Wykres commitów

118 Commity (263e1cec6478c3248bbe6af7cdfdf6ec991ff361)

Autor SHA1 Wiadomość Data
Laukik Hase c1bb9032c2
https_server: Add config option to min. cert. auth mode
- Added a config option to set the minimum Certificate Verification
  mode to Optional
- When this option is enabled, the peer (the client) certificate
  is checked by the server, however the handshake continues even if
  verification failed.
- By default, the peer certificate is not checked and ignored by the server.

Closes https://github.com/espressif/esp-idf/issues/8664
2022-04-18 11:10:14 +05:30
John Ohl 27d66c0e33 Encoding base64 with wolfSSL should produce the same result as esp_crypto_bas64_encode_mbedtls and not encode in PEM format /w new lines
Closes https://github.com/espressif/esp-idf/pull/7676
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-10-17 00:01:23 +08:00
Laukik Hase 1d2b2b5879 feature: Added user callback for esp_https_server
- Can be used to get connection or client information (SSL context)
- E.g. Client certificate, Socket FD, Connection state, etc.
- Added example callback for getting client certificate information in 'https_server/simple' example

Closes https://github.com/espressif/esp-idf/issues/7479
2021-10-11 09:41:01 +05:30
Mahavir Jain 8b4c0e71a9 Merge branch 'feature/mbedtls_session_ticket_support' into 'master'
Feature/mbedtls session ticket support

Closes IDFGH-5288 and IDF-3242

See merge request espressif/esp-idf!14496
2021-09-17 09:59:02 +00:00
Aditya Patwardhan b4e4b9f20d Added support for client session tickets in esp-tls (with mbedtls)
* client session tickets for individual tls connections are supported
* reorganize the esp-tls error codes.
* Update esp_err_to_name.c
* Fix styling
2021-09-15 22:19:04 +05:30
Daniel Bahrdt 7e886ca9ed Implement server session ticket support with mbedtls
Closes https://github.com/espressif/esp-idf/pull/7048

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-09-15 22:19:04 +05:30
Aditya Patwardhan c6c2ea975f Fix esp_mbedtls_write API
Fix esp_wolfssl_write API
Closes https://github.com/espressif/esp-idf/issues/7461
2021-09-15 21:40:54 +05:30
Sachin Billore 667017d517 ESP32S3 support for ESP-MQTT SSL Mutual Authentication with Digital Signature
Closes IDF-3859
2021-09-06 11:17:30 +05:30
Shu Chen 6fce2930d0 esp32h2: enable more components to support esp32h2
Involved components:
 * app_trace
 * esp-tls
 * esp_adc_cal
 * esp_pm
 * esp_serial_slave_link
 * esp_timer
 * freertos
 * idf_test
 * log
 * mbedtls
 * newlib
 * perfmon
 * spi_flash
 * spiffs
 * ulp
 * unity
 * vfs
2021-07-01 19:53:11 +08:00
Aditya Patwardhan 0e01a22264 esp_tls_wolfssl: Improved error messages 2021-06-28 14:51:41 +05:30
Aditya Patwardhan 4af1176d15 esp_tls_mbedtls: Improved the error messages.
The error message string for error codes is printedwhen log level is set to debug
2021-06-28 14:51:41 +05:30
Jan Brudny 967e057906 esp-tls, esp_http_client and esp_http_server: update copyright notice 2021-05-31 20:06:09 +08:00
David Cermak f68d7d7023 esp_tls: Renamed public API to indicate the Plain TCP connection
Also added parameter checks if used from as a public API
and updated the `is_plein_tcp` description that it's possible to connect
directly using plain tcp transport with the new API.
2021-05-25 10:55:50 +02:00
David Cermak f249ddd9ae esp_transport: Use tcp_connect from esp_tls for plain TCP
so we don't have to allocate esp_tls structure (~2KB) to save heap when using plain TCP connection

