espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-05 05:34:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/crypto_peripherals_caps' into 'master'

Browse Source 
soc: add capability macros for crypto peripherals

Closes IDF-4790 and IDF-4229

See merge request espressif/esp-idf!17516
This commit is contained in:
Mahavir Jain
2022-03-22 16:42:07 +08:00
parent 7db3d28187 3af2d15216
commit 9bd036e94b
21 changed files with 170 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
components/esp-tls/Kconfig
View File

@@ -26,8 +26,7 @@ menu "ESP-TLS"
config ESP_TLS_USE_DS_PERIPHERAL
bool "Use Digital Signature (DS) Peripheral with ESP-TLS"
depends on (IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32H2 || IDF_TARGET_ESP32S3)
depends on ESP_TLS_USING_MBEDTLS
depends on ESP_TLS_USING_MBEDTLS && SOC_DIG_SIGN_SUPPORTED
default y
help
Enable use of the Digital Signature Peripheral for ESP-TLS.The DS peripheral

55
components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h
View File

@@ -10,58 +10,9 @@
extern "C" {
#endif
/**
* @brief Acquire lock for HMAC cryptography peripheral
*
* Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
*/
void esp_crypto_hmac_lock_acquire(void);
/**
* @brief Release lock for HMAC cryptography peripheral
*
* Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
*/
void esp_crypto_hmac_lock_release(void);
/**
* @brief Acquire lock for DS cryptography peripheral
*
* Internally also locks the HMAC (which locks SHA), AES and MPI peripheral, as the DS depends on these peripherals
*/
void esp_crypto_ds_lock_acquire(void);
/**
* @brief Release lock for DS cryptography peripheral
*
* Internally also releases the HMAC (which locks SHA), AES and MPI peripheral, as the DS depends on these peripherals
*/
void esp_crypto_ds_lock_release(void);
/**
* @brief Acquire lock for the SHA and AES cryptography peripheral.
*
*/
void esp_crypto_sha_aes_lock_acquire(void);
/**
* @brief Release lock for the SHA and AES cryptography peripheral.
*
*/
void esp_crypto_sha_aes_lock_release(void);
/**
* @brief Acquire lock for the mpi cryptography peripheral.
*
*/
void esp_crypto_mpi_lock_acquire(void);
/**
* @brief Release lock for the mpi/rsa cryptography peripheral.
*
*/
void esp_crypto_mpi_lock_release(void);
// Place-holder lock APIs as hardware AES is not supported in ESP32-C2
static inline void esp_crypto_sha_aes_lock_acquire(void) {}
static inline void esp_crypto_sha_aes_lock_release(void) {}
#ifdef __cplusplus
}

1
components/esp_hw_support/port/esp32c2/CMakeLists.txt
View File

@@ -10,7 +10,6 @@ set(srcs "cpu_util_esp32c2.c"
if(NOT BOOTLOADER_BUILD)
list(APPEND srcs "../async_memcpy_impl_gdma.c"
"esp_crypto_lock.c"
"dport_access.c")
endif()

71
components/esp_hw_support/port/esp32c2/esp_crypto_lock.c
View File

@@ -1,71 +0,0 @@
/*
* SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <sys/lock.h>
#include <stdlib.h>
#include "esp_crypto_lock.h"
/* Lock overview:
SHA: peripheral independent, but DMA is shared with AES
AES: peripheral independent, but DMA is shared with SHA
MPI/RSA: independent
HMAC: needs SHA
DS: needs HMAC (which needs SHA), AES and MPI
*/
#if 0 // TODO: IDF-4229
/* Lock for DS peripheral */
static _lock_t s_crypto_ds_lock;
/* Lock for HMAC peripheral */
static _lock_t s_crypto_hmac_lock;
/* Lock for the MPI/RSA peripheral, also used by the DS peripheral */
static _lock_t s_crypto_mpi_lock;
/* Single lock for SHA and AES, sharing a reserved GDMA channel */
static _lock_t s_crypto_sha_aes_lock;
#endif
void esp_crypto_hmac_lock_acquire(void)
{
abort(); // TODO: IDF-4229
}
void esp_crypto_hmac_lock_release(void)
{
abort(); // TODO: IDF-4229
}
void esp_crypto_ds_lock_acquire(void)
{
abort(); // TODO: IDF-4229
}
void esp_crypto_ds_lock_release(void)
{
abort(); // TODO: IDF-4229
}
void esp_crypto_sha_aes_lock_acquire(void)
{
abort(); // TODO: IDF-4229
}
void esp_crypto_sha_aes_lock_release(void)
{
abort(); // TODO: IDF-4229
}
void esp_crypto_mpi_lock_acquire(void)
{
abort(); // TODO: IDF-4229
}
void esp_crypto_mpi_lock_release(void)
{
abort(); // TODO: IDF-4229
}

