From 5b012702050f328f7434433f7dc5768388eb0c05 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 22 Nov 2023 12:37:15 -0800 Subject: [PATCH 1/3] Update all Expressif examples, ready for PR #6990 --- .gitignore | 1 + .../ESP-IDF/examples/template/CMakeLists.txt | 40 +- .../ESP-IDF/examples/template/README.md | 3 + .../components/wolfssl/CMakeLists.txt | 267 +++++---- .../wolfssl/include/user_settings.h | 303 +++++++++-- .../examples/template/main/CMakeLists.txt | 37 +- .../ESP-IDF/examples/template/main/main.c | 8 +- .../template/partitions_singleapp_large.csv | 31 ++ .../examples/template/sdkconfig.defaults | 35 ++ .../examples/wolfssl_benchmark/CMakeLists.txt | 68 ++- .../examples/wolfssl_benchmark/README.md | 77 ++- .../components/wolfssl/CMakeLists.txt | 59 +- .../wolfssl/include/user_settings.h | 322 +++++++++-- .../wolfssl_benchmark/main/CMakeLists.txt | 7 +- .../wolfssl_benchmark/main/component.mk | 6 +- .../main/{ => include}/main.h | 7 +- .../examples/wolfssl_benchmark/main/main.c | 85 ++- .../partitions_singleapp_large.csv | 7 +- .../examples/wolfssl_client/CMakeLists.txt | 93 +++- .../ESP-IDF/examples/wolfssl_client/README.md | 45 ++ .../wolfssl_client/README_server_sm.md | 512 ++++++++++++++++++ .../wolfssl_client/VisualGDB/README.md | 52 ++ .../VisualGDB/VisualGDB_wolfssl_client.sln | 31 -- .../VisualGDB/wolfssl_client_IDF_v5_ESP32.sln | 56 ++ ...j => wolfssl_client_IDF_v5_ESP32.vgdbproj} | 20 +- .../components/wolfssl/CMakeLists.txt | 297 +++++----- .../wolfssl/include/user_settings.h | 464 ++++++++-------- .../wolfssl_client/main/CMakeLists.txt | 41 +- .../examples/wolfssl_client/main/client-tls.c | 422 +++++++++++---- .../wolfssl_client/main/include/client-tls.h | 61 +++ .../wolfssl_client/main/include/main.h | 24 + .../wolfssl_client/main/include/time_helper.h | 54 ++ .../main/include/wifi_connect.h | 84 ++- .../examples/wolfssl_client/main/main.c | 256 +++++++++ .../wolfssl_client/main/time_helper.c | 333 ++++++++++++ .../wolfssl_client/main/wifi_connect.c | 303 ++++++----- .../partitions_singleapp_large.csv | 31 ++ .../examples/wolfssl_server/CMakeLists.txt | 93 +++- .../ESP-IDF/examples/wolfssl_server/README.md | 80 +++ .../wolfssl_server/README_server_sm.md | 512 ++++++++++++++++++ .../wolfssl_server/VisualGDB/README.md | 52 ++ ...er.sln => wolfssl_server_IDF_v5_ESP32.sln} | 8 +- ...j => wolfssl_server_IDF_v5_ESP32.vgdbproj} | 22 +- .../components/wolfssl/CMakeLists.txt | 297 +++++----- .../wolfssl/include/user_settings.h | 464 ++++++++-------- .../wolfssl_server/main/CMakeLists.txt | 43 +- .../wolfssl_server/main/Kconfig.projbuild | 29 + .../wolfssl_server/main/include/main.h | 24 + .../wolfssl_server/main/include/server-tls.h | 62 +++ .../wolfssl_server/main/include/time_helper.h | 54 ++ .../main/include/wifi_connect.h | 81 ++- .../examples/wolfssl_server/main/main.c | 247 +++++++++ .../examples/wolfssl_server/main/server-tls.c | 345 ++++++++---- .../wolfssl_server/main/time_helper.c | 333 ++++++++++++ .../wolfssl_server/main/wifi_connect.c | 311 ++++++----- .../partitions_singleapp_large.csv | 31 ++ .../examples/wolfssl_test/CMakeLists.txt | 69 ++- .../ESP-IDF/examples/wolfssl_test/README.md | 32 +- .../components/wolfssl/CMakeLists.txt | 156 ++---- .../wolfssl/include/user_settings.h | 322 +++++++++-- .../examples/wolfssl_test/main/CMakeLists.txt | 5 +- .../examples/wolfssl_test/main/include/main.h | 24 + .../wolfssl_test/main/include/time_helper.h | 32 ++ .../ESP-IDF/examples/wolfssl_test/main/main.c | 104 ++-- .../examples/wolfssl_test/main/time_helper.c | 1 + .../examples/wolfssl_test_idf/README.md | 10 +- IDE/Espressif/ESP-IDF/user_settings.h | 151 +++++- IDE/Espressif/include.am | 84 ++- 68 files changed, 6758 insertions(+), 1862 deletions(-) create mode 100644 IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv create mode 100644 IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults rename IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/{ => include}/main.h (96%) create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md delete mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.sln create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln rename IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/{VisualGDB_wolfssl_client.vgdbproj => wolfssl_client_IDF_v5_ESP32.vgdbproj} (92%) create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md rename IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/{VisualGDB_wolfssl_server.sln => wolfssl_server_IDF_v5_ESP32.sln} (81%) rename IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/{VisualGDB_wolfssl_server.vgdbproj => wolfssl_server_IDF_v5_ESP32.vgdbproj} (92%) create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h diff --git a/.gitignore b/.gitignore index 477a0655f5..5adfbf310b 100644 --- a/.gitignore +++ b/.gitignore @@ -421,6 +421,7 @@ user_settings_asm.h # Espressif sdk config default should be saved in sdkconfig.defaults # we won't track the actual working sdkconfig files /IDE/Espressif/**/sdkconfig +/IDE/Espressif/**/sdkconfig.old # auto-created CMake backups **/CMakeLists.txt.old diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt index 5285f0db51..649a736630 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt @@ -1,15 +1,24 @@ +# wolfSSL Espressif Example Project CMakeLists.txt +# v1.0 +# # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.16) +# The wolfSSL CMake file should be able to find the source code. +# Otherwise, assign an environment variable or set it here: +# # set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") - -# This tag is used to include this file in the ESP Component Registry: -# __ESP_COMPONENT_SOURCE__ - +# # Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find # USE_MY_PRIVATE_CONFIG path for my_private_config.h # +# Expected path varies: +# +# WSL: /mnt/c/workspace +# Linux: ~/workspace +# Windows: C:\workspace +# if(WIN32) # Windows-specific configuration here set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") @@ -38,6 +47,27 @@ if(APPLE) endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(wolfssl_template) diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md index d6dd17ff78..bbad2a752a 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/README.md +++ b/IDE/Espressif/ESP-IDF/examples/template/README.md @@ -40,6 +40,9 @@ echo "Run export.sh from ${WRK_IDF_PATH}" # build the example: idf.py build +# optionally erase the flash +idf.py erase-flash -p /dev/ttyS19 -b 115200 + # flash the code onto the serial device at /dev/ttyS19 idf.py flash -p /dev/ttyS19 -b 115200 diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt index d64d3fe3b7..e82e19b600 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt @@ -19,6 +19,8 @@ # # cmake for wolfssl Espressif projects # +# Version 5.6.0.011 for detect test/benchmark +# # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # @@ -26,6 +28,23 @@ cmake_minimum_required(VERSION 3.16) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component +set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) + +# find the user name to search for possible "wolfssl-username" +message(STATUS "USERNAME = $ENV{USERNAME}") +if( "$ENV{USER}" STREQUAL "" ) # the bash user + if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user + message(STATUS "could not find USER or USERNAME") + else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USERNAME}") + endif() +else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USER}") +endif() +message(STATUS "THIS_USER = ${THIS_USER}") + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". @@ -41,11 +60,104 @@ set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl # We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl # The root of wolfSSL is 7 directories up from here: +# function: IS_WOLFSSL_SOURCE +# parameter: DIRECTORY_PARAMETER - the directory to test +# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. +function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) + if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") + set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) + else() + set(${RESULT} "" PARENT_SCOPE) + endif() +endfunction() + +# function: FIND_WOLFSSL_DIRECTORY +# parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank +# +function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + else() + get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if("${FOUND_WOLFSSL}") + message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + else() + message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT}") + endif() + endif() + + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + + # loop through all the parents, looking for wolfssl + while(NOT CURRENT_SEARCH_DIR STREQUAL "/" AND NOT CURRENT_SEARCH_DIR STREQUAL "" ) + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + # wolfSSL may simply be in a parent directory, such as for local examples in wolfssl repo + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + + if( THIS_USER ) + # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + + #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + return() + endif() + endif() + + # Next check for no user suffix "wolfssl" subdirectory as we recurse up the directory tree + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + # if(EXISTS ${CURRENT_SEARCH_DIR} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR} AND EXISTS "${CURRENT_SEARCH_DIR}/wolfcrypt/src") + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + + # Move up one directory level + set(PRIOR_SEARCH_DIR "${CURRENT_SEARCH_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) + message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) + # when the search directory is empty, we'll give up + set(CURRENT_SEARCH_DIR "") + endif() + endwhile() + + # If not found, set the output variable to empty before exiting + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} "" PARENT_SCOPE) +endfunction() + + +# Example usage: + + + + if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark + PRIV_REQUIRES # esp_hw_support + esp_timer + driver # this will typically only be needed for wolfSSL benchmark ) else() @@ -54,132 +166,41 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") - # Check to see if we're already in wolfssl, and only if WOLFSSL_ROOT not specified - if ("${WOLFSSL_ROOT}" STREQUAL "") - # wolfssl examples are 7 directories deep from wolfssl repo root - # 1 2 3 4 5 6 7 - set(THIS_RELATIVE_PATH "../../../../../../..") - get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) - message(STATUS "Searching in path = ${THIS_SEARCH_PATH}") - - if (EXISTS "${THIS_SEARCH_PATH}/wolfcrypt/src") - # we're already in wolfssl examples! - get_filename_component(WOLFSSL_ROOT "${THIS_SEARCH_PATH}" ABSOLUTE) - message(STATUS "Using wolfSSL example with root ${WOLFSSL_ROOT}") - else() - # We're in some other repo such as wolfssh, so we'll search for an - # adjacent-level directory for wolfssl. (8 directories up, then down one) - # - # For example wolfSSL examples: - # C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\components\wolfssl - # - # For example wolfSSH examples: - # C:\workspace\wolfssh-gojimmypi\ide\Espressif\ESP-IDF\examples\wolfssh_benchmark\components\wolfssl - # - # 1 2 3 4 5 6 7 8 - set(THIS_RELATIVE_PATH "../../../../../../../..") - get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) - message(STATUS "Searching next in path = ${THIS_SEARCH_PATH}") - endif() + # search for wolfSSL + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + if(WOLFSSL_ROOT) + message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + else() + message(STATUS "NEW wolfssl directory not found.") + # Abort. We need wolfssl _somewhere_. + message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" + "Try setting WOLFSSL_ROOT environment variable or git clone.") endif() - # search other possible locations - if ("${WOLFSSL_ROOT}" STREQUAL "") - # there's not a hard-coded WOLFSSL_ROOT value above, so let's see if we can find it. - if( "$ENV{WOLFSSL_ROOT}" STREQUAL "" ) - message(STATUS "Environment Variable WOLFSSL_ROOT not set. Will search common locations.") - - message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") - get_filename_component(THIS_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) - message(STATUS "THIS_DIR = ${THIS_DIR}") - - # find the user name to search for possible "wolfssl-username" - message(STATUS "USERNAME = $ENV{USERNAME}") - if( "$ENV{USER}" STREQUAL "" ) # the bash user - if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user - message(STATUS "could not find USER or USERNAME") - else() - # the bash user is not blank, so we'll use it. - set(THIS_USER "$ENV{USERNAME}") - endif() - else() - # the bash user is not blank, so we'll use it. - set(THIS_USER "$ENV{USER}") - endif() - message(STATUS "THIS_USER = ${THIS_USER}") - - # This same makefile is used for both the wolfssl component, and other - # components that may depend on wolfssl, such as wolfssh. Therefore - # we need to determine if this makefile is in the wolfssl repo, or - # some other repo. - - if( "{THIS_USER}" STREQUAL "" ) - # This is highly unusual to not find a user name. - # In this case, we'll just search for a "wolfssl" directory: - message(STATUS "No username found!") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) - else() - # We found an environment USER name! - # The first place to look for wolfssl will be in a user-clone called "wolfssl-[username]" - message(STATUS "Using [THIS_USER = ${THIS_USER}] to see if there's a [relative path]/wolfssl-${THIS_USER} directory.") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl-${THIS_USER}" ABSOLUTE) - - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "Found wolfssl in user-suffix ${WOLFSSL_ROOT}") - else() - # If there's not a user-clone called "wolfssl-[username]", - # perhaps there's simply a git clone called "wolfssl"? - message(STATUS "Did not find wolfssl-${THIS_USER}; continuing search...") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) - - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "Found wolfssl in standard ${WOLFSSL_ROOT}") - else() - # Things are looking pretty bleak. We'll likely not be able to compile. - message(STATUS "Did not find wolfssl in ${WOLFSSL_ROOT}") - endif() - endif() - endif() - - else() - # there's an environment variable, so use it. - set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}") + set(INCLUDE_PATH ${WOLFSSL_ROOT}) - if( EXISTS "${WOLFSSL_ROOT}" ) - get_filename_component(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") - else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() - # end of search for wolfssl component root - else() - # There's already a value assigned; we won't search for anything else. - message(STATUS "Found user-specified WOLFSSL_ROOT value.") - endif() # WOLFSSL_ROOT user defined + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - # After all the logic above, does our WOLFSSL_ROOT actually exist? - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}") - else() - # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}. Try setting environment variable or git clone.") + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") endif() - - set(INCLUDE_PATH ${WOLFSSL_ROOT}) + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/benchmark\"" # the benchmark application - "\"${WOLFSSL_ROOT}/wolfcrypt/test\"" # the test application - ) # COMPONENT_SRCDIRS + "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" + ) # COMPONENT_SRCDIRS + message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -267,10 +288,10 @@ else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) message(STATUS "Using existing wolfSSL user_settings.h in " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") else() message(STATUS "Installing wolfSSL user_settings.h to " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/") endif() @@ -278,7 +299,12 @@ else() # next check if there's a [root]/include/config.h if( EXISTS "${WOLFSSL_ROOT}/include/config.h" ) - message(FATAL_ERROR "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h (please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h") + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") + message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h" ) + message(STATUS " Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h" ) + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" ) @@ -361,6 +387,14 @@ else() "\"${WOLFSSL_ROOT}/src/x509_str.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" "\"${EXCLUDE_ASM}\"" ) @@ -405,6 +439,7 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + endif() # CMAKE_BUILD_EARLY_EXPANSION diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index 8d4a4d3eb6..9aca493ef4 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -19,13 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#include /* essential to chip set detection */ - -#undef WOLFSSL_ESPIDF -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESP8266 +/* This user_settings.h is for Espressif ESP-IDF */ +#include /* The Espressif sdkconfig will have chipset info. ** @@ -38,6 +33,7 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ +#undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF /* @@ -47,6 +43,9 @@ * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP8266 +#undef WOLFSSL_ESP32 #define WOLFSSL_ESP32 @@ -54,6 +53,13 @@ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* When you don't want to use the old SHA */ +/* #define NO_SHA */ +/* #define NO_OLD_TLS */ + #define BENCH_EMBEDDED #define USE_CERT_BUFFERS_2048 @@ -67,11 +73,10 @@ #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB -/* when you want to use SINGLE THREAD */ -#define SINGLE_THREADED - #define NO_FILESYSTEM +#define NO_OLD_TLS + #define HAVE_AESGCM #define WOLFSSL_RIPEMD @@ -79,18 +84,27 @@ #define WOLFSSL_SHA224 /* when you want to use SHA384 */ -#define WOLFSSL_SHA3 - #define WOLFSSL_SHA384 + +/* when you want to use SHA512 */ #define WOLFSSL_SHA512 + +/* when you want to use SHA3 */ +#define WOLFSSL_SHA3 + +#define HAVE_ED25519 /* ED25519 requires SHA512 */ + #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 + #define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ +#define HAVE_PKCS7 + #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF @@ -115,18 +129,25 @@ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #define EPS_RSA_EXPT_XBTIS 32 - /* X and Y of X * Y mod P greater than */ - #define ESP_RSA_MULM_BITS 9 + + #if defined(CONFIG_IDF_TARGET_ESP32) + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + + #endif #endif + #define RSA_LOW_MEM -/* debug options */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -/* #define WOLFSSL_ATECC508A_DEBUG */ +/* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ /* if it cannot adjust time in the device, */ @@ -134,64 +155,254 @@ /* #define NO_ASN_TIME */ /* #define XTIME time */ + /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 #define HASH_SIZE_LIMIT /* for test.c */ +/* USE_FAST_MATH is default */ #define USE_FAST_MATH -/* optionally use SP_MATH */ -/* #define SP_MATH */ +/***** Use SP_MATH *****/ +/* #undef USE_FAST_MATH */ +/* #define SP_MATH */ +/* #define WOLFSSL_SP_MATH_ALL */ + +/***** Use Integer Heap Math *****/ +/* #undef USE_FAST_MATH */ +/* #define USE_INTEGER_HEAP_MATH */ + #define WOLFSSL_SMALL_STACK + #define HAVE_VERSION_EXTENDED_INFO -#define HAVE_WC_INTROSPECTION +/* #define HAVE_WC_INTROSPECTION */ + +#define HAVE_SESSION_TICKET + +/* #define HAVE_HASHDRBG */ + +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_EXT +#define WOLFSSL_SYS_CA_CERTS + + +#define WOLFSSL_CERT_TEXT -/* allows for all version info, even that suppressed with introspection */ -#define ALLOW_BINARY_MISMATCH_INTROSPECTION +#define WOLFSSL_ASN_TEMPLATE + +/* +#undef WOLFSSL_KEY_GEN +#undef WOLFSSL_CERT_REQ +#undef WOLFSSL_CERT_GEN +#undef WOLFSSL_CERT_EXT +#undef WOLFSSL_SYS_CA_CERTS +*/ + +/* +--enable-keygen +--enable-certgen +--enable-certreq +--enable-certext +--enable-asn-template +*/ /* Default is HW enabled unless turned off. -** Uncomment these lines for SW: */ +** Uncomment these lines to force SW instead of HW acceleration */ + #if defined(CONFIG_IDF_TARGET_ESP32) - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ + + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ + /***** END CONFIG_IDF_TARGET_ESP32 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S2) - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S3) - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ -#elif defined(CONFIG_IDF_TARGET_ESP32C2) - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO: Revisit ESP8266 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32H2) + /***** END CONFIG_IDF_TARGET_ESP266 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* There's no Hardware Acceleration available on ESP8684 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP8684 *****/ + #else + /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif /* CONFIG_IDF_TARGET Check */ + +/* Debug options: + +#define ESP_VERIFY_MEMBLOCK +#define DEBUG_WOLFSSL +#define DEBUG_WOLFSSL_VERBOSE +#define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_ESP32_CRYPT_DEBUG +#define NO_RECOVER_SOFTWARE_CALC +#define WOLFSSL_TEST_STRAY 1 +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +#define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define ESP_DISABLE_HW_TASK_LOCK +*/ + +#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +#define WOLFSSL_HW_METRICS + +/* #define HASH_SIZE_LIMIT */ /* for test.c */ + +/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ + +/* Optionally include alternate HW test library: alt_hw_test.h */ +/* When enabling, the ./components/wolfssl/CMakeLists.txt file + * will need the name of the library in the idf_component_register + * for the PRIV_REQUIRES list. */ +/* #define INCLUDE_ALT_HW_TEST */ + +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number ESP32 HW Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number ESP32 HW Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number ESP32 HW Modular Multiplication +** [Z = X * Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + + +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + +/* when turning on ECC508 / ECC608 support +#define WOLFSSL_ESPWROOM32SE +#define HAVE_PK_CALLBACKS +#define WOLFSSL_ATECC508A +#define ATCA_WOLFSSL +*/ + +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #include + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_CERT server_sm2 + #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_KEY server_sm2_priv + #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 +#else + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_256 + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt index 2b6768f842..a038d035bc 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt @@ -1,11 +1,36 @@ -# This tag is used to include this file in the ESP Component Registry: -# __ESP_COMPONENT_SOURCE__ - +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.0 # -# wolfssl client test +# wolfssl template # set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() set (git_cmd "git") if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) @@ -20,8 +45,8 @@ endif() ## register_component() idf_component_register(SRCS main.c - INCLUDE_DIRS "." "./include") -# + INCLUDE_DIRS "." + "./include") # # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/main.c b/IDE/Espressif/ESP-IDF/examples/template/main/main.c index e868b09e3c..0fdcdc3ee4 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -38,6 +38,12 @@ void app_main(void) esp_ShowExtendedSystemInfo(); #endif +#ifdef WOLFSSL_HW_METRICS_DISABLED /* Remove _DISABLED upon #6990 Merge */ + esp_hw_show_metrics(); +#endif + ESP_LOGI(TAG, "\n\nDone!" - "If running from idf.py monitor, press twice: Ctrl+]"); + "If running from idf.py monitor, press twice: Ctrl+]\n\n" + "WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */ + ); } diff --git a/IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv new file mode 100644 index 0000000000..0b2fcd1a9f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv @@ -0,0 +1,31 @@ +# to view: idf.py partition-table +# +# ESP-IDF Partition Table +# Name, Type, SubType, Offset, Size, Flags +nvs, data, nvs, 0x9000, 24K, +phy_init,data, phy, 0xf000, 4K, +factory, app, factory, 0x10000, 1500K, + + +# For other settings, see: +# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables +# +# Here is the summary printed for the "Single factory app, no OTA" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x6000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# +# +# Here is the summary printed for the "Factory app, two OTA definitions" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x4000, +# otadata, data, ota, 0xd000, 0x2000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# ota_0, app, ota_0, 0x110000, 1M, +# ota_1, app, ota_1, 0x210000, 1M, diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults new file mode 100644 index 0000000000..88f1e113e9 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults @@ -0,0 +1,35 @@ +CONFIG_FREERTOS_HZ=1000 +CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y + +# +# Default main stack size +# +# This is typically way bigger than needed for stack size. See user_settings.h +# +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 + +# Legacy stack size for older ESP-IDF versions +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Compiler options +# +CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +CONFIG_COMPILER_HIDE_PATHS_MACROS=y +CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +CONFIG_COMPILER_STACK_CHECK=y + +# +# Partition Table +# +# CONFIG_PARTITION_TABLE_SINGLE_APP is not set +CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE=y +# CONFIG_PARTITION_TABLE_TWO_OTA is not set +# CONFIG_PARTITION_TABLE_CUSTOM is not set +CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv" +CONFIG_PARTITION_TABLE_FILENAME="partitions_singleapp_large.csv" +CONFIG_PARTITION_TABLE_OFFSET=0x8000 +CONFIG_PARTITION_TABLE_MD5=y +# end of Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index 430386e881..4cf6a30fd7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -1,6 +1,72 @@ +# wolfSSL Espressif Example Project CMakeLists.txt +# v1.0 +# # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.16) + +# The wolfSSL CMake file should be able to find the source code. +# Otherwise, assign an environment variable or set it here: +# +# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") +# +# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find +# USE_MY_PRIVATE_CONFIG path for my_private_config.h +# +# Expected path varies: +# +# WSL: /mnt/c/workspace +# Linux: ~/workspace +# Windows: C:\workspace +# +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md index 174851078b..198927f2c6 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md @@ -1,6 +1,59 @@ # wolfSSL Benchmark Example -The Example contains of wolfSSL benchmark program. +This ESP32 example uses the [wolfSSL wolfcrypt Benchmark Application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/benchmark). + +For general information on wolfSSL examples for Espressif, see the +[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file. + +## Espressif ESP Component Registry + +See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl) + + +## Windows COM Port + +All of these examples use COM20 on Windows. The DOS `change port` command can be use to assign any +other local port to `COM20` as needed: + +``` +change port com20=com23 +``` + +## VisualGDB + +Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button. +No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`. + +Include in the respective project `./VisualGDB` directory are [VisualGDB](https://visualgdb.com/) project files. +Individual project files are included for convenience to new users, +as there are [difficulties switching between ESP-IDF Versions or Chipsets](https://sysprogs.com/w/forums/topic/difficulties-switching-espressif-esp-idf-version-or-chipset/) +using the VisualGDB extension. + +The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project. + + +-------- |------------- |------------- | +ChipSet | ESP-IDF v4.4 | ESP-IDF v5.0 | +-------- |------------- |------------- | +ESP32 | x | | +ESP32-S2 | | | +ESP32-S3 | x | x | +ESP32-C3 | x | x | +ESP32-C6 | | | + + +The default directories are: + +- `C:\SysGCC` - The root directory install of VisualGDB +- `C:\SysGCC\esp32` - The default for ESP-IDF v5.x +- `C:\SysGCC\esp32-8.4` - Many need to manually select this name for ESP-IDF v4.x install +- `C:\SysGCC\esp8266`- The default for ESP8266 + +Windows ports assigned with the `change port` command may not appear in the VisualGDB dropdowns but can still +be used when manually typed. +See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-show-windows-change-port-results-in-com-port-dropdown-lists/). + +## ESP-IDF Commandline 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> @@ -22,17 +75,21 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor Example build on WSL: ``` -Optionally install wolfSSL component -# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF -./setup.sh +Optionally update toolchain + +cd /mnt/c/SysGCC/esp32/esp-idf/master +git fetch +git pull +git submodule update --init --recursive cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark -# Pick ESP-IDF install directory, this one for v4.4.2 in VisualGDB -. /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/export.sh +# Pick ESP-IDF install directory, this one for v5.0 in VisualGDB +. /mnt/c/SysGCC/esp32/esp-idf/v5.0/export.sh +idf.py set-target ESP32C3 -idf.py build flash -p /dev/ttyS20 -b 921600 monitor +idf.py build flash -p /dev/ttyS20 -b 115200 monitor ``` ## Example Output @@ -42,7 +99,7 @@ compatible across the widest ranges of targets. Contact wolfSSL at support@wolfs for help in optimizing for your particular application, or see the [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html). -Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 921600 monitor`: +Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 115200 monitor`: ``` --- idf_monitor on /dev/ttyS7 115200 --- @@ -186,5 +243,5 @@ compilation terminated. A 'clean` may be needed after freshly installing a new component: ``` -idf.py clean build flash -p /dev/ttyS7 -b 921600 monitor -``` \ No newline at end of file +idf.py clean build flash -p /dev/ttyS7 -b 115200 monitor +``` diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt index e3a8a81f00..e82e19b600 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt @@ -19,7 +19,7 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.009 for FIND_WOLFSSL_DIRECTORY +# Version 5.6.0.011 for detect test/benchmark # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # @@ -50,9 +50,9 @@ message(STATUS "THIS_USER = ${THIS_USER}") # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 -# set the root of wolfSSL: +# set the root of wolfSSL in top-level project CMakelists.txt: # set(WOLFSSL_ROOT "C:/some path/with/spaces") -# set(WOLFSSL_ROOT "c:/workspace/wolfssl-gojimmypi") +# set(WOLFSSL_ROOT "c:/workspace/wolfssl-[username]") # set(WOLFSSL_ROOT "/mnt/c/some path/with/spaces") # or use this logic to assign value from Environment Variable WOLFSSL_ROOT, # or assume this is an example 7 subdirectories below: @@ -145,6 +145,12 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} "" PARENT_SCOPE) endfunction() + +# Example usage: + + + + if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( @@ -173,16 +179,28 @@ else() set(INCLUDE_PATH ${WOLFSSL_ROOT}) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") + + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() + set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/benchmark\"" # the benchmark application - "\"${WOLFSSL_ROOT}/wolfcrypt/test\"" # the test application - ) # COMPONENT_SRCDIRS + "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" + ) # COMPONENT_SRCDIRS + message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -270,10 +288,10 @@ else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) message(STATUS "Using existing wolfSSL user_settings.h in " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") else() message(STATUS "Installing wolfSSL user_settings.h to " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/") endif() @@ -281,7 +299,12 @@ else() # next check if there's a [root]/include/config.h if( EXISTS "${WOLFSSL_ROOT}/include/config.h" ) - message(FATAL_ERROR "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h (please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h") + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") + message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h" ) + message(STATUS " Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h" ) + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" ) @@ -311,6 +334,7 @@ else() endif() #else not an ESP-IDF component endif() # else not local copy and EDP-IDF wolfSSL + # RTOS_IDF_PATH is typically: # "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos" # depending on the environment, we may need to swap backslashes with forward slashes @@ -330,6 +354,7 @@ else() endif() endif() + set(COMPONENT_ADD_INCLUDEDIRS "./include" # this is the location of wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" @@ -338,6 +363,7 @@ else() "\"${RTOS_IDF_PATH}/\"" ) + if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -345,6 +371,8 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/\"") list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") + + set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -359,6 +387,14 @@ else() "\"${WOLFSSL_ROOT}/src/x509_str.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" "\"${EXCLUDE_ASM}\"" ) @@ -388,7 +424,7 @@ else() PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark ) # some optional diagnostics - if (0) + if (1) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") @@ -403,8 +439,11 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + endif() # CMAKE_BUILD_EARLY_EXPANSION + + # check to see if there's both a local copy and EDP-IDF copy of the wolfssl components if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) message(STATUS "") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index 2ac4ac9ecd..9aca493ef4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -19,23 +19,21 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#undef WOLFSSL_ESPIDF -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESP8266 +/* This user_settings.h is for Espressif ESP-IDF */ +#include /* The Espressif sdkconfig will have chipset info. ** ** Possible values: ** ** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 ** CONFIG_IDF_TARGET_ESP32S3 ** CONFIG_IDF_TARGET_ESP32C3 ** CONFIG_IDF_TARGET_ESP32C6 */ -#include +#undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF /* @@ -45,10 +43,22 @@ * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP8266 +#undef WOLFSSL_ESP32 #define WOLFSSL_ESP32 -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* optionally turn off SHA512/224 SHA512/256 */ +/* #define WOLFSSL_NOSHA512_224 */ +/* #define WOLFSSL_NOSHA512_256 */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* When you don't want to use the old SHA */ +/* #define NO_SHA */ +/* #define NO_OLD_TLS */ #define BENCH_EMBEDDED #define USE_CERT_BUFFERS_2048 @@ -61,22 +71,40 @@ #define HAVE_AEAD #define HAVE_SUPPORTED_CURVES -/* when you want to use SINGLE THREAD */ -/* #define SINGLE_THREADED */ +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + #define NO_FILESYSTEM +#define NO_OLD_TLS + #define HAVE_AESGCM + +#define WOLFSSL_RIPEMD +/* when you want to use SHA224 */ +#define WOLFSSL_SHA224 + /* when you want to use SHA384 */ -/* #define WOLFSSL_SHA384 */ +#define WOLFSSL_SHA384 + +/* when you want to use SHA512 */ #define WOLFSSL_SHA512 + +/* when you want to use SHA3 */ +#define WOLFSSL_SHA3 + +#define HAVE_ED25519 /* ED25519 requires SHA512 */ + #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 + #define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ +#define HAVE_PKCS7 + #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF @@ -97,21 +125,29 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ +/* rsa primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #define EPS_RSA_EXPT_XBTIS 36 - /* X and Y of X * Y mod P greater than */ - #define ESP_RSA_MULM_BITS 2000 + + #if defined(CONFIG_IDF_TARGET_ESP32) + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + + #endif #endif -/* debug options */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -/* #define WOLFSSL_ATECC508A_DEBUG */ +#define RSA_LOW_MEM + +/* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ /* if it cannot adjust time in the device, */ @@ -123,46 +159,250 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define HASH_SIZE_LIMIT /* for test.c */ + +/* USE_FAST_MATH is default */ +#define USE_FAST_MATH + +/***** Use SP_MATH *****/ +/* #undef USE_FAST_MATH */ +/* #define SP_MATH */ +/* #define WOLFSSL_SP_MATH_ALL */ + +/***** Use Integer Heap Math *****/ +/* #undef USE_FAST_MATH */ +/* #define USE_INTEGER_HEAP_MATH */ + + +#define WOLFSSL_SMALL_STACK + + +#define HAVE_VERSION_EXTENDED_INFO +/* #define HAVE_WC_INTROSPECTION */ + +#define HAVE_SESSION_TICKET + +/* #define HAVE_HASHDRBG */ + +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_EXT +#define WOLFSSL_SYS_CA_CERTS + + +#define WOLFSSL_CERT_TEXT + +#define WOLFSSL_ASN_TEMPLATE + +/* +#undef WOLFSSL_KEY_GEN +#undef WOLFSSL_CERT_REQ +#undef WOLFSSL_CERT_GEN +#undef WOLFSSL_CERT_EXT +#undef WOLFSSL_SYS_CA_CERTS +*/ + +/* +--enable-keygen +--enable-certgen +--enable-certreq +--enable-certext +--enable-asn-template +*/ + +/* Default is HW enabled unless turned off. +** Uncomment these lines to force SW instead of HW acceleration */ + #if defined(CONFIG_IDF_TARGET_ESP32) - /* when you want not to use HW acceleration on ESP32 (below for S3, etc */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ + + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ + /***** END CONFIG_IDF_TARGET_ESP32 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S2) - /* ESP32-S2 disabled by default; not implemented */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S3) - /* when you want not to use HW acceleration on ESP32-S3 */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32C3) - /* ESP32-C3 disabled by default, not implemented */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32C6) - /* ESP32-C6 disabled by default, not implemented */ + /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO: Revisit ESP8266 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32H2) - /* ESP32-H2 disabled by default, not implemented */ + /***** END CONFIG_IDF_TARGET_ESP266 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* There's no Hardware Acceleration available on ESP8684 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP8684 *****/ + #else - /* anything else unknown will have HW disabled by