diff --git a/lib/crypto/rsa.toit b/lib/crypto/rsa.toit index 9c2644546..23c6c6352 100644 --- a/lib/crypto/rsa.toit +++ b/lib/crypto/rsa.toit @@ -5,6 +5,7 @@ import .sha import .sha1 import ..io as io +import monitor show ResourceState_ import encoding.base64 /** @@ -124,7 +125,18 @@ class RsaKey: */ static generate --bits/int=2048 -> RsaKeyPair: if bits != 1024 and bits != 2048 and bits != 3072 and bits != 4096: throw "INVALID_ARGUMENT" - pair := rsa-generate_ bits + pair := null + catch --trace=(: it != "UNIMPLEMENTED"): + resource := RsaGenerationResource_ bits + try: + resource.wait + pair = resource.finish + finally: + resource.close + + if not pair: + pair = rsa-generate_ bits + return RsaKeyPair RsaKey.internal_ pair[0] true RsaKey.internal_ pair[1] false @@ -279,4 +291,44 @@ rsa-encrypt_ public-key-der/ByteArray data/ByteArray padding/int hash/int -> Byt // Primitive: decrypt data with a private key DER blob. rsa-decrypt_ private-key-der/ByteArray data/ByteArray padding/int hash/int -> ByteArray: #primitive.crypto.rsa-decrypt - \ No newline at end of file + +class RsaGenerationResource_: + group_ := null + state_ := null + + constructor bits/int: + group_ = rsa-generate-init_ + add-finalizer this:: close + resource-id := rsa-generate-start_ group_ bits + state_ = ResourceState_ group_ resource-id + + wait -> none: + state_.wait + + finish -> List: + return rsa-generate-finish_ state_.resource + + close: + if not group_: return + critical-do: + if state_: state_.dispose + state_ = null + rsa-generate-close_ group_ + group_ = null + remove-finalizer this + +/** Initializes a resource group for RSA key generation. */ +rsa-generate-init_: + #primitive.crypto.rsa-generate-init + +/** Starts the asynchronous RSA key generation. */ +rsa-generate-start_ group bits/int: + #primitive.crypto.rsa-generate-start + +/** Finishes the asynchronous RSA key generation and returns the key pair. */ +rsa-generate-finish_ resource-id -> List: + #primitive.crypto.rsa-generate-finish + +/** Closes the RSA generation resource group. */ +rsa-generate-close_ group -> none: + #primitive.crypto.rsa-generate-close diff --git a/src/compiler/propagation/type_primitive_crypto.cc b/src/compiler/propagation/type_primitive_crypto.cc index 4d473c5b6..4cf745fd4 100644 --- a/src/compiler/propagation/type_primitive_crypto.cc +++ b/src/compiler/propagation/type_primitive_crypto.cc @@ -55,6 +55,10 @@ TYPE_PRIMITIVE_ANY(rsa_verify) TYPE_PRIMITIVE_ANY(rsa_generate) TYPE_PRIMITIVE_ANY(rsa_encrypt) TYPE_PRIMITIVE_ANY(rsa_decrypt) +TYPE_PRIMITIVE_ANY(rsa_generate_init) +TYPE_PRIMITIVE_ANY(rsa_generate_start) +TYPE_PRIMITIVE_ANY(rsa_generate_finish) +TYPE_PRIMITIVE_ANY(rsa_generate_close) } // namespace toit::compiler } // namespace toit diff --git a/src/event_sources/async_posix.cc b/src/event_sources/async_posix.cc index 8e99c0fdd..3898c03fe 100644 --- a/src/event_sources/async_posix.cc +++ b/src/event_sources/async_posix.cc @@ -15,7 +15,7 @@ #include "../top.h" -#if defined(TOIT_POSIX) +#if defined(TOIT_POSIX) || defined(TOIT_ESP32) #include "async_posix.h" diff --git a/src/event_sources/async_posix.h b/src/event_sources/async_posix.h index cbc29df45..59782e2ce 100644 --- a/src/event_sources/async_posix.h +++ b/src/event_sources/async_posix.h @@ -17,7 +17,7 @@ #include "../top.h" -#if defined(TOIT_POSIX) +#if defined(TOIT_POSIX) || defined(TOIT_ESP32) #include "../linked.h" #include "../resource.h" diff --git a/src/os_esp32.cc b/src/os_esp32.cc index d388544d8..aebfe9bc7 100644 --- a/src/os_esp32.cc +++ b/src/os_esp32.cc @@ -280,6 +280,11 @@ void