45
components/mbedtls/CMakeLists.txt
View File

@@ -110,32 +110,42 @@ endif()
target_sources(mbedtls PRIVATE ${mbedtls_target_sources})
# Choose perihperal type
if(CONFIG_IDF_TARGET_ESP32)
set(SHA_PERIPHERAL_TYPE "parallel_engine")
set(AES_PERIPHERAL_TYPE "block")
else()
set(SHA_PERIPHERAL_TYPE "dma")
set(AES_PERIPHERAL_TYPE "dma")
if(CONFIG_SOC_SHA_SUPPORTED)
if(CONFIG_SOC_SHA_SUPPORT_DMA)
set(SHA_PERIPHERAL_TYPE "dma")
else()
set(SHA_PERIPHERAL_TYPE "parallel_engine")
endif()
endif()
if(CONFIG_SOC_AES_SUPPORTED)
if(CONFIG_SOC_AES_SUPPORT_DMA)
set(AES_PERIPHERAL_TYPE "dma")
else()
set(AES_PERIPHERAL_TYPE "block")
endif()
endif()
if(SHA_PERIPHERAL_TYPE STREQUAL "dma")
target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/dma/include")
if(CONFIG_IDF_TARGET_ESP32S2)
if(NOT CONFIG_SOC_SHA_GDMA)
set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_crypto_dma_impl.c")
else()
set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c"
"${COMPONENT_DIR}/port/crypto_shared_gdma/esp_crypto_shared_gdma.c")
set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c")
endif()
target_sources(mbedcrypto PRIVATE "${SHA_DMA_SRCS}")
endif()
if(AES_PERIPHERAL_TYPE STREQUAL "dma")
if(CONFIG_IDF_TARGET_ESP32S2)
if(NOT CONFIG_SOC_AES_GDMA)
set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_crypto_dma_impl.c")
else()
set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c")
set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c"
"${COMPONENT_DIR}/port/crypto_shared_gdma/esp_crypto_shared_gdma.c")
endif()
target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/dma/include")
@@ -146,11 +156,18 @@ target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c"
"${COMPONENT_DIR}/port/esp_mem.c"
"${COMPONENT_DIR}/port/esp_timing.c"
"${COMPONENT_DIR}/port/sha/esp_sha.c"
"${COMPONENT_DIR}/port/aes/esp_aes_xts.c"
)
if(CONFIG_SOC_AES_SUPPORTED)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_xts.c"
"${COMPONENT_DIR}/port/aes/esp_aes_common.c"
"${COMPONENT_DIR}/port/aes/${AES_PERIPHERAL_TYPE}/esp_aes.c"
"${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c"
)
)
endif()
if(CONFIG_SOC_SHA_SUPPORTED)
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c")
endif()
# CONFIG_ESP_TLS_USE_DS_PERIPHERAL can be enabled only for the supported targets.
if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL)

10
components/mbedtls/Kconfig
View File

@@ -347,7 +347,7 @@ menu "mbedTLS"
config MBEDTLS_HARDWARE_AES
bool "Enable hardware AES acceleration"
default y
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && !IDF_TARGET_ESP32C2
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_AES_SUPPORTED
help
Enable hardware accelerated AES encryption & decryption.
@@ -366,7 +366,7 @@ menu "mbedTLS"
config MBEDTLS_HARDWARE_GCM
bool "Enable partially hardware accelerated GCM"
depends on IDF_TARGET_ESP32S2 && MBEDTLS_HARDWARE_AES
depends on SOC_AES_SUPPORT_GCM && MBEDTLS_HARDWARE_AES
default y
help
Enable partially hardware accelerated GCM. GHASH calculation is still done
@@ -379,7 +379,7 @@ menu "mbedTLS"
config MBEDTLS_HARDWARE_MPI
bool "Enable hardware MPI (bignum) acceleration"
default y
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && !IDF_TARGET_ESP32C2
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_MPI_SUPPORTED
help
Enable hardware accelerated multiple precision integer operations.
@@ -401,7 +401,7 @@ menu "mbedTLS"
config MBEDTLS_HARDWARE_SHA
bool "Enable hardware SHA acceleration"
default y
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_SHA_SUPPORTED
help
Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
@@ -1001,7 +1001,7 @@ menu "mbedTLS"
config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
bool "Fallback to software implementation for larger MPI values"
depends on MBEDTLS_HARDWARE_MPI
default y if IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32H2 || IDF_TARGET_ESP32C2 # HW max 3072 bits
default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits
default n
help
Fallback to software implementation for RSA key lengths