default */ + /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif /* CONFIG_IDF_TARGET Check */ + +/* Debug options: + +#define ESP_VERIFY_MEMBLOCK +#define DEBUG_WOLFSSL +#define DEBUG_WOLFSSL_VERBOSE +#define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_ESP32_CRYPT_DEBUG +#define NO_RECOVER_SOFTWARE_CALC +#define WOLFSSL_TEST_STRAY 1 +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +#define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define ESP_DISABLE_HW_TASK_LOCK +*/ + +#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +#define WOLFSSL_HW_METRICS + +/* #define HASH_SIZE_LIMIT */ /* for test.c */ + +/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ + +/* Optionally include alternate HW test library: alt_hw_test.h */ +/* When enabling, the ./components/wolfssl/CMakeLists.txt file + * will need the name of the library in the idf_component_register + * for the PRIV_REQUIRES list. */ +/* #define INCLUDE_ALT_HW_TEST */ + +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number ESP32 HW Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number ESP32 HW Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number ESP32 HW Modular Multiplication +** [Z = X * Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + + +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + +/* when turning on ECC508 / ECC608 support +#define WOLFSSL_ESPWROOM32SE +#define HAVE_PK_CALLBACKS +#define WOLFSSL_ATECC508A +#define ATCA_WOLFSSL +*/ + +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #include + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_CERT server_sm2 + #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_KEY server_sm2_priv + #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 +#else + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_256 + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt index c107b46af2..e37c4d5f62 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt @@ -1,10 +1,9 @@ - # # wolfssl benchmark test # set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") -set(COMPONENT_SRCS main.c) +set(COMPONENT_SRCS "main.c") set(COMPONENT_ADD_INCLUDEDIRS ".") set (git_cmd "git") @@ -19,7 +18,9 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") endif() -register_component() +idf_component_register(SRCS main.c + INCLUDE_DIRS "." + "./include") # # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk index e19e22a535..0adf45649a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk @@ -1,8 +1,8 @@ # # Main component makefile. # -# This Makefile can be left empty. By default, it will take the sources in the -# src/ directory, compile them and link them into lib(subdirectory_name).a +# This Makefile can be left empty. By default, it will take the sources in the +# src/ directory, compile them and link them into lib(subdirectory_name).a # in the build directory. This behaviour is entirely configurable, # please read the ESP-IDF documents if you need to do this. -# \ No newline at end of file +# diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h similarity index 96% rename from IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.h rename to IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h index 218589206b..219eb15dd8 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h @@ -1,4 +1,3 @@ -#pragma once /* benchmark main.h * * Copyright (C) 2006-2023 wolfSSL Inc. @@ -20,10 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#ifndef _MAIN_ +#define _MAIN_ + void app_main(void); /* see wolfssl/wolfcrypt/benchmark/benchmark.h */ extern void wolf_benchmark_task(); - - +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c index dc14bf2376..89f08508b0 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c @@ -18,6 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* ESP-IDF */ #include #include "sdkconfig.h" @@ -26,6 +27,7 @@ #include #include #include +#include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h" #ifndef WOLFSSL_ESPIDF #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" #endif @@ -33,10 +35,14 @@ #include #include +/* set to 0 for one benchmark, +** set to 1 for continous benchmark loop */ +#define BENCHMARK_LOOP 1 + /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */ #ifdef CONFIG_BENCH_ARGV -#define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV -#define WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS 22 /* arbitrary number of max args */ + #define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV + #define WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS 22 /* arbitrary number of max args */ #endif /* @@ -67,6 +73,8 @@ static const char* const TAG = "wolfssl_benchmark"; static byte mSlotList[ATECC_MAX_SLOT]; +int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc); + /* initialize slot array */ void my_atmel_slotInit() { @@ -183,51 +191,18 @@ int construct_argv() /* entry point */ void app_main(void) { + int stack_start = 0; + ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET); - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_STRING = %s", LIBWOLFSSL_VERSION_STRING); - -#if defined(WOLFSSL_MULTI_INSTALL_WARNING) - ESP_LOGI(TAG, ""); - ESP_LOGI(TAG, "WARNING: Multiple wolfSSL installs found."); - ESP_LOGI(TAG, "Check ESP-IDF and local project [components] directory."); - ESP_LOGI(TAG, ""); -#endif - -#if defined(LIBWOLFSSL_VERSION_GIT_HASH) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH = %s", LIBWOLFSSL_VERSION_GIT_HASH); -#endif - -#if defined(LIBWOLFSSL_VERSION_GIT_SHORT_HASH ) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_SHORT_HASH = %s", LIBWOLFSSL_VERSION_GIT_SHORT_HASH); -#endif - -#if defined(LIBWOLFSSL_VERSION_GIT_HASH_DATE) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH_DATE = %s", LIBWOLFSSL_VERSION_GIT_HASH_DATE); -#endif - - /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) - /* not available for C3 at this time */ -#elif defined(CONFIG_IDF_TARGET_ESP32S3) - ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#else - ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); +#ifdef HAVE_VERSION_EXTENDED_INFO + esp_ShowExtendedSystemInfo(); #endif - /* all platforms: stack high water mark check */ - ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV); /* when using atecc608a on esp32-wroom-32se */ @@ -251,15 +226,37 @@ void app_main(void) /* although wolfCrypt_Init() may be explicitly called above, ** note it is still always called in wolf_benchmark_task. */ - wolf_benchmark_task(); - /* wolfCrypt_Cleanup should always be called at completion, - ** and is called in wolf_benchmark_task(). - */ + stack_start = uxTaskGetStackHighWaterMark(NULL); + + do { + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); + + wolf_benchmark_task(); + ESP_LOGI(TAG, "Stack used: %d\n", + stack_start - uxTaskGetStackHighWaterMark(NULL)); + + #ifdef WOLFSSL_HW_METRICS_DISABLED/* Remove _DISABLED upon #6990 Merge */ + esp_hw_show_metrics(); + #endif + } while (BENCHMARK_LOOP); + /* Reminder: wolfCrypt_Cleanup should always be called at completion, + ** and is called in wolf_benchmark_task(). */ + +#if defined(SINGLE_THREADED) + /* need stack monitor for single thread */ +#else ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); +#endif + + ESP_LOGI(TAG, "\n\nDone!\n\n" + "If running from idf.py monitor, press twice: Ctrl+]"); /* after the test, we'll just wait */ while (1) { - /* nothing */ + /* do something other than nothing to help next program/debug session*/ +#ifndef SINGLE_THREADED + vTaskDelay(1000); +#endif } #endif /* NO_CRYPT_BENCHMARK */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv index 5a1a339c94..a9c373bec7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv @@ -1,6 +1,3 @@ -# This tag is used to include this file in the ESP Component Registry: -# __ESP_COMPONENT_SOURCE__ - # to view: idf.py partition-table # # ESP-IDF Partition Table @@ -13,7 +10,7 @@ factory, app, factory, 0x10000, 1500K, # For other settings, see: # https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables # -# Here is the summary printed for the “Single factory app, no OTA” configuration: +# Here is the summary printed for the "Single factory app, no OTA" configuration: # # # ESP-IDF Partition Table # # Name, Type, SubType, Offset, Size, Flags @@ -22,7 +19,7 @@ factory, app, factory, 0x10000, 1500K, # factory, app, factory, 0x10000, 1M, # # -# Here is the summary printed for the “Factory app, two OTA definitions” configuration: +# Here is the summary printed for the "Factory app, two OTA definitions" configuration: # # # ESP-IDF Partition Table # # Name, Type, SubType, Offset, Size, Flags diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt index 7312c0dbad..14d08bf9f9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt @@ -1,11 +1,96 @@ +# wolfSSL Espressif Example Project CMakeLists.txt +# v1.0 +# # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.16) + +# The wolfSSL CMake file should be able to find the source code. +# Otherwise, assign an environment variable or set it here: +# +# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") +# +# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find +# USE_MY_PRIVATE_CONFIG path for my_private_config.h +# +# Expected path varies: +# +# WSL: /mnt/c/workspace +# Linux: ~/workspace +# Windows: C:\workspace +# +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME + +# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. +set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + +if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") +else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") +endif() + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + -# (Not part of the boilerplate) # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -# disable the following line if there isn't the directory -set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + +if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") +else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") +endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) + project(wolfssl_client) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md index ee834071a5..b89cbfe4b9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md @@ -2,6 +2,14 @@ The Example contains of wolfSSL tls client demo. +## VisualGDB + +Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button. +No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`. + +## ESP-IDF Commandline + + 1. `idf.py menuconfig` to config the project 1-1. Example Configuration -> @@ -24,4 +32,41 @@ When you want to test the wolfSSL client e.g. Launch ./examples/server/server -v 4 -b -i -d +## SM Ciphers + +#### Working Linux Client to ESP32 Server + +Command: + +``` +cd /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_server +. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +idf.py flash -p /dev/ttyS19 -b 115200 monitor + +``` + +``` +cd /mnt/c/workspace/wolfssl-gojimmypi + +./examples/client/client -h 192.168.1.108 -v 4 -l TLS_SM4_GCM_SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +``` + +Output: + +```text +SSL version is TLSv1.3 +SSL cipher suite is TLS_SM4_GCM_SM3 +SSL curve name is SM2P256V1 +I hear you fa shizzle! +``` + +#### Linux client to Linux server: + +``` +./examples/client/client -h 127.0.0.1 -v 4 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +./examples/server/server -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V +``` + See the README.md file in the upper level 'examples' directory for more information about examples. + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md new file mode 100644 index 0000000000..01dd6baf8a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md @@ -0,0 +1,512 @@ +# SM Cipher Notes + + +### Install SM +``` +cd /mnt/c/workspace/wolfsm-$USER +./install.sh ../wolfssl-$USER +``` + + +### Build Linux SM Examples +``` +./autogen.sh +./configure --enable-sm3 --enable-sm4-gcm --enable-sm2 \ + --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr \ + --enable-sm4-gcm --enable-sm4-ccm +make clean && make +``` + +### TLS 1.3 Server + +``` +./examples/server/server -v 4 -b -d -p 11111 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V +``` + +### TLS 1.3 Client + +``` +./examples/client/client -h 127.0.0.1 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +``` + +### TLS 1.2 Client to Local Linux Server + +``` +./examples/client/client -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 \ + -c ./certs/sm2/client-sm2.pem \ + -k ./certs/sm2/client-sm2-priv.pem \ + -A ./certs/sm2/root-sm2.pem -C +``` + +### TLS 1.2 Client to ESP32 Server + +``` +./examples/client/client -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 \ + -c ./certs/sm2/client-sm2.pem \ + -k ./certs/sm2/client-sm2-priv.pem \ + -A ./certs/sm2/root-sm2.pem -C +``` +### Others... + +``` +# Success: Linux Client to ESP32 Server TLS1.2 +./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +# Success: Linux Client to ESP32 Server TLS1.3 + +# Reported as TLS_SM4_GCM_SM3, but parameter is TLS13-SM4-GCM-SM3 +./examples/client/client -h 192.168.1.113 -v 4 -l TLS13-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +# Reported as TLS-SM4-CCM-SM3, but parameter is TLS13-SM4-CCM-SM3 +./examples/client/client -h 192.168.1.113 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +./examples/client/client -h 192.168.1.113 -v 4 -l TLS13-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +``` + +``` +ESP32-to-ESP32 +TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 +TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 +TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 +``` + +Tried both PEM and DER format. + +The latest server is PEM format, triple-checked to have the embedded server +be the same as the Linux server files. + + +| Usage | Certificate | Key | Certificate Authority file, default ./certs/client-cert.pem | +| ----- | ---------------------------------- | ----------------------------------- | --------------------------------- | +| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V | +| client | -c ./certs/sm2/client-sm2.pem | -k ./certs/sm2/client-sm2-priv.pem | -A ./certs/sm2/root-sm2.pem -C | +| emdedded: +| server | wolfSSL_CTX_use_certificate_buffer
