memory block -*/ -static portMUX_TYPE memory_block_lock = portMUX_INITIALIZER_UNLOCKED; - - -/* Binary semaphore managing the state of each concurrent SHA engine. - - Available = noone is using this SHA engine - Taken = a SHA session is running on this SHA engine - - Indexes: - 0 = SHA1 - 1 = SHA2_256 - 2 = SHA2_384 or SHA2_512 -*/ -static SemaphoreHandle_t engine_states[3]; - -static uint8_t engines_in_use; - -/* Spinlock for engines_in_use counter -*/ -static portMUX_TYPE engines_in_use_lock = portMUX_INITIALIZER_UNLOCKED; - -/* Index into the engine_states array */ -inline static size_t sha_engine_index(esp_sha_type type) { - switch(type) { - case SHA1: - return 0; - case SHA2_256: - return 1; - default: - return 2; - } -} - -/* Return digest length (in bytes) for a given SHA type */ -inline static size_t sha_length(esp_sha_type type) { - switch(type) { - case SHA1: - return 20; - case SHA2_256: - return 32; - case SHA2_384: - return 48; - case SHA2_512: - return 64; - default: - return 0; - } -} - -/* Return block size (in bytes) for a given SHA type */ -inline static size_t block_length(esp_sha_type type) { - switch(type) { - case SHA1: - case SHA2_256: - return 64; - case SHA2_384: - case SHA2_512: - return 128; - default: - return 0; - } -} - -void esp_sha_lock_memory_block(void) -{ - portENTER_CRITICAL(&memory_block_lock); -} - -void esp_sha_unlock_memory_block(void) -{ - portEXIT_CRITICAL(&memory_block_lock); -} - -static SemaphoreHandle_t sha_get_engine_state(esp_sha_type sha_type) -{ - unsigned idx = sha_engine_index(sha_type); - volatile SemaphoreHandle_t *engine = &engine_states[idx]; - SemaphoreHandle_t result = *engine; - uint32_t set_engine = 0; - - if (result == NULL) { - // Create a new semaphore for 'in use' flag - SemaphoreHandle_t new_engine = xSemaphoreCreateBinary(); - assert(new_engine != NULL); - xSemaphoreGive(new_engine); // start available - - // try to atomically set the previously NULL *engine to new_engine - set_engine = (uint32_t)new_engine; - uxPortCompareSet((volatile uint32_t *)engine, 0, &set_engine); - - if (set_engine != 0) { // we lost a race setting *engine - vSemaphoreDelete(new_engine); - } - result = *engine; - } - return result; -} - -static bool esp_sha_lock_engine_common(esp_sha_type sha_type, TickType_t ticks_to_wait); - -bool esp_sha_try_lock_engine(esp_sha_type sha_type) -{ - return esp_sha_lock_engine_common(sha_type, 0); -} - -void esp_sha_lock_engine(esp_sha_type sha_type) -{ - esp_sha_lock_engine_common(sha_type, portMAX_DELAY); -} - -static bool esp_sha_lock_engine_common(esp_sha_type sha_type, TickType_t ticks_to_wait) -{ - SemaphoreHandle_t engine_state = sha_get_engine_state(sha_type); - BaseType_t result = xSemaphoreTake(engine_state, ticks_to_wait); - - if (result == pdFALSE) { - // failed to take semaphore - return false; - } - - portENTER_CRITICAL(&engines_in_use_lock); - - if (engines_in_use == 0) { - /* Just locked first engine, - so enable SHA hardware */ - periph_module_enable(PERIPH_SHA_MODULE); - } - - engines_in_use++; - assert(engines_in_use <= 3); - - portEXIT_CRITICAL(&engines_in_use_lock); - - return true; -} - - -void esp_sha_unlock_engine(esp_sha_type sha_type) -{ - SemaphoreHandle_t engine_state = sha_get_engine_state(sha_type); - - portENTER_CRITICAL(&engines_in_use_lock); - - engines_in_use--; - - if (engines_in_use == 0) { - /* About to release last engine, so - disable SHA hardware */ - periph_module_disable(PERIPH_SHA_MODULE); - } - - portEXIT_CRITICAL(&engines_in_use_lock); - - xSemaphoreGive(engine_state); -} - -void esp_sha_wait_idle(void) -{ - while(1) { - if(DPORT_REG_READ(SHA_1_BUSY_REG) == 0 - && DPORT_REG_READ(SHA_256_BUSY_REG) == 0 - && DPORT_REG_READ(SHA_384_BUSY_REG) == 0 - && DPORT_REG_READ(SHA_512_BUSY_REG) == 0) { - break; - } - } -} - -void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) -{ - uint32_t *digest_state_words = NULL; - uint32_t *reg_addr_buf = NULL; - uint32_t word_len = sha_length(sha_type)/4; -#ifndef NDEBUG - { - SemaphoreHandle_t engine_state = sha_get_engine_state(sha_type); - assert(uxSemaphoreGetCount(engine_state) == 0 && - "SHA engine should be locked" ); - } -#endif - - // preemptively do this before entering the critical section, then re-check once in it - esp_sha_wait_idle(); - - esp_sha_lock_memory_block(); - - esp_sha_wait_idle(); - - DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1); - while(DPORT_REG_READ(SHA_BUSY_REG(sha_type)) == 1) { } - digest_state_words = (uint32_t *)digest_state; - reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); - if(sha_type == SHA2_384 || sha_type == SHA2_512) { - /* for these ciphers using 64-bit states, swap each pair of words */ - DPORT_INTERRUPT_DISABLE(); // Disable interrupt only on current CPU. - for(int i = 0; i < word_len; i += 2) { - digest_state_words[i+1] = DPORT_SEQUENCE_REG_READ((uint32_t)®_addr_buf[i]); - digest_state_words[i] = DPORT_SEQUENCE_REG_READ((uint32_t)®_addr_buf[i+1]); - } - DPORT_INTERRUPT_RESTORE(); // restore the previous interrupt level - } else { - esp_dport_access_read_buffer(digest_state_words, (uint32_t)®_addr_buf[0], word_len); - } - esp_sha_unlock_memory_block(); - - /* Fault injection check: verify SHA engine actually ran, - state is not all zeroes. - */ - for (int i = 0; i < word_len; i++) { - if (digest_state_words[i] != 0) { - return; - } - } - abort(); // SHA peripheral returned all zero state, probably due to fault injection -} - -void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) -{ - uint32_t *reg_addr_buf = NULL; - uint32_t *data_words = NULL; -#ifndef NDEBUG - { - SemaphoreHandle_t engine_state = sha_get_engine_state(sha_type); - assert(uxSemaphoreGetCount(engine_state) == 0 && - "SHA engine should be locked" ); - } -#endif - - // preemptively do this before entering the critical section, then re-check once in it - esp_sha_wait_idle(); - - esp_sha_lock_memory_block(); - - esp_sha_wait_idle(); - - /* Fill the data block */ - reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); - data_words = (uint32_t *)data_block; - for (int i = 0; i < block_length(sha_type) / 4; i++) { - reg_addr_buf[i] = __builtin_bswap32(data_words[i]); - } - asm volatile ("memw"); - - if(is_first_block) { - DPORT_REG_WRITE(SHA_START_REG(sha_type), 1); - } else { - DPORT_REG_WRITE(SHA_CONTINUE_REG(sha_type), 1); - } - - esp_sha_unlock_memory_block(); - - /* Note: deliberately not waiting for this operation to complete, - as a performance tweak - delay waiting until the next time we need the SHA - unit, instead. - */ -} diff --git a/vendors/espressif/boards/esp32/ports/ble/bluedroid/iot_ble_hal_common_gap.c b/vendors/espressif/boards/ports/ble/bluedroid/iot_ble_hal_common_gap.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/bluedroid/iot_ble_hal_common_gap.c rename to vendors/espressif/boards/ports/ble/bluedroid/iot_ble_hal_common_gap.c diff --git a/vendors/espressif/boards/esp32/ports/ble/bluedroid/iot_ble_hal_gap.c b/vendors/espressif/boards/ports/ble/bluedroid/iot_ble_hal_gap.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/bluedroid/iot_ble_hal_gap.c rename to vendors/espressif/boards/ports/ble/bluedroid/iot_ble_hal_gap.c diff --git a/vendors/espressif/boards/esp32/ports/ble/bluedroid/iot_ble_hal_gatt_server.c b/vendors/espressif/boards/ports/ble/bluedroid/iot_ble_hal_gatt_server.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/bluedroid/iot_ble_hal_gatt_server.c rename to vendors/espressif/boards/ports/ble/bluedroid/iot_ble_hal_gatt_server.c diff --git a/vendors/espressif/boards/esp32/ports/ble/bluedroid/iot_ble_hal_internals.h b/vendors/espressif/boards/ports/ble/bluedroid/iot_ble_hal_internals.h similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/bluedroid/iot_ble_hal_internals.h rename to vendors/espressif/boards/ports/ble/bluedroid/iot_ble_hal_internals.h diff --git a/vendors/espressif/boards/esp32/ports/ble/iot_ble_hal_common_gap.c b/vendors/espressif/boards/ports/ble/iot_ble_hal_common_gap.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/iot_ble_hal_common_gap.c rename to vendors/espressif/boards/ports/ble/iot_ble_hal_common_gap.c diff --git a/vendors/espressif/boards/esp32/ports/ble/iot_ble_hal_gap.c b/vendors/espressif/boards/ports/ble/iot_ble_hal_gap.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/iot_ble_hal_gap.c rename to vendors/espressif/boards/ports/ble/iot_ble_hal_gap.c diff --git a/vendors/espressif/boards/esp32/ports/ble/iot_ble_hal_gatt_server.c b/vendors/espressif/boards/ports/ble/iot_ble_hal_gatt_server.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/iot_ble_hal_gatt_server.c rename to vendors/espressif/boards/ports/ble/iot_ble_hal_gatt_server.c diff --git a/vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_common_gap.c b/vendors/espressif/boards/ports/ble/nimble/iot_ble_hal_common_gap.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_common_gap.c rename to vendors/espressif/boards/ports/ble/nimble/iot_ble_hal_common_gap.c diff --git a/vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_gap.c b/vendors/espressif/boards/ports/ble/nimble/iot_ble_hal_gap.