2
components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
View File

@@ -15,8 +15,6 @@
#include "esp32h2/rom/digital_signature.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/digital_signature.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/digital_signature.h"
#else
#error "Selected target does not support esp_rsa_sign_alt (for DS)"
#endif

12
components/soc/esp32/include/soc/Kconfig.soc_caps.in
View File

@@ -103,6 +103,18 @@ config SOC_SUPPORT_COEXISTENCE
bool
default y
config SOC_AES_SUPPORTED
bool
default y
config SOC_MPI_SUPPORTED
bool
default y
config SOC_SHA_SUPPORTED
bool
default y
config SOC_ADC_RTC_CTRL_SUPPORTED
bool
default y

3
components/soc/esp32/include/soc/soc_caps.h
View File

@@ -85,6 +85,9 @@
#define SOC_RMT_SUPPORTED 1
#define SOC_SIGMADELTA_SUPPORTED 1
#define SOC_SUPPORT_COEXISTENCE 1
#define SOC_AES_SUPPORTED 1
#define SOC_MPI_SUPPORTED 1
#define SOC_SHA_SUPPORTED 1
/*-------------------------- ADC CAPS ----------------------------------------*/

10
components/soc/esp32c2/include/soc/Kconfig.soc_caps.in
View File

@@ -31,10 +31,6 @@ config SOC_ASYNC_MEMCPY_SUPPORTED
bool
default y
config SOC_ECC_SUPPORTED
bool
default y
config SOC_SUPPORTS_SECURE_DL_MODE
bool
default y
@@ -71,11 +67,11 @@ config SOC_FLASH_ENCRYPTION_XTS_AES
bool
default y
config SOC_AES_SUPPORT_DMA
config SOC_SHA_SUPPORTED
bool
default y
default n
config SOC_AES_GDMA
config SOC_ECC_SUPPORTED
bool
default y

1
components/soc/esp32c2/include/soc/gdma_channel.h
View File

@@ -10,6 +10,5 @@
#define SOC_GDMA_TRIG_PERIPH_M2M0 (-1)
#define SOC_GDMA_TRIG_PERIPH_SPI2 (0)
#define SOC_GDMA_TRIG_PERIPH_UART0 (2)
#define SOC_GDMA_TRIG_PERIPH_AES0 (6)
#define SOC_GDMA_TRIG_PERIPH_SHA0 (7)
#define SOC_GDMA_TRIG_PERIPH_ADC0 (8)

9
components/soc/esp32c2/include/soc/soc_caps.h
View File

@@ -32,7 +32,6 @@
#define SOC_BT_SUPPORTED 0 // Enable during bringup, IDF-4357
#define SOC_WIFI_SUPPORTED 0 // Enable during bringup, IDF-3905
#define SOC_ASYNC_MEMCPY_SUPPORTED 1
#define SOC_ECC_SUPPORTED 1
#define SOC_SUPPORTS_SECURE_DL_MODE 1
#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 1
#define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 0
@@ -42,12 +41,8 @@
#define SOC_RTC_SLOW_MEM_SUPPORTED 0
#define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY 0
#define SOC_FLASH_ENCRYPTION_XTS_AES 1
/*-------------------------- AES CAPS -----------------------------------------*/
#define SOC_AES_SUPPORT_DMA (1)
/* Has a centralized DMA, which is shared with all peripherals */
#define SOC_AES_GDMA (1)
#define SOC_SHA_SUPPORTED 0 // This will be enabled with IDF-3830
#define SOC_ECC_SUPPORTED 1
/*-------------------------- ADC CAPS -------------------------------*/
/*!< SAR ADC Module*/

28
components/soc/esp32c3/include/soc/Kconfig.soc_caps.in
View File

@@ -31,14 +31,6 @@ config SOC_BLUEDROID_SUPPORTED
bool
default y
config SOC_DIG_SIGN_SUPPORTED
bool
default y
config SOC_HMAC_SUPPORTED
bool
default y
config SOC_ASYNC_MEMCPY_SUPPORTED
bool
default y
@@ -107,6 +99,26 @@ config SOC_SUPPORT_COEXISTENCE
bool
default y
config SOC_AES_SUPPORTED
bool
default y
config SOC_MPI_SUPPORTED
bool
default y
config SOC_SHA_SUPPORTED
bool
default y
config SOC_HMAC_SUPPORTED
bool
default y
config SOC_DIG_SIGN_SUPPORTED
bool
default y
config SOC_AES_SUPPORT_DMA
bool
default y