server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer
server_sm2_priv | wolfSSL_CTX_load_verify_buffer
client-sm2 | + +### Code + +See [source code](https://github.com/gojimmypi/wolfssl/blob/2c4f443aec7b151f945cb9dfe2dad6ee30449cf0/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c#L187): + +![code](./code.png) + + +### Linux client talking to embedded server: + +``` +/examples/client/client -h 192.168.1.108 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +wolfSSL_connect error -188, ASN no signer error to confirm failure +wolfSSL error: wolfSSL_connect failed +``` + +Output: +``` +ets Jul 29 2019 12:21:46 + +rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) +configsip: 0, SPIWP:0xee +clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00 +mode:DIO, clock div:2 +load:0x3fff0030,len:7000 +load:0x40078000,len:15452 +ho 0 tail 12 room 4 +load:0x40080400,len:3840 +entry 0x4008064c +I (29) boot: ESP-IDF v5.0-dirty 2nd stage bootloader +I (29) boot: compile time 13:40:31 +I (29) boot: chip revision: v3.0 +I (32) boot_comm: chip revision: 3, min. bootloader chip revision: 0 +I (39) boot.esp32: SPI Speed : 40MHz +I (44) boot.esp32: SPI Mode : DIO +I (48) boot.esp32: SPI Flash Size : 2MB +I (53) boot: Enabling RNG early entropy source... +I (58) boot: Partition Table: +I (62) boot: ## Label Usage Type ST Offset Length +I (69) boot: 0 nvs WiFi data 01 02 00009000 00006000 +I (77) boot: 1 phy_init RF data 01 01 0000f000 00001000 +I (84) boot: 2 factory factory app 00 00 00010000 00177000 +I (92) boot: End of partition table +I (96) boot_comm: chip revision: 3, min. application chip revision: 0 +I (103) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=338d8h (211160) map +I (188) esp_image: segment 1: paddr=00043900 vaddr=3ffb0000 size=03b78h ( 15224) load +I (194) esp_image: segment 2: paddr=00047480 vaddr=40080000 size=08b98h ( 35736) load +I (209) esp_image: segment 3: paddr=00050020 vaddr=400d0020 size=c591ch (809244) map +I (501) esp_image: segment 4: paddr=00115944 vaddr=40088b98 size=0c230h ( 49712) load +I (522) esp_image: segment 5: paddr=00121b7c vaddr=50000000 size=00010h ( 16) load +I (533) boot: Loaded app from partition at offset 0x10000 +I (533) boot: Disabling RNG early entropy source... +I (545) cpu_start: Pro cpu up. +I (545) cpu_start: Starting app cpu, entry point is 0x400812f4 +I (532) cpu_start: App cpu up. +I (561) cpu_start: Pro cpu start user code +I (561) cpu_start: cpu freq: 160000000 Hz +I (561) cpu_start: Application information: +I (566) cpu_start: Project name: wolfssl_server +I (571) cpu_start: App version: v5.6.3-stable-1088-g560c84b2b-d +I (578) cpu_start: Compile time: Jul 19 2023 22:20:09 +I (585) cpu_start: ELF file SHA256: 3e6e571c9e87bf44... +I (591) cpu_start: ESP-IDF: v5.0-dirty +I (596) heap_init: Initializing. RAM available for dynamic allocation: +I (603) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM +I (609) heap_init: At 3FFBDA68 len 00022598 (137 KiB): DRAM +I (615) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM +I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM +I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM +I (636) spi_flash: detected chip: generic +I (639) spi_flash: flash io: dio +W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the +size in the binary image header. +I (657) cpu_start: Starting scheduler on PRO CPU. +I (0) cpu_start: Starting scheduler on APP CPU. +I (725) tls_server: ESP_WIFI_MODE_STA +I (735) wifi:wifi driver task: 3ffcb738, prio:23, stack:6656, core=0 +I (735) system_api: Base MAC address is not set +I (735) system_api: read default base MAC address from EFUSE +I (755) wifi:wifi firmware version: 0d470ef +I (755) wifi:wifi certification version: v7.0 +I (755) wifi:config NVS flash: enabled +I (755) wifi:config nano formating: disabled +I (755) wifi:Init data frame dynamic rx buffer num: 32 +I (765) wifi:Init management frame dynamic rx buffer num: 32 +I (765) wifi:Init management short buffer num: 32 +I (775) wifi:Init dynamic tx buffer num: 32 +I (775) wifi:Init static rx buffer size: 1600 +I (775) wifi:Init static rx buffer num: 10 +I (785) wifi:Init dynamic rx buffer num: 32 +I (785) wifi_init: rx ba win: 6 +I (795) wifi_init: tcpip mbox: 32 +I (795) wifi_init: udp mbox: 6 +I (795) wifi_init: tcp mbox: 6 +I (805) wifi_init: tcp tx win: 5744 +I (805) wifi_init: tcp rx win: 5744 +I (815) wifi_init: tcp mss: 1440 +I (815) wifi_init: WiFi IRAM OP enabled +I (815) wifi_init: WiFi RX IRAM OP enabled +I (825) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07 +I (925) wifi:mode : sta (24:d7:eb:41:7b:68) +I (935) wifi:enable tsf +I (935) tls_server: wifi_init_sta finished. +I (945) wifi:new:<4,0>, old:<1,0>, ap:<255,255>, sta:<4,0>, prof:1 +I (945) wifi:state: init -> auth (b0) +I (945) wifi:state: auth -> assoc (0) +I (955) wifi:state: assoc -> run (10) +W (955) wifi:idx:0 (ifx:0, c8:d7:19:cd:00:17), tid:0, ssn:0, winSize:64 +I (985) wifi:connected with testbench, aid = 1, channel 4, BW20, bssid = c8:d7:19:cd:00:17 +I (985) wifi:security: WPA2-PSK, phy: bgn, rssi: -45 +I (995) wifi:pm start, type: 1 + +I (1065) wifi:AP's beacon interval = 102400 us, DTIM period = 1 +I (3225) esp_netif_handlers: sta ip: 192.168.1.108, mask: 255.255.255.0, gw: 192.168.1.10 +I (3225) tls_server: got ip:192.168.1.108 +I (3235) Time Helper: sntp_setservername: +I (3235) Time Helper: pool.ntp.org +I (3245) Time Helper: time.nist.gov +I (3245) Time Helper: utcnist.colorado.edu +I (3255) Time Helper: sntp_init done. +TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12 +8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS +A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD +SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD +:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3 +:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305 +I (3315) wolfssl: Start wolfSSL_Init() +I (3315) wolfssl: wolfSSL Entering wolfSSL_Init +I (3325) wolfssl: wolfSSL Entering wolfCrypt_Init +I (3325) wolfssl: start socket()) +I (3335) wolfssl: Create and initialize WOLFSSL_CTX +I (3335) wolfssl: wolfSSL Entering wolfSSLv23_server_method_ex +I (3345) wolfssl: wolfSSL Entering wolfSSL_CTX_new_ex +I (3345) wolfssl: wolfSSL Entering wolfSSL_CertManagerNew +I (3355) wolfssl: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0 +I (3365) tls_server: Start SM2 + +I (3365) wolfssl: wolfSSL Entering wolfSSL_CTX_set_cipher_list +I (3375) tls_server: Set cipher list: ECDHE-ECDSA-SM4-CBC-SM3 + +TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12 +8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS +A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD +SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD +:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3 +:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305 +I (3435) wolfssl: Loading certificate... +I (3435) wolfssl: wolfSSL Entering wolfSSL_CTX_use_certificate_buffer +I (3445) wolfssl: wolfSSL Entering PemToDer +I (3455) wolfssl: Checking cert signature type +I (3455) wolfssl: wolfSSL Entering GetExplicitVersion +I (3465) wolfssl: wolfSSL Entering wc_GetSerialNumber +I (3465) wolfssl: Got Cert Header +I (3475) wolfssl: wolfSSL Entering GetObjectId +I (3475) wolfssl: Got Algo ID +I (3475) wolfssl: Getting Name +I (3485) wolfssl: Getting Cert Name +I (3485) wolfssl: Getting Name +I (3495) wolfssl: Getting Cert Name +I (3495) wolfssl: Got Subject Name +I (3495) wolfssl: wolfSSL Entering GetAlgoId +I (3505) wolfssl: wolfSSL Entering GetObjectId +I (3505) wolfssl: wolfSSL Entering GetObjectId +I (3515) wolfssl: Got Key +I (3515) wolfssl: ECDSA/ED25519/ED448 cert signature +I (3525) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_certificate_buffer, return 1 +I (3535) tls_server: Loaded server_sm2 + +I (3535) wolfssl: Loading key info... +I (3535) wolfssl: wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer +I (3545) wolfssl: wolfSSL Entering PemToDer +I (3555) wolfssl: wolfSSL Entering GetAlgoId +I (3555) wolfssl: wolfSSL Entering GetObjectId +I (3565) wolfssl: wolfSSL Entering GetAlgoId +I (3565) wolfssl: wolfSSL Entering GetObjectId +I (3575) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1 +I (3575) tls_server: Loaded PrivateKey_buffer server_sm2_priv + +I (3585) wolfssl: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex +I (3595) wolfssl: Processing CA PEM file +I (3595) wolfssl: wolfSSL Entering PemToDer +I (3605) wolfssl: Adding a CA +I (3605) wolfssl: wolfSSL Entering GetExplicitVersion +I (3615) wolfssl: wolfSSL Entering wc_GetSerialNumber +I (3615) wolfssl: Got Cert Header +I (3625) wolfssl: wolfSSL Entering GetObjectId +I (3625) wolfssl: Got Algo ID +I (3635) wolfssl: Getting Name +I (3635) wolfssl: Getting Cert Name +I (3635) wolfssl: Getting Name +I (3645) wolfssl: Getting Cert Name +I (3645) wolfssl: Got Subject Name +I (3655) wolfssl: wolfSSL Entering GetAlgoId +I (3655) wolfssl: wolfSSL Entering GetObjectId +I (3665) wolfssl: wolfSSL Entering GetObjectId +I (3665) wolfssl: Got Key +I (3665) wolfssl: Parsed Past Key +I (3675) wolfssl: wolfSSL Entering DecodeCertExtensions +I (3675) wolfssl: wolfSSL Entering GetObjectId +I (3685) wolfssl: wolfSSL Entering DecodeSubjKeyId +I (3685) wolfssl: wolfSSL Entering GetObjectId +I (3695) wolfssl: wolfSSL Entering DecodeAuthKeyId +I (3705) wolfssl: wolfSSL Entering GetObjectId +I (3705) wolfssl: wolfSSL Entering DecodeBasicCaConstraint +I (3715) wolfssl: wolfSSL Entering GetObjectId +I (3715) wolfssl: wolfSSL Entering DecodeAltNames +I (3725) wolfssl: Unsupported name type, skipping +I (3725) wolfssl: wolfSSL Entering GetObjectId +I (3735) wolfssl: wolfSSL Entering DecodeExtKeyUsage +I (3735) wolfssl: wolfSSL Entering GetObjectId +I (3745) wolfssl: wolfSSL Entering GetObjectId +I (3745) wolfssl: wolfSSL Entering GetObjectId +I (3755) wolfssl: Parsed new CA +I (3755) wolfssl: No key size check done on CA +I (3765) wolfssl: Freeing Parsed CA +I (3765) wolfssl: Freeing der CA +I (3775) wolfssl: OK Freeing der CA +I (3775) wolfssl: wolfSSL Leaving AddCA, return 0 +I (3785) wolfssl: Processed a CA +I (3785) wolfssl: Processed at least one valid CA. Other stuff OK +I (3795) wolfssl: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1 +I (3795) tls_server: Success: load verify buffer + +I (3805) tls_server: Finish SM2 + +I (3805) tls_server: accept clients... +I (3815) wolfssl: Waiting for a connection... +I (14485) wolfssl: wolfSSL Entering wolfSSL_new +I (14495) wolfssl: wolfSSL Entering ReinitSSL +I (14495) wolfssl: wolfSSL Entering SetSSL_CTX +I (14495) wolfssl: wolfSSL Entering wolfSSL_NewSession +I (14505) wolfssl: wolfSSL Leaving wolfSSL_new, return 0 +I (14505) wolfssl: wolfSSL Entering wolfSSL_set_fd +I (14515) wolfssl: wolfSSL Entering wolfSSL_set_read_fd +I (14515) wolfssl: wolfSSL Leaving wolfSSL_set_read_fd, return 1 +I (14525) wolfssl: wolfSSL Entering wolfSSL_set_write_fd +I (14535) wolfssl: wolfSSL Leaving wolfSSL_set_write_fd, return 1 +I (14535) wolfssl: wolfSSL Entering wolfSSL_accept +I (14545) wolfssl: wolfSSL Entering ReinitSSL +I (14545) wolfssl: growing input buffer +I (14555) wolfssl: received record layer msg +I (14555) wolfssl: got HANDSHAKE +I (14565) wolfssl: wolfSSL Entering wolfSSL_get_options +I (14565) wolfssl: wolfSSL Entering DoTls13HandShakeMsg +I (14575) wolfssl: wolfSSL Entering DoTls13HandShakeMsgType +I (14575) wolfssl: processing client hello +I (14585) wolfssl: wolfSSL Entering DoTls13ClientHello +I (14595) wolfssl: wolfSSL Entering DoClientHello +I (14595) wolfssl: downgrading to TLSv1.2 +I (14605) wolfssl: Matched No Compression +I (14605) wolfssl: Adding signature algorithms extension +I (14615) wolfssl: Signature Algorithms extension received +I (14615) wolfssl: Point Formats extension received +I (14625) wolfssl: Supported Groups extension received +I (14625) wolfssl: Unknown TLS extension