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_gap.c rename to vendors/espressif/boards/ports/ble/nimble/iot_ble_hal_gap.c diff --git a/vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_gatt_server.c b/vendors/espressif/boards/ports/ble/nimble/iot_ble_hal_gatt_server.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_gatt_server.c rename to vendors/espressif/boards/ports/ble/nimble/iot_ble_hal_gatt_server.c diff --git a/vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_internals.h b/vendors/espressif/boards/ports/ble/nimble/iot_ble_hal_internals.h similarity index 100% rename from vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_internals.h rename to vendors/espressif/boards/ports/ble/nimble/iot_ble_hal_internals.h diff --git a/vendors/espressif/boards/esp32/ports/common_io/component.mk b/vendors/espressif/boards/ports/common_io/component.mk similarity index 100% rename from vendors/espressif/boards/esp32/ports/common_io/component.mk rename to vendors/espressif/boards/ports/common_io/component.mk diff --git a/vendors/espressif/boards/esp32/ports/common_io/include/iot_board_gpio.h b/vendors/espressif/boards/ports/common_io/include/iot_board_gpio.h similarity index 100% rename from vendors/espressif/boards/esp32/ports/common_io/include/iot_board_gpio.h rename to vendors/espressif/boards/ports/common_io/include/iot_board_gpio.h diff --git a/vendors/espressif/boards/esp32/ports/common_io/iot_i2c.c b/vendors/espressif/boards/ports/common_io/iot_i2c.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/common_io/iot_i2c.c rename to vendors/espressif/boards/ports/common_io/iot_i2c.c diff --git a/vendors/espressif/boards/esp32/ports/common_io/iot_spi.c b/vendors/espressif/boards/ports/common_io/iot_spi.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/common_io/iot_spi.c rename to vendors/espressif/boards/ports/common_io/iot_spi.c diff --git a/vendors/espressif/boards/esp32/ports/common_io/iot_test_common_io_internal.c b/vendors/espressif/boards/ports/common_io/iot_test_common_io_internal.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/common_io/iot_test_common_io_internal.c rename to vendors/espressif/boards/ports/common_io/iot_test_common_io_internal.c diff --git a/vendors/espressif/boards/esp32/ports/common_io/iot_uart.c b/vendors/espressif/boards/ports/common_io/iot_uart.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/common_io/iot_uart.c rename to vendors/espressif/boards/ports/common_io/iot_uart.c diff --git a/vendors/espressif/boards/esp32/ports/ota/aws_esp_ota_ops.c b/vendors/espressif/boards/ports/ota/aws_esp_ota_ops.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ota/aws_esp_ota_ops.c rename to vendors/espressif/boards/ports/ota/aws_esp_ota_ops.c diff --git a/vendors/espressif/boards/esp32/ports/ota/aws_esp_ota_ops.h b/vendors/espressif/boards/ports/ota/aws_esp_ota_ops.h similarity index 100% rename from vendors/espressif/boards/esp32/ports/ota/aws_esp_ota_ops.h rename to vendors/espressif/boards/ports/ota/aws_esp_ota_ops.h diff --git a/vendors/espressif/boards/esp32/ports/ota/aws_ota_pal.c b/vendors/espressif/boards/ports/ota/aws_ota_pal.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/ota/aws_ota_pal.c rename to vendors/espressif/boards/ports/ota/aws_ota_pal.c diff --git a/vendors/espressif/boards/esp32/ports/pkcs11/core_pkcs11_pal.c b/vendors/espressif/boards/ports/pkcs11/core_pkcs11_pal.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/pkcs11/core_pkcs11_pal.c rename to vendors/espressif/boards/ports/pkcs11/core_pkcs11_pal.c diff --git a/vendors/espressif/boards/esp32/ports/posix/FreeRTOS_POSIX_portable.h b/vendors/espressif/boards/ports/posix/FreeRTOS_POSIX_portable.h similarity index 100% rename from vendors/espressif/boards/esp32/ports/posix/FreeRTOS_POSIX_portable.h rename to vendors/espressif/boards/ports/posix/FreeRTOS_POSIX_portable.h diff --git a/vendors/espressif/boards/esp32/ports/wifi/iot_softap_wifi_provisioning.c b/vendors/espressif/boards/ports/wifi/iot_softap_wifi_provisioning.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/wifi/iot_softap_wifi_provisioning.c rename to vendors/espressif/boards/ports/wifi/iot_softap_wifi_provisioning.c diff --git a/vendors/espressif/boards/esp32/ports/wifi/iot_wifi.c b/vendors/espressif/boards/ports/wifi/iot_wifi.c similarity index 100% rename from vendors/espressif/boards/esp32/ports/wifi/iot_wifi.c rename to vendors/espressif/boards/ports/wifi/iot_wifi.c