Thread::run() { thread_start(void_cast(this)); } +void Thread::cancel() { + // No-op on ESP32. The thread will check for STOPPED state after + // completing its current work item. +} + void Thread::join() { ASSERT(handle_ != null); auto thread = reinterpret_cast(handle_); diff --git a/src/primitive.h b/src/primitive.h index 03202cf70..365be4768 100644 --- a/src/primitive.h +++ b/src/primitive.h @@ -541,7 +541,11 @@ namespace toit { PRIMITIVE(rsa_get_private_key_der, 2) \ PRIMITIVE(rsa_get_public_key_der, 1) \ PRIMITIVE(rsa_encrypt, 4) \ - PRIMITIVE(rsa_decrypt, 4) + PRIMITIVE(rsa_decrypt, 4) \ + PRIMITIVE(rsa_generate_init, 0) \ + PRIMITIVE(rsa_generate_start, 2) \ + PRIMITIVE(rsa_generate_finish, 1) \ + PRIMITIVE(rsa_generate_close, 1) #define MODULE_CRYPTO_RANDOM(PRIMITIVE) \ PRIMITIVE(random, 1) \ @@ -1092,6 +1096,7 @@ Object* get_absolute_path(Process* process, const wchar_t* pathname, wchar_t* ou #define _A_T_RmtResourceGroup(N, name) MAKE_UNPACKING_MACRO(RmtResourceGroup, N, name) #define _A_T_PcntUnitResourceGroup(N, name) MAKE_UNPACKING_MACRO(PcntUnitResourceGroup, N, name) #define _A_T_EspNowResourceGroup(N, name) MAKE_UNPACKING_MACRO(EspNowResourceGroup, N, name) +#define _A_T_RsaGenerationResourceGroup(N, name) MAKE_UNPACKING_MACRO(RsaGenerationResourceGroup, N, name) #define _A_T_Resource(N, name) MAKE_UNPACKING_MACRO(Resource, N, name) #define _A_T_Directory(N, name) MAKE_UNPACKING_MACRO(Directory, N, name) @@ -1109,6 +1114,7 @@ Object* get_absolute_path(Process* process, const wchar_t* pathname, wchar_t* ou #define _A_T_EthernetEvents(N, name) MAKE_UNPACKING_MACRO(EthernetEvents, N, name) #define _A_T_EthernetIpEvents(N, name) MAKE_UNPACKING_MACRO(EthernetIpEvents, N, name) #define _A_T_MbedTlsSocket(N, name) MAKE_UNPACKING_MACRO(MbedTlsSocket, N, name) +#define _A_T_RsaGenerationResource(N, name) MAKE_UNPACKING_MACRO(RsaGenerationResource, N, name) #define _A_T_BaseMbedTlsSocket(N, name) MAKE_UNPACKING_MACRO(BaseMbedTlsSocket, N, name) #define _A_T_X509Certificate(N, name) MAKE_UNPACKING_MACRO(X509Certificate, N, name) #define _A_T_AesContext(N, name) MAKE_UNPACKING_MACRO(AesContext, N, name) diff --git a/src/primitive_crypto.cc b/src/primitive_crypto.cc index 386b2063f..a8f2950e8 100644 --- a/src/primitive_crypto.cc +++ b/src/primitive_crypto.cc @@ -42,6 +42,10 @@ #include "sha.h" #include "siphash.h" #include "tags.h" +#include "vm.h" +#include "scheduler.h" +#include "os.h" +#include "event_sources/async_posix.h" #if (defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_CHACHA20_C)) || (defined(CONFIG_MBEDTLS_POLY1305_C) && defined(CONFIG_MBEDTLS_CHACHA20_C)) #define SUPPORT_CHACHA20_POLY1305 1 @@ -758,7 +762,7 @@ PRIMITIVE(aes_ecb_close) { } -static int rsa_rng(void* ctx, unsigned char* buffer, size_t len) { +static int rsa_rng(void* /*ctx*/, unsigned char* buffer, size_t len) { #ifdef TOIT_ESP32 esp_fill_random(buffer, len); #else @@ -790,7 +794,7 @@ static bool is_pem(Blob key) { // For private keys, an optional password blob may be supplied (length 0 = none). // Returns 0 on success, a non-zero mbedtls error code on failure. // The caller is responsible for calling mbedtls_pk_free on *pk in all cases. -static int rsa_parse_key_from_blob(mbedtls_pk_context* pk, Blob key, Blob password, bool is_private) { +static int rsa_parse_key_from_blob(mbedtls_pk_context* pk, Blob key, Blob password, bool is_private, Process* process) { // mbedtls_pk_parse_key / mbedtls_pk_parse_public_key require the buffer to // be null-terminated when the input is PEM. For DER, the null byte is // actually harmful if it's passed as part of the length. @@ -820,7 +824,7 @@ static int rsa_parse_key_from_blob(mbedtls_pk_context* pk, Blob key, Blob passwo ret = mbedtls_pk_parse_key(pk, parse_buf, parse_len, pwd, password.length(), - rsa_rng, NULL); + rsa_rng, null); } else { ret = mbedtls_pk_parse_public_key(pk, parse_buf, parse_len); } @@ -870,6 +874,199 @@ static ByteArray* rsa_export_der(mbedtls_pk_context* pk, Process* process, bool static const int RSA_PADDING_PKCS1_V15 = 0; static const int RSA_PADDING_OAEP_V21 = 1; +#ifdef CONFIG_TOIT_CRYPTO_EXTRA + +class RsaGenerationEventSource : public AsyncEventSource { + public: + static RsaGenerationEventSource* instance() { + static RsaGenerationEventSource* instance = _new RsaGenerationEventSource(); + return instance; + } + private: + RsaGenerationEventSource() : AsyncEventSource("RsaGeneration") {} +}; + +class RsaGenerationResourceGroup : public ResourceGroup { + public: + TAG(RsaGenerationResourceGroup); + explicit RsaGenerationResourceGroup(Process* process) + : ResourceGroup(process, RsaGenerationEventSource::instance()) {} + + protected: + uint32 on_event(Resource* resource, word data, uint32_t state) override { + return state | data; + } +}; + +class RsaGenerationResource : public Resource { + public: + TAG(RsaGenerationResource); + explicit RsaGenerationResource(RsaGenerationResourceGroup* group, int bits) + : Resource(group), bits_(bits) {} + + ~RsaGenerationResource() { + delete thread_; + if (prv_buf_) free(prv_buf_); + if (pub_buf_) free(pub_buf_); + } + + int bits() const { return bits_; } + + void set_results(unsigned char* prv, size_t prv_len, unsigned char* pub, size_t pub_len) { + prv_buf_ = prv; + prv_len_ = prv_len; + pub_buf_ = pub; + pub_len_ = pub_len; + } + + unsigned char* prv_buf() { return prv_buf_; } + size_t prv_len() { return prv_len_; } + unsigned char* pub_buf() { return pub_buf_; } + size_t pub_len() { return pub_len_; } + + int error() const { return error_; } + void set_error(int error) { error_ = error; } + + AsyncEventThread* thread() { + if (thread_ == null) { + thread_ = _new AsyncEventThread("RSA Gen", RsaGenerationEventSource::instance()); + if (thread_) thread_->start(); + } + return thread_; + } + + private: + int bits_; + int error_ = 0; + unsigned char* prv_buf_ = null; + size_t prv_len_ = 0; + unsigned char* pub_buf_ = null; + size_t pub_len_ = 0; + AsyncEventThread* thread_ = null; +}; + +PRIMITIVE(rsa_generate_init) { + ByteArray* proxy = process->object_heap()->allocate_proxy(); + if (proxy == null) FAIL(ALLOCATION_FAILED); + RsaGenerationResourceGroup* group = _new RsaGenerationResourceGroup(process); + if (group == null) FAIL(MALLOC_FAILED); + proxy->set_external_address(group); + return proxy; +} + +PRIMITIVE(rsa_generate_start) { + ARGS(RsaGenerationResourceGroup, group, int, bits); + if (bits != 1024 && bits != 2048 && bits != 3072 && bits != 4096) FAIL(INVALID_ARGUMENT); + + RsaGenerationResource* resource = _new RsaGenerationResource(group, bits); + if (!resource) FAIL(MALLOC_FAILED); + + ByteArray* proxy = process->object_heap()->allocate_proxy(); + if (proxy == null) { + delete resource; + FAIL(ALLOCATION_FAILED); + } + + AsyncEventThread* thread = resource->thread(); + if (!thread) { + delete resource; + FAIL(MALLOC_FAILED); + } + + bool success = thread->run(resource, [](Resource* r) { + RsaGenerationResource* res = static_cast(r); + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + int ret = mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); + if (ret == 0) { + ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), rsa_rng, null, res->bits(), 65537); + } + + if (ret == 0) { + unsigned