type +I (14635) wolfssl: Unknown TLS extension type +I (14635) wolfssl: wolfSSL Entering MatchSuite +I (14645) wolfssl: wolfSSL Entering VerifyServerSuite +I (14645) wolfssl: Requires ECC +I (14655) wolfssl: Verified suite validity +I (14655) wolfssl: wolfSSL Leaving DoClientHello, return 0 +I (14665) wolfssl: wolfSSL Leaving DoTls13ClientHello, return 0 +I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsgType(), return 0 +I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsg, return 0 +I (14685) wolfssl: Shrinking input buffer +I (14685) wolfssl: accept state ACCEPT_CLIENT_HELLO_DONE +I (14695) wolfssl: accept state ACCEPT_FIRST_REPLY_DONE +I (14705) wolfssl: wolfSSL Entering SendServerHello +I (14705) wolfssl: growing output buffer +I (14715) internal.c: GrowOutputBuffer ok +I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options +I (14725) wolfssl: Point Formats extension to write +W (14735) wolfio: ssl->wflags = 0 +I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 +I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 +I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 +I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 +I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 +I (14765) wolfio: 06 00 0b 00 02 01 00 +W (14775) wolfio: sz = 87 +I (14775) wolfssl: Shrinking output buffer +I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0 +I (14785) wolfssl: accept state SERVER_HELLO_SENT +I (14795) wolfssl: wolfSSL Entering SendCertificate +I (14795) wolfssl: growing output buffer +I (14805) internal.c: GrowOutputBuffer ok +W (14815) wolfio: ssl->wflags = 0 +I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 +I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 +I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b +I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 +I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 +I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 +I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 +I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 +I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c +I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d +I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 +I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f +I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 +I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 +I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 +I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 +I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 +I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e +I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 +I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c +I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 +I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 +I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e +I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 +I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c +I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 +I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 +I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c +I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f +I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa +I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f +I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 +I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 +I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b +I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f +I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb +I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 +I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 +I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 +I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 +I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 +I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 +I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d +I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 +I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 +I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f +I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 +W (15135) wolfio: sz = 747 +I (15135) wolfssl: Shrinking output buffer +I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0 +I (15145) wolfssl: accept state CERT_SENT +I (15155) wolfssl: wolfSSL Entering SendCertificateStatus +I (15155) wolfssl: wolfSSL Leaving SendCertificateStatus, return 0 +I (15165) wolfssl: accept state CERT_STATUS_SENT +I (15165) wolfssl: wolfSSL Entering SendServerKeyExchange +I (15175) wolfssl: Using ephemeral ECDH +I (15175) wolfssl: wolfSSL Entering EccMakeKey +I (15535) wolfssl: wolfSSL Leaving EccMakeKey, return 0 +I (15535) wolfssl: Trying ECC private key, RSA didn't work +I (15535) wolfssl: wolfSSL Entering GetAlgoId +I (15545) wolfssl: wolfSSL Entering GetObjectId +I (15555) wolfssl: Using ECC private key +I (15555) wolfssl: wolfSSL Entering Sm2wSm3Sign +I (15915) wolfssl: wolfSSL Leaving Sm2wSm3Sign, return 0 +I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg +I (15925) wolfssl: growing output buffer +I (15925) internal.c: GrowOutputBuffer ok +W (15925) wolfio: ssl->wflags = 0 +I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 +I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 +I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f +I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 +I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 +I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad +I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac +I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a +I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c +I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 +W (15995) wolfio: sz = 154 +I (16005) wolfssl: Shrinking output buffer +I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0 +I (16015) wolfssl: accept state KEY_EXCHANGE_SENT +I (16025) wolfssl: accept state CERT_REQ_SENT +I (16025) wolfssl: wolfSSL Entering SendServerHelloDone +I (16035) wolfssl: growing output buffer +I (16035) internal.c: GrowOutputBuffer ok +W (16045) wolfio: ssl->wflags = 0 +I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 +W (16045) wolfio: sz = 9 +I (16055) wolfssl: Embed Send error +I (16055) wolfssl: Connection reset +I (16065) int: Sent = -3 +W (16065) int: WOLFSSL_CBIO_ERR_CONN_RST +E (16075) int: SOCKET_ERROR_E 2 +I (16075) wolfssl: wolfSSL Leaving SendServerHelloDone, return -308 +I (16085) wolfssl: wolfSSL error occurred, error = -308 +I (16085) wolfssl: wolfSSL Entering wolfSSL_get_error +I (16095) wolfssl: wolfSSL Leaving wolfSSL_get_error, return -308 +E (16085) tls_server: wolfSSL_accept error -308 +I (16105) wolfssl: Client connected successfully +I (16105) wolfssl: wolfSSL Entering wolfSSL_read +I (16115) wolfssl: wolfSSL Entering wolfSSL_read_internal +I (16125) wolfssl: wolfSSL Entering ReceiveData +I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed +I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308 +E (16145) tls_server: ERROR: failed to read +I (16145) wolfssl: Client sends: +I (16145) wolfssl: +I (16155) wolfssl: wolfSSL Entering wolfSSL_write +I (16155) wolfssl: handshake not complete, trying to finish +I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate +I (16165) wolfssl: wolfSSL Entering wolfSSL_accept +I (16175) wolfssl: wolfSSL Entering ReinitSSL +W (16185) wolfio: ssl->wflags = 0 +I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 +W (16185) wolfio: sz = 9 +I (16195) wolfssl: Embed Send error +I (16195) wolfssl: General error +I (16205) int: Sent = -1 +E (16205) int: SOCKET_ERROR_E +I (16205) wolfssl: wolfSSL error occurred, error = -308 +I (16215) wolfssl: wolfSSL Leaving wolfSSL_negotiate, return -1 +I (16225) wolfssl: wolfSSL Leaving wolfSSL_write, return -1 +E (16225) tls_server: ERROR: failed to write +I (16235) wolfssl: wolfSSL Entering wolfSSL_free +I (16235) wolfssl: Free'ing server ssl +I (16245) wolfssl: Shrinking output buffer +I (16245) wolfssl: wolfSSL Entering ClientSessionToSession +I (16255) wolfssl: wolfSSL Entering wolfSSL_FreeSession +I (16255) wolfssl: wolfSSL_FreeSession full free +I (16265) wolfssl: CTX ref count not 0 yet, no free +I (16265) wolfssl: wolfSSL Leaving wolfSSL_free, return 0 +I (16275) wolfssl: Waiting for a connection... +``` + +### Wireshark: + +![wireshark](./wireshark.png) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md new file mode 100644 index 0000000000..4f6aa4cd94 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md @@ -0,0 +1,52 @@ +# wolfSSL Project Files for Visual Studio 2022 with VisualGDB Extension + +Include in the respective project `./VisualGDB` directory are [VisualGDB](https://visualgdb.com/) project files. +Individual project files are included for convenience to new users, as there are [difficulties switching between ESP-IDF Versions or Chipsets](https://sysprogs.com/w/forums/topic/difficulties-switching-espressif-esp-idf-version-or-chipset/) using the VisualGDB extension. + +The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project. + + +-------- |------------- |------------- | +ChipSet | ESP-IDF v4.4 | ESP-IDF v5.0 | +-------- |------------- |------------- | +ESP32 | x | | +ESP32-S2 | | | +ESP32-S3 | x | x | +ESP32-C3 | x | x | +ESP32-C6 | | | + + +The default directories are: + +- `C:\SysGCC` - The root directory install of VisualGDB +- `C:\SysGCC\esp32` - The default for ESP-IDF v5.x +- `C:\SysGCC\esp32-8.4` - Many need to manually select this name for ESP-IDF v4.x install +- `C:\SysGCC\esp8266`- The default for ESP8266 + +## Resources + +- [wolfSSL Website](https://www.wolfssl.com/) + +- [wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki) + +- [FIPS 140-2/140-3 FAQ](https://wolfssl.com/license/fips) + +- [wolfSSL Documentation](https://wolfssl.com/wolfSSL/Docs.html) + +- [wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html) + +- [wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html) + +- [wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html) + +- [TLS 1.3](https://www.wolfssl.com/docs/tls13/) + +- [wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/) + +- [Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples) + +## Support + +For questions please email [support@wolfssl.com](mailto:support@wolfssl.com) + +<-- edit 5.6.0001 see https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB --> diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.sln b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.sln deleted file mode 100644 index 0db8292c3f..0000000000 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.sln +++ /dev/null @@ -1,31 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 16 -VisualStudioVersion = 16.0.33027.164 -MinimumVisualStudioVersion = 10.0.40219.1 -Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "VisualGDB_wolfssl_client", "VisualGDB_wolfssl_client.vgdbproj", "{E903E9CC-1A23-4B00-8914-7E45EC21E351}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|VisualGDB = Debug|VisualGDB - Release|VisualGDB = Release|VisualGDB - Tests (Debug)|VisualGDB = Tests (Debug)|VisualGDB - Tests (Release)|VisualGDB = Tests (Release)|VisualGDB - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Debug|VisualGDB.ActiveCfg = Debug|VisualGDB - {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Debug|VisualGDB.Build.0 = Debug|VisualGDB - {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Release|VisualGDB.ActiveCfg = Release|VisualGDB - {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Release|VisualGDB.Build.0 = Release|VisualGDB - {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Debug)|VisualGDB.ActiveCfg = Tests (Debug)|VisualGDB - {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Debug)|VisualGDB.Build.0 = Tests (Debug)|VisualGDB - {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Release)|VisualGDB.ActiveCfg = Tests (Release)|VisualGDB - {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Release)|VisualGDB.Build.0 = Tests (Release)|VisualGDB - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection - GlobalSection(ExtensibilityGlobals) = postSolution - SolutionGuid = {D510376F-F313-4EF6-8EF5-248D1949DFEB} - EndGlobalSection -EndGlobal diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln new file mode 100644 index 0000000000..c46b3864f2 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln @@ -0,0 +1,56 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.6.33829.357 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "wolfssl_client_IDF_v5_ESP32", "wolfssl_client_IDF_v5_ESP32.vgdbproj", "{E903E9CC-1A23-4B00-8914-7E45EC21E351}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "wolfssl", "wolfssl", "{5D78034B-FAE6-4B8D-8003-EC2B0993F286}" + ProjectSection(SolutionItems) = preProject + ..\..\..\..\..\..\wolfssl\error-ssl.h = ..\..\..\..\..\..\wolfssl\error-ssl.h + EndProjectSection +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "include", "include", "{53267705-B3FE-418C-975D-CD898BAF1F46}" + ProjectSection(SolutionItems) = preProject + ..\components\wolfssl\include\config.h = ..\components\wolfssl\include\config.h + ..\components\wolfssl\include\user_settings.h = ..\components\wolfssl\include\user_settings.h + EndProjectSection +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{A51226B3-88A7-4463-B443-0E321C4A3D53}" + ProjectSection(SolutionItems) = preProject + ..\..\..\..\..\..\..\my_private_config.h = ..\..\..\..\..\..\..\my_private_config.h + ..\partitions_singleapp_large.csv = ..\partitions_singleapp_large.csv + ..\README.md = ..\README.md + ..\sdkconfig = ..\sdkconfig + ..\build\VisualGDB\Debug\config\sdkconfig.cmake = ..\build\VisualGDB\Debug\config\sdkconfig.cmake + ..\sdkconfig.defaults = ..\sdkconfig.defaults + ..\build\VisualGDB\Debug\config\sdkconfig.h = ..\build\VisualGDB\Debug\config\sdkconfig.h + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|VisualGDB = Debug|VisualGDB + Release|VisualGDB = Release|VisualGDB + Tests (Debug)|VisualGDB = Tests (Debug)|VisualGDB + Tests (Release)|VisualGDB = Tests (Release)|VisualGDB + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Debug|VisualGDB.ActiveCfg = Debug|VisualGDB + {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Debug|VisualGDB.Build.0 = Debug|VisualGDB + {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Release|VisualGDB.ActiveCfg = Release|VisualGDB + {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Release|VisualGDB.Build.0 = Release|VisualGDB + {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Debug)|VisualGDB.ActiveCfg = Tests (Debug)|VisualGDB + {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Debug)|VisualGDB.Build.0 = Tests (Debug)|VisualGDB + {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Release)|VisualGDB.ActiveCfg = Tests (Release)|VisualGDB + {E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Release)|VisualGDB.Build.0 = Tests (Release)|VisualGDB + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(NestedProjects) = preSolution + {53267705-B3FE-418C-975D-CD898BAF1F46} = {5D78034B-FAE6-4B8D-8003-EC2B0993F286} + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {BA06FD8D-BEFD-429B-9F82-B6F34B43272E} + EndGlobalSection +EndGlobal diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj similarity index 92% rename from IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.vgdbproj rename to IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj index 4ed71d97a4..0fb07f6985 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj @@ -1,5 +1,5 @@ - + @@ -18,9 +18,9 @@ com.visualgdb.xtensa-esp32-elf - 11.2.0 - 9.2.90 - 2 + 12.2.0 + 12.1 + 1 .. @@ -67,11 +67,11 @@ true - release/v5.0 - esp-idf/v5.0 + release/v5.1 + esp-idf/v5.1 ESPIDF - COM20 + COM19 false false ESP32 @@ -93,7 +93,7 @@ - COM20 + COM19 115200 8 @@ -104,7 +104,7 @@ 0 false - false + true false ASCII @@ -220,7 +220,7 @@ openocd - -f interface/tigard.cfg -c "adapter_khz 3000" -f target/esp32.cfg + -f interface/ftdi/tigard.cfg -c "adapter_khz 15000" -f interface/ftdi/tigard.cfg -f target/esp32.cfg diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt index 2f1e9e4111..e82e19b600 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt @@ -19,7 +19,7 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.3.001 +# Version 5.6.0.011 for detect test/benchmark # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # @@ -28,14 +28,31 @@ cmake_minimum_required(VERSION 3.16) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component +set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) + +# find the user name to search for possible "wolfssl-username" +message(STATUS "USERNAME = $ENV{USERNAME}") +if( "$ENV{USER}" STREQUAL "" ) # the bash user + if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user + message(STATUS "could not find USER or USERNAME") + else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USERNAME}") + endif() +else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USER}") +endif() +message(STATUS "THIS_USER = ${THIS_USER}") + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 -# set the root of wolfSSL: +# set the root of wolfSSL in top-level project CMakelists.txt: # set(WOLFSSL_ROOT "C:/some path/with/spaces") -# set(WOLFSSL_ROOT "c:/workspace/wolfssl-gojimmypi") +# set(WOLFSSL_ROOT "c:/workspace/wolfssl-[username]") # set(WOLFSSL_ROOT "/mnt/c/some path/with/spaces") # or use this logic to assign value from Environment Variable WOLFSSL_ROOT, # or assume this is an example 7 subdirectories below: @@ -43,6 +60,97 @@ set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl # We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl # The root of wolfSSL is 7 directories up from here: +# function: IS_WOLFSSL_SOURCE +# parameter: DIRECTORY_PARAMETER - the directory to test +# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. +function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) + if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") + set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) + else() + set(${RESULT} "" PARENT_SCOPE) + endif() +endfunction() + +# function: FIND_WOLFSSL_DIRECTORY +# parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank +# +function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + else() + get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if("${FOUND_WOLFSSL}") + message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + else() + message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT}") + endif() + endif() + + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + + # loop through all the parents, looking for wolfssl + while(NOT CURRENT_SEARCH_DIR STREQUAL "/" AND NOT CURRENT_SEARCH_DIR STREQUAL "" ) + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + # wolfSSL may simply be in a parent directory, such as for local examples in wolfssl repo + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + + if( THIS_USER ) + # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + + #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + return() + endif() + endif() + + # Next check for no user suffix "wolfssl" subdirectory as we recurse up the directory tree + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + # if(EXISTS ${CURRENT_SEARCH_DIR} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR} AND EXISTS "${CURRENT_SEARCH_DIR}/wolfcrypt/src") + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + + # Move up one directory level + set(PRIOR_SEARCH_DIR "${CURRENT_SEARCH_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) + message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) + # when the search directory is empty, we'll give up + set(CURRENT_SEARCH_DIR "") + endif() + endwhile() + + # If not found, set the output variable to empty before exiting + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} "" PARENT_SCOPE) +endfunction() + + +# Example usage: + + + + if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( @@ -58,159 +166,36 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") - # TODO - if(WIN32) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") - message("Detected Windows") - endif() - if(CMAKE_HOST_UNIX) - message("Detected UNIX") - endif() - if(APPLE) - message("Detected APPLE") - endif() - if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") - message("Detected WSL") - endif() - if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") - message("Detected Linux") - endif() - if(APPLE) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") - message("Detected Apple") - endif() - - # Check to see if we're already in wolfssl, and only if WOLFSSL_ROOT not specified - if ("${WOLFSSL_ROOT}" STREQUAL "") - # wolfssl examples are 7 directories deep from wolfssl repo root - # 1 2 3 4 5 6 7 - set(THIS_RELATIVE_PATH "../../../../../../..") - get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) - message(STATUS "Searching in path = ${THIS_SEARCH_PATH}") - - if (EXISTS "${THIS_SEARCH_PATH}/wolfcrypt/src") - # we're already in wolfssl examples! - get_filename_component(WOLFSSL_ROOT "${THIS_SEARCH_PATH}" ABSOLUTE) - message(STATUS "Using wolfSSL example with root ${WOLFSSL_ROOT}") - else() - # We're in some other repo such as wolfssh, so we'll search for an - # adjacent-level directory for wolfssl. (8 directories up, then down one) - # - # For example wolfSSL examples: - # C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\components\wolfssl - # - # For example wolfSSH examples: - # C:\workspace\wolfssh-gojimmypi\ide\Espressif\ESP-IDF\examples\wolfssh_benchmark\components\wolfssl - # - # 1 2 3 4 5 6 7 8 - set(THIS_RELATIVE_PATH "../../../../../../../..") - get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) - message(STATUS "Searching next in path = ${THIS_SEARCH_PATH}") - endif() + # search for wolfSSL + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + if(WOLFSSL_ROOT) + message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + else() + message(STATUS "NEW wolfssl directory not found.") + # Abort. We need wolfssl _somewhere_. + message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" + "Try setting WOLFSSL_ROOT environment variable or git clone.") endif() - # search other possible locations - if ("${WOLFSSL_ROOT}" STREQUAL "") - # there's not a hard-coded WOLFSSL_ROOT value above, so let's see if we can find it. - if( "$ENV{WOLFSSL_ROOT}" STREQUAL "" ) - message(STATUS "Environment Variable WOLFSSL_ROOT not set. Will search common locations.") - - message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") - get_filename_component(THIS_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) - message(STATUS "THIS_DIR = ${THIS_DIR}") - - # find the user name to search for possible "wolfssl-username" - message(STATUS "USERNAME = $ENV{USERNAME}") - if( "$ENV{USER}" STREQUAL "" ) # the bash user - if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user - message(STATUS "could not find USER or USERNAME") - else() - # the bash user is not blank, so we'll use it. - set(THIS_USER "$ENV{USERNAME}") - endif() - else() - # the bash user is not blank, so we'll use it. - set(THIS_USER "$ENV{USER}") - endif() - message(STATUS "THIS_USER = ${THIS_USER}") - - # This same makefile is used for both the wolfssl component, and other - # components that may depend on wolfssl, such as wolfssh. Therefore - # we need to determine if this makefile is in the wolfssl repo, or - # some other repo. - - if( "{THIS_USER}" STREQUAL "" ) - # This is highly unusual to not find a user name. - # In this case, we'll just search for a "wolfssl" directory: - message(STATUS "No username found!") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) - else() - # We found an environment USER name! - # The first place to look for wolfssl will be in a user-clone called "wolfssl-[username]" - message(STATUS "Using [THIS_USER = ${THIS_USER}] to see if there's a [relative path]/wolfssl-${THIS_USER} directory.") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl-${THIS_USER}" ABSOLUTE) - - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "Found wolfssl in user-suffix ${WOLFSSL_ROOT}") - else() - # If there's not a user-clone called "wolfssl-[username]", - # perhaps there's simply a git clone called "wolfssl"? - message(STATUS "Did not find wolfssl-${THIS_USER}; continuing search...") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) - - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "Found wolfssl in standard ${WOLFSSL_ROOT}") - else() - # Things are looking pretty bleak. We'll likely not be able to compile. - message(STATUS "Did not find wolfssl in ${WOLFSSL_ROOT}") - endif() - endif() - endif() + set(INCLUDE_PATH ${WOLFSSL_ROOT}) - else() - # there's an environment variable, so use it. - set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( EXISTS "${WOLFSSL_ROOT}" ) - get_filename_component(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") - else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() - # end of search for wolfssl component root - else() - # There's already a value assigned; we won't search for anything else. - message(STATUS "Found user-specified WOLFSSL_ROOT value.") - endif() # WOLFSSL_ROOT user defined - - # After all the logic above, does our WOLFSSL_ROOT actually exist? - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}") - else() - # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}. Try setting environment variable or git clone.") + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") endif() - - set(INCLUDE_PATH ${WOLFSSL_ROOT}) + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" - # TODO: Make this a universal makefile that detects if benchmark / test needed - # Sometimes problematic with SM; consider gating detection. - #"\"${WOLFSSL_ROOT}/wolfcrypt/benchmark\"" # the benchmark application - #"\"${WOLFSSL_ROOT}/wolfcrypt/test\"" # the test application - ) # COMPONENT_SRCDIRS + "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" + ) # COMPONENT_SRCDIRS + message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") @@ -303,10 +288,10 @@ else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) message(STATUS "Using existing wolfSSL user_settings.h in " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") else() message(STATUS "Installing wolfSSL user_settings.h to " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/") endif() @@ -314,9 +299,12 @@ else() # next check if there's a [root]/include/config.h if( EXISTS "${WOLFSSL_ROOT}/include/config.h" ) - message(FATAL_ERROR "Found stray wolfSSL config.h in " - "${WOLFSSL_ROOT}/include/config.h " - " (please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h )") + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") + message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h" ) + message(STATUS " Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h" ) + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" ) @@ -399,6 +387,14 @@ else() "\"${WOLFSSL_ROOT}/src/x509_str.