From ecd3349f5b490301709aacd42001e906dd6f8677 Mon Sep 17 00:00:00 2001 From: Sanghee Kim Date: Tue, 2 Feb 2021 18:13:45 +0900 Subject: [PATCH 1/3] patch: esp32: mbedtls: add support MBEDTLS_SSL_ASYNC_PRIVATE Setup build environment for certificate-based onboarding. --- ...config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch | 37 +++++++++++++++++++ ...add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch | 32 ++++++++++++++++ ...config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch | 37 +++++++++++++++++++ ...add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch | 32 ++++++++++++++++ 4 files changed, 138 insertions(+) create mode 100644 patches/esp32/1001-mbedtls-esp_config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch create mode 100644 patches/esp32/1002-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch create mode 100644 patches/esp32_v3.3/1001-mbedtls-esp_config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch create mode 100644 patches/esp32_v3.3/1002-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch diff --git a/patches/esp32/1001-mbedtls-esp_config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch b/patches/esp32/1001-mbedtls-esp_config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch new file mode 100644 index 00000000..70cea3a4 --- /dev/null +++ b/patches/esp32/1001-mbedtls-esp_config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch @@ -0,0 +1,37 @@ +From e38e879f7e71d417a96337dd0c56c2ce35cf79a8 Mon Sep 17 00:00:00 2001 +From: Sanghee Kim +Date: Tue, 2 Feb 2021 18:07:14 +0900 +Subject: [PATCH] mbedtls: esp_config: add MBEDTLS_SSL_ASYNC_PRIVATE + +It has been added from v2.11.0. +--- + .../mbedtls/port/include/mbedtls/esp_config.h | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h +index 9c6323276..1bea5f1c4 100644 +--- a/components/mbedtls/port/include/mbedtls/esp_config.h ++++ b/components/mbedtls/port/include/mbedtls/esp_config.h +@@ -786,6 +786,19 @@ + */ + #define MBEDTLS_SSL_ALL_ALERT_MESSAGES + ++/** ++ * \def MBEDTLS_SSL_ASYNC_PRIVATE ++ * ++ * Enable asynchronous external private key operations in SSL. This allows ++ * you to configure an SSL connection to call an external cryptographic ++ * module to perform private key operations instead of performing the ++ * operation inside the library. ++ * ++ */ ++#ifdef CONFIG_MBEDTLS_SSL_ASYNC_PRIVATE ++#define MBEDTLS_SSL_ASYNC_PRIVATE ++#endif ++ + /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC + * + * Enable support for Encrypt-then-MAC, RFC 7366. +-- +2.17.1 + diff --git a/patches/esp32/1002-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch b/patches/esp32/1002-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch new file mode 100644 index 00000000..0b4b9cf1 --- /dev/null +++ b/patches/esp32/1002-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch @@ -0,0 +1,32 @@ +From 8cd8a0f16683160791fa4b426c70ed1d9f009f26 Mon Sep 17 00:00:00 2001 +From: Sanghee Kim +Date: Tue, 2 Feb 2021 19:20:41 +0900 +Subject: [PATCH] mbedtls: Kconfig: add option for MBEDTLS_SSL_ASYNC_PRIVATE + +For certificate-based onboarding +--- + components/mbedtls/Kconfig | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig +index 7514d7621..68b5902fe 100644 +--- a/components/mbedtls/Kconfig ++++ b/components/mbedtls/Kconfig +@@ -462,6 +462,14 @@ menu "mbedTLS" + help + Enable the RIPEMD-160 hash algorithm. + ++ config MBEDTLS_SSL_ASYNC_PRIVATE ++ bool "Enable asynchronous external private key" ++ default n ++ help ++ This allows you to configure an SSL connection to call ++ an external cryptographic module to perform private key operations ++ instead of performing the operation inside the library. ++ + menu "Certificates" + + config MBEDTLS_PEM_PARSE_C +-- +2.17.1 + diff --git a/patches/esp32_v3.3/1001-mbedtls-esp_config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch b/patches/esp32_v3.3/1001-mbedtls-esp_config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch new file mode 100644 index 00000000..70cea3a4 --- /dev/null +++ b/patches/esp32_v3.3/1001-mbedtls-esp_config-add-MBEDTLS_SSL_ASYNC_PRIVATE.patch @@ -0,0 +1,37 @@ +From e38e879f7e71d417a96337dd0c56c2ce35cf79a8 Mon Sep 17 00:00:00 2001 +From: Sanghee Kim +Date: Tue, 2 Feb 2021 18:07:14 +0900 +Subject: [PATCH] mbedtls: esp_config: add MBEDTLS_SSL_ASYNC_PRIVATE + +It has been added from v2.11.0. +--- + .../mbedtls/port/include/mbedtls/esp_config.h | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h +index 9c6323276..1bea5f1c4 100644 +--- a/components/mbedtls/port/include/mbedtls/esp_config.h ++++ b/components/mbedtls/port/include/mbedtls/esp_config.h +@@ -786,6 +786,19 @@ + */ + #define MBEDTLS_SSL_ALL_ALERT_MESSAGES + ++/** ++ * \def MBEDTLS_SSL_ASYNC_PRIVATE ++ * ++ * Enable asynchronous external private key operations in SSL. This allows ++ * you to configure an SSL connection to call an external cryptographic ++ * module to perform private key operations instead of performing the ++ * operation inside the library. ++ * ++ */ ++#ifdef CONFIG_MBEDTLS_SSL_ASYNC_PRIVATE ++#define MBEDTLS_SSL_ASYNC_PRIVATE ++#endif ++ + /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC + * + * Enable support for Encrypt-then-MAC, RFC 7366. +-- +2.17.1 + diff --git a/patches/esp32_v3.3/1002-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch b/patches/esp32_v3.3/1002-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch new file mode 100644 index 00000000..89401e33 --- /dev/null +++ b/patches/esp32_v3.3/1002-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch @@ -0,0 +1,32 @@ +From a5b1fe8d9ab7063432bc647fef9e84b1d0be0457 Mon Sep 17 00:00:00 2001 +From: Sanghee Kim +Date: Wed, 3 Feb 2021 10:19:39 +0900 +Subject: [PATCH] mbedtls: Kconfig: add option for MBEDTLS_SSL_ASYNC_PRIVATE + +For certificate-based onboarding +--- + components/mbedtls/Kconfig | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig +index 1d9f93d21..4e69e42a1 100644 +--- a/components/mbedtls/Kconfig ++++ b/components/mbedtls/Kconfig +@@ -426,6 +426,14 @@ menu "mbedTLS" + help + Enable the RIPEMD-160 hash algorithm. + ++ config MBEDTLS_SSL_ASYNC_PRIVATE ++ bool "Enable asynchronous external private key" ++ default n ++ help ++ This allows you to configure an SSL connection to call ++ an external cryptographic module to perform private key operations ++ instead of performing the operation inside the library. ++ + menu "Certificates" + + config MBEDTLS_PEM_PARSE_C +-- +2.17.1 + From 66d8fd816a5870ac0a965caf3f0079443053be31 Mon Sep 17 00:00:00 2001 From: Sanghee Kim Date: Tue, 2 Feb 2021 18:16:00 +0900 Subject: [PATCH 2/3] patch: esp8266: mbedtls: add support MBEDTLS_SSL_ASYNC_PRIVATE Setup build environment for certificate-based onboarding. --- ...MBEDTLS_SSL_ASYNC_PRIVATE-in-configu.patch | 37 +++++++++++++++++++ ...add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch | 32 ++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 patches/esp8266/1005-mbedtls-esp-add-MBEDTLS_SSL_ASYNC_PRIVATE-in-configu.patch create mode 100644 patches/esp8266/1006-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch diff --git a/patches/esp8266/1005-mbedtls-esp-add-MBEDTLS_SSL_ASYNC_PRIVATE-in-configu.patch b/patches/esp8266/1005-mbedtls-esp-add-MBEDTLS_SSL_ASYNC_PRIVATE-in-configu.patch new file mode 100644 index 00000000..8edb9735 --- /dev/null +++ b/patches/esp8266/1005-mbedtls-esp-add-MBEDTLS_SSL_ASYNC_PRIVATE-in-configu.patch @@ -0,0 +1,37 @@ +From 23bfbd1ba6ff0e4f845c6279242b743e6b3a1e40 Mon Sep 17 00:00:00 2001 +From: Sanghee Kim +Date: Tue, 2 Feb 2021 17:58:02 +0900 +Subject: [PATCH] mbedtls: esp: add MBEDTLS_SSL_ASYNC_PRIVATE in configuration + +It has been added from v2.11.0. +--- + .../mbedtls/port/include/mbedtls/esp_config.h | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h +index 7cc51003..617670cc 100644 +--- a/components/mbedtls/port/include/mbedtls/esp_config.h ++++ b/components/mbedtls/port/include/mbedtls/esp_config.h +@@ -726,6 +726,19 @@ + */ + #define MBEDTLS_SSL_ALL_ALERT_MESSAGES + ++/** ++ * \def MBEDTLS_SSL_ASYNC_PRIVATE ++ * ++ * Enable asynchronous external private key operations in SSL. This allows ++ * you to configure an SSL connection to call an external cryptographic ++ * module to perform private key operations instead of performing the ++ * operation inside the library. ++ * ++ */ ++#ifdef CONFIG_MBEDTLS_SSL_ASYNC_PRIVATE ++#define MBEDTLS_SSL_ASYNC_PRIVATE ++#endif ++ + /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC + * + * Enable support for Encrypt-then-MAC, RFC 7366. +-- +2.17.1 + diff --git a/patches/esp8266/1006-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch b/patches/esp8266/1006-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch new file mode 100644 index 00000000..cc8185a7 --- /dev/null +++ b/patches/esp8266/1006-mbedtls-Kconfig-add-option-for-MBEDTLS_SSL_ASYNC_PRI.patch @@ -0,0 +1,32 @@ +From e8cce8de38737d55c140ebb1be260834373ca665 Mon Sep 17 00:00:00 2001 +From: Sanghee Kim +Date: Wed, 3 Feb 2021 10:38:22 +0900 +Subject: [PATCH] mbedtls: Kconfig: add option for MBEDTLS_SSL_ASYNC_PRIVATE + +For certificate-based onboarding +--- + components/mbedtls/Kconfig | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig +index 10949c96..b1920b85 100644 +--- a/components/mbedtls/Kconfig ++++ b/components/mbedtls/Kconfig +@@ -439,6 +439,14 @@ menu "mbedTLS" + help + Enable the RIPEMD-160 hash algorithm. + ++ config MBEDTLS_SSL_ASYNC_PRIVATE ++ bool "Enable asynchronous external private key" ++ default n ++ help ++ This allows you to configure an SSL connection to call ++ an external cryptographic module to perform private key operations ++ instead of performing the operation inside the library. ++ + menu "Certificates" + + config MBEDTLS_PEM_PARSE_C +-- +2.17.1 + From 17b19d0d4713bd531ee80c87bc478ed0ebd4dbd1 Mon Sep 17 00:00:00 2001 From: stdk-scm <63764571+stdk-scm@users.noreply.github.com> Date: Wed, 10 Mar 2021 17:04:13 +0900 Subject: [PATCH 3/3] Sync-up with iot-core 1.5.10 Signed-off-by: stdk-scm <63764571+stdk-scm@users.noreply.github.com> --- iot-core | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iot-core b/iot-core index 903b2af8..b85ab8f3 160000 --- a/iot-core +++ b/iot-core @@ -1 +1 @@ -Subproject commit 903b2af8a82ed05d43d2cb2f6b23549a0c339d52 +Subproject commit b85ab8f300aab7591a052450fae9223388ae0093