From fb77319758da284f990605d2613289241ee52404 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 5 Dec 2023 10:36:05 -0800 Subject: [PATCH] Espressif examples: polish & misc updates --- .../wolfssl/include/user_settings.h | 48 ++-- .../ESP-IDF/examples/template/main/main.c | 2 +- .../examples/wolfssl_benchmark/CMakeLists.txt | 49 +--- .../wolfssl/include/user_settings.h | 60 ++++- .../examples/wolfssl_benchmark/main/main.c | 3 +- .../wolfssl/include/user_settings.h | 37 ++- .../wolfssl_client/main/Kconfig.projbuild | 12 +- .../examples/wolfssl_client/main/client-tls.c | 4 +- .../wolfssl_client/main/include/client-tls.h | 16 +- .../examples/wolfssl_client/main/main.c | 15 +- .../wolfssl_client/main/wifi_connect.c | 26 ++- .../wolfssl/include/user_settings.h | 29 ++- .../wolfssl_server/main/CMakeLists.txt | 2 +- .../wolfssl_server/main/Kconfig.projbuild | 28 +-- .../wolfssl_server/main/include/server-tls.h | 18 +- .../main/include/wifi_connect.h | 4 +- .../examples/wolfssl_server/main/main.c | 18 +- .../examples/wolfssl_server/main/server-tls.c | 6 +- .../wolfssl_server/main/time_helper.c | 2 +- .../wolfssl_server/main/wifi_connect.c | 25 +- .../wolfssl/include/user_settings.h | 58 ++++- .../ESP-IDF/examples/wolfssl_test/main/main.c | 3 +- .../examples/wolfssl_test/sdkconfig.defaults | 2 + IDE/Espressif/ESP-IDF/user_settings.h | 220 +++++++++++++++--- 24 files changed, 501 insertions(+), 186 deletions(-) diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index 9aca493ef..819ce60b7 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -92,14 +92,16 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 -#define HAVE_ED25519 /* ED25519 requires SHA512 */ +/* Reminder: ED25519 requires SHA512 */ +#define HAVE_ED25519 #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 - #define OPENSSL_EXTRA +/* Optional OPENSSL compatibility */ +#define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ @@ -111,7 +113,7 @@ #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -125,7 +127,7 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* rsa primitive specific definition */ +/* RSA primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE @@ -255,8 +257,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -303,15 +331,6 @@ #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP266 *****/ - -#elif defined(CONFIG_IDF_TARGET_ESP8684) - /* There's no Hardware Acceleration available on ESP8684 */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI - /***** END CONFIG_IDF_TARGET_ESP8684 *****/ - #else /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT @@ -327,6 +346,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/main.c b/IDE/Espressif/ESP-IDF/examples/template/main/main.c index 0fdcdc3ee..5e41a28fd 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -38,7 +38,7 @@ void app_main(void) esp_ShowExtendedSystemInfo(); #endif -#ifdef WOLFSSL_HW_METRICS_DISABLED /* Remove _DISABLED upon #6990 Merge */ +#if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) esp_hw_show_metrics(); #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index 4cf6a30fd..b49373e69 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -19,54 +19,9 @@ cmake_minimum_required(VERSION 3.16) # Linux: ~/workspace # Windows: C:\workspace # -if(WIN32) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") - message("Detected Windows") -endif() -if(CMAKE_HOST_UNIX) - message("Detected UNIX") -endif() -if(APPLE) - message("Detected APPLE") -endif() -if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") - message("Detected WSL") -endif() -if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") - message("Detected Linux") -endif() -if(APPLE) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") - message("Detected Apple") -endif() -# End optional WOLFSSL_CMAKE_SYSTEM_NAME -# Check that there are not conflicting wolfSSL components -# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl -# The local component wolfSSL directory will be in ./components/wolfssl -if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) - # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' - # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) - # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) - # So we'll error out and let the user decide how to proceed: - message(WARNING "\nFound wolfSSL components in\n" - "./managed_components/wolfssl__wolfssl\n" - "and\n" - "./components/wolfssl\n" - "in project directory: \n" - "${CMAKE_HOME_DIRECTORY}") - message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" - "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " - "or rename the idf_component.yml file typically found in ./main/") -else() - message(STATUS "No conflicting wolfSSL components found.") -endif() +# Optionally specify a location for wolfSSL component source code +# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" ) include($ENV{IDF_PATH}/tools/cmake/project.cmake) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index 9aca493ef..cc9bae6bc 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -92,14 +92,15 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 -#define HAVE_ED25519 /* ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ +#define HAVE_ED25519 #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 - #define OPENSSL_EXTRA +#define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ @@ -157,9 +158,10 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define ESP_RSA_TIMEOUT_CNT 0x349F00 -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH @@ -168,6 +170,7 @@ /* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ @@ -255,8 +258,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -327,6 +356,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER @@ -335,12 +365,16 @@ #define ESP_DISABLE_HW_TASK_LOCK */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +#define WOLFSSL_ESPIDF_ERROR_PAUSE + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -362,7 +396,6 @@ ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ - #define WOLFSSL_PUBLIC_MP /* used by benchmark */ #define USE_CERT_BUFFERS_2048 @@ -406,3 +439,12 @@ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif + +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c index 89f08508b..855105e7d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c @@ -29,7 +29,8 @@ #include #include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h" #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif #include diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 9aca493ef..de5e247ce 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -255,8 +255,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -304,14 +330,6 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP266 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP8684) - /* There's no Hardware Acceleration available on ESP8684 */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI - /***** END CONFIG_IDF_TARGET_ESP8684 *****/ - #else /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT @@ -327,6 +345,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild index 080abdb74..83dcd6439 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild @@ -1,9 +1,15 @@ menu "Example Configuration" -config TARGET_HOST +config WOLFSSL_TARGET_HOST string "Target host" - default "127.0.01.1" + default "127.0.0.1" help host address for the example to connect - + +config WOLFSSL_TARGET_PORT + int "Target port" + default 11111 + help + host port for the example to connect + endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 7169a1612..9d5d26dbe 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -356,7 +356,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) /* Fill in the server address */ servAddr.sin_family = AF_INET; /* using IPv4 */ - servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_port = htons(TLS_SMP_DEFAULT_PORT); /* on DEFAULT_PORT */ if (*ch >= '1' && *ch <= '9') { /* Get the server IPv4 address from the command line call */ @@ -375,7 +375,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) sprintf(buff, "Connecting to server....%s(port:%d)", TLS_SMP_TARGET_HOST, - DEFAULT_PORT); + TLS_SMP_DEFAULT_PORT); WOLFSSL_MSG(buff); printf("%s\n", buff); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h index 4cbfd83d6..1188ee36e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h @@ -23,10 +23,20 @@ #include #include -#include "user_settings.h" +#include "sdkconfig.h" -#define TLS_SMP_TARGET_HOST "192.168.1.125" -#define DEFAULT_PORT 11111 +/* See main/Kconfig.projbuild for default configuration settings */ +#ifdef CONFIG_WOLFSSL_TARGET_HOST + #define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST +#else + #define TLS_SMP_TARGET_HOST "192.168.1.38" +#endif + +#ifdef CONFIG_WOLFSSL_TARGET_PORT + #define TLS_SMP_DEFAULT_PORT CONFIG_WOLFSSL_TARGET_PORT +#else + #define TLS_SMP_DEFAULT_PORT 11111 +#endif #define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" #define TLS_SMP_CLIENT_TASK_WORDS 22240 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c index cbbc995b9..add43ada2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -31,7 +31,8 @@ #include #include #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif /* this project */ @@ -162,8 +163,18 @@ void app_main(void) ESP_ERROR_CHECK(nvs_flash_init()); #if defined(CONFIG_IDF_TARGET_ESP32H2) - ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. "); + ESP_LOGE(TAG, "There's no WiFi on ESP32-H2."); #else + #ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is myssid."); + ESP_LOGW(TAG, " Do you have a WiFi AP called myssid, or "); + ESP_LOGW(TAG, " did you forget the ESP-IDF configuration?"); + } + #else + #define CONFIG_EXAMPLE_WIFI_SSID "myssid" + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); + #endif ESP_ERROR_CHECK(esp_netif_init()); ESP_ERROR_CHECK(esp_event_loop_create_default()); ESP_ERROR_CHECK(example_connect()); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c index 7aa856004..b9f9ab738 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -20,18 +20,20 @@ */ #include "wifi_connect.h" -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/event_groups.h" +#include +#include +#include #include #include /* wolfSSL */ #include -#include +#include "user_settings.h" #include +#include #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif #if ESP_IDF_VERSION_MAJOR >= 5 @@ -166,7 +168,8 @@ static void event_handler(void* arg, int wifi_init_sta(void) { - int ret = 0; + int ret = ESP_OK; + s_wifi_event_group = xEventGroupCreate(); ESP_ERROR_CHECK(esp_netif_init()); @@ -208,6 +211,17 @@ int wifi_init_sta(void) }; ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + +#ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\"."); + ESP_LOGW(TAG, " Do you have a WiFi AP called \"myssid\", "); + ESP_LOGW(TAG, " or did you forget the ESP-IDF configuration?"); + } +#else + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); +#endif + ESP_ERROR_CHECK(esp_wifi_start() ); ESP_LOGI(TAG, "wifi_init_sta finished."); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 9aca493ef..8a49155d6 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -255,8 +255,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -327,6 +353,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt index c0ad51909..798cecceb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt @@ -48,7 +48,7 @@ idf_component_register(SRCS main.c wifi_connect.c time_helper.c server-tls.c - INCLUDE_DIRS "." + INCLUDE_DIRS "." "./include") # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild index 264c80883..64406069d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild @@ -1,29 +1,9 @@ menu "Example Configuration" -config BENCH_ARGV - string "Arguments for benchmark test" - default "-lng 0" +config WOLFSSL_TARGET_PORT + int "Target port" + default 11111 help - -? Help, print this usage - 0: English, 1: Japanese - -csv Print terminal output in csv format - -base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes) - -no_aad No additional authentication data passed. - -dgst_full Full digest operation performed. - -rsa_sign Measure RSA sign/verify instead of encrypt/decrypt. - - Algorithm to benchmark. Available algorithms include: - cipher aes-cbc aes-gcm chacha20 chacha20-poly1305 - digest md5 poly1305 sha sha2 sha224 sha256 sha384 sha512 sha3 - sha3-224 sha3-256 sha3-384 sha3-512 - mac hmac hmac-md5 hmac-sha hmac-sha224 hmac-sha256 hmac-sha384 - hmac-sha512 - asym rsa rsa-sz dh ecc-kg ecc - other rng - -lng Display benchmark result by specified language. - 0: English, 1: Japanese - Size of block in bytes - - e.g -lng 1 - e.g sha + Host listening port for the example to connect. endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h index d065df3c4..ea9126fe6 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h @@ -21,17 +21,9 @@ #ifndef _SERVER_TLS_ #define _SERVER_TLS_ -#define DEFAULT_PORT 11111 - -#define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" -#define TLS_SMP_CLIENT_TASK_WORDS 10240 -#define TLS_SMP_CLIENT_TASK_PRIORITY 8 - -#define TLS_SMP_TARGET_HOST "192.168.25.109" - -#include +#include /* includes wolfSSL user-settings.h */ #include -#include "user_settings.h" +#include "sdkconfig.h" #if defined(SINGLE_THREADED) #define WOLFSSL_ESP_TASK int @@ -40,6 +32,12 @@ #define WOLFSSL_ESP_TASK void #endif +#ifdef CONFIG_WOLFSSL_TARGET_PORT + #define TLS_SMP_DEFAULT_PORT CONFIG_WOLFSSL_TARGET_PORT +#else + #define TLS_SMP_DEFAULT_PORT 11111 +#endif + typedef struct { int port; int loops; diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index d5eec7c19..a045b23ba 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -27,8 +27,6 @@ /* ESP lwip */ #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY -#define DEFAULT_PORT 11111 - #define TLS_SMP_SERVER_TASK_NAME "tls_sever_example" #define TLS_SMP_SERVER_TASK_WORDS 22240 #define TLS_SMP_SERVER_TASK_PRIORITY 8 @@ -66,7 +64,7 @@ #else #warning "did not detect environment. using ~/my_private_config.h" #include "~/my_private_config.h" - #endif + #endif #else /* diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c index 0c043b2a6..1c0d537e4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -27,11 +27,11 @@ #include /* wolfSSL */ -#include -#include +#include /* includes wolfSSL user-settings.h */ #include #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif /* this project */ @@ -162,8 +162,18 @@ void app_main(void) ESP_ERROR_CHECK(nvs_flash_init()); #if defined(CONFIG_IDF_TARGET_ESP32H2) - ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. "); + ESP_LOGE(TAG, "There's no WiFi on ESP32-H2."); #else + #ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is myssid."); + ESP_LOGW(TAG, " Do you have a WiFi AP called myssid, or "); + ESP_LOGW(TAG, " did you forget the ESP-IDF configuration?"); + } + #else + #define CONFIG_EXAMPLE_WIFI_SSID "myssid" + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); + #endif ESP_ERROR_CHECK(esp_netif_init()); ESP_ERROR_CHECK(esp_event_loop_create_default()); ESP_ERROR_CHECK(example_connect()); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index 8d6cdd25c..9df8283d2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -279,7 +279,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) memset(&servAddr, 0, sizeof(servAddr)); /* Fill in the server address */ servAddr.sin_family = AF_INET; /* using IPv4 */ - servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_port = htons(TLS_SMP_DEFAULT_PORT); /* on port */ servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ /* Bind the server socket to our port */ @@ -372,7 +372,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) vTaskDelete(NULL); - return TLS_SMP_SERVER_TASK_RET; + return TLS_SMP_SERVER_TASK_RET; } #if defined(SINGLE_THREADED) @@ -389,7 +389,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) int thisPort = 0; int ret_i = 0; /* interim return result */ if (thisPort == 0) { - thisPort = DEFAULT_PORT; + thisPort = TLS_SMP_DEFAULT_PORT; } #if ESP_IDF_VERSION_MAJOR >= 4 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c index 5149d2e60..1f16e4be7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -20,11 +20,11 @@ */ /* common Espressif time_helper v5.6.3.002 */ -#include "esp_idf_version.h" #include "sdkconfig.h" #include "time_helper.h" #include +#include #if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR >= 1) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 7aa856004..7401c5d7e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -20,18 +20,19 @@ */ #include "wifi_connect.h" -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/event_groups.h" +#include +#include +#include #include #include /* wolfSSL */ #include -#include #include +#include #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif #if ESP_IDF_VERSION_MAJOR >= 5 @@ -166,7 +167,8 @@ static void event_handler(void* arg, int wifi_init_sta(void) { - int ret = 0; + int ret = ESP_OK; + s_wifi_event_group = xEventGroupCreate(); ESP_ERROR_CHECK(esp_netif_init()); @@ -208,6 +210,17 @@ int wifi_init_sta(void) }; ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + +#ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\"."); + ESP_LOGW(TAG, " Do you have a WiFi AP called \"myssid\", "); + ESP_LOGW(TAG, " or did you forget the ESP-IDF configuration?"); + } +#else + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); +#endif + ESP_ERROR_CHECK(esp_wifi_start() ); ESP_LOGI(TAG, "wifi_init_sta finished."); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index 9aca493ef..d6eeebbb4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -92,14 +92,15 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 -#define HAVE_ED25519 /* ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ +#define HAVE_ED25519 #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 - #define OPENSSL_EXTRA +#define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ @@ -159,7 +160,8 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH @@ -168,6 +170,7 @@ /* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ @@ -255,8 +258,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -327,6 +356,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER @@ -335,12 +365,16 @@ #define ESP_DISABLE_HW_TASK_LOCK */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +#define WOLFSSL_ESPIDF_ERROR_PAUSE + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -362,7 +396,6 @@ ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ - #define WOLFSSL_PUBLIC_MP /* used by benchmark */ #define USE_CERT_BUFFERS_2048 @@ -406,3 +439,12 @@ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif + +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c index 225e4994f..1c21bd93a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c @@ -230,8 +230,7 @@ void app_main(void) */ int loops = 0; do { - /* Remove _DISABLED upon #6990 Merge: */ - #if defined(WOLFSSL_HW_METRICS_DISABLED) + #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) esp_hw_show_metrics(); #endif ret = wolf_test_task(); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults index ccb7820e7..17097709d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults @@ -1,3 +1,5 @@ +# This tag is used to include this file in the ESP Component Registry: + # # Default main stack size # diff --git a/IDE/Espressif/ESP-IDF/user_settings.h b/IDE/Espressif/ESP-IDF/user_settings.h index 801889b6d..7b0a7ed81 100644 --- a/IDE/Espressif/ESP-IDF/user_settings.h +++ b/IDE/Espressif/ESP-IDF/user_settings.h @@ -19,23 +19,21 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#undef WOLFSSL_ESPIDF -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESP8266 +/* This user_settings.h is for Espressif ESP-IDF */ +#include /* The Espressif sdkconfig will have chipset info. ** ** Possible values: ** ** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 ** CONFIG_IDF_TARGET_ESP32S3 ** CONFIG_IDF_TARGET_ESP32C3 ** CONFIG_IDF_TARGET_ESP32C6 */ -#include +#undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF /* @@ -45,10 +43,22 @@ * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP8266 +#undef WOLFSSL_ESP32 #define WOLFSSL_ESP32 -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* optionally turn off SHA512/224 