Closes https://github.com/espressif/esp-idf/issues/6940
2021-05-25 07:04:02 +02:00
Jiri Schiebel c01e259a98 esp_tls: esp_tls_connect: Reduce input params to err_handle
Pass only the error_handle instead of instead of the full config structure
2021-05-25 07:04:02 +02:00
Aditya Patwardhan 1abdfee3b7 secure_element: Update esp-cryptoauthlib submodule latest version.
*This updates the cryptoauthlib version in the esp-cryptoauthlib to cryptoauthlib-v3.3.1
2021-05-24 07:28:20 +00:00
Axel Lin 52442be9e1 esp-tls: Fix setsockopt for TCP_KEEPIDLE
Current code applies keep_alive_enable setting to TCP_KEEPIDLE, fix it.

Fixes: 2d25252746 ("esp-tls: Rework tcp_connect() to use more subroutines")
Signed-off-by: Axel Lin <axel.lin@gmail.com>
2021-04-06 15:37:16 +08:00
yuanjm f68e55edb3 esp-tls: Separate timeout_ms conditional judgement from keep alive 2021-03-10 02:19:29 +00:00
yuanjm c62cbd1254 transport: Support bind socket to specified interface in transport and esp-tls 2021-03-10 02:19:29 +00:00
Aditya Patwardhan bf513b6f31 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
yuanjm da58235a0e components: Use CONFIG_LWIP_IPV6 to strip IPv6 function in components 2021-02-23 18:26:03 +08:00
David Cermak eb772e152c esp_tls: Fix unresolved lwip symbol when complex dependency tree 2021-02-16 09:01:35 +01:00
David Cermak 5cfa545d08 esp-tls: Added _esp_tls_net_init to init fd for both mbedtls/wolfssl 2021-02-16 09:01:35 +01:00
David Cermak 4375f888fa esp-tls: Fix wolfssl error codes for WANT_READ/WANT_WRITE
wolfSSL error codes are mostly positive numbers, but esp-tls potentially
non-block API (read/write) returns ssize_t, i.e. bytes read/written if
>0, errorcode otherwise. To comply with this API we have to conditionate
the wolfssl return codes to negative numbers, preferably the same codes
as mbedTLS codes.
2021-02-16 09:01:35 +01:00
David Cermak 2d25252746 esp-tls: Rework tcp_connect() to use more subroutines
Refactored the esp_tcp_connect() functionality to break it down to
* dns-resolution + socket creation
* set configured socket options
* set/reset non-block mode
* the actual connection in non-blocking mode
2021-02-16 09:01:35 +01:00
David Cermak 6b318fe583 esp_tls: Updated connection method to use non-blocking connect
For better control over connection timeouts
To be in line with former tcp_transport, as esp-tls is not used for
plain tcp transports
2021-02-16 09:00:43 +01:00
David Cermak 2c28ffffee tcp_transport/esp_tls: Use common TCP transport to reduce code duplication
For high level review of the changes.
2021-02-16 09:00:43 +01:00
David Cermak 391d7bf271 tcp_transport: Add TCP transport connection errors
Transport's error_handle is used to capture different types of errors
including esp_err_t from esp-tls and socket/system errors.
This change adds the following error codes for TCP transport:
* connection closed by a FIN flag (clean closure from server)
* DNS resolution problem
* connection timeout
These errors are already defined in esp-tls component and since this
component will be used in the future for both TCP and SSL transport, we
currently report these issues in transport::error_handle::esp_tls_last_error
of standard esp error type (esp_err_t)

Closes https://github.com/espressif/esp-mqtt/issues/182
2021-02-16 09:00:43 +01:00
Aditya Patwardhan 0175c68400 esp_tls: Fix misplaced paranthesis in esp_tls_mbedtls.c
Fixes one part of -  https://github.com/espressif/esp-idf/issues/6440
2021-02-10 02:07:58 +00:00
Mahavir Jain f5e51e7c1b Merge branch 'feature/esp32c3_ds_mbedtls_integration' into 'master'
esp32c3/Digital Signature: mbedtls integration through ESP-TLS