7
components/soc/esp32c3/include/soc/soc_caps.h
View File

@@ -32,8 +32,6 @@
#define SOC_TWAI_SUPPORTED 1
#define SOC_BT_SUPPORTED 1
#define SOC_BLUEDROID_SUPPORTED 1
#define SOC_DIG_SIGN_SUPPORTED 1
#define SOC_HMAC_SUPPORTED 1
#define SOC_ASYNC_MEMCPY_SUPPORTED 1
#define SOC_USB_SERIAL_JTAG_SUPPORTED 1
#define SOC_TEMP_SENSOR_SUPPORTED 1
@@ -51,6 +49,11 @@
#define SOC_RMT_SUPPORTED 1
#define SOC_SIGMADELTA_SUPPORTED 1
#define SOC_SUPPORT_COEXISTENCE 1
#define SOC_AES_SUPPORTED 1
#define SOC_MPI_SUPPORTED 1
#define SOC_SHA_SUPPORTED 1
#define SOC_HMAC_SUPPORTED 1
#define SOC_DIG_SIGN_SUPPORTED 1
/*-------------------------- AES CAPS -----------------------------------------*/
#define SOC_AES_SUPPORT_DMA (1)

32
components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
View File

@@ -35,14 +35,6 @@ config SOC_ESP_NIMBLE_CONTROLLER
bool
default y
config SOC_DIG_SIGN_SUPPORTED
bool
default y
config SOC_HMAC_SUPPORTED
bool
default y
config SOC_ASYNC_MEMCPY_SUPPORTED
bool
default y
@@ -91,6 +83,30 @@ config SOC_SIGMADELTA_SUPPORTED
bool
default y
config SOC_AES_SUPPORTED
bool
default y
config SOC_MPI_SUPPORTED
bool
default y
config SOC_SHA_SUPPORTED
bool
default y
config SOC_HMAC_SUPPORTED
bool
default y
config SOC_DIG_SIGN_SUPPORTED
bool
default y
config SOC_ECC_SUPPORTED
bool
default n
config SOC_AES_SUPPORT_DMA
bool
default y

11
components/soc/esp32h2/include/soc/soc_caps.h
View File

@@ -39,10 +39,8 @@
#define SOC_GDMA_SUPPORTED 1
#define SOC_TWAI_SUPPORTED 1
#define SOC_BT_SUPPORTED 1
#define SOC_BLUEDROID_SUPPORTED 0
#define SOC_BLUEDROID_SUPPORTED 0
#define SOC_ESP_NIMBLE_CONTROLLER 1
#define SOC_DIG_SIGN_SUPPORTED 1
#define SOC_HMAC_SUPPORTED 1
#define SOC_ASYNC_MEMCPY_SUPPORTED 1
#define SOC_USB_SERIAL_JTAG_SUPPORTED 1
#define SOC_SUPPORTS_SECURE_DL_MODE 1
@@ -55,7 +53,12 @@
#define SOC_I2S_SUPPORTED 1
#define SOC_RMT_SUPPORTED 1
#define SOC_SIGMADELTA_SUPPORTED 1
#define SOC_AES_SUPPORTED 1
#define SOC_MPI_SUPPORTED 1
#define SOC_SHA_SUPPORTED 1
#define SOC_HMAC_SUPPORTED 1
#define SOC_DIG_SIGN_SUPPORTED 1
#define SOC_ECC_SUPPORTED 0 // This will be enabled with IDF-3397
/*-------------------------- AES CAPS -----------------------------------------*/
#define SOC_AES_SUPPORT_DMA (1)

28
components/soc/esp32s2/include/soc/Kconfig.soc_caps.in
View File

@@ -55,14 +55,6 @@ config SOC_CCOMP_TIMER_SUPPORTED
bool
default y
config SOC_DIG_SIGN_SUPPORTED
bool
default y
config SOC_HMAC_SUPPORTED
bool
default y
config SOC_ASYNC_MEMCPY_SUPPORTED
bool
default y
@@ -131,6 +123,26 @@ config SOC_SUPPORT_COEXISTENCE
bool
default n
config SOC_AES_SUPPORTED
bool
default y
config SOC_MPI_SUPPORTED
bool
default y
config SOC_SHA_SUPPORTED
bool
default y
config SOC_HMAC_SUPPORTED
bool
default y
config SOC_DIG_SIGN_SUPPORTED
bool
default y
config SOC_ADC_RTC_CTRL_SUPPORTED
bool
default y