char* prv = (unsigned char*)malloc(RSA_PRV_DER_MAX_BYTES); + unsigned char* pub = (unsigned char*)malloc(RSA_PUB_DER_MAX_BYTES); + if (!prv || !pub) { + free(prv); free(pub); + ret = MBEDTLS_ERR_PK_ALLOC_FAILED; + } else { + int prv_len = mbedtls_pk_write_key_der(&pk, prv, RSA_PRV_DER_MAX_BYTES); + int pub_len = mbedtls_pk_write_pubkey_der(&pk, pub, RSA_PUB_DER_MAX_BYTES); + if (prv_len < 0 || pub_len < 0) { + ret = prv_len < 0 ? prv_len : pub_len; + free(prv); free(pub); + } else { + // mbedtls writes from the end. Move to start. + memmove(prv, prv + RSA_PRV_DER_MAX_BYTES - prv_len, prv_len); + memmove(pub, pub + RSA_PUB_DER_MAX_BYTES - pub_len, pub_len); + + unsigned char* prv_resized = (unsigned char*)realloc(prv, prv_len); + if (prv_resized != null) prv = prv_resized; + + unsigned char* pub_resized = (unsigned char*)realloc(pub, pub_len); + if (pub_resized != null) pub = pub_resized; + + res->set_results(prv, prv_len, pub, pub_len); + } + } + } + mbedtls_pk_free(&pk); + res->set_error(ret); + return (word)1; // Indicate done. + }); + + if (!success) { + delete resource; + FAIL(INVALID_STATE); + } + + group->register_resource(resource); + proxy->set_external_address(resource); + return proxy; +} + +PRIMITIVE(rsa_generate_finish) { + ARGS(RsaGenerationResource, resource); + if (resource->error() != 0) { + int err = resource->error(); + resource->resource_group()->unregister_resource(resource); + resource_proxy->clear_external_address(); + return tls_error(null, process, err); + } + + ByteArray* prv_der = process->allocate_byte_array(resource->prv_len()); + ByteArray* pub_der = process->allocate_byte_array(resource->pub_len()); + if (!prv_der || !pub_der) { + resource->resource_group()->unregister_resource(resource); + resource_proxy->clear_external_address(); + FAIL(ALLOCATION_FAILED); + } + + memcpy(ByteArray::Bytes(prv_der).address(), resource->prv_buf(), resource->prv_len()); + memcpy(ByteArray::Bytes(pub_der).address(), resource->pub_buf(), resource->pub_len()); + + Array* pair = process->object_heap()->allocate_array(2, process->null_object()); + if (pair == null) { + resource->resource_group()->unregister_resource(resource); + FAIL(ALLOCATION_FAILED); + } + pair->at_put(0, prv_der); + pair->at_put(1, pub_der); + + resource->resource_group()->unregister_resource(resource); + resource_proxy->clear_external_address(); + + return pair; +} + +PRIMITIVE(rsa_generate_close) { + ARGS(RsaGenerationResourceGroup, group); + group->tear_down(); + group_proxy->clear_external_address(); + return process->null_object(); +} + +#endif // CONFIG_TOIT_CRYPTO_EXTRA + // rsa_generate returns [private_key_der, public_key_der] as a Toit Array. PRIMITIVE(rsa_generate) { ARGS(int, bits); @@ -885,7 +1082,7 @@ PRIMITIVE(rsa_generate) { return tls_error(null, process, ret); } - ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), rsa_rng, NULL, bits, 65537); + ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), rsa_rng, null, bits, 65537); if (ret != 0) { mbedtls_pk_free(&pk); return tls_error(null, process, ret); @@ -926,7 +1123,7 @@ PRIMITIVE(rsa_sign) { mbedtls_pk_context pk; mbedtls_pk_init(&pk); - int ret = rsa_parse_key_from_blob(&pk, private_key_der, Blob(), true); + int ret = rsa_parse_key_from_blob(&pk, private_key_der, Blob(), true, process); if (ret != 0) { mbedtls_pk_free(&pk); return tls_error(null, process, ret); @@ -939,7 +1136,7 @@ PRIMITIVE(rsa_sign) { uint8_t sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; size_t actual_len = 0; ret = mbedtls_pk_sign(&pk, md_alg, digest.address(), digest.length(), - sig, sizeof(sig), &actual_len, rsa_rng, NULL); + sig, sizeof(sig), &actual_len, rsa_rng, null); mbedtls_pk_free(&pk); if (ret != 0) return tls_error(null, process, ret); @@ -961,7 +1158,7 @@ PRIMITIVE(rsa_verify) { mbedtls_pk_context pk; mbedtls_pk_init(&pk); - int ret = rsa_parse_key_from_blob(&pk, public_key_der, Blob(), false); + int ret = rsa_parse_key_from_blob(&pk, public_key_der, Blob(), false, process); if (ret != 0) { mbedtls_pk_free(&pk); return tls_error(null, process, ret); @@ -983,7 +1180,7 @@ PRIMITIVE(rsa_get_private_key_der) { mbedtls_pk_context pk; mbedtls_pk_init(&pk); - int ret = rsa_parse_key_from_blob(&pk, key, password, true); + int ret = rsa_parse_key_from_blob(&pk, key, password, true, process); if (ret != 0) { mbedtls_pk_free(&pk); return tls_error(null, process, ret); @@ -1012,9 +1209,9 @@ PRIMITIVE(rsa_get_public_key_der) { // Try parsing as a private key first (which contains the public key). // If that fails, try as a public key. - int ret = rsa_parse_key_from_blob(&pk, key, Blob(), true); + int ret = rsa_parse_key_from_blob(&pk, key, Blob(), true, process); if (ret != 0) { - ret = rsa_parse_key_from_blob(&pk, key, Blob(), false); + ret = rsa_parse_key_from_blob(&pk, key, Blob(), false, process); } if (ret != 0) { mbedtls_pk_free(&pk); @@ -1045,7 +1242,7 @@ PRIMITIVE(rsa_encrypt) { mbedtls_pk_context pk; mbedtls_pk_init(&pk); - int ret = rsa_parse_key_from_blob(&pk, public_key_der, Blob(), false); + int ret = rsa_parse_key_from_blob(&pk, public_key_der, Blob(), false, process); if (ret != 0) { mbedtls_pk_free(&pk); return tls_error(null, process, ret); @@ -1068,7 +1265,7 @@ PRIMITIVE(rsa_encrypt) { size_t output_len = 0; ret = mbedtls_pk_encrypt(&pk, data.address(), data.length(), - ByteArray::Bytes(result).address(), &output_len, output_size, rsa_rng, NULL); + ByteArray::Bytes(result).address(), &output_len, output_size, rsa_rng, null); mbedtls_pk_free(&pk); if (ret != 0) return tls_error(null, process, ret); @@ -1086,7 +1283,7 @@ PRIMITIVE(rsa_decrypt) { mbedtls_pk_context pk; mbedtls_pk_init(&pk); - int ret = rsa_parse_key_from_blob(&pk, private_key_der, Blob(), true); + int ret = rsa_parse_key_from_blob(&pk, private_key_der, Blob(), true, process); if (ret != 0) { mbedtls_pk_free(&pk); return tls_error(null, process, ret); @@ -1109,7 +1306,7 @@ PRIMITIVE(rsa_decrypt) { size_t output_len = 0; ret = mbedtls_pk_decrypt(&pk, data.address(), data.length(), - ByteArray::Bytes(result).address(), &output_len, output_size, rsa_rng, NULL); + ByteArray::Bytes(result).address(), &output_len, output_size, rsa_rng, null); mbedtls_pk_free(&pk); if (ret != 0) return tls_error(null, process, ret); diff --git a/src/tags.h b/src/tags.h index e1659738e..065bc45cb 100644 --- a/src/tags.h +++ b/src/tags.h @@ -67,7 +67,7 @@ namespace toit { fn(AeadContext) \ fn(TlsHandshakeToken) \ fn(EspNowResource) \ - fn(MbedTlsSocket) + fn(MbedTlsSocket) // When adding a class make sure that they all are subclasses of // the BleCallbackResource. If it isn't update the Min/MaxTag below. @@ -142,7 +142,9 @@ enum StructTag { // Misc. FontTag, ImageOutputStreamTag, - ChannelTag + ChannelTag, + RsaGenerationResourceTag, + RsaGenerationResourceGroupTag }; #undef MAKE_ENUM diff --git a/toolchains/esp32/sdkconfig b/toolchains/esp32/sdkconfig index 3e419d250..8e290ab48 100644 --- a/toolchains/esp32/sdkconfig +++ b/toolchains/esp32/sdkconfig @@ -1752,7 +1752,8 @@ CONFIG_MBEDTLS_ECP_RESTARTABLE=y CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HARDWARE_AES=y CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER=y -# CONFIG_MBEDTLS_HARDWARE_MPI is not set +CONFIG_MBEDTLS_HARDWARE_MPI=y +# CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI is not set CONFIG_MBEDTLS_HARDWARE_SHA=y CONFIG_MBEDTLS_ROM_MD5=y # CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN is not set @@ -2129,7 +2130,7 @@ CONFIG_TOIT_ENABLE_ESPNOW=y CONFIG_TOIT_SYSTEM_SOURCE="system/extensions/esp32/boot.toit" CONFIG_TOIT_SYSTEM_SOURCE_PROJECT_ROOT="system" CONFIG_RODATA_PADDING=2097152 -# end of Advanced setup +# end of Advanced setup # end of Toit # end of Component config diff --git a/toolchains/esp32/sdkconfig.defaults b/toolchains/esp32/sdkconfig.defaults index 56f45bc7e..7b5c132bc 100644 --- a/toolchains/esp32/sdkconfig.defaults +++ b/toolchains/esp32/sdkconfig.defaults @@ -62,7 +62,7 @@ CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=7800 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=3700 CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK=y CONFIG_MBEDTLS_ECP_RESTARTABLE=y -CONFIG_MBEDTLS_HARDWARE_MPI=n +CONFIG_MBEDTLS_HARDWARE_MPI=y CONFIG_MBEDTLS_TLS_CLIENT_ONLY=y CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=y CONFIG_MBEDTLS_POLY1305_C=y diff --git a/toolchains/esp32c3/sdkconfig.defaults b/toolchains/esp32c3/sdkconfig.defaults index be096bbe3..937b2a01f 100644 --- a/toolchains/esp32c3/sdkconfig.defaults +++ b/toolchains/esp32c3/sdkconfig.defaults @@ -51,7 +51,7 @@ CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=7800 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=3700 CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK=y CONFIG_MBEDTLS_ECP_RESTARTABLE=y -CONFIG_MBEDTLS_HARDWARE_MPI=n +CONFIG_MBEDTLS_HARDWARE_MPI=y CONFIG_MBEDTLS_TLS_CLIENT_ONLY=y CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=y CONFIG_MBEDTLS_POLY1305_C=y diff --git a/toolchains/esp32c6/sdkconfig.defaults b/toolchains/esp32c6/sdkconfig.defaults index e087d9083..391a6d4d2 100644 --- a/toolchains/esp32c6/sdkconfig.defaults +++ b/toolchains/esp32c6/sdkconfig.defaults @@ -52,7 +52,7 @@ CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=3700 CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK=y CONFIG_MBEDTLS_ECP_RESTARTABLE=y CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER=n -CONFIG_MBEDTLS_HARDWARE_MPI=n +CONFIG_MBEDTLS_HARDWARE_MPI=y CONFIG_MBEDTLS_TLS_CLIENT_ONLY=y CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=y CONFIG_MBEDTLS_POLY1305_C=y diff --git a/toolchains/esp32s2/sdkconfig.defaults b/toolchains/esp32s2/sdkconfig.defaults index df790aea1..b55233a0a 100644 --- a/toolchains/esp32s2/sdkconfig.defaults +++ b/toolchains/esp32s2/sdkconfig.defaults @@ -44,7 +44,7 @@ CONFIG_LWIP_HOOK_IP6_INPUT_NONE=y CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=7800 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=3700 CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK=y -CONFIG_MBEDTLS_HARDWARE_MPI=n +CONFIG_MBEDTLS_HARDWARE_MPI=y CONFIG_MBEDTLS_TLS_CLIENT_ONLY=y CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=y CONFIG_MBEDTLS_POLY1305_C=y diff --git a/toolchains/esp32s3/sdkconfig.defaults b/toolchains/esp32s3/sdkconfig.defaults index 282005b77..71d1a1b49 100644 --- a/toolchains/esp32s3/sdkconfig.defaults +++ b/toolchains/esp32s3/sdkconfig.defaults @@ -57,7 +57,7 @@ CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=7800 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=3700 CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK=y CONFIG_MBEDTLS_ECP_RESTARTABLE=y -CONFIG_MBEDTLS_HARDWARE_MPI=n +CONFIG_MBEDTLS_HARDWARE_MPI=y CONFIG_MBEDTLS_TLS_CLIENT_ONLY=y CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=y CONFIG_MBEDTLS_POLY1305_C=y