Closes IDF-2267

See merge request espressif/esp-idf!12033
2021-01-22 17:06:46 +08:00
yuanjm 044c3e3e74 Modify esp-tls and tcp_transport to support keep alive for tcp and ssl connection
Closes IDFGH-4543
2021-01-22 06:56:28 +00:00
Aditya Patwardhan 79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Aditya Patwardhan cc3843263a esp-tls: Added unit tests 2021-01-21 01:17:23 +00:00
Aditya Patwardhan 43a1b53aad esp_tls_wolfssl: Move order of crt_bundle check to match that in
esp_tls_mbedtls
2021-01-21 01:17:23 +00:00
Aditya Patwardhan 1a09e16af2 esp_tls: Fix memory leak when esp-tls server session is deleted 2021-01-21 01:17:23 +00:00
Aditya Patwardhan cddb8c29e6 esp-tls: Fix mem leak when global_ca_store is freed 2021-01-21 01:17:23 +00:00
Aditya Patwardhan 0841d2bc75 esp_tls: Add warning if the CA chain provided contains one/more invalid
cert
2021-01-11 03:20:35 +00:00
Aditya Patwardhan ca964dfbcc esp-tls: Changed default behaviour for esp-tls client ( for security
purpose)
        By default esp-tls client will now return error if no server verify option
        is provided, earlier it used to skip the verification by
        default.
        Added config option to skip server verification by default (for testing
        purpose)
        Updated required docs
2021-01-05 07:33:32 +00:00
Aditya Patwardhan 39b446f9fe esp_tls_wolfssl : Add domain name check 2020-12-23 18:10:36 +05:30
Aditya Patwardhan 95d9533294 esp-tls : (Fix) update tls->sockfd value after socket is freed internally
Closes https://github.com/espressif/esp-idf/issues/6163
2020-12-02 03:47:15 +00:00
Angus Gratton 935e4b4d62 Merge branch 'feature/riscv_arch' into 'master'
Add RISC-V support

Closes IDF-2359

See merge request espressif/esp-idf!11140
2020-11-13 07:50:31 +08:00
Angus Gratton 420aef1ffe Updates for riscv support
* Target components pull in xtensa component directly
* Use CPU HAL where applicable
* Remove unnecessary xtensa headers
* Compilation changes necessary to support non-xtensa gcc types (ie int32_t/uint32_t is no
  longer signed/unsigned int).

Changes come from internal branch commit a6723fc
2020-11-13 07:49:11 +11:00
David Cermak ce519ee783 tcp_transport: Extend transport error storage for socket error
Everytime we report error and log errno, we also capture the actual
errno to an internal storage so that user application can retrieve
its value.
2020-11-12 12:46:22 +00:00
Aditya Patwardhan 8d65cee0a9 esp32/esp-tls: Make crypto abstraction layer inside esp-tls
Which allows several components to use cryptographic functions from
esp-tls which is the current abstraction layer.
2020-10-23 05:16:06 +00:00
Aditya Patwardhan 47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Mahavir Jain 52469c8505 esp-tls: enable TLS renegotiation using explicit API call
mbedTLS stack does not keep TLS renegotiation enabled even if
relevant config option is turned on, it needs explicit API call
`mbedtls_ssl_conf_renegotiation` to do so.

This issue was observed in case of Azure IoT, where keys needs to
be refreshed periodically to keep TLS connection intact.
2020-07-03 05:52:22 +00:00
Aditya Patwardhan ea635c2bba esp_tls_wolfssl: fix incorrect error message after handshake fails 2020-06-18 10:10:40 +05:30
Aditya Patwardhan 423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Mahavir Jain 7a2ea9b7f7 esp-tls: add support for using hardware security module 2020-05-20 22:52:37 +05:30
David Cermak 6182e6f303 tcp_transport: close to return error only for socket error or invalid args
Closes https://github.com/espressif/esp-idf/issues/4872
2020-05-05 15:53:09 +02:00