7
components/soc/esp32s2/include/soc/soc_caps.h
View File

@@ -52,8 +52,6 @@
#define SOC_WIFI_SUPPORTED 1
#define SOC_ULP_SUPPORTED 1
#define SOC_CCOMP_TIMER_SUPPORTED 1
#define SOC_DIG_SIGN_SUPPORTED 1
#define SOC_HMAC_SUPPORTED 1
#define SOC_ASYNC_MEMCPY_SUPPORTED 1
#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3
#define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 1
@@ -71,6 +69,11 @@
#define SOC_RMT_SUPPORTED 1
#define SOC_SIGMADELTA_SUPPORTED 1
#define SOC_SUPPORT_COEXISTENCE 0
#define SOC_AES_SUPPORTED 1
#define SOC_MPI_SUPPORTED 1
#define SOC_SHA_SUPPORTED 1
#define SOC_HMAC_SUPPORTED 1
#define SOC_DIG_SIGN_SUPPORTED 1
/*-------------------------- ADC CAPS ----------------------------------------*/

28
components/soc/esp32s3/include/soc/Kconfig.soc_caps.in
View File

@@ -127,14 +127,6 @@ config SOC_CCOMP_TIMER_SUPPORTED
bool
default y
config SOC_DIG_SIGN_SUPPORTED
bool
default y
config SOC_HMAC_SUPPORTED
bool
default y
config SOC_ASYNC_MEMCPY_SUPPORTED
bool
default y
@@ -207,6 +199,26 @@ config SOC_TEMP_SENSOR_SUPPORTED
bool
default y
config SOC_AES_SUPPORTED
bool
default y
config SOC_MPI_SUPPORTED
bool
default y
config SOC_SHA_SUPPORTED
bool
default y
config SOC_HMAC_SUPPORTED
bool
default y
config SOC_DIG_SIGN_SUPPORTED
bool
default y
config SOC_APPCPU_HAS_CLOCK_GATING_BUG
bool
default y

8
components/soc/esp32s3/include/soc/soc_caps.h
View File

@@ -42,8 +42,6 @@
#define SOC_USB_OTG_SUPPORTED 1
#define SOC_USB_SERIAL_JTAG_SUPPORTED 1
#define SOC_CCOMP_TIMER_SUPPORTED 1
#define SOC_DIG_SIGN_SUPPORTED 1
#define SOC_HMAC_SUPPORTED 1
#define SOC_ASYNC_MEMCPY_SUPPORTED 1
#define SOC_SUPPORTS_SECURE_DL_MODE 1
#define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3
@@ -62,6 +60,12 @@
#define SOC_SIGMADELTA_SUPPORTED 1
#define SOC_SUPPORT_COEXISTENCE 1
#define SOC_TEMP_SENSOR_SUPPORTED 1
#define SOC_AES_SUPPORTED 1
#define SOC_MPI_SUPPORTED 1
#define SOC_SHA_SUPPORTED 1
#define SOC_HMAC_SUPPORTED 1
#define SOC_DIG_SIGN_SUPPORTED 1
/*-------------------------- SOC CAPS ----------------------------------------*/
#define SOC_APPCPU_HAS_CLOCK_GATING_BUG (1)

6
docs/en/api-reference/protocols/mbedtls.rst
View File

@@ -56,9 +56,9 @@ Following is a brief list of important config options accessible at ``Component
- :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Client session tickets
- :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Server session tickets
- :ref:`CONFIG_MBEDTLS_HARDWARE_SHA`: Support for hardware SHA acceleration
:SOC_AES_SUPPORT_AES_128: - :ref:`CONFIG_MBEDTLS_HARDWARE_AES`: Support for hardware AES acceleration
:not esp32c2: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration
:esp32c2: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration
:SOC_AES_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_AES`: Support for hardware AES acceleration
:SOC_MPI_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration
:SOC_ECC_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration
.. note:: Mbed TLS v3.0.0 and later support only TLS 1.2 and TLS 1.3 (SSL 3.0, TLS 1.0, TLS 1.1 and DTLS 1.0 are not supported). The support for TLS 1.3 is experimental and only supports the client-side. More information about this can be found out `here <https://github.com/espressif/mbedtls/blob/9bb5effc3298265f829878825d9bd38478e67514/docs/architecture/tls13-support.md>`__.