SHA512/256 */ +/* #define WOLFSSL_NOSHA512_224 */ +/* #define WOLFSSL_NOSHA512_256 */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* When you don't want to use the old SHA */ +/* #define NO_SHA */ +/* #define NO_OLD_TLS */ #define BENCH_EMBEDDED #define USE_CERT_BUFFERS_2048 @@ -61,22 +71,41 @@ #define HAVE_AEAD #define HAVE_SUPPORTED_CURVES -/* when you want to use SINGLE THREAD */ -/* #define SINGLE_THREADED */ +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + #define NO_FILESYSTEM +#define NO_OLD_TLS + #define HAVE_AESGCM + +#define WOLFSSL_RIPEMD +/* when you want to use SHA224 */ +#define WOLFSSL_SHA224 + /* when you want to use SHA384 */ -/* #define WOLFSSL_SHA384 */ +#define WOLFSSL_SHA384 + +/* when you want to use SHA512 */ #define WOLFSSL_SHA512 + +/* when you want to use SHA3 */ +#define WOLFSSL_SHA3 + +#define HAVE_ED25519 /* ED25519 requires SHA512 */ + #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 +/* Optional OPENSSL compatibility * +#define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ +#define HAVE_PKCS7 + #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF @@ -101,24 +130,25 @@ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE - /* threshold for performance adjustment for HW primitive use */ - /* NOTE HW unreliable for small values on older original ESP32!*/ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 + #if defined(CONFIG_IDF_TARGET_ESP32) - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + + #endif #endif -/* debug options */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -/* #define WOLFSSL_ATECC508A_DEBUG */ +#define RSA_LOW_MEM + +/* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ /* if it cannot adjust time in the device, */ @@ -130,6 +160,58 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define HASH_SIZE_LIMIT /* for test.c */ + +/* USE_FAST_MATH is default */ +#define USE_FAST_MATH + +/***** Use SP_MATH *****/ +/* #undef USE_FAST_MATH */ +/* #define SP_MATH */ +/* #define WOLFSSL_SP_MATH_ALL */ + +/***** Use Integer Heap Math *****/ +/* #undef USE_FAST_MATH */ +/* #define USE_INTEGER_HEAP_MATH */ + + +#define WOLFSSL_SMALL_STACK + + +#define HAVE_VERSION_EXTENDED_INFO +/* #define HAVE_WC_INTROSPECTION */ + +#define HAVE_SESSION_TICKET + +/* #define HAVE_HASHDRBG */ + +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_EXT +#define WOLFSSL_SYS_CA_CERTS + + +#define WOLFSSL_CERT_TEXT + +#define WOLFSSL_ASN_TEMPLATE + +/* +#undef WOLFSSL_KEY_GEN +#undef WOLFSSL_CERT_REQ +#undef WOLFSSL_CERT_GEN +#undef WOLFSSL_CERT_EXT +#undef WOLFSSL_SYS_CA_CERTS +*/ + +/* +--enable-keygen +--enable-certgen +--enable-certreq +--enable-certext +--enable-asn-template +*/ + /* Default is HW enabled unless turned off. ** Uncomment these lines to force SW instead of HW acceleration */ @@ -145,7 +227,7 @@ /* These are defined automatically in esp32-crypt.h, here for clarity: */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ - /* end CONFIG_IDF_TARGET_ESP32 */ + #undef ESP_RSA_MULM_BITS #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ /***** END CONFIG_IDF_TARGET_ESP32 *****/ @@ -174,8 +256,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -215,6 +323,13 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ +#elif defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO: Revisit ESP8266 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP266 *****/ #else /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT @@ -223,6 +338,60 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* Debug options: + +#define ESP_VERIFY_MEMBLOCK +#define DEBUG_WOLFSSL +#define DEBUG_WOLFSSL_VERBOSE +#define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG +#define NO_RECOVER_SOFTWARE_CALC +#define WOLFSSL_TEST_STRAY 1 +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +#define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define ESP_DISABLE_HW_TASK_LOCK +*/ + +#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +#define WOLFSSL_HW_METRICS + +/* #define HASH_SIZE_LIMIT */ /* for test.c */ + +/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ + +/* Optionally include alternate HW test library: alt_hw_test.h */ +/* When enabling, the ./components/wolfssl/CMakeLists.txt file + * will need the name of the library in the idf_component_register + * for the PRIV_REQUIRES list. */ +/* #define INCLUDE_ALT_HW_TEST */ + +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number ESP32 HW Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number ESP32 HW Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number ESP32 HW Modular Multiplication +** [Z = X * Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + + +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + +/* when turning on ECC508 / ECC608 support +#define WOLFSSL_ESPWROOM32SE +#define HAVE_PK_CALLBACKS +#define WOLFSSL_ATECC508A +#define ATCA_WOLFSSL +*/ + /* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm #define WOLFSSL_SM2 #define WOLFSSL_SM3 @@ -256,4 +425,3 @@ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif -