diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md index 65eef865ed..2075bde353 100644 --- a/IDE/Espressif/ESP-IDF/README.md +++ b/IDE/Espressif/ESP-IDF/README.md @@ -1,8 +1,8 @@ # ESP-IDF Port These Espressif examples have been created and tested with the latest stable release branch of -[ESP-IDF V5.1](https://docs.espressif.com/projects/esp-idf/en/release-v5.1/esp32/get-started/index.html). -The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended. +[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html). +The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended. Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html). See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html). @@ -44,6 +44,28 @@ default configuration items in the wolfssl `settings.h`. With the latest version wolfSSL, some of these defaults can be disabled with `NO_ESPIDF_DEFAULT` and customized in your project `user_settings.h` as desired. +The `user_settings.h` include file should not be explicitly included in an project source files. Be +sure to include `settings.h` (which pulls in `user_settings.h`) before any other wolfSSL include files. + +A new project should also include a compiler option suc as `CFLAGS +=-DWOLFSSL_USER_SETTINGS"` to ensure +the `user_settings.h` is included properly. See the [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/main/main.c). + +``` +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + See the respective project directory: `[project-dir]/components/wolfssl/user_settings.h` @@ -116,7 +138,7 @@ See the specific examples for additional details. ## Setup for Linux (wolfSSL local copy) -This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. +This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree 2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/` @@ -124,7 +146,7 @@ This is a legacy method for installation. It is recommended to use the new `CMak ## Setup for Windows -This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. +This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. 1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment 2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\` diff --git a/IDE/Espressif/ESP-IDF/dummy_test_paths.h b/IDE/Espressif/ESP-IDF/dummy_test_paths.h index adac40c1a9..38e9124070 100644 --- a/IDE/Espressif/ESP-IDF/dummy_test_paths.h +++ b/IDE/Espressif/ESP-IDF/dummy_test_paths.h @@ -1,6 +1,6 @@ /* wolfcrypt/test/test_paths.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md index e0414d2fe1..1cd6696f7b 100644 --- a/IDE/Espressif/ESP-IDF/examples/README.md +++ b/IDE/Espressif/ESP-IDF/examples/README.md @@ -10,9 +10,9 @@ These are the core examples for wolfSSL: - [Test](./wolfssl_test/README.md) -- [TLS Client](./wolfssl_client/README.md) +- [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls). -- [TLS Server](./wolfssl_server/README.md) +- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server) ## Other Espressif wolfSSL Examples diff --git a/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj index 21772b2f9a..92eec93a6f 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj @@ -18,7 +18,7 @@ com.visualgdb.xtensa-esp32-elf - 12.2.0 + 13.2.0 12.1 1 @@ -67,8 +67,8 @@ true - release/v5.1 - esp-idf/v5.1 + release/v5.2 + esp-idf/v5.2 ESPIDF COM37 diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt index e129a64efb..45fc18bff2 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -45,6 +45,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - esp_timer - driver # this will typically only be needed for wolfSSL benchmark + # esp_timer + # driver # this will typically only be needed for wolfSSL benchmark ) else() @@ -363,6 +368,10 @@ else() "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index 819ce60b75..e0e0d61495 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,22 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* This user_settings.h is for Espressif ESP-IDF */ -#include +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here + * + * When editing this file: + * ensure wolfssl_test and wolfssl_benchmark settings match. + */ + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* The Espressif sdkconfig will have chipset info. ** -** Possible values: +** Some possible values: ** ** CONFIG_IDF_TARGET_ESP32 ** CONFIG_IDF_TARGET_ESP32S2 @@ -36,18 +46,54 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ +#define NO_ESP_SDK_WIFI + +/* Experimental Kyber */ +#if 0 + /* Kyber typically needs a minimum 10K stack */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 +#endif + /* - * choose ONE of these Espressif chips to define: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 - * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ #undef WOLFSSL_ESPWROOM32SE #undef WOLFSSL_ESP8266 #undef WOLFSSL_ESP32 +/* See below for chipset detection from sdkconfig.h */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM + + -#define WOLFSSL_ESP32 /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -61,7 +107,6 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -79,7 +124,9 @@ #define HAVE_AESGCM -#define WOLFSSL_RIPEMD +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + /* when you want to use SHA224 */ #define WOLFSSL_SHA224 @@ -92,22 +139,31 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 -/* Reminder: ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ #define HAVE_ED25519 -#define HAVE_ECC -#define HAVE_CURVE25519 -#define CURVE25519_SMALL +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) + /* TODO determine low memory configuration for ECC. */ +#else + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL +#endif + #define HAVE_ED25519 /* Optional OPENSSL compatibility */ #define OPENSSL_EXTRA -/* when you want to use pkcs7 */ -/* #define HAVE_PKCS7 */ -#define HAVE_PKCS7 +/* #Optional HAVE_PKCS7 */ +/* #define HAVE_PKCS7 */ #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT @@ -127,27 +183,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ -#define RSA_LOW_MEM +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -159,9 +199,10 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define ESP_RSA_TIMEOUT_CNT 0x349F00 -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH @@ -170,6 +211,7 @@ /* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ @@ -205,7 +247,7 @@ #undef WOLFSSL_SYS_CA_CERTS */ -/* +/* command-line options --enable-keygen --enable-certgen --enable-certreq @@ -213,10 +255,14 @@ --enable-asn-template */ -/* Default is HW enabled unless turned off. -** Uncomment these lines to force SW instead of HW acceleration */ - +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) + #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -234,6 +280,7 @@ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -246,6 +293,7 @@ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -259,6 +307,7 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) + #define WOLFSSL_ESP32 /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable @@ -284,6 +333,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -301,6 +351,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -317,6 +368,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define WOLFSSL_ESP32 /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH @@ -325,21 +377,63 @@ /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO: Revisit ESP8266 */ + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See https://www.espressif.com/en/products/socs/esp32-c2 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP266 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* There's no Hardware Acceleration available on ESP8684 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP8684 *****/ + #else /* Anything else encountered, disable HW accleration */ + #warning "Unexpected CONFIG_IDF_TARGET_NN value" #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -353,14 +447,26 @@ #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS #define ESP_DISABLE_HW_TASK_LOCK + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +#define WOLFSSL_ESPIDF_ERROR_PAUSE + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -383,8 +489,8 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -393,12 +499,75 @@ #define ATCA_WOLFSSL */ -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * https://github.com/wolfSSL/wolfssl/pull/6825 + * https://github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ +/* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 @@ -414,15 +583,49 @@ #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif + #if defined(USE_CERT_BUFFERS_2048) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h index 94c3b5eba6..94d9132358 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h @@ -1,6 +1,6 @@ /* template main.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/main.c b/IDE/Espressif/ESP-IDF/examples/template/main/main.c index 5e41a28fd7..f2f69bcb28 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,8 +22,23 @@ /* Espressif */ #include -/* wolfSSL */ -#include +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif + /* project */ #include "main.h" @@ -32,18 +47,32 @@ static const char* const TAG = "My Project"; void app_main(void) { +#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE + int ret = 0; +#endif ESP_LOGI(TAG, "Hello wolfSSL!"); #ifdef HAVE_VERSION_EXTENDED_INFO - esp_ShowExtendedSystemInfo(); + ret = esp_ShowExtendedSystemInfo(); #endif #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) - esp_hw_show_metrics(); + ret += esp_hw_show_metrics(); #endif +#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE + if (ret == 0) { + ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret)); + } + else { + ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); + } +#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) + ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); +#else ESP_LOGI(TAG, "\n\nDone!" "If running from idf.py monitor, press twice: Ctrl+]\n\n" "WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */ ); +#endif } diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index b49373e693..8c66ae2695 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -5,6 +5,7 @@ # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) +add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) # The wolfSSL CMake file should be able to find the source code. # Otherwise, assign an environment variable or set it here: # @@ -21,13 +22,20 @@ cmake_minimum_required(VERSION 3.16) # # Optionally specify a location for wolfSSL component source code -# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" ) +# set(WOLFSSL_ROOT "c:/mydir/wolfssl" ) +# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. +# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# +#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") +# message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") +# set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") +#else() +# message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") +#endif() +# Not only is a project-level "set(COMPONENTS" not needed here, this will cause +# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". include($ENV{IDF_PATH}/tools/cmake/project.cmake) -set(COMPONENTS - main - wolfssl -) # set components - project(wolfssl_benchmark) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile index dbbe9edb4a..27637c64d9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile @@ -3,9 +3,10 @@ # project subdirectory. # -PROJECT_NAME := wolfssl_benchmark - CFLAGS += -DWOLFSSL_USER_SETTINGS +# Some of the tests are CPU intenstive, so we'll force the watchdog timer off. +# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig. +EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG +PROJECT_NAME := wolfssl_benchmark include $(IDF_PATH)/make/project.mk - diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md index 7decc9aa4b..7b3a4f255b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md @@ -19,6 +19,13 @@ other local port to `COM20` as needed: change port com20=com23 ``` +## Bulk Testing + +If you have a test jig with multiple ESP32 devices and you'd like to run this wolfcrypt benchmark on all of them, check out +the `testAll.sh` and `testMonitor.sh` scripts in the [../wolfssl_test](../wolfssl_test/README.md) directory. Copy those +bash script files to this project. See the `esp32[NN]_PORT` and `esp32[NN]_PUTTY` settings in `testMonitor.sh` that will +be machine-specific. + ## VisualGDB Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button. diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj index 276a342dee..b5e6eb6529 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj @@ -18,9 +18,9 @@ com.visualgdb.xtensa-esp32-elf - 11.2.0 - 9.2.90 - 2 + 13.2.0 + 12.1 + 1 .. @@ -67,8 +67,8 @@ true - release/v5.0 - esp-idf/v5.0 + release/v5.2 + esp-idf/v5.2 ESPIDF COM20 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt index e129a64efb..6344a1725e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -19,16 +19,95 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.0 template update + THIS_IDF_PATH # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -45,6 +124,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -71,27 +155,41 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") - if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + else() + get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if( FOUND_WOLFSSL ) + message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + else() + message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT}") + endif() + endif() else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) - return() + message(STATUS "Found WOLFSSL_ROOT via prior specification.") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -149,17 +279,47 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - esp_timer - driver # this will typically only be needed for wolfSSL benchmark + ${THIS_INCLUDE_TIMER} + ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark ) else() @@ -171,24 +331,52 @@ else() # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() else() - message(STATUS "NEW wolfssl directory not found.") + message(STATUS "Searching for wolfSL source code...") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") + else() + message(STATUS "Failed: wolfssl directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + # Abort CMake after fatal error. endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" @@ -200,16 +388,19 @@ else() message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h is in the local project. set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -232,11 +423,13 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") + # Abort CMake after fatal error. + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -286,6 +479,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -355,17 +549,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS "./include" # this is the location of wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -374,7 +573,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -387,6 +586,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -423,17 +624,34 @@ else() INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" REQUIRES "${COMPONENT_REQUIRES}" EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark + PRIV_REQUIRES + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) - # some optional diagnostics - if (1) + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -520,6 +738,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION) execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + message(STATUS "************************************************************************************************") message(STATUS "wolfssl component config complete!") message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk index 5234a007e1..54ae8041fd 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk @@ -1,40 +1,240 @@ -# -# Copyright (C) 2006-2023 wolfSSL Inc. -# -# This file is part of wolfSSL. -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -# -# -# Component Makefile -# - -COMPONENT_ADD_INCLUDEDIRS := . ./include - -COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos" -# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc" - -COMPONENT_SRCDIRS := src wolfcrypt/src -COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += wolfcrypt/benchmark -COMPONENT_SRCDIRS += wolfcrypt/test - -CFLAGS +=-DWOLFSSL_USER_SETTINGS - -COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += src/bio.o +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# In the wolfSSL GitHub examples for Espressif, +# the root is 7 directories up from here: +WOLFSSL_ROOT := ../../../../../../../ + +# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + + +# WOLFSSL_ROOT := "" +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test +COMPONENT_SRCDIRS += include + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o + +## +## wolfcrypt test (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o + +## +## wolfcrypt +## +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index cc9bae6bc6..5862894ee4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,22 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* This user_settings.h is for Espressif ESP-IDF */ -#include +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here + * + * When editing this file: + * ensure wolfssl_test and wolfssl_benchmark settings match. + */ + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* The Espressif sdkconfig will have chipset info. ** -** Possible values: +** Some possible values: ** ** CONFIG_IDF_TARGET_ESP32 ** CONFIG_IDF_TARGET_ESP32S2 @@ -36,18 +46,175 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ +#define NO_ESP_SDK_WIFI + +/* Experimental Kyber */ +#if 0 + /* Kyber typically needs a minimum 10K stack */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 +#endif + /* - * choose ONE of these Espressif chips to define: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 - * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ #undef WOLFSSL_ESPWROOM32SE #undef WOLFSSL_ESP8266 #undef WOLFSSL_ESP32 +/* See below for chipset detection from sdkconfig.h */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ -#define WOLFSSL_ESP32 +/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM + +/* Uncommon settings for testing only */ +#define TEST_ESPIDF_ALL_WOLFSSL +#ifdef TEST_ESPIDF_ALL_WOLFSSL + #define WOLFSSL_MD2 + #define HAVE_BLAKE2 + #define HAVE_BLAKE2B + #define HAVE_BLAKE2S + + #define WC_RC2 + #define WOLFSSL_ALLOW_RC4 + + #define HAVE_POLY1305 + + #define WOLFSSL_AES_128 + #define WOLFSSL_AES_OFB + #define WOLFSSL_AES_CFB + #define WOLFSSL_AES_XTS + + /* #define WC_SRTP_KDF */ + /* TODO Causes failure with Espressif AES HW Enabled */ + /* #define HAVE_AES_ECB */ + /* #define HAVE_AESCCM */ + /* TODO sanity check when missing HAVE_AES_ECB */ + #define WOLFSSL_WOLFSSH + + #define HAVE_AESGCM + #define WOLFSSL_AES_COUNTER + + #define HAVE_FFDHE + #define HAVE_FFDHE_2048 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO Full size SRP is disabled on the ESP8266 at this time. + * Low memory issue? */ + #define WOLFCRYPT_HAVE_SRP + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + /* TODO: SRP Not enabled, known to fail on this target + * See https://github.com/wolfSSL/wolfssl/issues/7210 */ + #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + /* SRP Known to be working on this target::*/ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #else + /* For everything else, give a try and see if SRP working: */ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #endif + + #define HAVE_DH + + /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. + * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ + /* #define HAVE_CAMELLIA */ + + /* DSA requires old SHA */ + #define HAVE_DSA + + /* Needs SHA512 ? */ + #define HAVE_HPKE + + /* Not for Espressif? */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + + #if defined(CONFIG_IDF_TARGET_ESP8266) + #undef HAVE_ECC + #undef HAVE_ECC_CDH + #undef HAVE_CURVE25519 + + /* TODO does CHACHA also need alignment? Failing on ESP8266 + * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ + #ifdef HAVE_CHACHA + #error "HAVE_CHACHA not supported on ESP8266" + #endif + #ifdef HAVE_XCHACHA + #error "HAVE_XCHACHA not supported on ESP8266" + #endif + #else + #define HAVE_XCHACHA + #define HAVE_CHACHA + /* TODO Not enabled at this time, needs further testing: + * #define WC_SRTP_KDF + * #define HAVE_COMP_KEY + * #define WOLFSSL_HAVE_XMSS + */ + #endif + /* TODO AES-EAX not working on this platform */ + + /* Optionally disable DH + * #undef HAVE_DH + * #undef HAVE_FFDHE + */ + + /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ + #ifndef HAVE_ECC + #define ECC_SHAMIR + #endif + #else + #define WOLFSSL_AES_EAX + + #define ECC_SHAMIR + #endif + + /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ + /* #define WOLFSSL_CAAM */ + /* #define WOLFSSL_CAAM_BLOB */ + + #define WOLFSSL_AES_SIV + #define WOLFSSL_CMAC + + #define WOLFSSL_CERT_PIV + + /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ + /* #define HAVE_SCRYPT */ + #define SCRYPT_TEST_ALL + #define HAVE_X963_KDF +#endif /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -61,7 +228,6 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -79,7 +245,9 @@ #define HAVE_AESGCM -#define WOLFSSL_RIPEMD +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + /* when you want to use SHA224 */ #define WOLFSSL_SHA224 @@ -95,24 +263,34 @@ /* ED25519 requires SHA512 */ #define HAVE_ED25519 -#define HAVE_ECC -#define HAVE_CURVE25519 -#define CURVE25519_SMALL +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) + /* TODO determine low memory configuration for ECC. */ +#else + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL +#endif + #define HAVE_ED25519 +/* Optional OPENSSL compatibility */ #define OPENSSL_EXTRA -/* when you want to use pkcs7 */ -/* #define HAVE_PKCS7 */ +/* #Optional HAVE_PKCS7 */ #define HAVE_PKCS7 #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -126,27 +304,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* rsa primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ -#define RSA_LOW_MEM +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -206,7 +368,7 @@ #undef WOLFSSL_SYS_CA_CERTS */ -/* +/* command-line options --enable-keygen --enable-certgen --enable-certreq @@ -214,10 +376,14 @@ --enable-asn-template */ -/* Default is HW enabled unless turned off. -** Uncomment these lines to force SW instead of HW acceleration */ - +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) + #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -235,6 +401,7 @@ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -247,6 +414,7 @@ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -260,6 +428,7 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) + #define WOLFSSL_ESP32 /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable @@ -285,6 +454,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -302,6 +472,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -318,6 +489,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define WOLFSSL_ESP32 /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH @@ -326,7 +498,11 @@ /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO: Revisit ESP8266 */ + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See https://www.espressif.com/en/products/socs/esp32-c2 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES @@ -343,13 +519,42 @@ #else /* Anything else encountered, disable HW accleration */ + #warning "Unexpected CONFIG_IDF_TARGET_NN value" #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -363,6 +568,14 @@ #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS #define ESP_DISABLE_HW_TASK_LOCK + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ /* Pause in a loop rather than exit. */ @@ -396,8 +609,9 @@ ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 + +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -406,12 +620,75 @@ #define ATCA_WOLFSSL */ -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * https://github.com/wolfSSL/wolfssl/pull/6825 + * https://github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ +/* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 @@ -427,24 +704,49 @@ #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif - -/* See settings.h for some of the possible hardening options: - * - * #define NO_ESPIDF_DEFAULT - * #define WC_NO_CACHE_RESISTANT - * #define WC_AES_BITSLICED - * #define HAVE_AES_ECB - * #define HAVE_AES_DIRECT - */ + #if defined(USE_CERT_BUFFERS_2048) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk index 0adf45649a..d9b752f161 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk @@ -3,6 +3,7 @@ # # This Makefile can be left empty. By default, it will take the sources in the # src/ directory, compile them and link them into lib(subdirectory_name).a -# in the build directory. This behaviour is entirely configurable, +# in the build directory. This behavior is entirely configurable, # please read the ESP-IDF documents if you need to do this. # +# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h index 219eb15dd8..cae03b4a93 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h @@ -1,6 +1,6 @@ /* benchmark main.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c index 5a40d9cf95..3381f25fe7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c @@ -1,6 +1,6 @@ /* benchmark main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -20,8 +20,8 @@ */ /* ESP-IDF */ -#include #include "sdkconfig.h" +#include /* wolfSSL */ /* The wolfSSL user_settings.h file is automatically included by the settings.h @@ -29,6 +29,7 @@ * The settings.h should also be listed above wolfssl library include files. */ #include #include +#include #include #ifndef WOLFSSL_ESPIDF #error "Problem with wolfSSL user_settings. " \ @@ -40,10 +41,24 @@ #include #include +/* Hardware; include after other libraries, + * particularly after freeRTOS from settings.h */ +#include + /* set to 0 for one benchmark, ** set to 1 for continuous benchmark loop */ #define BENCHMARK_LOOP 0 +#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200 + +#ifdef CONFIG_ESP8266_XTAL_FREQ_26 + /* 26MHz crystal: 74880 bps */ + #define THIS_MONITOR_UART_BAUD_DATE 74880 +#else + /* 40MHz crystal: 115200 bps */ + #define THIS_MONITOR_UART_BAUD_DATE 115200 +#endif + /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */ #ifdef CONFIG_BENCH_ARGV #define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV @@ -199,17 +214,42 @@ void app_main(void) { int stack_start = 0; + uart_config_t uart_config = { + .baud_rate = THIS_MONITOR_UART_BAUD_DATE, + .data_bits = UART_DATA_8_BITS, + .parity = UART_PARITY_DISABLE, + .stop_bits = UART_STOP_BITS_1, + }; + esp_err_t ret = 0; + stack_start = esp_sdk_stack_pointer(); + + /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, + * UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */ + + /* Some targets may need to have UART speed set, such as ESP8266 */ + ESP_LOGI(TAG, "UART init"); + uart_param_config(UART_NUM_0, &uart_config); + uart_driver_install(UART_NUM_0, + THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0); + ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start); + +#ifdef WOLFSSL_ESP_NO_WATCHDOG + ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling..."); + esp_DisableWatchdog(); +#endif #if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS) esp_ShowExtendedSystemInfo(); #endif + /* all platforms: stack high water mark check */ ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV); /* when using atecc608a on esp32-wroom-32se */ @@ -238,7 +278,7 @@ void app_main(void) do { ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - wolf_benchmark_task(); + wolf_benchmark_task(); /* TODO capture return value! */ ESP_LOGI(TAG, "Stack used: %d\n", stack_start - uxTaskGetStackHighWaterMark(NULL)); @@ -255,8 +295,33 @@ void app_main(void) ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); #endif -#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE - ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); + /* note wolfCrypt_Cleanup() should always be called when finished. + ** This is called at the end of wolf_test_task(); + */ + +#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) + esp_hw_show_mp_metrics(); +#endif + +#ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL))); +#endif + +#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE + if (ret == 0) { + ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret)); + } + else { + ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); + } +#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) + ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); +#else + ESP_LOGI(TAG, "\n\nDone!\n\n" + "If running from idf.py monitor, press twice: Ctrl+]"); #endif /* after the test, we'll just wait */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults index 8e3c969d94..e7f3037365 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults @@ -1,34 +1,87 @@ +# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults CONFIG_BENCH_ARGV="-lng 0" CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # -# Default main stack size +# Default main stack size. See user_settings.h # -# This is typically way bigger than needed for stack size. See user_settings.h -# -CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500 +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=55500 +CONFIG_MAIN_TASK_STACK_SIZE=10500 +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n # # Watchdog Timers # -# We don't want to have the watchdog timeout during tests +# We don't want to have the watchdog timeout during tests & benchmarks # CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max COU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y +CONFIG_FREERTOS_HZ=1000 # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md index 1bfd0cc88c..d8ed28c051 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md @@ -185,4 +185,33 @@ I hear you fa shizzle! ./examples/server/server -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V ``` + +#### Linux Client using Kyber to ESP32 Server + +``` +# Ensure build with Kyber enabled: +# ./configure --enable-kyber=all --enable-experimental && make + +./examples/client/client -h 192.168.1.38 -v 4 -l TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5 +``` + +#### ESP32 Client to WSL Linux Server + +In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server: + +```bash +netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1 +``` + +After the server exits, remove the port proxy forward: + +```bash +netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0 +``` + +For additional information, see [Accessing network applications with WSL](https://learn.microsoft.com/en-us/windows/wsl/networking). + + +## Additional Information + See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md). diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj index 0fb07f6985..412ec006e8 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj @@ -18,7 +18,7 @@ com.visualgdb.xtensa-esp32-elf - 12.2.0 + 13.2.0 12.1 1 @@ -67,8 +67,8 @@ true - release/v5.1 - esp-idf/v5.1 + release/v5.2 + esp-idf/v5.2 ESPIDF COM19 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt index 615142bacd..7344a30c3a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -45,6 +45,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -363,6 +368,10 @@ else() "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + ${THIS_IDF_PATH}/components/esp_event/include + ${THIS_IDF_PATH}/components/esp_netif/include + ${THIS_IDF_PATH}/components/esp_wifi/include ) @@ -374,7 +383,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -387,6 +396,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk index 8184da11d0..c1087504a5 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -56,13 +56,15 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS # The root is 7 directories up from here: WOLFSSL_ROOT := ../../../../../../.. -# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. -COMPONENT_ADD_INCLUDEDIRS := ./include +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" @@ -142,15 +144,15 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o @@ -223,6 +225,9 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o ## ## wolfcrypt benchmark (optional) @@ -242,3 +247,4 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o ## wolfcrypt ## # COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 99b61e157c..325e54b6a4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -22,9 +22,30 @@ /* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ /* This user_settings.h is for Espressif ESP-IDF */ -#include -#define DEBUG_WOLFSSL -#define DEBUG_WOLFSSL_VERBOSE + +#include "sdkconfig.h" + +/* #define DEBUG_WOLFSSL */ +/* #define DEBUG_WOLFSSL_VERBOSE */ + +/* Experimental Kyber */ +#if 0 + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif +#endif + +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 /* The Espressif sdkconfig will have chipset info. ** @@ -40,23 +61,34 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ +#define NO_ESP_SDK_WIFI + /* * ONE of these Espressif chipsets should be defined: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif /* See below for chipset detection from sdkconfig.h */ /* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) - * When really desparate, try NO_SESSION_CACHE. */ -#define SMALL_SESSION_CACHE + * When really desperate, try NO_SESSION_CACHE. */ +#define MICRO_SESSION_CACHE /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -70,7 +102,7 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 + #define WOLFSSL_SMALL_STACK #define HAVE_ECC #define RSA_LOW_MEM @@ -100,25 +132,36 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -/* #define WOLFSSL_SHA512 */ +#if defined(CONFIG_IDF_TARGET_ESP8266) + /* Some known low-memory devices have features not enabled by default. */ +#else + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 + + /* when you want to use SHA3 */ + #define WOLFSSL_SHA3 -/* when you want to use SHA3 */ -/* #define WOLFSSL_SHA3 */ + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 -/* ED25519 requires SHA512 */ -/* #define HAVE_ED25519 */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL + #define HAVE_ED25519 +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ - #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -181,7 +224,9 @@ #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ @@ -359,6 +404,7 @@ #endif /* CONFIG_IDF_TARGET Check */ /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -379,7 +425,7 @@ /* #define HASH_SIZE_LIMIT */ /* for test.c */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -402,8 +448,8 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -497,7 +543,6 @@ #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) - #include #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -517,7 +562,6 @@ #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) - #include #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 30388b3174..f8c9e0e81b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -38,6 +38,13 @@ #include #include +#if defined(WOLFSSL_WC_KYBER) + #include + #include +#endif +#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + #include +#endif #ifdef WOLFSSL_TRACK_MEMORY #include #endif @@ -180,18 +187,23 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) struct hostent *hp; struct ip4_addr *ip4_addr; int ret_i; /* interim return values */ + int err; /* interim return values */ int sockfd; int doPeerCheck; int sendGet; +#ifdef DEBUG_WOLFSSL + int this_heap = 0; +#endif #ifndef NO_DH int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; #endif - size_t len; /* declare wolfSSL objects */ WOLFSSL_CTX* ctx; WOLFSSL* ssl; + size_t len; + wolfSSL_Debugging_ON(); WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME); @@ -351,11 +363,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) /* Connect to the server */ sprintf(buff, - "Connecting to server....%s(port:%d)", + "Connecting to server....%s (port:%d)", TLS_SMP_TARGET_HOST, TLS_SMP_DEFAULT_PORT); - WOLFSSL_MSG(buff); - printf("%s\n", buff); + ESP_LOGI(TAG, "%s\n", buff); if ((ret_i = connect(sockfd, (struct sockaddr *)&servAddr, @@ -363,6 +374,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i); } +#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS) + ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled"); +#endif + WOLFSSL_MSG("Create a WOLFSSL object"); /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { @@ -372,6 +387,36 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) #ifdef DEBUG_WOLFSSL ESP_LOGI(TAG, "\nCreated WOLFSSL object:"); ShowCiphers(ssl); + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d", + &this_heap, this_heap); +#endif +#if defined(WOLFSSL_HAVE_KYBER) + #if defined(WOLFSSL_KYBER1024) + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: " + "WOLFSSL_P256_KYBER_LEVEL5"); + ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5); + #elif defined(WOLFSSL_KYBER768) + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: " + "WOLFSSL_P256_KYBER_LEVEL3"); + ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3); + #elif defined(WOLFSSL_KYBER512) + /* This will typically be a low memory situation, such as ESP8266 */ + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: " + "WOLFSSL_P256_KYBER_LEVEL1"); + ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1); + #else + ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available."); + ret_i = ESP_FAIL; + #endif + if (ret_i == SSL_SUCCESS) { + ESP_LOGI(TAG, "UseKeyShare Kyber success"); + } + else { + ESP_LOGE(TAG, "UseKeyShare Kyber failed"); + } +#else + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled"); #endif } @@ -396,7 +441,11 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free); #endif #endif - +#ifdef DEBUG_WOLFSSL + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "tls_smp_client_task heap(2) @ %p = %d", + &this_heap, this_heap); +#endif /* Attach wolfSSL to the socket */ ret_i = wolfSSL_set_fd(ssl, sockfd); if (ret_i == WOLFSSL_SUCCESS) { @@ -406,42 +455,86 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i); } - WOLFSSL_MSG("Connect to wolfSSL on the server side"); - /* Connect to wolfSSL on the server side */ + ESP_LOGI(TAG, "Connect to wolfSSL server..."); ret_i = wolfSSL_connect(ssl); - if (wolfSSL_connect(ssl) == SSL_SUCCESS) { +#ifdef DEBUG_WOLFSSL + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "tls_smp_client_task heap(3) @ %p = %d", + &this_heap, this_heap); +#endif + if (ret_i == SSL_SUCCESS) { #ifdef DEBUG_WOLFSSL ShowCiphers(ssl); #endif + ESP_LOGI(TAG, "Connect success! Sending message..."); /* Get a message for the server from stdin */ WOLFSSL_MSG("Message for server: "); memset(buff, 0, sizeof(buff)); if (sendGet) { - printf("SSL connect ok, sending GET...\n"); len = XSTRLEN(sndMsg); strncpy(buff, sndMsg, len); - buff[len] = '\0'; } else { - sprintf(buff, "message from esp32 tls client\n"); + sprintf(buff, "Hello from Espressif wolfSSL TLS client!\n"); len = strnlen(buff, sizeof(buff)); } + buff[len] = '\0'; + ESP_LOGI(TAG, "SSL connect ok, sending message:\n\n%s\n", buff); + /* Send the message to the server */ - if (wolfSSL_write(ssl, buff, len) != len) { + do { + err = 0; /* reset error */ + ret_i = wolfSSL_write(ssl, buff, len); + if (ret_i <= 0) { + err = wolfSSL_get_error(ssl, 0); + } + } while (err == WOLFSSL_ERROR_WANT_WRITE || + err == WOLFSSL_ERROR_WANT_READ); + + if (ret_i != len) { ESP_LOGE(TAG, "ERROR: failed to write\n"); } + else { + ESP_LOGI(TAG, "Message sent! Awaiting response..."); + } /* Read the server data into our buff array */ memset(buff, 0, sizeof(buff)); - if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) { + + do { + err = 0; /* reset error */ + ret_i =wolfSSL_read(ssl, buff, sizeof(buff)); + if (ret_i <= 0) { + err = wolfSSL_get_error(ssl, 0); + } + } while ((err == WOLFSSL_ERROR_WANT_READ) || + (err == WOLFSSL_ERROR_WANT_WRITE) ); + + if (ret_i < 0) { ESP_LOGE(TAG, "ERROR: failed to read\n"); } - /* Print to stdout any data the server sends */ - printf("Server: "); - printf("%s\n", buff); + /* Show any data the server sends */ + ESP_LOGI(TAG, "Server response: \n\n%s\n", buff); + + ret_i = wolfSSL_shutdown(ssl); + while (ret_i == WOLFSSL_SHUTDOWN_NOT_DONE) { + ret_i = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret_i == WOLFSSL_SUCCESS) { + ESP_LOGI(TAG, "Bidirectional shutdown complete\n"); + break; + } + else if (ret_i != WOLFSSL_SHUTDOWN_NOT_DONE) { + ESP_LOGE(TAG, "Bidirectional shutdown failed\n"); + break; + } } + if (ret_i != WOLFSSL_SUCCESS) { + ESP_LOGE(TAG, "Bidirectional shutdown failed\n"); + } + + } /* wolfSSL_connect(ssl) == SSL_SUCCESS) */ else { ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. " "Error: %d\n", ret_i); @@ -450,8 +543,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) ShowCiphers(ssl); #endif - /* Cleanup and return */ - wolfSSL_free(ssl); /* Free the wolfSSL object */ + ESP_LOGI(TAG, "Cleanup and exit"); + wolfSSL_free(ssl); /* Release the wolfSSL object memory */ wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ close(sockfd); /* Close the connection to the server */ @@ -485,7 +578,8 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here: */ + * Espressif uses BYTES for the task stack size here. + * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ ret = xTaskCreate(tls_smp_client_task, TLS_SMP_CLIENT_TASK_NAME, TLS_SMP_CLIENT_TASK_BYTES, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h index de53403573..b016f29a61 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h @@ -29,9 +29,9 @@ /* See main/Kconfig.projbuild for default configuration settings */ #ifdef CONFIG_WOLFSSL_TARGET_HOST - #define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST + #define TLS_SMP_TARGET_HOST "192.168.1.36" #else - #define TLS_SMP_TARGET_HOST "192.168.1.37" + #define TLS_SMP_TARGET_HOST "192.168.1.41" #endif #ifdef CONFIG_WOLFSSL_TARGET_PORT @@ -44,9 +44,23 @@ /* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */ #if defined(WOLFSSL_ESP8266) - #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024) + #if defined(WOLFSSL_HAVE_KYBER) + /* Minimum ESP8266 stack size = 10K with Kyber. + * Note there's a maximum not far away as Kyber needs heap + * and the total DRAM is typically only 80KB total. */ + #define TLS_SMP_CLIENT_TASK_BYTES (11 * 1024) + #else + /* Minimum ESP8266 stack size = 6K without Kyber */ + #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024) + #endif #else - #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024) + #if defined(WOLFSSL_HAVE_KYBER) + /* Minimum ESP32 stack size = 12K with Kyber enabled. */ + #define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024) + #else + /* Minimum ESP32 stack size = 8K without Kyber */ + #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024) + #endif #endif #define TLS_SMP_CLIENT_TASK_PRIORITY 8 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h index b29d58120b..6888228f3f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -1,6 +1,6 @@ /* wifi_connect.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c index fa116ed10f..838ad66bd4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -124,6 +124,7 @@ void my_atmel_free(int slotId) void app_main(void) { int stack_start = 0; + int this_heap = 0; esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -260,7 +261,6 @@ void app_main(void) /* HWM is maximum amount of stack space that has been unused, in bytes * not words (unlike vanilla freeRTOS). */ - int this_heap; this_heap = esp_get_free_heap_size(); ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes", CONFIG_ESP_MAIN_TASK_STACK_SIZE diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c index 5eb06a140a..0adfefcbce 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c @@ -117,8 +117,8 @@ int set_fixed_default_time(void) * but let's set a default time, just in case */ struct tm timeinfo = { .tm_year = 2024 - 1900, - .tm_mon = 1, - .tm_mday = 05, + .tm_mon = 3, + .tm_mday = 01, .tm_hour = 13, .tm_min = 01, .tm_sec = 05 @@ -203,7 +203,8 @@ int set_time_from_string(const char* time_buffer) /* we found a match for all componets */ const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; for (int i = 0; i < 12; i++) { if (strcmp(month_str, months[i]) == 0) { @@ -216,7 +217,7 @@ int set_time_from_string(const char* time_buffer) this_timeinfo.tm_hour = hour; this_timeinfo.tm_min = minute; this_timeinfo.tm_sec = second; - this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */ + this_timeinfo.tm_year = year - 1900; /* Years since 1900 */ interim_time = mktime(&this_timeinfo); now = (struct timeval){ .tv_sec = interim_time }; @@ -350,7 +351,7 @@ int set_time_wait_for_ntp(void) ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); #else - ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined"); + ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined"); #endif /* HAS_ESP_NETIF_SNTP */ esp_show_current_datetime(); @@ -370,7 +371,7 @@ int set_time_wait_for_ntp(void) #endif if (ret == ESP_OK) { - ESP_LOGI(TAG, "Successfuly set time via NTP servers."); + ESP_LOGI(TAG, "Successfully set time via NTP servers."); } else { ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults index ff9a5d4c52..765df0fe6b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults @@ -1,5 +1,41 @@ # sdkconfig.defaults for ESP8266 + ESP32 +# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults +CONFIG_BENCH_ARGV="-lng 0" +CONFIG_FREERTOS_HZ=1000 +CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y + +# +# Default main stack size. See user_settings.h +# +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 + +# Legacy stack size for older ESP-IDF versions +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT # CONFIG_ESP_PANIC_PRINT_REBOOT is not set CONFIG_ESP_PANIC_PRINT_REBOOT=n CONFIG_ESP_PANIC_PRINT_HALT=y @@ -7,9 +43,51 @@ CONFIG_ESP_PANIC_PRINT_HALT=y # CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n +# ESP8266 Memory CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max COU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 + +# +# Compiler options +# +CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set +CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set +CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set +CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set +CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y + # # Partition Table # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj index 6181d50c7c..7074a28a9c 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj @@ -53,7 +53,7 @@ - COM70 + COM80 74880 8 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md index 3380c0f2d2..c663c78cbc 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md @@ -68,6 +68,19 @@ Linux Server ./examples/server/server -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V ``` +#### ESP32 Client to WSL Linux Server + +In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server: + +```bash +netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1 +``` + +After the server exits, remove the port proxy forward: + +```bash +netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0 +``` Cipers to consider diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj index 2aa5313936..396be8bd6a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj @@ -18,7 +18,7 @@ com.visualgdb.xtensa-esp32-elf - 12.2.0 + 13.2.0 12.1 1 @@ -67,8 +67,8 @@ true - release/v5.1 - esp-idf/v5.1 + release/v5.2 + esp-idf/v5.2 ESPIDF COM19 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt index e129a64efb..05f1cef6c0 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -45,6 +45,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - esp_timer - driver # this will typically only be needed for wolfSSL benchmark + # esp_timer + # driver # this will typically only be needed for wolfSSL benchmark ) else() @@ -363,6 +368,10 @@ else() "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + ${THIS_IDF_PATH}/components/esp_event/include + ${THIS_IDF_PATH}/components/esp_netif/include + ${THIS_IDF_PATH}/components/esp_wifi/include ) @@ -387,6 +396,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk index 5234a007e1..02c36849b9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk @@ -1,40 +1,248 @@ -# -# Copyright (C) 2006-2023 wolfSSL Inc. -# -# This file is part of wolfSSL. -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -# -# -# Component Makefile -# - -COMPONENT_ADD_INCLUDEDIRS := . ./include - -COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos" -# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc" - -COMPONENT_SRCDIRS := src wolfcrypt/src -COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += wolfcrypt/benchmark -COMPONENT_SRCDIRS += wolfcrypt/test - -CFLAGS +=-DWOLFSSL_USER_SETTINGS - -COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += src/bio.o +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here: +WOLFSSL_ROOT := ../../../../../../.. + +# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := ./include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src + +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + + +## +## wolfcrypt test (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test + +## +## wolfcrypt +## +# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 8a49155d64..9109e6f706 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,36 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ + /* This user_settings.h is for Espressif ESP-IDF */ -#include + +#include "sdkconfig.h" + +#define DEBUG_WOLFSSL +/* #define DEBUG_WOLFSSL_VERBOSE */ + +/* Experimental Kyber */ +#if 0 + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #endif +#endif + +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 /* The Espressif sdkconfig will have chipset info. ** -** Possible values: +** Some possible values: ** ** CONFIG_IDF_TARGET_ESP32 ** CONFIG_IDF_TARGET_ESP32S2 @@ -36,18 +60,34 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ +#define NO_ESP_SDK_WIFI + /* - * choose ONE of these Espressif chips to define: + * ONE of these Espressif chipsets should be defined: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif +/* See below for chipset detection from sdkconfig.h */ -#define WOLFSSL_ESP32 +/* Small session cache saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate, try NO_SESSION_CACHE. */ +#define MICRO_SESSION_CACHE /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -61,7 +101,10 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 + +#define WOLFSSL_SMALL_STACK +#define HAVE_ECC +#define RSA_LOW_MEM /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -79,39 +122,45 @@ #define HAVE_AESGCM -#define WOLFSSL_RIPEMD +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + /* when you want to use SHA224 */ #define WOLFSSL_SHA224 /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -#define WOLFSSL_SHA512 +#if defined(CONFIG_IDF_TARGET_ESP8266) + /* Some known low-memory devices have features not enabled by default. */ +#else + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 -/* when you want to use SHA3 */ -#define WOLFSSL_SHA3 + /* when you want to use SHA3 */ + #define WOLFSSL_SHA3 -#define HAVE_ED25519 /* ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 -#define HAVE_ECC -#define HAVE_CURVE25519 -#define CURVE25519_SMALL -#define HAVE_ED25519 + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL + #define HAVE_ED25519 +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ - #define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ - -#define HAVE_PKCS7 - #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -125,7 +174,7 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* rsa primitive specific definition */ +/* RSA primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE @@ -145,8 +194,6 @@ #endif #endif -#define RSA_LOW_MEM - /* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ @@ -173,10 +220,6 @@ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ - -#define WOLFSSL_SMALL_STACK - - #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ @@ -190,7 +233,6 @@ #define WOLFSSL_CERT_EXT #define WOLFSSL_SYS_CA_CERTS - #define WOLFSSL_CERT_TEXT #define WOLFSSL_ASN_TEMPLATE @@ -203,7 +245,7 @@ #undef WOLFSSL_SYS_CA_CERTS */ -/* +/* command-line options --enable-keygen --enable-certgen --enable-certreq @@ -211,10 +253,11 @@ --enable-asn-template */ -/* Default is HW enabled unless turned off. -** Uncomment these lines to force SW instead of HW acceleration */ - +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -232,6 +275,7 @@ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -244,6 +288,7 @@ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -257,6 +302,7 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) + #define WOLFSSL_ESP32 /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable @@ -282,6 +328,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -299,6 +346,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -315,6 +363,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define WOLFSSL_ESP32 /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH @@ -323,7 +372,11 @@ /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO: Revisit ESP8266 */ + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See https://www.espressif.com/en/products/socs/esp32-c2 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES @@ -340,6 +393,7 @@ #else /* Anything else encountered, disable HW accleration */ + #warning "Unexpected CONFIG_IDF_TARGET_NN value" #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES @@ -347,6 +401,7 @@ #endif /* CONFIG_IDF_TARGET Check */ /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -367,7 +422,7 @@ /* #define HASH_SIZE_LIMIT */ /* for test.c */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -390,8 +445,8 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -400,12 +455,75 @@ #define ATCA_WOLFSSL */ -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * https://github.com/wolfSSL/wolfssl/pull/6825 + * https://github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ +/* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 @@ -421,15 +539,45 @@ #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif + #if defined(USE_CERT_BUFFERS_2048) + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h index 94c3b5eba6..94d9132358 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h @@ -1,6 +1,6 @@ /* template main.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h index ea9126fe60..c7483039e9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h @@ -1,6 +1,6 @@ /* server-tls.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h index a47f940016..b3574b66b8 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,7 +38,8 @@ int esp_show_current_datetime(); int set_fixed_default_time(void); /* set time from string (e.g. GitHub commit time) */ -int set_time_from_string(char* time_buffer); +/* When not using the new esp-sdk-lib.h helpers: */ +/* int set_time_from_string(char* time_buffer); */ /* set time from NTP servers, * also initially calls set_fixed_default_time or set_time_from_string */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index a045b23ba8..b5debf3641 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -1,6 +1,6 @@ /* wifi_connect.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,7 +28,7 @@ #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY #define TLS_SMP_SERVER_TASK_NAME "tls_sever_example" -#define TLS_SMP_SERVER_TASK_WORDS 22240 +#define TLS_SMP_SERVER_TASK_BYTES 22240 #define TLS_SMP_SERVER_TASK_PRIORITY 8 #define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID @@ -77,13 +77,19 @@ #ifdef CONFIG_ESP_WIFI_SSID #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID #else - #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif #endif #ifdef CONFIG_ESP_WIFI_PASSWORD #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD #else - #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_PASS + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif #endif #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c index 1c0d537e40..b25991ca2b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -234,24 +234,15 @@ void app_main(void) /* done */ while (1) { - ESP_LOGV(TAG, "\n\nLoop...\n\n"); -#ifdef INCLUDE_uxTaskGetStackHighWaterMark - ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); - - ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - uxTaskGetStackHighWaterMark(NULL)); - ESP_LOGI(TAG, "Stack delta: %d\n", stack_start - - uxTaskGetStackHighWaterMark(NULL)); -#endif #if defined(SINGLE_THREADED) ESP_LOGV(TAG, "\n\nDone!\n\n"); while (1); #else - vTaskDelay(60000); + /* Delete this main task to free up memory */ ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); vTaskDelete(NULL); #endif - } /* done whle */ + } /* done while */ } /* app_main */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index 9df8283d24..b966e4e17b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -1,6 +1,6 @@ /* server-tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,10 +31,16 @@ /* socket includes */ #include #include +#include /* For TCP options */ +#include + +#ifndef TCP_RTO_MIN + #define TCP_RTO_MIN 1500 +#endif /* wolfSSL */ #include -#include "user_settings.h" +#include #include #ifdef WOLFSSL_TRACK_MEMORY @@ -50,30 +56,6 @@ #define DEFAULT_MAX_DHKEY_BITS 2048 #endif -#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) - #include - #define CTX_CA_CERT root_sm2 - #define CTX_CA_CERT_SIZE sizeof_root_sm2 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM - #define CTX_SERVER_CERT server_sm2 - #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM - #define CTX_SERVER_KEY server_sm2_priv - #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM -#else - #include - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif - /* Project */ #include "wifi_connect.h" #include "time_helper.h" @@ -112,7 +94,6 @@ int ShowCiphers(WOLFSSL* ssl) return ret; } - /* FreeRTOS */ /* server task */ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) @@ -133,7 +114,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) int ret; socklen_t size = sizeof(clientAddr); size_t len; - +#if 0 + /* optionally set TCP RTO. See also below. */ + int rto_min = 200; /* Minimum TCP RTO in milliseconds */ +#endif /* declare wolfSSL objects */ WOLFSSL_CTX* ctx; WOLFSSL* ssl; @@ -157,16 +141,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) ESP_LOGE(TAG, "ERROR: failed to create the socket"); } + /* Optionally set TCP RTO + setsockopt(sockfd, IPPROTO_TCP, TCP_RTO_MIN, &rto_min, sizeof(rto_min)); */ + /* Create and initialize WOLFSSL_CTX */ WOLFSSL_MSG("Create and initialize WOLFSSL_CTX"); #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - // ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); /* only TLS 1.3 */ + /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); for only TLS 1.3 */ if (ctx == NULL) { ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX"); } #else - /* TODO remove duplicate */ if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX"); } @@ -304,8 +290,8 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) ESP_LOGI(TAG, "accept clients..."); /* Continue to accept clients until shutdown is issued */ while (!shutdown) { - ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES + - uxTaskGetStackHighWaterMark(NULL) ); WOLFSSL_MSG("Waiting for a connection..."); wifi_show_ip(); @@ -314,16 +300,33 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) == -1) { ESP_LOGE(TAG, "ERROR: failed to accept the connection"); } +#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS) + ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled"); +#endif /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object"); } - +#if defined(WOLFSSL_HAVE_KYBER) + else { + /* If success creating CTX and Kyber enabled, set key share: */ + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5); + if (ret == SSL_SUCCESS) { + ESP_LOGI(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 success"); + } + else { + ESP_LOGE(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 failed"); + } + } +#else + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled"); +#endif /* show what cipher connected for this WOLFSSL* object */ ShowCiphers(ssl); /* Attach wolfSSL to the socket */ wolfSSL_set_fd(ssl, connd); + /* Establish TLS connection */ ret = wolfSSL_accept(ssl); if (ret == SSL_SUCCESS) { @@ -333,23 +336,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) ESP_LOGE(TAG, "wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret)); } - WOLFSSL_MSG("Client connected successfully"); - ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Client connected successfully"); /* Read the client data into our buff array */ memset(buff, 0, sizeof(buff)); if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { ESP_LOGE(TAG, "ERROR: failed to read"); } - /* Print to stdout any data the client sends */ - ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - uxTaskGetStackHighWaterMark(NULL)); - WOLFSSL_MSG("Client sends:"); - WOLFSSL_MSG(buff); + + ESP_LOGI(TAG, "Client sends: %s", buff); /* Check for server shutdown command */ if (strncmp(buff, "shutdown", 8) == 0) { - WOLFSSL_MSG("Shutdown command issued!"); + ESP_LOGI(TAG, "Shutdown command issued!"); shutdown = 1; } /* Write our reply into buff */ @@ -360,10 +358,12 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) if (wolfSSL_write(ssl, buff, len) != len) { ESP_LOGE(TAG, "ERROR: failed to write"); } + + ESP_LOGI(TAG, "Done! Cleanup..."); /* Cleanup after this connection */ wolfSSL_free(ssl); /* Free the wolfSSL object */ close(connd); /* Close the connection to the client */ - } + } /* !shutdown */ /* Cleanup and return */ wolfSSL_free(ssl); /* Free the wolfSSL object */ wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ @@ -397,12 +397,14 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) #else xTaskHandle _handle; #endif - /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */ + /* Note that despite vanilla FreeRTOS using WORDS for a parameter, + * Espressif uses BYTES for the task stack size here. + * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d", - TLS_SMP_SERVER_TASK_WORDS); + TLS_SMP_SERVER_TASK_BYTES); ret_i = xTaskCreate(tls_smp_server_task, TLS_SMP_SERVER_TASK_NAME, - TLS_SMP_SERVER_TASK_WORDS, /* not bytes! */ + TLS_SMP_SERVER_TASK_BYTES, (void*)&thisPort, TLS_SMP_SERVER_TASK_PRIORITY, &_handle); @@ -411,7 +413,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME); } - /* vTaskStartScheduler(); // called automatically in ESP-IDF */ + /* vTaskStartScheduler(); called automatically in ESP-IDF */ return TLS_SMP_CLIENT_TASK_RET; } #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c index 1f16e4be7d..41a0e09751 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -1,6 +1,6 @@ /* time_helper.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 7401c5d7e9..1b33f98052 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -1,6 +1,6 @@ /* wifi_connect.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt index 0dadfac600..6e70b4a626 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt @@ -1,79 +1,15 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.0 +# v1.1 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.16) +cmake_minimum_required(VERSION 3.5) -# The wolfSSL CMake file should be able to find the source code. -# Otherwise, assign an environment variable or set it here: -# -# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") -# -# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find -# USE_MY_PRIVATE_CONFIG path for my_private_config.h -# -# Expected path varies: -# -# WSL: /mnt/c/workspace -# Linux: ~/workspace -# Windows: C:\workspace -# -if(WIN32) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") - message("Detected Windows") -endif() -if(CMAKE_HOST_UNIX) - message("Detected UNIX") -endif() -if(APPLE) - message("Detected APPLE") -endif() -if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") - message("Detected WSL") -endif() -if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") - message("Detected Linux") -endif() -if(APPLE) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") - message("Detected Apple") -endif() -# End optional WOLFSSL_CMAKE_SYSTEM_NAME - -# Check that there are not conflicting wolfSSL components -# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl -# The local component wolfSSL directory will be in ./components/wolfssl -if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) - # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' - # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) - # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) - # So we'll error out and let the user decide how to proceed: - message(WARNING "\nFound wolfSSL components in\n" - "./managed_components/wolfssl__wolfssl\n" - "and\n" - "./components/wolfssl\n" - "in project directory: \n" - "${CMAKE_HOME_DIRECTORY}") - message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" - "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " - "or rename the idf_component.yml file typically found in ./main/") -else() - message(STATUS "No conflicting wolfSSL components found.") -endif() +add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) include($ENV{IDF_PATH}/tools/cmake/project.cmake) -set(COMPONENTS - main - wolfssl - # cryptoauthlib -) # set components +# Not only is a project-level "set(COMPONENTS" not needed here, this will cause +# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". project(wolfssl_test) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile index fd971485a5..b110e86aa6 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile @@ -3,9 +3,12 @@ # project subdirectory. # -PROJECT_NAME := wolfssl_test - CFLAGS += -DWOLFSSL_USER_SETTINGS -include $(IDF_PATH)/make/project.mk +# Some of the tests are CPU intenstive, so we'll force the watchdog timer off. +# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig. +EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG +PROJECT_NAME := wolfssl_test + +include $(IDF_PATH)/make/project.mk diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj index 6c3af79883..4334b8c6b7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj @@ -71,7 +71,7 @@ esp-idf/v5.0 ESPIDF - COM9 + COM19 false false ESP32 @@ -93,7 +93,7 @@ - COM20 + COM19 115200 8 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt index e129a64efb..a1b3e13905 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -19,16 +19,95 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.0 template update + THIS_IDF_PATH # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -45,6 +124,11 @@ else() endif() message(STATUS "THIS_USER = ${THIS_USER}") +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -71,27 +155,41 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") - if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + else() + get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if( FOUND_WOLFSSL ) + message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + else() + message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT}") + endif() + endif() else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) - return() + message(STATUS "Found WOLFSSL_ROOT via prior specification.") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -149,17 +279,47 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - esp_timer - driver # this will typically only be needed for wolfSSL benchmark + ${THIS_INCLUDE_TIMER} + ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark ) else() @@ -171,24 +331,52 @@ else() # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() else() - message(STATUS "NEW wolfssl directory not found.") + message(STATUS "Searching for wolfSL source code...") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") + else() + message(STATUS "Failed: wolfssl directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + # Abort CMake after fatal error. endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" @@ -200,16 +388,19 @@ else() message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h is in the local project. set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -232,11 +423,13 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") + # Abort CMake after fatal error. + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -286,6 +479,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -355,17 +549,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS "./include" # this is the location of wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" + # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -374,7 +573,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -387,6 +586,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -423,17 +624,34 @@ else() INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" REQUIRES "${COMPONENT_REQUIRES}" EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark + PRIV_REQUIRES + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) - # some optional diagnostics - if (1) + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -520,6 +738,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION) execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + message(STATUS "************************************************************************************************") message(STATUS "wolfssl component config complete!") message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk index 5234a007e1..2540584c8f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk @@ -1,40 +1,240 @@ -# -# Copyright (C) 2006-2023 wolfSSL Inc. -# -# This file is part of wolfSSL. -# -# wolfSSL is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# wolfSSL is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -# -# -# Component Makefile -# - -COMPONENT_ADD_INCLUDEDIRS := . ./include - -COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos" -# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc" - -COMPONENT_SRCDIRS := src wolfcrypt/src -COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += wolfcrypt/benchmark -COMPONENT_SRCDIRS += wolfcrypt/test - -CFLAGS +=-DWOLFSSL_USER_SETTINGS - -COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += src/bio.o +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# In the wolfSSL GitHub examples for Espressif, +# the root is 7 directories up from here: +WOLFSSL_ROOT := ../../../../../../../ + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + + +# WOLFSSL_ROOT := "" +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test +COMPONENT_SRCDIRS += include + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o + +## +## wolfcrypt test (optional) +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o + +## +## wolfcrypt +## +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index d6eeebbb42..5862894ee4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,22 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* This user_settings.h is for Espressif ESP-IDF */ -#include +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here + * + * When editing this file: + * ensure wolfssl_test and wolfssl_benchmark settings match. + */ + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* The Espressif sdkconfig will have chipset info. ** -** Possible values: +** Some possible values: ** ** CONFIG_IDF_TARGET_ESP32 ** CONFIG_IDF_TARGET_ESP32S2 @@ -36,18 +46,175 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF +/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ +#define NO_ESP_SDK_WIFI + +/* Experimental Kyber */ +#if 0 + /* Kyber typically needs a minimum 10K stack */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 +#endif + /* - * choose ONE of these Espressif chips to define: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 - * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ #undef WOLFSSL_ESPWROOM32SE #undef WOLFSSL_ESP8266 #undef WOLFSSL_ESP32 +/* See below for chipset detection from sdkconfig.h */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ -#define WOLFSSL_ESP32 +/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. + * Memory requirement is about 5KB, otherwise 20K is needed when not specified. + * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM + +/* Uncommon settings for testing only */ +#define TEST_ESPIDF_ALL_WOLFSSL +#ifdef TEST_ESPIDF_ALL_WOLFSSL + #define WOLFSSL_MD2 + #define HAVE_BLAKE2 + #define HAVE_BLAKE2B + #define HAVE_BLAKE2S + + #define WC_RC2 + #define WOLFSSL_ALLOW_RC4 + + #define HAVE_POLY1305 + + #define WOLFSSL_AES_128 + #define WOLFSSL_AES_OFB + #define WOLFSSL_AES_CFB + #define WOLFSSL_AES_XTS + + /* #define WC_SRTP_KDF */ + /* TODO Causes failure with Espressif AES HW Enabled */ + /* #define HAVE_AES_ECB */ + /* #define HAVE_AESCCM */ + /* TODO sanity check when missing HAVE_AES_ECB */ + #define WOLFSSL_WOLFSSH + + #define HAVE_AESGCM + #define WOLFSSL_AES_COUNTER + + #define HAVE_FFDHE + #define HAVE_FFDHE_2048 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO Full size SRP is disabled on the ESP8266 at this time. + * Low memory issue? */ + #define WOLFCRYPT_HAVE_SRP + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + /* TODO: SRP Not enabled, known to fail on this target + * See https://github.com/wolfSSL/wolfssl/issues/7210 */ + #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + /* SRP Known to be working on this target::*/ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #else + /* For everything else, give a try and see if SRP working: */ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #endif + + #define HAVE_DH + + /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. + * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ + /* #define HAVE_CAMELLIA */ + + /* DSA requires old SHA */ + #define HAVE_DSA + + /* Needs SHA512 ? */ + #define HAVE_HPKE + + /* Not for Espressif? */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + + #if defined(CONFIG_IDF_TARGET_ESP8266) + #undef HAVE_ECC + #undef HAVE_ECC_CDH + #undef HAVE_CURVE25519 + + /* TODO does CHACHA also need alignment? Failing on ESP8266 + * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ + #ifdef HAVE_CHACHA + #error "HAVE_CHACHA not supported on ESP8266" + #endif + #ifdef HAVE_XCHACHA + #error "HAVE_XCHACHA not supported on ESP8266" + #endif + #else + #define HAVE_XCHACHA + #define HAVE_CHACHA + /* TODO Not enabled at this time, needs further testing: + * #define WC_SRTP_KDF + * #define HAVE_COMP_KEY + * #define WOLFSSL_HAVE_XMSS + */ + #endif + /* TODO AES-EAX not working on this platform */ + + /* Optionally disable DH + * #undef HAVE_DH + * #undef HAVE_FFDHE + */ + + /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ + #ifndef HAVE_ECC + #define ECC_SHAMIR + #endif + #else + #define WOLFSSL_AES_EAX + + #define ECC_SHAMIR + #endif + + /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ + /* #define WOLFSSL_CAAM */ + /* #define WOLFSSL_CAAM_BLOB */ + + #define WOLFSSL_AES_SIV + #define WOLFSSL_CMAC + + #define WOLFSSL_CERT_PIV + + /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ + /* #define HAVE_SCRYPT */ + #define SCRYPT_TEST_ALL + #define HAVE_X963_KDF +#endif /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -61,7 +228,6 @@ /* #define NO_OLD_TLS */ #define BENCH_EMBEDDED -#define USE_CERT_BUFFERS_2048 /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -79,7 +245,9 @@ #define HAVE_AESGCM -#define WOLFSSL_RIPEMD +/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */ +/* #define WOLFSSL_RIPEMD */ + /* when you want to use SHA224 */ #define WOLFSSL_SHA224 @@ -95,24 +263,34 @@ /* ED25519 requires SHA512 */ #define HAVE_ED25519 -#define HAVE_ECC -#define HAVE_CURVE25519 -#define CURVE25519_SMALL +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) + /* TODO determine low memory configuration for ECC. */ +#else + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL +#endif + #define HAVE_ED25519 +/* Optional OPENSSL compatibility */ #define OPENSSL_EXTRA -/* when you want to use pkcs7 */ -/* #define HAVE_PKCS7 */ +/* #Optional HAVE_PKCS7 */ #define HAVE_PKCS7 #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -126,27 +304,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* rsa primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ -#define RSA_LOW_MEM +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -158,7 +320,7 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define ESP_RSA_TIMEOUT_CNT 0x349F00 /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -206,7 +368,7 @@ #undef WOLFSSL_SYS_CA_CERTS */ -/* +/* command-line options --enable-keygen --enable-certgen --enable-certreq @@ -214,10 +376,14 @@ --enable-asn-template */ -/* Default is HW enabled unless turned off. -** Uncomment these lines to force SW instead of HW acceleration */ - +/* Chipset detection from sdkconfig.h + * Default is HW enabled unless turned off. + * Uncomment lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) + #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -235,6 +401,7 @@ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -247,6 +414,7 @@ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -260,6 +428,7 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) + #define WOLFSSL_ESP32 /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable @@ -285,6 +454,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -302,6 +472,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define WOLFSSL_ESP32 /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ @@ -318,6 +489,7 @@ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define WOLFSSL_ESP32 /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH @@ -326,7 +498,11 @@ /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO: Revisit ESP8266 */ + #define WOLFSSL_ESP8266 + + /* There's no hardware encryption on the ESP8266 */ + /* Consider using the ESP32-C2/C3/C6 + * See https://www.espressif.com/en/products/socs/esp32-c2 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES @@ -343,13 +519,42 @@ #else /* Anything else encountered, disable HW accleration */ + #warning "Unexpected CONFIG_IDF_TARGET_NN value" #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: +See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL @@ -363,6 +568,14 @@ #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS #define ESP_DISABLE_HW_TASK_LOCK + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ /* Pause in a loop rather than exit. */ @@ -396,8 +609,9 @@ ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ -#define USE_CERT_BUFFERS_2048 + +/* used by benchmark: */ +#define WOLFSSL_PUBLIC_MP /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE @@ -406,12 +620,75 @@ #define ATCA_WOLFSSL */ -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +/***************************** Certificate Macros ***************************** + * + * The section below defines macros used in typically all of the wolfSSL + * examples such as the client and server for certs stored in header files. + * + * There are various certificate examples in this header file: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * To use the sets of macros below, define *one* of these: + * + * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 + * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 + * WOLFSSL_SM[2,3,4] - SM Ciphers + * + * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this + * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: + * + * ret = wolfSSL_CTX_load_verify_buffer(ctx, + * CTX_CA_CERT, + * CTX_CA_CERT_SIZE, + * CTX_CA_CERT_TYPE); + * + * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer + * + * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as + * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h + * + * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference + * array size and cert type respectively. + * + * Similarly for loading the private client key: + * + * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + * CTX_CLIENT_KEY, + * CTX_CLIENT_KEY_SIZE, + * CTX_CLIENT_KEY_TYPE); + * + * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer + * + * Similarly, the other macros are for server certificates and keys: + * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. + * + * The certificate and key names are typically `static const unsigned char` + * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types + * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). + * + * See `SSL_FILETYPE_[name]` in + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h + * + * See Abstract Syntax Notation One (ASN.1) in: + * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h + * + * Optional SM4 Ciphers: + * + * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet + * be available. See: + * https://github.com/wolfSSL/wolfssl/pull/6825 + * https://github.com/wolfSSL/wolfsm + * + * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. + */ + +/* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ +/* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 @@ -427,24 +704,49 @@ #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -#endif - -/* See settings.h for some of the possible hardening options: - * - * #define NO_ESPIDF_DEFAULT - * #define WC_NO_CACHE_RESISTANT - * #define WC_AES_BITSLICED - * #define HAVE_AES_ECB - * #define HAVE_AES_DIRECT - */ + #if defined(USE_CERT_BUFFERS_2048) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #elif defined(USE_CERT_BUFFERS_1024) + /* Be sure to include in app when using example certs: */ + /* #include */ + #define CTX_CA_CERT ca_cert_der_1024 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_CLIENT_CERT client_cert_der_1024 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_1024 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + + #define CTX_SERVER_CERT server_cert_der_1024 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_1024 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 + #else + /* Optionally define custom cert arrays, sizes, and types here */ + #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #endif +#endif /* Conditional key and cert constant names */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt index 8787e3b883..2fe1790be0 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt @@ -3,78 +3,7 @@ # set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") -set(COMPONENT_SRCS "main.c") - -# when using time helper: -# set(COMPONENT_SRCS "main.c" "time_helper.c") - -set(COMPONENT_ADD_INCLUDEDIRS ".") - -set (git_cmd "git") - -if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) - # - # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user - # - message(STATUS "") - message(STATUS "WARNING: Found components/wolfssl in both local project and IDF_PATH") - message(STATUS "") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") -endif() - -idf_component_register(SRCS main.c - INCLUDE_DIRS "." - "./include") - -# -# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) -# -# Save the THIS_VAR as a string in a macro called VAR_OUPUT -# -# VAR_OUPUT: the name of the macro to define -# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process() -# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful. -# -function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) - # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true. - string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE) - - # if we had a successful operation, save the THIS_VAR in VAR_OUPUT - if(${IS_VALID_VALUE}) - # strip newline chars in THIS_VAR parameter and save in VAR_VALUE - string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR}) - - # we'll could percolate the value to the parent for possible later use - # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE) - - # but we're only using it here in this function - set(${VAR_OUPUT} ${VAR_VALUE}) - - # we'll print what we found to the console - message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}") - - # the interesting part is defining the VAR_OUPUT name a value to use in the app - add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") - else() - # if we get here, check the execute_process command and parameters. - message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") - set(${VAR_OUPUT} "Unknown") - endif() -endfunction() # LIBWOLFSSL_SAVE_INFO - -if(NOT CMAKE_BUILD_EARLY_EXPANSION) - # LIBWOLFSSL_VERSION_GIT_HASH - execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") - - # LIBWOLFSSL_VERSION_GIT_SHORT_HASH - execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") - - # LIBWOLFSSL_VERSION_GIT_HASH_DATE - execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") -endif() - -message(STATUS "") - +idf_component_register(SRCS + "main.c" + INCLUDE_DIRS + ".") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk index d31083f65b..df684f1e0b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk @@ -1,3 +1,9 @@ # -# Main Makefile. This is basically the same as a component makefile. -# \ No newline at end of file +# Main component makefile. +# +# This Makefile can be left empty. By default, it will take the sources in the +# src/ directory, compile them and link them into lib(subdirectory_name).a +# in the build directory. This behavior is entirely configurable, +# please read the ESP-IDF documents if you need to do this. +# +# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h index 94c3b5eba6..94d9132358 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h @@ -1,6 +1,6 @@ /* template main.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h deleted file mode 100644 index 37b770415a..0000000000 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ -#ifndef _TIME_HELPER_H - -#ifdef __cplusplus -extern "C" { -#endif - -int set_time(void); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* #ifndef _TIME_HELPER_H */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c index 2fd41d3f0f..315ff304c9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,22 +24,43 @@ #include "sdkconfig.h" /* wolfSSL */ -#include -#include -#include -#include - -#ifndef WOLFSSL_ESPIDF -#warning "problem with wolfSSL user settings. Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include + #include + #include + #include + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include -#include +#include "driver/uart.h" -/* set to 0 for one benchmark, -** set to 1 for continuous benchmark loop */ + +/* set to 0 for one test, +** set to 1 for continuous test loop */ #define TEST_LOOP 0 +#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200 + +#ifdef CONFIG_ESP8266_XTAL_FREQ_26 + /* 26MHz crystal: 74880 bps */ + #define THIS_MONITOR_UART_BAUD_DATE 74880 +#else + /* 40MHz crystal: 115200 bps */ + #define THIS_MONITOR_UART_BAUD_DATE 115200 +#endif + /* ** the wolfssl component can be installed in either: ** @@ -55,13 +76,9 @@ /* ** although the wolfcrypt/test includes a default time setting, -** see the enclosed optional time helper for adding NNTP. -** be sure to add "time_helper.c" in main/CMakeLists.txt -*/ +** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */ + #undef WOLFSSL_USE_TIME_HELPER -#if defined(WOLFSSL_USE_TIME_HELPER) - #include "time_helper.h" */ -#endif /* see wolfssl/wolfcrypt/test/test.h */ extern void wolf_crypt_task(); @@ -132,14 +149,36 @@ void my_atmel_free(int slotId) /* entry point */ void app_main(void) { - int stack_start = 0; + uart_config_t uart_config = { + .baud_rate = THIS_MONITOR_UART_BAUD_DATE, + .data_bits = UART_DATA_8_BITS, + .parity = UART_PARITY_DISABLE, + .stop_bits = UART_STOP_BITS_1, + }; esp_err_t ret = 0; + wc_ptr_t stack_start = esp_sdk_stack_pointer(); + + /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, + * UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */ + + /* Some targets may need to have UART speed set. TODO: which? */ + ESP_LOGI(TAG, "UART init"); + uart_param_config(UART_NUM_0, &uart_config); + uart_driver_install(UART_NUM_0, + THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0); + ESP_LOGI(TAG, "------------------ wolfSSL Test Example ----------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start); + +#ifdef WOLFSSL_ESP_NO_WATCHDOG + ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling..."); + esp_DisableWatchdog(); +#endif #ifdef ESP_TASK_MAIN_STACK ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK); @@ -166,51 +205,9 @@ void app_main(void) esp_ShowExtendedSystemInfo(); #endif - /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32) - ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#elif defined(CONFIG_IDF_TARGET_ESP32S2) - ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#elif defined(CONFIG_IDF_TARGET_ESP32S3) - ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#else - /* not available for other platformas at this time */ -#endif - /* all platforms: stack high water mark check */ ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - /* check to see if we are using hardware encryption - * TODO: move this to esp_util.c */ -#if defined(NO_ESP32_CRYPT) - ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED."); -#else - #if defined(CONFIG_IDF_TARGET_ESP32C2) - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C2."); - - #elif defined(CONFIG_IDF_TARGET_ESP32C3) - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C3."); - - #elif defined(CONFIG_IDF_TARGET_ESP32S2) - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S2."); - - #elif defined(CONFIG_IDF_TARGET_ESP32S3) - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S3."); - - #else - ESP_LOGI(TAG, "ESP32_CRYPT is enabled."); - #endif -#endif - #if defined (WOLFSSL_USE_TIME_HELPER) set_time(); #endif @@ -256,19 +253,10 @@ void app_main(void) ** This is called at the end of wolf_test_task(); */ - if (ret == 0) { - ESP_LOGI(TAG, "wolf_test_task complete success result code = %d", ret); - } - else { - ESP_LOGE(TAG, "wolf_test_task FAIL result code = %d", ret); - /* see wolfssl/wolfcrypt/error-crypt.h */ - } - -#if defined(DEBUG_WOLFSSL) && !defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI) +#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) esp_hw_show_mp_metrics(); #endif - /* after the test, we'll just wait */ #ifdef INCLUDE_uxTaskGetStackHighWaterMark ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); @@ -276,7 +264,14 @@ void app_main(void) - (uxTaskGetStackHighWaterMark(NULL))); #endif -#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE +#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE + if (ret == 0) { + ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret)); + } + else { + ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); + } +#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); #else ESP_LOGI(TAG, "\n\nDone!\n\n" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c deleted file mode 100644 index 8b7da74a00..0000000000 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c +++ /dev/null @@ -1,120 +0,0 @@ -/* time_helper.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#include -#include - -#include "sdkconfig.h" -#include "esp_log.h" - -#include "time_helper.h" - -const static char* TAG = "Time Helper"; - -#define TIME_ZONE "PST-8" -/* NELEMS(x) number of elements - * To determine the number of elements in the array, we can divide the total size of - * the array by the size of the array element - * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c - **/ -#define NELEMS(x) ( (int)(sizeof(x) / sizeof((x)[0])) ) -#define NTP_SERVER_LIST ( (char*[]) { \ - "pool.ntp.org", \ - "time.nist.gov", \ - "utcnist.colorado.edu" \ - } \ - ) -/* #define NTP_SERVER_COUNT using NELEMS: - * - * (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0])) - */ -#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST) -char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; - -/* our NTP server list is global info */ -extern char* ntpServerList[NTP_SERVER_COUNT]; - - -int set_time(void) -{ - /* we'll also return a result code of zero */ - int res = 0; - int i = 0; /* counter for time servers */ - time_t interim_time; - - /* ideally, we'd like to set time from network, - * but let's set a default time, just in case */ - struct tm timeinfo = { - .tm_year = 2022 - 1900, - .tm_mon = 11, - .tm_mday = 15, - .tm_hour = 3, - .tm_min = 25, - .tm_sec = 0 - }; - struct timeval now; - -#ifndef NTP_SERVER_COUNT - #define NTP_SERVER_COUNT 0 - char* ntpServerList[NTP_SERVER_COUNT]; -#endif /* not defined: NTP_SERVER_COUNT */ - -#ifndef TIME_ZONE - #define TIME_ZONE "PST-8" -#endif /* not defined: TIME_ZONE */ - - - /* set interim static time */ - interim_time = mktime(&timeinfo); - now = (struct timeval){ .tv_sec = interim_time }; - settimeofday(&now, NULL); - - - /* set timezone */ - setenv("TZ", TIME_ZONE, 1); - tzset(); - - if (NTP_SERVER_COUNT) { - /* next, let's setup NTP time servers - * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization - */ - sntp_setoperatingmode(SNTP_OPMODE_POLL); - - ESP_LOGI(TAG, "sntp_setservername:"); - for (i = 0; i < NTP_SERVER_COUNT; i++) { - const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1) == 0) { - /* just in case we run out of NTP servers */ - break; - } - ESP_LOGI(TAG, "%s", thisServer); - sntp_setservername(i, thisServer); - } - sntp_init(); - ESP_LOGI(TAG, "sntp_init done."); - } - else { - ESP_LOGI(TAG, "No sntp time servers found."); - } - return res; -} - diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h deleted file mode 100644 index 1de6f0f8bc..0000000000 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _TIME_HELPER_H -/* - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#ifdef __cplusplus -extern "C" { -#endif - -int set_time(void); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* #ifndef _TIME_HELPER_H */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults index 17097709d9..2a5ad756d7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults @@ -1,41 +1,88 @@ -# This tag is used to include this file in the ESP Component Registry: +# sdkconfig.defaults for ESP8266 + ESP32 +# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults +CONFIG_BENCH_ARGV="-lng 0" +CONFIG_FREERTOS_HZ=1000 +CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # -# Default main stack size +# Default main stack size. See user_settings.h # -# This is typically way bigger than needed for stack size. See user_settings.h -# -CONFIG_ESP_MAIN_TASK_STACK_SIZE=55000 +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=55000 +CONFIG_MAIN_TASK_STACK_SIZE=10500 +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n # # Watchdog Timers # -# We don't want to have the watchdog timeout during tests +# We don't want to have the watchdog timeout during tests & benchmarks # CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max COU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y +CONFIG_FREERTOS_HZ=1000 # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options -# minimum C3 chip revision known to work is 2. -# rev 0 and 1 not available for testing. -# all revisions expected to work. -CONFIG_ESP32C3_REV_MIN_0= -CONFIG_ESP32C3_REV_MIN_1= +# We don't know that the min is actually v2, +# but this is the earliest tested. CONFIG_ESP32C3_REV_MIN_2=y -CONFIG_ESP32C3_REV_MIN_3= - # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh new file mode 100644 index 0000000000..247e8a1a88 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# +# testAll.sh [keyword suffix] +# +# Build and compile the wolfssl_test for all platforms. +# +# Supply optional keyword suffix value for log file names. +# +# See testMonitor.sh for USB port settings. +# +# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty. +# instead of using `idf.py monitor` +#============================================================================== + +# Run shell check to ensure this a good script. +shellcheck "$0" + +# Save the current PATH to a temporary variable +ORIGINAL_PATH="$PATH" + +export ESPIDF_PUTTY_MONITOR="TRUE" + +THIS_SUFFIX="$1" + +# Clear IDF path to ensure it is set by export.sh +IDF_PATH= + +# set the path for this workspace IDF path (where export.sh is located) +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +echo "Run ESP32 export.sh from ${WRK_IDF_PATH}" + +# shell check should not follow into the ESP-IDF export.sh +# shellcheck disable=SC1091 +. "${WRK_IDF_PATH}"/export.sh + +echo "IDF_PATH = $IDF_PATH" + +./testMonitor.sh wolfssl_test esp32 "$THIS_SUFFIX" || exit 1 +./testMonitor.sh wolfssl_test esp32c2 "$THIS_SUFFIX" || exit 1 +./testMonitor.sh wolfssl_test esp32c3 "$THIS_SUFFIX" || exit 1 +./testMonitor.sh wolfssl_test esp32c6 "$THIS_SUFFIX" || exit 1 +./testMonitor.sh wolfssl_test esp32s2 "$THIS_SUFFIX" || exit 1 +./testMonitor.sh wolfssl_test esp32s3 "$THIS_SUFFIX" || exit 1 +./testMonitor.sh wolfssl_test esp32h2 "$THIS_SUFFIX" || exit 1 +./testMonitor.sh wolfssl_test esp8684 "$THIS_SUFFIX" || exit 1 + +# ESP8266 uses a different toolchain + +# Restore the original PATH +export PATH=$ORIGINAL_PATH + +IDF_PATH= +WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4 +echo "Run ESP8266 export.sh from ${WRK_IDF_PATH}" + +# shell check should not follow into the ESP-IDF export.sh +# shellcheck disable=SC1091 +. "$WRK_IDF_PATH"/export.sh + +echo "IDF_PATH = $IDF_PATH" + +./testMonitor.sh wolfssl_test esp8266 PR || exit 1 + +# Restore the original PATH +export PATH=$ORIGINAL_PATH + +echo "Done!" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh new file mode 100644 index 0000000000..7bf49b25d1 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh @@ -0,0 +1,227 @@ +#!/bin/bash +# +# Syntax: +# ./testMonitor.sh +# +# Example: +# +# ./testMonitor.sh wolfssl_test esp32c6 WIP +# +# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty +# instead of using `idf.py monitor` +#======================================================================================== + +# Run shell check to ensure this a good script. +shellcheck "$0" + +PUTTY_EXE="/mnt/c/tools/putty.exe" + +THIS_HOME_DIR="$(pwd)" +# export WOLFSSL_ESPIDF="/mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples" + +# the first parameter is expected to be a project name in the WOLFSSL_ESPIDF directory. +if [ $# -lt 3 ]; then + echo "Usage: $0 " + exit 1 +else + THIS_EXAMPLE="$1" +# pushd "${WOLFSSL_ESPIDF}" || exit 1 +# pushd "./${THIS_EXAMPLE}" || exit 1 + + THIS_TARGET="$2" + THIS_KEYWORD="$3" +fi + +echo "testMonitor current path:" +pwd + +#ESP32c2 monitor is 78800 +# These are the WSL Serial Ports for each respective ESP32 SoC Device. +# Unfortunately they are currently hard coded and computer-specific. +esp32_PORT="/dev/ttyS9" +esp32c2_PORT="/dev/ttyS79" +esp32c3_PORT="/dev/ttyS35" +esp32c6_PORT="/dev/ttyS36" +esp32h2_PORT="/dev/ttyS31" +esp32s2_PORT="/dev/ttyS30" +esp32s3_PORT="/dev/ttyS24" +esp8266_PORT="/dev/ttyS70" + +esp8684_PORT="/dev/ttyS49" +# esp32c2_PORT="/dev/ttyS49" #8684 + +# Load putty profiles. Note profiles names need to have been previously +# defined and saved in putty! These are the saved sessions in putty: +esp32_PUTTY="COM9" +esp32c2_PUTTY="COM79 - ESP32-C2 74880" +esp32c3_PUTTY="COM35" +esp32c6_PUTTY="COM36" +esp32h2_PUTTY="COM31" +esp32s2_PUTTY="COM30" +esp32s3_PUTTY="COM24" +esp8684_PUTTY="COM49" +esp8266_PUTTY="COM70 - 74880" + +echo "esp32_PORT: $esp32_PORT" +echo "esp32c2_PORT: $esp32c2_PORT" +echo "esp32c3_PORT: $esp32c3_PORT" +echo "esp32c6_PORT: $esp32c6_PORT" +echo "esp32s2_PORT: $esp32s2_PORT" +echo "esp32s3_PORT: $esp32s3_PORT" +echo "esp32h2_PORT: $esp32h2_PORT" +echo "esp8266_PORT: $esp8266_PORT" +echo "esp8684_PORT: $esp8684_PORT" + +# given a THIS_TARGET, assign THIS_TARGET_PORT to the respective port. +THIS_TARGET_PORT="${THIS_TARGET}_PORT" + +# Check that THIS_TARGET_PORT is defined. +if [ -z "$THIS_TARGET_PORT" ]; then + echo "Error: No port defined for ${THIS_TARGET}" + exit 1 +else + echo "THIS_TARGET_PORT=${THIS_TARGET_PORT}" +fi + +THIS_TARGET_PORT="${!THIS_TARGET_PORT}" +echo THIS_TARGET_PORT="${THIS_TARGET_PORT}" + + +# The use of putty is optional +THIS_TARGET_PUTTY="${THIS_TARGET}_PUTTY" + +if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then + echo "Using ESP-IDF monitor" +else + # Check that THIS_TARGET_PUTTY is defined. + echo "" + echo "Using saved putty profile session names:" + echo "esp32_PUTTY: $esp32_PUTTY" + echo "esp32c2_PUTTY: $esp32c2_PUTTY" + echo "esp32c3_PUTTY: $esp32c3_PUTTY" + echo "esp32c6_PUTTY: $esp32c6_PUTTY" + echo "esp32s2_PUTTY: $esp32s2_PUTTY" + echo "esp32s3_PUTTY: $esp32s3_PUTTY" + echo "esp32h2_PUTTY: $esp32h2_PUTTY" + echo "esp8684_PUTTY: $esp8684_PUTTY" + echo "esp8266_PUTTY: $esp8266_PUTTY" + echo "" + + if [ -z "$THIS_TARGET_PUTTY" ]; then + echo "Error: No putty profile defined for ${THIS_TARGET}" + exit 1 + else + echo "THIS_TARGET_PUTTY=${THIS_TARGET_PUTTY}" + fi + + THIS_TARGET_PUTTY="${!THIS_TARGET_PUTTY}" + echo THIS_TARGET_PUTTY="${THIS_TARGET_PUTTY}" +fi + +if [[ "$THIS_TARGET" == "esp8684" ]]; then + echo "Treating esp8684 like an esp32c2" + THIS_TARGET=esp32c2 +fi + + +# Assemble some log file names. +echo "" +BUILD_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_build_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt" +FLASH_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_flash_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt" +THIS_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_output_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt" +THIS_CFG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_user_settings_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt" + +# cp ./components/wolfssl/include/user_settings.h "${THIS_CFG}" + +echo "BUILD_LOG = ${BUILD_LOG}" +echo "FLASH_LOG = ${FLASH_LOG}" +echo "THIS_LOG = ${THIS_LOG}" +echo "THIS_CFG = ${THIS_CFG}" + + +if [[ "$THIS_TARGET" == "esp8266" ]]; then + # idf.py for the ESP8266 does not support --version + echo "ESP8266 using $IDF_PATH" +else + idf.py --version > "${BUILD_LOG}" 2>&1 +fi + +echo "Full clean for $THIS_TARGET..." +#--------------------------------------------------------------------- +idf.py fullclean >> "${BUILD_LOG}" 2>&1 +THIS_ERROR_CODE=$? +if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Error during fullclean. Deleting build directory." + rm -rf ./build +fi + +#--------------------------------------------------------------------- +if [[ "$THIS_TARGET" == "esp8266" ]]; then + #always start with a fresh sdkconfig-debug (or sdkconfig-release) from defaults + rm -f ./sdkconfig-debug + rm -f ./sdkconfig-release + + # idf.py for the ESP8266 does not support --set-target + echo "Target is $THIS_TARGET" + + # Since we don't "set-target" for the ESP8266, ensure the sdkconfig is not present + rm -f ./sdkconfig +else + # Start with fresh sdkconfig + rm -f ./sdkconfig + + # ESP8266 debug and release files not used for non-ESP8266 targets here,delete anyhow: + rm -f ./sdkconfig-debug + rm -f ./sdkconfig-release + + echo "idf.py set-target $THIS_TARGET" + idf.py "set-target" "$THIS_TARGET" >> "${BUILD_LOG}" 2>&1 + THIS_ERROR_CODE=$? + if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Error during set-target" + exit 1 + fi +fi + +#--------------------------------------------------------------------- +echo "" +echo "Build $THIS_TARGET..." +echo "idf.py build" +idf.py build >> "${BUILD_LOG}" 2>&1 +THIS_ERROR_CODE=$? +if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Error during build for $THIS_TARGET" + echo "" + echo "" + exit 1 +fi + +#--------------------------------------------------------------------- +echo "" +echo "Flash $THIS_TARGET..." +echo "idf.py flash -p ${THIS_TARGET_PORT} -b 115200" +idf.py flash -p "${THIS_TARGET_PORT}" -b 115200 2>&1 | tee -a "${FLASH_LOG}" +THIS_ERROR_CODE=$? +if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Error during flash" + exit 1 +fi + +# popd || exit 1 +# popd || exit 1 + +# Note both of the options spawn a separate process: +if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then + echo "Monitor..." + echo ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}" + + ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}" & +else + echo "Calling putty..." + echo "$PUTTY_EXE -load \"$THIS_TARGET_PUTTY\"" + $PUTTY_EXE -load "$THIS_TARGET_PUTTY" & +fi diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj new file mode 100644 index 0000000000..41509e0fd9 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj @@ -0,0 +1,292 @@ + + + + + + Unknown + + true + + c9687472-a434-43a7-9026-7914f425b9b4 + true + true + SourceDirs + + + + + + com.visualgdb.xtensa-lx106-elf + + 8.4.0 + 8.1 + 1 + + + + release/v3.4 + rtos-sdk/v3.4 + RTOS_SDK + + 0 + + + + + + + + + + + + + Default + + false + + BuildMachine + BuiltinShortcut + + + + + + + COM80 + + 74880 + 8 + None + One + None + + + 0 + false + true + false + ASCII + + + 255 + 0 + 0 + 0 + + + 255 + 169 + 169 + 169 + + + 255 + 211 + 211 + 211 + + + 255 + 144 + 238 + 144 + + + 255 + 169 + 169 + 169 + + + + 16 + true + true + true + true + 0 + + LF + false + false + true + + + + true + + + + + True + + true + true + + Enabled + true + true + true + + true + + + + false + + apiModeling.google.GTest + core.builtin.BuiltinFunctions + core.builtin.NoReturnFunctions + core.CallAndMessage + core.DivideZero + core.DynamicTypePropagation + core.NonnilStringConstants + core.NonNullParamChecker + core.NullDereference + core.StackAddressEscape + core.UndefinedBinaryOperatorResult + core.uninitialized.ArraySubscript + core.uninitialized.Assign + core.uninitialized.Branch + core.uninitialized.CapturedBlockVariable + core.uninitialized.UndefReturn + core.VLASize + cplusplus.NewDelete + cplusplus.NewDeleteLeaks + cplusplus.SelfAssignment + deadcode.DeadStores + nullability.NullPassedToNonnull + nullability.NullReturnedFromNonnull + security.insecureAPI.getpw + security.insecureAPI.gets + security.insecureAPI.mkstemp + security.insecureAPI.mktemp + security.insecureAPI.UncheckedReturn + security.insecureAPI.vfork + unix.API + unix.cstring.BadSizeArg + unix.cstring.NullArg + unix.Malloc + unix.MallocSizeof + unix.MismatchedDeallocator + unix.StdCLibraryFunctions + unix.Vfork + + + -analyzer-store=region + -analyzer-opt-analyze-nested-blocks + -analyzer-eagerly-assume + + + + + + Debug + + build/Debug + sdkconfig-debug + false + + + + Release + + build/Release + sdkconfig-release + false + + + + + + + + + + + + + false + false + false + false + false + false + false + false + false + + false + false + false + false + false + false + true + false + None + false + false + + true + false + false + true + 0 + false + 0 + true + false + + + openocd + + -f interface/ftdi/tigard.cfg -f target/esp8266.cfg + + + + false + + 131072 + Enabled + + set remotetimeout 60 + target remote :$$SYS:GDB_PORT$$ + mon reset halt + load + mon xtensa_no_interrupts_during_steps on + mon esp8266_autofeed_watchdog on + + false + 0 + 0 + false + + 0 + Soft + 4096 + 4096 + + size4M + freq40M + QIO + + + + true + Disabled + 0 + false + false + true + false + false + + _estack + 0 + false + + true + + \ No newline at end of file diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c index 5d3844206e..ba8c82a76e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c index c3cccde41a..70a6cb816e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c @@ -1,6 +1,6 @@ /* time_helper.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h index 1de6f0f8bc..e0bee14e52 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h @@ -1,6 +1,6 @@ #ifndef _TIME_HELPER_H /* - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/ESP-IDF/libs/component.mk b/IDE/Espressif/ESP-IDF/libs/component.mk index 5234a007e1..ac239e538e 100644 --- a/IDE/Espressif/ESP-IDF/libs/component.mk +++ b/IDE/Espressif/ESP-IDF/libs/component.mk @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2023 wolfSSL Inc. +# Copyright (C) 2006-2024 wolfSSL Inc. # # This file is part of wolfSSL. # diff --git a/IDE/Espressif/ESP-IDF/user_settings.h b/IDE/Espressif/ESP-IDF/user_settings.h index 4b29234182..828aab9ff5 100644 --- a/IDE/Espressif/ESP-IDF/user_settings.h +++ b/IDE/Espressif/ESP-IDF/user_settings.h @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index 5011e51f2c..7fa3887361 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -133,6 +133,9 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_ser EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj # wolfSSL Test +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh + EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main @@ -151,11 +154,9 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C3.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C6.sln diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 61e51a36e5..a7bd319bf1 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -53,6 +53,8 @@ * Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) * DEBUG_WOLFSSL_BENCHMARK_TIMING * + * Turn on timer debugging (used when CPU cycles not available) + * WOLFSSL_BENCHMARK_TIMER_DEBUG */ #ifdef HAVE_CONFIG_H @@ -310,16 +312,36 @@ #endif /* WOLFSSL_NO_FLOAT_FMT */ #ifdef WOLFSSL_ESPIDF + #include + + /* Benchmark uses 64 bit integer formatting support. When new nanolib is + * enabled, all if the values in report are blank. */ + #ifdef CONFIG_NEWLIB_NANO_FORMAT + #if CONFIG_NEWLIB_NANO_FORMAT == 1 + #error "Nano newlib fomatting must not be enabled for benchmark" + #endif + #endif + #ifdef configTICK_RATE_HZ /* Define CPU clock cycles per tick of FreeRTOS clock * CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ is typically a value like 240 * configTICK_RATE_HZ is typically 100 or 1000. **/ + #if defined(CONFIG_IDF_TARGET_ESP8266) + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ + #endif + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ + #endif + #endif #define CPU_TICK_CYCLES ( \ (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \ / configTICK_RATE_HZ \ ) - #endif + #endif /* WOLFSSL_ESPIDF configTICK_RATE_HZ */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) #include "driver/gptimer.h" static gptimer_handle_t esp_gptimer = NULL; @@ -336,18 +358,24 @@ #define RESOLUTION_SCALE 100 static gptimer_handle_t esp_gptimer = NULL; static gptimer_config_t esp_timer_config = { - .clk_src = GPTIMER_CLK_SRC_DEFAULT, - .direction = GPTIMER_COUNT_UP, - .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * (MILLION_VALUE / RESOLUTION_SCALE), /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160 */ - }; + .clk_src = GPTIMER_CLK_SRC_DEFAULT, + .direction = GPTIMER_COUNT_UP, + /* CONFIG_XTAL_FREQ = 40, + * CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160 */ + .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * + (MILLION_VALUE / RESOLUTION_SCALE), + }; #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ #elif defined(CONFIG_IDF_TARGET_ESP32) || \ defined(CONFIG_IDF_TARGET_ESP32S2) || \ defined(CONFIG_IDF_TARGET_ESP32S3) #include + #elif defined(CONFIG_IDF_TARGET_ESP8266) + /* no CPU HAL for ESP8266, we'll use RTOS tick calc extimates */ + #include #elif defined(CONFIG_IDF_TARGET_ESP32H2) - + /* TODO add ESP32-H2 benchmark support */ #else /* Other platform */ #endif @@ -1285,10 +1313,10 @@ static const char* bench_result_words3[][5] = { /* TAG for ESP_LOGx() */ static const char* TAG = "wolfssl_benchmark"; - static THREAD_LS_T word64 begin_cycles; - static THREAD_LS_T word64 begin_cycles_ticks; - static THREAD_LS_T word64 end_cycles; - static THREAD_LS_T word64 total_cycles; + static THREAD_LS_T word64 begin_cycles = 0; + static THREAD_LS_T word64 begin_cycles_ticks = 0; + static THREAD_LS_T word64 end_cycles = 0; + static THREAD_LS_T word64 total_cycles = 0; /* the return value, as a global var */ static THREAD_LS_T word64 _esp_get_cycle_count_ex = 0; @@ -1380,19 +1408,20 @@ static const char* bench_result_words3[][5] = { uint64_t thisIncrement = 0; /* The adjusted increment amount. */ uint64_t expected_diff = 0; /* FreeRTOS estimated expected CPU diff.*/ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - uint32_t tickCount = 0; /* Current rtos tick counter. */ - uint32_t tickDiff = 0; /* Tick difference from last check. */ - uint32_t tickBeginDiff = 0; /* Tick difference from beginning. */ + uint64_t tickCount = 0; /* Currrent rtos tick counter. */ + uint64_t tickDiff = 0; /* Tick difference from last check. */ + uint64_t tickBeginDiff = 0; /* Tick difference from beginning. */ + #endif + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */ + uint64_t diffDiff = 0; /* Difference between CPU & Timer differences: + * (current - last) */ #endif - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG - uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */ - uint64_t diffDiff = 0; /* Difference between CPU & Timer differences: - * (current - last) */ ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, &thisTimerVal)); thisTimerVal = thisTimerVal * RESOLUTION_SCALE; #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ @@ -1405,9 +1434,19 @@ static const char* bench_result_words3[][5] = { /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa? * Calling current_time(1) to reset time causes thisVal overflow, * on Xtensa, but not on RISC-V architecture. See also, below */ - #ifndef __XTENSA__ + #if defined(CONFIG_IDF_TARGET_ESP8266) || (ESP_IDF_VERSION_MAJOR < 5) + #ifndef configCPU_CLOCK_HZ + /* esp_cpu_get_cycle_count not available in ESP-IDF v4 */ + #define configCPU_CLOCK_HZ \ + (CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) + #endif + /* There's no CPU counter on the ESP8266 (Tensilica). Using RTOS */ + thisVal = (uint64_t)xTaskGetTickCount() * + (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ); + #elif defined(__XTENSA__) thisVal = esp_cpu_get_cycle_count(); #else + /* Not Tensilica(ESP8266), not Xtensa(ESP32/-S2/-S3, then RISC-V */ thisVal = xthal_get_ccount(); /* or esp_cpu_get_cycle_count(); */ #endif #endif @@ -1418,9 +1457,9 @@ static const char* bench_result_words3[][5] = { tickDiff = tickCount - last_tickCount; /* ticks since bench start */ expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */ ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES); - ESP_LOGV(TAG, "tickCount = %lu", tickCount); - ESP_LOGV(TAG, "last_tickCount = %lu", last_tickCount); - ESP_LOGV(TAG, "tickDiff = %lu", tickDiff); + ESP_LOGV(TAG, "tickCount = %llu", tickCount); + ESP_LOGV(TAG, "last_tickCount = %u", last_tickCount); + ESP_LOGV(TAG, "tickDiff = %llu", tickDiff); ESP_LOGV(TAG, "expected_diff1 = %llu", expected_diff); } #endif @@ -1444,10 +1483,13 @@ static const char* bench_result_words3[][5] = { ** overflow CPU tick count, all will be well. */ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGW(TAG, - "Alert: Detected xthal_get_ccount overflow at %llu, " - "adding UINT_MAX.", - thisVal); + ESP_LOGW(TAG, "Alert: Detected xthal_get_ccount overflow at " + "(%llu < %llu) adding UINT_MAX = %llu.", + thisVal, _esp_cpu_count_last, (uint64_t) UINT_MAX); + #endif + #if !defined(CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ) && \ + !defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) + #error "CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ not found" #endif /* double check expected diff calc */ @@ -1474,9 +1516,9 @@ static const char* bench_result_words3[][5] = { tickBeginDiff = tickCount - begin_cycles_ticks; ESP_LOGI(TAG, "begin_cycles_ticks = %llu", begin_cycles_ticks); - ESP_LOGI(TAG, "tickDiff = %lu", tickDiff); + ESP_LOGI(TAG, "tickDiff = %llu", tickDiff); ESP_LOGI(TAG, "expected_diff = %llu", expected_diff); - ESP_LOGI(TAG, "tickBeginDiff = %lu", tickBeginDiff); + ESP_LOGI(TAG, "tickBeginDiff = %llu", tickBeginDiff); ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); } @@ -1541,16 +1583,26 @@ static const char* bench_result_words3[][5] = { * when resetting CPU cycle counter? FreeRTOS tick collision? * thisVal = esp_cpu_get_cycle_count(); See also, above * or thisVal = xthal_get_ccount(); */ - #if ESP_IDF_VERSION_MAJOR < 5 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* There's no CPU counter on the ESP8266, so we'll estimate + * cycles based on defined CPU frequency from sdkconfig and + * the RTOS tick frequency */ + _esp_cpu_count_last = (uint64_t)xTaskGetTickCount() * + (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ); + #elif ESP_IDF_VERSION_MAJOR < 5 _esp_cpu_count_last = xthal_get_ccount(); #else _esp_cpu_count_last = esp_cpu_get_cycle_count(); #endif #endif + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGI(TAG, "_esp_cpu_count_last = %llu", _esp_cpu_count_last); + #endif + /* Return the 64 bit extended total from 32 bit counter. */ return _esp_get_cycle_count_ex; - } + } /* esp_get_cycle_count_ex for esp_get_cpu_benchmark_cycles() */ /* implement other architecture cycle counters here */ @@ -2200,11 +2252,10 @@ static WC_INLINE int bench_stats_check(double start) int ret = 0; double this_current_time; this_current_time = current_time(0); /* get the timestamp, no reset */ -#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) - #if (WOLFSSL_ESPIDF) - ESP_LOGI(TAG, "bench_stats_check Current time %f, start %f", - this_current_time, start ); - #endif + +#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF) + ESP_LOGV(TAG, "bench_stats_check: Current time %f, start %f", + this_current_time, start ); #endif ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC @@ -12861,9 +12912,9 @@ void bench_sphincsKeySign(byte level, byte optim) typiclly in app_startup.c */ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGV(TAG, "tickCount = %lu", tickCount); + ESP_LOGV(TAG, "tickCount = %d", tickCount); if (tickCount == last_tickCount) { - ESP_LOGW(TAG, "last_tickCount unchanged? %lu", tickCount); + ESP_LOGW(TAG, "last_tickCount unchanged? %d", tickCount); } if (tickCount < last_tickCount) { @@ -12873,13 +12924,13 @@ void bench_sphincsKeySign(byte level, byte optim) if (reset) { #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGW(TAG, "Assign last_tickCount = %lu", tickCount); + ESP_LOGW(TAG, "Assign last_tickCount = %d", tickCount); #endif last_tickCount = tickCount; } else { #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGW(TAG, "No Reset last_tickCount = %lu", tickCount); + ESP_LOGV(TAG, "No Reset last_tickCount = %d", tickCount); #endif } diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 0a6fa2154a..11d726bea6 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -117,6 +117,9 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/Espressif/esp32_sha.c \ wolfcrypt/src/port/Espressif/esp32_util.c \ wolfcrypt/src/port/Espressif/esp32_mp.c \ + wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c \ + wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c \ + wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c \ wolfcrypt/src/port/Espressif/README.md \ wolfcrypt/src/port/arm/cryptoCell.c \ wolfcrypt/src/port/arm/cryptoCellHash.c \ diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md index 5d2fa27e0c..40114f9fd9 100644 --- a/wolfcrypt/src/port/Espressif/README.md +++ b/wolfcrypt/src/port/Espressif/README.md @@ -70,6 +70,29 @@ To view disassembly, add `__attribute__((section(".iram1")))` decorator. Foe exa static int __attribute__((section(".iram1"))) memblock_peek(volatile u_int32_t mem_address) ``` +### VisualGDB + +Each project example has a `VisuaGDB` directory with sample project files for [Sysprogs VisualGDB](https://visualgdb.com). + +For installing multiple toolchains, see the [documentation](https://visualgdb.com/documentation/espidf/). + +The library naming format used at wolfSSL: + +``` +HKEY_CURRENT_USER\Software\Sysprogs\GNUToolchains +``` + +| Registry String Value Name | Value Data | +| -------------------------------- |----------------------- | +| `SysGCC-xtensa-lx106-elf-8.4.0` | `C:\SysGCC\esp8266` | +| `SysGCC-xtensa-esp32-elf-8.4.0` | `C:\SysGCC\esp32-8.4` | +| `SysGCC-xtensa-esp32-elf-13.2.0` | `C:\SysGCC\esp32` | +| `SysGCC-xtensa-esp32-elf-12.4.0` | `C:\SysGCC\esp32-12.4` | +| `SysGCC-xtensa-esp32-elf-11.2.0` | `C:\SysGCC\esp32-11.2` | + +Note the latest toolchain value is the default install name of `C:\SysGCC\esp32`. + + ### Benchmarks w/ `USE_FAST_MATH` and `WOLFSSL_SMALL_STACK` options diff --git a/wolfcrypt/src/port/Espressif/esp32_aes.c b/wolfcrypt/src/port/Espressif/esp32_aes.c index 84211ee268..e9c0104a5a 100644 --- a/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -1,6 +1,6 @@ /* esp32_aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c index 58925626bc..83316fe92c 100644 --- a/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -1,6 +1,6 @@ /* esp32_mp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index a2244af173..0a90dba89f 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -1,6 +1,6 @@ /* esp32_sha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c index 03e973ee34..793554a4a8 100644 --- a/wolfcrypt/src/port/Espressif/esp32_util.c +++ b/wolfcrypt/src/port/Espressif/esp32_util.c @@ -1,6 +1,6 @@ /* esp32_util.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,6 +36,7 @@ #include #if ESP_IDF_VERSION_MAJOR > 4 #include + #include #endif /* wolfSSL */ #include /* needed to print MATH_INT_T value */ @@ -118,7 +119,7 @@ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) { * call the ESP-IDF mutex UNlock; xSemaphoreGive * */ -int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { +esp_err_t esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { if (mutex == NULL) { WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex"); return BAD_MUTEX_E; @@ -151,6 +152,13 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { #if defined(WOLFSSL_ESPIDF) static int ShowExtendedSystemInfo_platform_espressif(void) { +#ifdef WOLFSSL_ESP_NO_WATCHDOG + ESP_LOGI(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG"); +#else + ESP_LOGW(TAG, "Watchdog active; " + "missing WOLFSSL_ESP_NO_WATCHDOG definition."); +#endif + #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz", CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ); @@ -219,8 +227,10 @@ static int ShowExtendedSystemInfo_platform_espressif(void) /* not supported at this time */ #endif - /* check to see if we are using hardware encryption */ -#if defined(NO_ESP32_CRYPT) +/* check to see if we are using hardware encryption */ +#if defined(CONFIG_IDF_TARGET_ESP8266) + WOLFSSL_VERSION_PRINTF("No HW acceleration on ESP8266."); +#elif defined(NO_ESP32_CRYPT) WOLFSSL_VERSION_PRINTF("NO_ESP32_CRYPT defined! " "HW acceleration DISABLED."); #else @@ -246,7 +256,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void) #error "ESP32_CRYPT not yet supported on this IDF TARGET" #endif - /* Even though enabled, some specifics may be disabled */ + /* Even though enabled, some specifics may be disabled */ #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH) WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_HASH is defined!" "(disabled HW SHA)."); @@ -385,11 +395,11 @@ int esp_current_boot_count(void) /* See macro helpers above; not_defined is macro name when *not* defined */ static int show_macro(char* s, char* not_defined) { - char hd1[] = "Macro Name Defined Not Defined"; - char hd2[] = "------------------------- --------- -------------"; - char msg[] = "......................... "; - /* 012345678901234567890123456789012345678901234567890 */ - /* 1 2 3 4 5 */ + const char hd1[] = "Macro Name Defined Not Defined"; + char hd2[] = "------------------------- --------- -------------"; + char msg[] = "......................... "; + /* 012345678901234567890123456789012345678901234567890 */ + /* 1 2 3 4 5 */ size_t i = 0; #define MAX_STATUS_NAME_LENGTH 25 #define ESP_SMS_ENA_POS 30 @@ -424,7 +434,7 @@ static int show_macro(char* s, char* not_defined) } /* Show some interesting settings */ -int ShowExtendedSystemInfo_config(void) +esp_err_t ShowExtendedSystemInfo_config(void) { esp_ShowMacroStatus_need_header = 1; @@ -454,6 +464,7 @@ int ShowExtendedSystemInfo_config(void) /* Optimizations */ show_macro("RSA_LOW_MEM", STR_IFNDEF(RSA_LOW_MEM)); + show_macro("SMALL_SESSION_CACHE", STR_IFNDEF(SMALL_SESSION_CACHE)); /* Security Hardening */ show_macro("WC_NO_HARDEN", STR_IFNDEF(WC_NO_HARDEN)); @@ -473,6 +484,8 @@ int ShowExtendedSystemInfo_config(void) show_macro("WOLFSSL_AES_NO_UNROLL", STR_IFNDEF(WOLFSSL_AES_NO_UNROLL)); show_macro("TFM_TIMING_RESISTANT", STR_IFNDEF(TFM_TIMING_RESISTANT)); show_macro("ECC_TIMING_RESISTANT", STR_IFNDEF(ECC_TIMING_RESISTANT)); + + /* WC_RSA_BLINDING takes up additional space: */ show_macro("WC_RSA_BLINDING", STR_IFNDEF(WC_RSA_BLINDING)); show_macro("NO_WRITEV", STR_IFNDEF(NO_WRITEV)); @@ -482,7 +495,7 @@ int ShowExtendedSystemInfo_config(void) show_macro("WOLFSSL_NO_CURRDIR", STR_IFNDEF(WOLFSSL_NO_CURRDIR)); show_macro("WOLFSSL_LWIP", STR_IFNDEF(WOLFSSL_LWIP)); - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); #if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT) ESP_LOGI(TAG, "Compiler Optimization: Default"); #elif defined(CONFIG_COMPILER_OPTIMIZATION_SIZE) @@ -494,7 +507,7 @@ int ShowExtendedSystemInfo_config(void) #else ESP_LOGI(TAG, "Compiler Optimization: Unknown"); #endif - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); return ESP_OK; } @@ -629,7 +642,7 @@ int ShowExtendedSystemInfo(void) #ifdef INCLUDE_uxTaskGetStackHighWaterMark ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); #endif - ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); ShowExtendedSystemInfo_config(); ShowExtendedSystemInfo_git(); @@ -643,29 +656,111 @@ int ShowExtendedSystemInfo(void) return ESP_OK; } -int esp_ShowExtendedSystemInfo(void) +esp_err_t esp_ShowExtendedSystemInfo(void) { /* Someday the ShowExtendedSystemInfo may be global. * See https://github.com/wolfSSL/wolfssl/pull/6149 */ return ShowExtendedSystemInfo(); } +/* + * Disable the watchdog timer (use with caution) + */ + +esp_err_t esp_DisableWatchdog(void) +{ + esp_err_t ret = ESP_OK; +#if defined(CONFIG_IDF_TARGET_ESP8266) + /* magic bit twiddle to disable WDT on ESP8266 */ + *((volatile uint32_t*) 0x60000900) &= ~(1); +#elif CONFIG_IDF_TARGET_ESP32S3 + ESP_LOGW(TAG, "esp_DisableWatchdog TODO S3"); +#else + #if ESP_IDF_VERSION_MAJOR >= 5 + { + #if defined(CONFIG_IDF_TARGET_ESP32) + rtc_wdt_protect_off(); + rtc_wdt_disable(); + #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform."); + #else + rtc_wdt_protect_off(); + rtc_wdt_disable(); + #endif + } + #else + ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d", + ESP_IDF_VERSION_MAJOR); + #endif +#endif + +#ifdef DEBUG_WOLFSSL + ESP_LOGI(TAG, "Watchdog disabled."); +#endif + + return ret; +} + +/* + * Enable the watchdog timer. + */ + +esp_err_t esp_EnabledWatchdog(void) +{ + esp_err_t ret = ESP_OK; +#if defined(CONFIG_IDF_TARGET_ESP8266) + /* magic bit twiddle to enable WDT on ESP8266 */ + *((volatile uint32_t*) 0x60000900) |= 1; +#elif CONFIG_IDF_TARGET_ESP32S3 + ESP_LOGW(TAG, "esp_EnableWatchdog TODO S3"); +#else + #if ESP_IDF_VERSION_MAJOR >= 5 + { + #if defined(CONFIG_IDF_TARGET_ESP32) + rtc_wdt_protect_on(); + rtc_wdt_enable(); + #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform."); + #else + rtc_wdt_protect_on(); + rtc_wdt_enable(); + #endif + } + #else + ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d", + ESP_IDF_VERSION_MAJOR); + #endif +#endif + +#ifdef DEBUG_WOLFSSL + ESP_LOGI(TAG, "Watchdog enabled."); +#endif + + return ret; +} + /* Print a MATH_INT_T attribute list. * * Note with the right string parameters, the result can be pasted as * initialization code. */ -int esp_show_mp_attributes(char* c, MATH_INT_T* X) +esp_err_t esp_show_mp_attributes(char* c, MATH_INT_T* X) { static const char* MP_TAG = "MATH_INT_T"; - int ret = ESP_OK; + esp_err_t ret = ESP_OK; if (X == NULL) { ret = ESP_FAIL; ESP_LOGV(MP_TAG, "esp_show_mp_attributes called with X == NULL"); } else { - ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); ESP_LOGI(MP_TAG, "%s.used = %d;", c, X->used); #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH) ESP_LOGI(MP_TAG, "%s.sign = %d;", c, X->sign); @@ -679,10 +774,10 @@ int esp_show_mp_attributes(char* c, MATH_INT_T* X) * Note with the right string parameters, the result can be pasted as * initialization code. */ -int esp_show_mp(char* c, MATH_INT_T* X) +esp_err_t esp_show_mp(char* c, MATH_INT_T* X) { static const char* MP_TAG = "MATH_INT_T"; - int ret = MP_OKAY; + esp_err_t ret = ESP_OK; int words_to_show = 0; if (X == NULL) { @@ -717,16 +812,16 @@ int esp_show_mp(char* c, MATH_INT_T* X) i /* the index, again, for comment */ ); } - ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); } return ret; } /* Perform a full mp_cmp and binary compare. * (typically only used during debugging) */ -int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B) +esp_err_t esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B) { - int ret = MP_OKAY; + esp_err_t ret = ESP_OK; int e = memcmp(A, B, sizeof(mp_int)); if (mp_cmp(A, B) == MP_EQ) { if (e == 0) { @@ -769,6 +864,7 @@ int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B) } if (ret == MP_OKAY) { + ret = ESP_OK; ESP_LOGV(TAG, "esp_mp_cmp equal for %s and %s!", name_A, name_B); } @@ -779,7 +875,7 @@ int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B) return ret; } -int esp_hw_show_metrics(void) +esp_err_t esp_hw_show_metrics(void) { #if defined(WOLFSSL_HW_METRICS) #if defined(WOLFSSL_ESP32_CRYPT) diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c new file mode 100644 index 0000000000..b04b6c1013 --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -0,0 +1,275 @@ +/* esp_sdk_mem_lib.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include +#endif + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +#if defined(WOLFSSL_USER_SETTINGS) + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif + +/* Espressif */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig */ +#include +#include + +/* wolfSSL */ +#include + +static const char* TAG = "mem lib"; +static intptr_t _starting_stack_pointer = 0; +static int _stack_used = 0; + + +/* see + * C:\SysGCC\esp8266\rtos-sdk\v3.4\components\esp8266\ld\esp8266.project.ld.in + */ +extern wc_ptr_t _data_start[]; +extern wc_ptr_t _data_end[]; +extern wc_ptr_t _rodata_start[]; +extern wc_ptr_t _rodata_end[]; +extern wc_ptr_t _bss_start[]; +extern wc_ptr_t _bss_end[]; +extern wc_ptr_t _rtc_data_start[]; +extern wc_ptr_t _rtc_data_end[]; +extern wc_ptr_t _rtc_bss_start[]; +extern wc_ptr_t _rtc_bss_end[]; +extern wc_ptr_t _iram_start[]; +extern wc_ptr_t _iram_end[]; +#if defined(CONFIG_IDF_TARGET_ESP8266) +extern wc_ptr_t _init_start[]; +extern wc_ptr_t _init_end[]; +#endif +extern wc_ptr_t _iram_text_start[]; +extern wc_ptr_t _iram_text_end[]; +extern wc_ptr_t _iram_bss_start[]; +extern wc_ptr_t _iram_bss_end[]; +extern wc_ptr_t _noinit_start[]; +extern wc_ptr_t _noinit_end[]; +extern wc_ptr_t _text_start[]; +extern wc_ptr_t _text_end[]; +extern wc_ptr_t _heap_start[]; +extern wc_ptr_t _heap_end[]; +extern wc_ptr_t _rtc_data_start[]; +extern wc_ptr_t _rtc_data_end[]; +extern void* _thread_local_start; +extern void* _thread_local_end; + +/* See https://github.com/esp8266/esp8266-wiki/wiki/Memory-Map */ +#define MEM_MAP_IO_START ((void*)(0x3FF00000)) +#define MEM_MAP_IO_END ((void*)(0x3FF0FFFF)) +#define USER_DATA_START ((void*)(0x3FFE8000)) +#define USER_DATA_END ((void*)(0x3FFE8000 + 0x14000)) +#define ETS_SYS_START ((void*)(0x3FFFC000)) +#define ETS_SYS_END ((void*)(0x3FFFC000 + 0x4000)) +#define IRAM1_START ((void*)(0x40100000)) +#define IRAM1_END ((void*)(0x40100000 + 0x8000)) +#define IRAMF1_START ((void*)(0x40108000)) +#define IRAMF1_END ((void*)(0x40108000 + 0x4000)) +#define IRAMF2_START ((void*)(0x4010C000)) +#define IRAMF2_END ((void*)(0x4010C000 + 0x4000)) + +enum sdk_memory_segment +{ + /* Ensure this list exactly matches order in sdk_memory_segment_text */ + mem_map_io = 0, + thread_local, + data, + user_data_ram, + bss, + noinit, + ets_system, + iram1, + iramf1, + iramf2, + iram, + iram_text, + iram_bss, + init, + text, + rodata, + rtc_data, + SDK_MEMORY_SEGMENT_COUNT +}; + +static void* sdk_memory_segment_start[SDK_MEMORY_SEGMENT_COUNT + 1] = {}; +static void* sdk_memory_segment_end[SDK_MEMORY_SEGMENT_COUNT + 1] = {}; +static const char* sdk_memory_segment_text[SDK_MEMORY_SEGMENT_COUNT + 1] = { + "C memory map io ", + "* thread_local ", + "C data ", + "* user data ram ", + "* bss ", + "* noinit ", + "C ets system ", + "C iram1 ", + "C iramf1 ", + "C iramf2 ", + "* iram ", + "* iram_text ", + "* iram_bss ", + "* init ", + "* text ", + "* rodata ", + "* rtc data ", + "last item", +}; + +/* Given a given memory segment [m]: assign text names, starting and ending + * addresses. See also sdk_var_whereis() that requires this initialization. */ +int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end) +{ + const char* str; + int len = 0; + str = sdk_memory_segment_text[m]; + sdk_memory_segment_start[m] = start; + sdk_memory_segment_end[m] = end; + /* For ESP8266 See ./build/[Debug|Release]/esp8266/esp8266.project.ld */ + /* For ESP32 See ./build/VisualGDB/Debug/esp-idf/esp_system/ld/ */ + if (m == SDK_MEMORY_SEGMENT_COUNT) { + ESP_LOGI(TAG, " Linker Memory Map"); + ESP_LOGI(TAG, "-----------------------------------------------------"); + ESP_LOGI(TAG, " Start End Length"); + } + else { + len = (uint32_t)end - (uint32_t)start; + ESP_LOGI(TAG, "%s: %p ~ %p : 0x%05x (%d)", str, start, end, len, len ); + } + return ESP_OK; +} + +/* Show all known linker memory segment names, starting & ending addresses. */ +int sdk_init_meminfo(void) { + void* sample_heap_var; + int sample_stack_var = 0; + + sdk_log_meminfo(SDK_MEMORY_SEGMENT_COUNT, NULL, NULL); /* print header */ + sdk_log_meminfo(mem_map_io, MEM_MAP_IO_START, MEM_MAP_IO_END); + sdk_log_meminfo(thread_local, _thread_local_start, _thread_local_end); + sdk_log_meminfo(data, _data_start, _data_end); + sdk_log_meminfo(user_data_ram, USER_DATA_START, USER_DATA_END); + sdk_log_meminfo(bss, _bss_start, _bss_end); + sdk_log_meminfo(noinit, _noinit_start, _noinit_end); + sdk_log_meminfo(ets_system, ETS_SYS_START, ETS_SYS_END); + sdk_log_meminfo(rodata, _rodata_start, _rodata_end); + sdk_log_meminfo(iram1, IRAM1_START, IRAM1_END); + sdk_log_meminfo(iramf1, IRAMF1_START, IRAMF1_END); + sdk_log_meminfo(iramf2, IRAMF2_START, IRAMF2_END); + sdk_log_meminfo(iram, _iram_start, _iram_end); + sdk_log_meminfo(iram_text, _iram_text_start, _iram_text_end); + sdk_log_meminfo(iram_bss, _iram_bss_start, _iram_bss_end); +#if defined(CONFIG_IDF_TARGET_ESP8266) + sdk_log_meminfo(init, _init_start, _init_end); +#endif + sdk_log_meminfo(text, _text_start, _text_end); + sdk_log_meminfo(rtc_data, _rtc_data_start, _rtc_data_end); + ESP_LOGI(TAG, "-----------------------------------------------------"); + sample_heap_var = malloc(1); + if (sample_heap_var == NULL) { + ESP_LOGE(TAG, "Unable to allocate heap memory in sdk_var_whereis()."); + } + else { + sdk_var_whereis("sample_stack_var", (void*)&sample_stack_var); + sdk_var_whereis("sample_heap_var", sample_heap_var); + free(sample_heap_var); + } + return ESP_OK; +} + +/* Returns ESP_OK if found in known memory map, ESP_FAIL otherwise */ +esp_err_t sdk_var_whereis(const char* v_name, void* v) { + esp_err_t ret = ESP_FAIL; + + for (enum sdk_memory_segment m = 0 ;m < SDK_MEMORY_SEGMENT_COUNT; m++) { + if (v >= sdk_memory_segment_start[m] && + v <= sdk_memory_segment_end[m]) { + ret = ESP_OK; + ESP_LOGI(TAG, "Variable [%s] found at %p in %s", v_name, v, + sdk_memory_segment_text[m]); + if (m == user_data_ram) { + + } + } + } + + if (ret == ESP_FAIL) { + ESP_LOGW(TAG, "%s not found in known memory map: %p", v_name, v); + } + return ret; +} + +intptr_t esp_sdk_stack_pointer(void) +{ + intptr_t sp = 0; +#if defined(CONFIG_IDF_TARGET_ARCH_RISCV) + if (CONFIG_IDF_TARGET_ARCH_RISCV == 1) { + __asm volatile("mv %0, sp" : "=r" (sp)); + } +#elif defined(CONFIG_IDF_TARGET_ARCH_XTENSA) + if (CONFIG_IDF_TARGET_ARCH_XTENSA == 1) { + __asm volatile("mov %0, sp" : "=r"(sp)); + } +#endif + if (_starting_stack_pointer == 0) { + _starting_stack_pointer = sp; + } + _stack_used = _starting_stack_pointer - sp; + return sp; +} + +esp_err_t esp_sdk_mem_lib_init(void) +{ + int ret = ESP_OK; + sdk_init_meminfo(); + ESP_LOGI(TAG, "esp_sdk_mem_lib_init Ver %d", ESP_SDK_MEM_LIB_VERSION); + return ret; +} + #ifndef SINGLE_THREADED + #include "semphr.h" + #endif + +void* wc_debug_pvPortMalloc(size_t size, + const char* file, int line, const char* fname) { + void* ret = NULL; + ret = pvPortMalloc(size); + if (ret == NULL) { + ESP_LOGE("malloc", "%s:%d (%s)", file, line, fname); + ESP_LOGE("malloc", "Failed Allocating memory of size: %d bytes", size); + } + return ret; +} + +#endif diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c new file mode 100644 index 0000000000..6cfaca6ce5 --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -0,0 +1,441 @@ +/* esp_sdk_time_lib.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +/* Reminder: user_settings.h is needed and included from settings.h + * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +#include + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +/* Espressif */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig */ +#include +#include + +/* wolfSSL */ +#include + +#define ESP_SDK_TIME_LIB_VERSION 1 + +static const char* TAG = "time lib"; + +esp_err_t esp_sdk_time_lib_init(void) +{ + int ret = ESP_OK; + ESP_LOGI(TAG, "esp_sdk_time_lib_init Ver %d", ESP_SDK_TIME_LIB_VERSION); + return ret; +} + +#if defined(CONFIG_IDF_TARGET_ESP8266) + #include + +#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) + #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR == 1) + #define HAS_ESP_NETIF_SNTP 1 + #include + #include + #elif (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR > 1) + #define HAS_ESP_NETIF_SNTP 1 + #include + #include + #else + #include + #include + #endif + +#else + /* TODO Consider non ESP-IDF environments */ +#endif + +/* ESP-IDF uses a 64-bit signed integer to represent time_t + * starting from release v5.0 + * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + */ + +/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +#ifndef TIME_ZONE + /* + * PST represents Pacific Standard Time. + * +8 specifies the offset from UTC (Coordinated Universal Time), + * indicating that Pacific Time is UTC-8 during standard time. + * PDT represents Pacific Daylight Time. + * M3.2.0 indicates that Daylight Saving Time (DST) starts on the + * second (2) Sunday (0) of March (3). + * M11.1.0 indicates that DST ends on the first (1) Sunday (0) + * of November (11) + */ + #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" +#endif /* not defined: TIME_ZONE, so we are setting our own */ + +#define NTP_RETRY_COUNT 10 + +/* NELEMS(x) number of elements + * To determine the number of elements in the array, we can divide the total + * size of the array by the size of the array element. + * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c + **/ +#define NELEMS(x) ( (int)(sizeof(x) / sizeof((x)[0])) ) + +/* See also CONFIG_LWIP_SNTP_MAX_SERVERS in sdkconfig */ +#define NTP_SERVER_LIST ( (char*[]) { \ + "pool.ntp.org", \ + "time.nist.gov", \ + "utcnist.colorado.edu" \ + } \ + ) +/* #define NTP_SERVER_COUNT using NELEMS: + * + * (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0])) + */ +#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST) + +#ifndef CONFIG_LWIP_SNTP_MAX_SERVERS + /* We should find max value in sdkconfig, if not set it to our count:*/ + #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT +#endif + +/* our NTP server list is global info */ +extern char* ntpServerList[NTP_SERVER_COUNT]; + +char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; + +/* Show the current date and time */ +int esp_show_current_datetime(void) +{ + time_t now; + char strftime_buf[64]; + struct tm timeinfo; + + time(&now); + setenv("TZ", TIME_ZONE, 1); + tzset(); + + localtime_r(&now, &timeinfo); + strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); + ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); + return ESP_OK; +} + +/* the worst-case scenario is a hard-coded date/time */ +int set_fixed_default_time(void) +{ + /* ideally, we'd like to set time from network, + * but let's set a default time, just in case */ + struct tm timeinfo = { + .tm_year = 2024 - 1900, + .tm_mon = 1, + .tm_mday = 05, + .tm_hour = 13, + .tm_min = 01, + .tm_sec = 05 + }; + struct timeval now; + time_t interim_time; + int ret = -1; + + /* set interim static time */ + interim_time = mktime(&timeinfo); + + ESP_LOGI(TAG, "Adjusting time from fixed value"); + now = (struct timeval){ .tv_sec = interim_time }; +#if defined(CONFIG_IDF_TARGET_ESP8266) + (void)now; +#else + ret = settimeofday(&now, NULL); +#endif + ESP_LOGI(TAG, "settimeofday result = %d", ret); + return ret; +} + +/* probably_valid_time_string(s) + * + * some sanity checks on time string before calling sscanf() + * + * returns 0 == ESP_OK == Success if str is likely a valid time. + * -1 == ESP_FAIL otherwise + */ +int probably_valid_time_string(const char* str) +{ + int ret = ESP_OK; + size_t length = 0; + size_t spaces = 0; + size_t colons = 0; + + while (str[length] != '\0') { + if (str[length] == ' ') { + spaces++; + } + if (str[length] == ':') { + colons++; + } + length++; + } + + if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) { + ret = ESP_FAIL; + ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str); + } + return ret; +} + +#if defined(CONFIG_IDF_TARGET_ESP8266) +/* TODO implement time functions for ESP8266 */ +int set_time_from_string(const char* time_buffer) +{ + ESP_LOGE(TAG, "set_time_from_string not implemented for ESP8266"); + return ESP_FAIL; +} + +int set_time(void) +{ + ESP_LOGE(TAG, "set_time not implemented for ESP8266"); + return ESP_FAIL; +} + +int set_time_wait_for_ntp(void) +{ + ESP_LOGE(TAG, "set_time_wait_for_ntp not implemented for ESP8266"); + return ESP_FAIL; +} + +#else +/* ESP32 Time Helpers */ + +/* set_time_from_string(s) + * + * returns 0 = success if able to set the time from the provided string + * error for any other value, typically -1 */ +int set_time_from_string(const char* time_buffer) +{ + /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */ + char offset[28]; /* large arrays, just in case there's still bad data */ + char day_str[28]; + char month_str[28]; + const char *format = "%3s %3s %d %d:%d:%d %d %s"; + struct tm this_timeinfo; + struct timeval now; + time_t interim_time; + int day, year, hour, minute, second; + int quote_offset = 0; + int ret = 0; + + /* perform some basic sanity checkes */ + ret = probably_valid_time_string(time_buffer); + if (ret == ESP_OK) { + /* we are expecting the string to be encapsulated in single quotes */ + if (*time_buffer == 0x27) { + quote_offset = 1; + } + + ret = sscanf(time_buffer + quote_offset, + format, + day_str, month_str, + &day, &hour, &minute, &second, &year, &offset); + + if (ret == 8) { + /* we found a match for all componets */ + + const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; + + for (int i = 0; i < 12; i++) { + if (strcmp(month_str, months[i]) == 0) { + this_timeinfo.tm_mon = i; + break; + } + } + + this_timeinfo.tm_mday = day; + this_timeinfo.tm_hour = hour; + this_timeinfo.tm_min = minute; + this_timeinfo.tm_sec = second; + this_timeinfo.tm_year = year - 1900; /* Years since 1900 */ + + interim_time = mktime(&this_timeinfo); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "Time updated to %s", time_buffer); + } + else { + ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", + time_buffer); + ESP_LOGI(TAG, "Trying fixed date that was hard-coded...."); + set_fixed_default_time(); + ret = ESP_FAIL; + } + } + + return ret; +} + +/* set time; returns 0 if succecssfully configured with NTP */ +int set_time(void) +{ +#ifndef NTP_SERVER_COUNT + ESP_LOGW(TAG, "Warning: no sntp server names defined. " + "Setting to empty list"); + #define NTP_SERVER_COUNT 0 + #warning "NTP not properly configured" +#endif /* not defined: NTP_SERVER_COUNT */ + +#ifdef HAS_ESP_NETIF_SNTP + #if CONFIG_LWIP_SNTP_MAX_SERVERS > 1 + esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG_MULTIPLE( + NTP_SERVER_COUNT, + ESP_SNTP_SERVER_LIST(ntpServerList[0]) + ); + #else + esp_sntp_config_t config = + ESP_NETIF_SNTP_DEFAULT_CONFIG(ntpServerList[0]); + #endif /* CONFIG_LWIP_SNTP_MAX_SERVERS > 1 */ +#endif /* HAS_ESP_NETIF_SNTP */ + + int ret = 0; + int i = 0; /* counter for time servers */ + + ESP_LOGI(TAG, "Setting the time. Startup time:"); + esp_show_current_datetime(); + +#ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE + /* initialy set a default approximate time from recent git commit */ + ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s", + LIBWOLFSSL_VERSION_GIT_HASH_DATE); + set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0"); + esp_show_current_datetime(); + + ret = -4; +#else + /* otherwise set a fixed time that was hard coded */ + set_fixed_default_time(); + esp_show_current_datetime(); + ret = -3; +#endif + +#ifdef CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH + config.smooth_sync = true; +#endif + + if (NTP_SERVER_COUNT) { + /* next, let's setup NTP time servers + * + * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * + * WARNING: do not set operating mode while SNTP client is running! + */ + /* TODO Consider esp_sntp_setoperatingmode(SNTP_OPMODE_POLL); */ + sntp_setoperatingmode(SNTP_OPMODE_POLL); + if (NTP_SERVER_COUNT > CONFIG_LWIP_SNTP_MAX_SERVERS) { + ESP_LOGW(TAG, "WARNING: %d NTP Servers defined, but " + "CONFIG_LWIP_SNTP_MAX_SERVERS = %d", + NTP_SERVER_COUNT,CONFIG_LWIP_SNTP_MAX_SERVERS); + } + ESP_LOGI(TAG, "sntp_setservername:"); + for (i = 0; i < CONFIG_LWIP_SNTP_MAX_SERVERS; i++) { + const char* thisServer = ntpServerList[i]; + if (strncmp(thisServer, "\x00", 1) == 0) { + /* just in case we run out of NTP servers */ + break; + } + ESP_LOGI(TAG, "%s", thisServer); + sntp_setservername(i, thisServer); + ret = ESP_OK; + } + #ifdef HAS_ESP_NETIF_SNTP + ret = esp_netif_sntp_init(&config); + #else + ESP_LOGW(TAG,"Warning: Consider upgrading ESP-IDF to take advantage " + "of updated SNTP libraries"); + #endif + if (ret == ESP_OK) { + ESP_LOGV(TAG, "Successfully called esp_netif_sntp_init"); + } + else { + ESP_LOGE(TAG, "ERROR: esp_netif_sntp_init return = %d", ret); + } + + sntp_init(); + switch (ret) { + case ESP_ERR_INVALID_STATE: + break; + default: + break; + } + ESP_LOGI(TAG, "sntp_init done."); + } + else { + ESP_LOGW(TAG, "No sntp time servers found."); + ret = -1; + } + + esp_show_current_datetime(); + ESP_LOGI(TAG, "time helper existing with result = %d", ret); + return ret; +} + +/* wait for NTP to actually set the time */ +int set_time_wait_for_ntp(void) +{ + int ret = 0; +#ifdef HAS_ESP_NETIF_SNTP + int ntp_retry = 0; + const int ntp_retry_count = NTP_RETRY_COUNT; + + ret = esp_netif_sntp_start(); + + ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); +#else + ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined"); +#endif /* HAS_ESP_NETIF_SNTP */ + esp_show_current_datetime(); + +#ifdef HAS_ESP_NETIF_SNTP + while (ret == ESP_ERR_TIMEOUT && (ntp_retry++ < ntp_retry_count)) { + ret = esp_netif_sntp_sync_wait(1000 / portTICK_PERIOD_MS); + ESP_LOGI(TAG, "Waiting for NTP to sync time... (%d/%d)", + ntp_retry, + ntp_retry_count); + esp_show_current_datetime(); + } +#endif /* HAS_ESP_NETIF_SNTP */ + +#ifdef TIME_ZONE + setenv("TZ", TIME_ZONE, 1); + tzset(); +#endif + + if (ret == ESP_OK) { + ESP_LOGI(TAG, "Successfuly set time via NTP servers."); + } + else { + ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " + "result = 0x%0x: %s", + ret, esp_err_to_name(ret)); + } + return ret; +} +#endif /* ESP32 or ESP8266 time helpers */ + +#endif diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c new file mode 100644 index 0000000000..2c6c8bfc47 --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -0,0 +1,468 @@ +/* esp_sdk_wifi_lib.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +/* Reminder: user_settings.h is needed and included from settings.h + * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +#include + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ +#ifndef NO_ESP_SDK_WIFI + +/* Espressif */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig */ +#include +#include +#include + + +/* wolfSSL */ +#include +#include + +#define ESP_SDK_WIFI_LIB_VERSION 1 + +static const char* TAG = "wifi lib"; + +esp_err_t esp_sdk_wifi_lib_init(void) +{ + int ret = ESP_OK; + ESP_LOGI(TAG, "esp_sdk_wifi_lib_init Ver %d", ESP_SDK_WIFI_LIB_VERSION); + return ret; +} + + +/* When there's too little heap, WiFi quietly refuses to connect */ +#define WIFI_LOW_HEAP_WARNING 21132 + +#if defined(CONFIG_IDF_TARGET_ESP8266) +#elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR) + /* example path set in cmake file */ +#elif ESP_IDF_VERSION_MAJOR >= 4 + #include "protocol_examples_common.h" +#else + const static int CONNECTED_BIT = BIT0; + static EventGroupHandle_t wifi_event_group; +#endif + +#if defined(CONFIG_IDF_TARGET_ESP8266) + +#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) + #if ESP_IDF_VERSION_MAJOR >= 4 + /* likely using examples, see wifi_connect.h */ + #else + /* TODO - still supporting pre V4 ? */ + const static int CONNECTED_BIT = BIT0; + static EventGroupHandle_t wifi_event_group; + #endif + #if (ESP_IDF_VERSION_MAJOR == 5) + #define HAS_WPA3_FEATURES + #else + #undef HAS_WPA3_FEATURES + #endif +#else + /* TODO Consider pre IDF v5? */ +#endif + +#if defined(CONFIG_IDF_TARGET_ESP8266) +#ifndef CONFIG_ESP_MAX_STA_CONN + #define CONFIG_ESP_MAX_STA_CONN 4 +#endif +#define EXAMPLE_MAX_STA_CONN CONFIG_ESP_MAX_STA_CONN + +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 +#ifndef CONFIG_ESP_MAXIMUM_RETRY + #define CONFIG_ESP_MAXIMUM_RETRY 5 +#endif +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; +static int s_retry_num = 0; + +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY + +#if 0 +static void event_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG,"connect to the AP fail"); + } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data; + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->ip_info.ip)); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} +#else +static void event_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) +{ + if (event_base == WIFI_EVENT) { + if (event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + ESP_LOGV(TAG, "Connect event!!"); + } + else { + if (event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, ">> Retry to connect to the AP"); + } + else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG, ">> Connect to the AP fail"); + } /* WIFI_EVENT_STA_DISCONNECTED */ + else if(event_id == IP_EVENT_STA_GOT_IP) { + ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data; + ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->ip_info.ip)); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } /* IP_EVENT_STA_GOT_IP */ + } /* not WIFI_EVENT_STA_START */ + } /* event_base == WIFI_EVENT */ +} /* event_handler */ + +#endif +esp_err_t esp_sdk_wifi_init_sta(void) +{ + word32 this_heap; + + s_wifi_event_group = xEventGroupCreate(); + + tcpip_adapter_init(); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, + &event_handler, NULL)); + ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, + &event_handler, NULL)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS + }, + }; + + /* Setting a password implies station will connect to all security modes + * including WEP/WPA. However these modes are deprecated and not advisable + * to be used. In case your Access point doesn't support WPA2, these mode + * can be enabled by commenting below line */ + if (strlen((char *)wifi_config.sta.password)) { + wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK; + } + + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished. Connecting..."); + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "this heap = %d", this_heap); + if (this_heap < WIFI_LOW_HEAP_WARNING) { + ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING); + } + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) + * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT). + * The bits are set by event_handler() + * (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + ESP_LOGI(TAG, "xEventGroupWaitBits finished."); +#if 0 + /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually + * happened. */ + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s", + EXAMPLE_ESP_WIFI_SSID); + } else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS); + } else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } +#else + /* xEventGroupWaitBits() returns the bits before the call returned, + * hence we can test which event actually happened. */ + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "Connected to AP SSID: %s", + EXAMPLE_ESP_WIFI_SSID); + } + else { + if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID: %s, password:%s", + EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS); + } + else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } + } + +#endif + ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, + &event_handler)); + ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, + &event_handler)); + vEventGroupDelete(s_wifi_event_group); + return ESP_OK; +} + +#elif ESP_IDF_VERSION_MAJOR < 4 +/* event handler for wifi events */ +static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch (event->event_id) + { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + #if ESP_IDF_VERSION_MAJOR >= 4 + ESP_LOGI(TAG, "got ip:" IPSTR "\n", + IP2STR(&event->event_info.got_ip.ip_info.ip)); + #else + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); + #endif + /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + esp_wifi_connect(); + xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); + break; + default: + break; + } + return ESP_OK; +} +#else + +#ifdef CONFIG_ESP_MAXIMUM_RETRY + #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY +#else + #define CONFIG_ESP_MAXIMUM_RETRY 5 +#endif + +#if CONFIG_ESP_WIFI_AUTH_OPEN +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_OPEN +#elif CONFIG_ESP_WIFI_AUTH_WEP +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WEP +#elif CONFIG_ESP_WIFI_AUTH_WPA_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA2_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA_WPA2_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_WPA2_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA3_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA3_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA2_WPA3_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_WPA3_PSK +#elif CONFIG_ESP_WIFI_AUTH_WAPI_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WAPI_PSK +#endif + +#ifndef ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD + #define CONFIG_ESP_WIFI_AUTH_WPA2_PSK 1 + #define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD CONFIG_ESP_WIFI_AUTH_WPA2_PSK +#endif + +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; + +/* The event group allows multiple bits for each event, + * but we only care about two events: + * - we are connected to the AP with an IP + * - we failed to connect after the maximum amount of retries */ +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 + + +static int s_retry_num = 0; +ip_event_got_ip_t* event; + + +static void event_handler(void* arg, + esp_event_base_t event_base, + int32_t event_id, + void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } + else if (event_base == WIFI_EVENT && + event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } + else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG, "connect to the AP fail"); + } + else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + event = (ip_event_got_ip_t*) event_data; + /* wifi_show_ip(); */ + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} + +esp_err_t wc_wifi_init_sta(void) +{ + esp_err_t ret = ESP_OK; + + s_wifi_event_group = xEventGroupCreate(); + + ESP_ERROR_CHECK(esp_netif_init()); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + esp_netif_create_default_wifi_sta(); + + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + esp_event_handler_instance_t instance_any_id; + esp_event_handler_instance_t instance_got_ip; + ESP_ERROR_CHECK(esp_event_handler_instance_register(WIFI_EVENT, + ESP_EVENT_ANY_ID, + &event_handler, + NULL, + &instance_any_id)); + ESP_ERROR_CHECK(esp_event_handler_instance_register(IP_EVENT, + IP_EVENT_STA_GOT_IP, + &event_handler, + NULL, + &instance_got_ip)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS, + /* Authmode threshold resets to WPA2 as default if password matches + * WPA2 standards (pasword len => 8). If you want to connect the + * device to deprecated WEP/WPA networks, Please set the threshold + * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with + * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK + * standards. */ + .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD, + #ifdef HAS_WPA3_FEATURES + .sae_pwe_h2e = WPA3_SAE_PWE_BOTH, + #endif + }, + }; + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + +#ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\"."); + ESP_LOGW(TAG, " Do you have a WiFi AP called \"myssid\", "); + ESP_LOGW(TAG, " or did you forget the ESP-IDF configuration?"); + } +#else + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); +#endif + + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished."); + + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) + * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT). + * The bits are set by event_handler() (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + /* xEventGroupWaitBits() returns the bits before the call returned, + * hence we can test which event actually happened. */ +#if defined(SHOW_SSID_AND_PASSWORD) + ESP_LOGW(TAG, "Undefine SHOW_SSID_AND_PASSWORD to not show SSID/password"); + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s password:%s", + EXAMPLE_ESP_WIFI_SSID, + EXAMPLE_ESP_WIFI_PASS); + } + else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, + EXAMPLE_ESP_WIFI_PASS); + } + else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } +#else + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "Connected to AP"); + } + else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to AP"); + ret = -1; + } + else { + ESP_LOGE(TAG, "AP UNEXPECTED EVENT"); + ret = -2; + } +#endif + return ret; +} + +esp_err_t wc_wifi_show_ip(void) +{ + /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR, + * IP2STR(&event->ip_info.ip)); */ + return ESP_OK; +} + +#endif + + +#endif /* !NO_ESP_SDK_WIFI */ +#endif /* WOLFSSL_ESPIDF */ diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index dbe67c59f2..19d6032393 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -108,6 +108,7 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/st/stm32.h \ wolfssl/wolfcrypt/port/st/stsafe.h \ wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \ + wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \ wolfssl/wolfcrypt/port/arm/cryptoCell.h \ wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \ wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \ diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h new file mode 100644 index 0000000000..55ff661883 --- /dev/null +++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h @@ -0,0 +1,229 @@ +/* esp-sdk-lib.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef __ESP_SDK_LIB_H__ + +#define __ESP_SDK_LIB_H__ + +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#include + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +/* WOLFSSL_USER_SETTINGS must be defined, typically in the CMakeLists.txt: */ +/* set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") */ +#ifndef WOLFSSL_USER_SETTINGS + #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targts" +#endif + +/* FreeRTOS */ +#include +#include +#include + +/* Espressif */ +#include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */ +#include +#include + +#define ESP_SDK_MEM_LIB_VERSION 1 + +/** + ****************************************************************************** + ****************************************************************************** + ** USER APPLICATION SETTINGS BEGIN + ****************************************************************************** + ****************************************************************************** + **/ + +/* when using a private config with plain text passwords, + * file my_private_config.h should be excluded from git updates */ +/* #define USE_MY_PRIVATE_CONFIG */ + +/* Note that IntelliSense may not work properly in the next section for the + * Espressif SDK 3.4 on the ESP8266. Macros should still be defined. + * See the project-level Makefile. Example found in: + * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template + * + * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that + * triggers the make (not cmake) to add compiler defines. + */ +#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG) + #include "/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_WSL_CONFIG) + #include "/mnt/c/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_LINUX_CONFIG) + #include "~/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_MAC_CONFIG) + #include "~/Documents/my_private_config.h" +#elif defined(USE_MY_PRIVATE_CONFIG) + /* This section works best with cmake & non-environment variable setting */ + #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_CMAKE + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_MAKE + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_CMAKE + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_MAKE + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_CMAKE + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_MAKE + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE) + #include "~/Documents/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE) + #define WOLFSSL_MAKE + #include "~/Documents/my_private_config.h" + #elif defined(OS_WINDOWS) + #include "/workspace/my_private_config.h" + #else + /* Edit as needed for your private config: */ + #warning "default private config using /workspace/my_private_config.h" + #include "/workspace/my_private_config.h" + #endif +#else + + /* + ** The examples use WiFi configuration that you can set via project + ** configuration menu + ** + ** If you'd rather not, just change the below entries to strings with + ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" + */ + #if defined(CONFIG_ESP_WIFI_SSID) + /* tyically from ESP32 with ESP-IDF v4 ot v5 */ + #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #undef EXAMPLE_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID + #else + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif + + #if defined(CONFIG_ESP_WIFI_PASSWORD) + /* tyically from ESP32 with ESP-IDF v4 or v5 */ + #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #undef EXAMPLE_ESP_WIFI_PASS + #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD + #else + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void); + +WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v); + +WOLFSSL_LOCAL intptr_t esp_sdk_stack_pointer(void); + +/****************************************************************************** +* Time helpers +******************************************************************************/ +WOLFSSL_LOCAL esp_err_t esp_sdk_time_lib_init(void); + +/* a function to show the current data and time */ +WOLFSSL_LOCAL esp_err_t esp_show_current_datetime(void); + +/* worst case, if GitHub time not available, used fixed time */ +WOLFSSL_LOCAL esp_err_t set_fixed_default_time(void); + +/* set time from string (e.g. GitHub commit time) */ +WOLFSSL_LOCAL esp_err_t set_time_from_string(const char* time_buffer); + +/* set time from NTP servers, + * also initially calls set_fixed_default_time or set_time_from_string */ +WOLFSSL_LOCAL esp_err_t set_time(void); + +/* wait NTP_RETRY_COUNT seconds before giving up on NTP time */ +WOLFSSL_LOCAL esp_err_t set_time_wait_for_ntp(void); + +#ifndef NO_ESP_SDK_WIFI + +/****************************************************************************** +* WiFi helpers +******************************************************************************/ +/* ESP lwip */ +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY + +#define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID +#define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD + +/* Optionally enable WiFi. Typically not used for wolfcrypt tests */ +/* #define USE_WIFI_EXAMPLE */ +#ifdef USE_WIFI_EXAMPLE + #include "esp_netif.h" + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO find and implement ESP8266 example include */ + #else + #include "protocol_examples_common.h" /* see project CMakeLists.txt */ + #endif +#endif + + +/* ESP lwip */ +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY + +WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_lib_init(void); + +WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_init_sta(void); + +WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void); + +#endif /* !NO_ESP_SDK_WIFI */ + + +/****************************************************************************** +* Debug helpers +******************************************************************************/ +WOLFSSL_LOCAL esp_err_t sdk_init_meminfo(void); +WOLFSSL_LOCAL void* wc_debug_pvPortMalloc(size_t size, + const char* file, int line, const char* fname); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +/* Check for traps */ +#if defined(CONFIG_IDF_TARGET_ESP8266) + #if !defined(NO_SESSION_CACHE) && \ + !defined(MICRO_SESSION_CACHE) && \ + !defined(SMALL_SESSION_CACHE) + #warning "Limited DRAM/IRAM on ESP8266. Check session cache settings" + #endif +#endif + +#endif /* WOLFSSL_ESPIDF */ + +#endif /* __ESP_SDK_LIB_H__ */ diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 72905c936c..5c86ecd9a0 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1,6 +1,6 @@ /* esp32-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -51,6 +51,12 @@ #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE "." #endif +#if defined(CONFIG_IDF_TARGET) + #define FOUND_CONFIG_IDF_TARGET CONFIG_IDF_TARGET +#else + #define FOUND_CONFIG_IDF_TARGET "(unknown device)" +#endif + /* Optional exit message. * The WOLFSSL_COMPLETE keyword exits wolfSSL test harness script. */ #define WOLFSSL_ESPIDF_EXIT_MESSAGE \ @@ -58,6 +64,14 @@ "\n\nWOLFSSL_COMPLETE" \ "\n\nIf running from idf.py monitor, press twice: Ctrl+]" +#define WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE(s, err) \ + "\n\nDevice: " FOUND_CONFIG_IDF_TARGET \ + "\n\nExit code: %d " \ + "\n\n"s \ + "\n\nWOLFSSL_COMPLETE" \ + "\n\nIf running from idf.py monitor, press twice: Ctrl+]", \ + (err) + /* exit codes to be used in tfm.c, sp_int.c, integer.c, etc. * * see wolfssl/wolfcrypt/error-crypt.h @@ -495,6 +509,10 @@ extern "C" WOLFSSL_LOCAL int esp_ShowExtendedSystemInfo(void); + WOLFSSL_LOCAL esp_err_t esp_DisableWatchdog(void); + + WOLFSSL_LOCAL esp_err_t esp_EnableWatchdog(void); + /* Compare MATH_INT_T A to MATH_INT_T B * During debug, the strings name_A and name_B can help * identify variable name. */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 5f301cb7ae..895cb13e01 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -452,6 +452,9 @@ /* WC_RSA_BLINDING takes up extra space! */ #define WC_RSA_BLINDING + + /* Cache Resistant features are on by default, but has performance + * penalty on embedded systems. May not be needed here. Disabled: */ #define WC_NO_CACHE_RESISTANT #endif /* !WOLFSSL_ESPIDF_NO_DEFAULT */ @@ -1000,17 +1003,34 @@ extern void uITRON4_free(void *p) ; #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_TRACK_MEMORY) - #define XMALLOC(s, h, type) ((void)(h), (void)(type), pvPortMalloc((s))) + + /* XMALLOC */ + #if defined(WOLFSSL_ESPIDF) && \ + (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC)) + #include + #define XMALLOC(s, h, type) \ + ((void)(h), (void)(type), wc_debug_pvPortMalloc( \ + (s), (__FILE__), (__LINE__), (__FUNCTION__) )) + #else + #define XMALLOC(s, h, type) \ + ((void)(h), (void)(type), pvPortMalloc((s))) + #endif + + /* XFREE */ #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) + + /* XREALLOC */ #if defined(WOLFSSL_ESPIDF) - /* In IDF, realloc(p, n) is equivalent to - * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) - * there's no pvPortRealloc available */ - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) - /* FreeRTOS pvPortRealloc() implementation can be found here: - * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ + /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to + * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) + * There's no pvPortRealloc available: */ + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n))) + /* FreeRTOS pvPortRealloc() implementation can be found here: + * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n))) + #else + /* no XREALLOC available */ #endif #endif