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" "\"${EXCLUDE_ASM}\"" ) @@ -443,6 +439,7 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + endif() # CMAKE_BUILD_EARLY_EXPANSION diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 9df1082810..9aca493ef4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -19,21 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* This is the user_settings.h file for the wolfssl_client TLS example. - * For application-specific settings, please see client-tls.h file */ - -#include /* essential to chip set detection */ - -/* optional timezone used when setting time */ -#define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" - -/* #define SHOW_SSID_AND_PASSWORD */ /* remove this to not show in startup log */ - -#undef WOLFSSL_ESPIDF -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESP8266 +/* This user_settings.h is for Espressif ESP-IDF */ +#include /* The Espressif sdkconfig will have chipset info. ** @@ -46,6 +33,7 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ +#undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF /* @@ -55,64 +43,25 @@ * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP8266 +#undef WOLFSSL_ESP32 #define WOLFSSL_ESP32 -#if defined(CONFIG_IDF_TARGET_ESP32) - /* HW Enabled by default for ESP32. To disable: */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ -#elif defined(CONFIG_IDF_TARGET_ESP32S2) - /* HW Disabled by default for ESP32-S2. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32S3) - /* HW Enabled by default for ESP32. To disable: */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ -#elif defined(CONFIG_IDF_TARGET_ESP32C2) - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32C3) - /* HW Disabled by default for ESP32-C3. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32C6) - /* HW Disabled by default for ESP32-C6. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32H2) - /* HW Disabled by default for ESP32-H2. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#else - /* HW Disabled by default for all other ESP32-[?]. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#endif - - /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* When you don't want to use the old SHA */ +/* #define NO_SHA */ +/* #define NO_OLD_TLS */ + #define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -124,45 +73,44 @@ #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB -/* when you want to use SINGLE THREAD */ -/* #define SINGLE_THREADED */ #define NO_FILESYSTEM +#define NO_OLD_TLS + #define HAVE_AESGCM #define WOLFSSL_RIPEMD /* when you want to use SHA224 */ -/* #define WOLFSSL_SHA224 */ - -#define NO_OLD_TLS +#define WOLFSSL_SHA224 /* when you want to use SHA384 */ -/* #define WOLFSSL_SHA384 */ - -/* #define WOLFSSL_SHA3 */ +#define WOLFSSL_SHA384 +/* when you want to use SHA512 */ #define WOLFSSL_SHA512 + +/* when you want to use SHA3 */ +#define WOLFSSL_SHA3 + +#define HAVE_ED25519 /* ED25519 requires SHA512 */ + #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 + #define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ +#define HAVE_PKCS7 + #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* optional DH */ -/* #define PROJECT_DH */ -#ifdef PROJECT_DH - #define HAVE_DH - #define HAVE_FFDHE_2048 -#endif - /* when you want to use aes counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -177,23 +125,29 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ +/* rsa primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #define EPS_RSA_EXPT_XBTIS 36 - /* X and Y of X * Y mod P greater than */ - #define ESP_RSA_MULM_BITS 36 + + #if defined(CONFIG_IDF_TARGET_ESP32) + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + + #endif #endif + #define RSA_LOW_MEM -/* debug options */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ -/* #define WOLFSSL_ATECC508A_DEBUG */ +/* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ /* if it cannot adjust time in the device, */ @@ -201,147 +155,192 @@ /* #define NO_ASN_TIME */ /* #define XTIME time */ + /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 -/* see esp_ShowExtendedSystemInfo in esp32-crypt.h for startup log info */ -#define HAVE_VERSION_EXTENDED_INFO +#define HASH_SIZE_LIMIT /* for test.c */ +/* USE_FAST_MATH is default */ +#define USE_FAST_MATH -/* debug options */ -/* #define ESP_VERIFY_MEMBLOCK */ -#define WOLFSSL_HW_METRICS -/* #define DEBUG_WOLFSSL_VERBOSE */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -#define NO_RECOVER_SOFTWARE_CALC +/***** Use SP_MATH *****/ +/* #undef USE_FAST_MATH */ +/* #define SP_MATH */ +/* #define WOLFSSL_SP_MATH_ALL */ -/* optionally turn off individual math HW acceleration features */ +/***** Use Integer Heap Math *****/ +/* #undef USE_FAST_MATH */ +/* #define USE_INTEGER_HEAP_MATH */ -/* Turn off Large Number Multiplication: -** [Z = X * Y] in esp_mp_mul() */ -/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ -/* Turn off Large Number Modular Exponentiation: -** [Z = X^Y mod M] in esp_mp_exptmod() */ -/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ +#define WOLFSSL_SMALL_STACK -/* Turn off Large Number Modular Multiplication -** [Z = X × Y mod M] in esp_mp_mulmod() */ -/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ +#define HAVE_VERSION_EXTENDED_INFO +/* #define HAVE_WC_INTROSPECTION */ -/* this is known to fail in TFM: */ -/* #define HONOR_MATH_USED_LENGTH */ +#define HAVE_SESSION_TICKET -/* this is known to fail in TFM */ -/* #define CHECK_MP_READ_UNSIGNED_BIN */ +/* #define HAVE_HASHDRBG */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_EXT +#define WOLFSSL_SYS_CA_CERTS -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ -/* Uncomment this section to enable SM -#define WOLFSSL_SM2 -#define WOLFSSL_SM3 -#define WOLFSSL_SM4 + +#define WOLFSSL_CERT_TEXT + +#define WOLFSSL_ASN_TEMPLATE + +/* +#undef WOLFSSL_KEY_GEN +#undef WOLFSSL_CERT_REQ +#undef WOLFSSL_CERT_GEN +#undef WOLFSSL_CERT_EXT +#undef WOLFSSL_SYS_CA_CERTS */ -#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) - /* see https://github.com/wolfSSL/wolfssl/pull/6537 - * - * see settings.h for other features turned on with SM4 ciphers. - */ - #undef USE_CERT_BUFFERS_1024 - #define USE_CERT_BUFFERS_1024 +/* +--enable-keygen +--enable-certgen +--enable-certreq +--enable-certext +--enable-asn-template +*/ - #undef WOLFSSL_SM4_ECB - #define WOLFSSL_SM4_ECB +/* Default is HW enabled unless turned off. +** Uncomment these lines to force SW instead of HW acceleration */ - #undef WOLFSSL_SM4_CBC - #define WOLFSSL_SM4_CBC +#if defined(CONFIG_IDF_TARGET_ESP32) + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ + + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ + /***** END CONFIG_IDF_TARGET_ESP32 *****/ - #undef WOLFSSL_SM4_CTR - #define WOLFSSL_SM4_CTR +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ - #undef WOLFSSL_SM4_GCM - #define WOLFSSL_SM4_GCM +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ - #undef WOLFSSL_SM4_CCM - #define WOLFSSL_SM4_CCM +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ - #define HAVE_POLY1305 - #define HAVE_CHACHA + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ - #undef HAVE_AESGCM - #define HAVE_AESGCM + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ - #undef HAVE_ECC - #define HAVE_ECC + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ - /* see https://github.com/wolfSSL/wolfssl/pull/6825 */ - #include +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ - #define CTX_CA_CERT root_sm2 - #define CTX_CA_CERT_SIZE sizeof_root_sm2 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM - #define CTX_SERVER_CERT server_sm2 - #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM - #define CTX_SERVER_KEY server_sm2_priv - #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM -/* - * SM optional cipher suite settings: - * - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" -*/ - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ - "TLS13-SM4-CCM-SM3:" \ - "TLS-SM4-GCM-SM3:" /* not a valid command-line cipher */ \ - "TLS-SM4-CCM-SM3:" /* not a valid command-line cipher */ \ - "ECDHE-ECDSA-SM4-CBC-SM3:" \ - "ECDHE-ECDSA-SM4-GCM-SM3:" \ - "ECDHE-ECDSA-SM4-CCM-SM3" + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + /* wolfSSL Hardware Acceleration not yet implemented */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO: Revisit ESP8266 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP266 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* There's no Hardware Acceleration available on ESP8684 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP8684 *****/ #else - /* default settings */ - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -/* - * Optional Cipher Suite Specification - * - * nothing defined, default used = "TLS13-AES128-GCM-SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3:" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-AES128-GCM-SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-AES128-GCM-SHA256:" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-CHACHA20-POLY1305-SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS_CHACHA20_POLY1305_SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS_SM4_CCM_SM3" + /* Anything else encountered, disable HW accleration */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif /* CONFIG_IDF_TARGET Check */ + +/* Debug options: + +#define ESP_VERIFY_MEMBLOCK +#define DEBUG_WOLFSSL +#define DEBUG_WOLFSSL_VERBOSE +#define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_ESP32_CRYPT_DEBUG +#define NO_RECOVER_SOFTWARE_CALC +#define WOLFSSL_TEST_STRAY 1 +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +#define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define ESP_DISABLE_HW_TASK_LOCK */ -#endif - #undef HAVE_ECC - #define HAVE_ECC +#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +#define WOLFSSL_HW_METRICS + +/* #define HASH_SIZE_LIMIT */ /* for test.c */ - #undef HAVE_SUPPORTED_CURVES - #define HAVE_SUPPORTED_CURVES +/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -349,9 +348,24 @@ * for the PRIV_REQUIRES list. */ /* #define INCLUDE_ALT_HW_TEST */ -/* #define NO_HW_MATH_TEST */ +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number ESP32 HW Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number ESP32 HW Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number ESP32 HW Modular Multiplication +** [Z = X * Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE #define HAVE_PK_CALLBACKS @@ -359,22 +373,36 @@ #define ATCA_WOLFSSL */ -/* USE_FAST_MATH is default */ -#define USE_FAST_MATH - -/* use SP_MATH */ -/* -#undef USE_FAST_MATH -#define WOLFSSL_SP_MATH_ALL +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 */ -/* use integer heap math */ -/* -#undef USE_FAST_MATH -#define USE_INTEGER_HEAP_MATH -*/ +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #include + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_CERT server_sm2 + #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_KEY server_sm2_priv + #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM -/* optionally use DPORT_ACCESS_READ_BUFFER */ -/* -#define USE_ESP_DPORT_ACCESS_READ_BUFFER -*/ + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 +#else + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_256 + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt index 60bb32a35d..621eb8702e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt @@ -1,12 +1,36 @@ - +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.0 # # wolfssl client test # set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") -set(COMPONENT_SRCS "client-tls.c" "wifi_connect.c") -set(COMPONENT_ADD_INCLUDEDIRS "." "./include") - +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() set (git_cmd "git") if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) @@ -19,7 +43,14 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") endif() -register_component() +## register_component() +idf_component_register(SRCS main.c + wifi_connect.c + time_helper.c + client-tls.c + INCLUDE_DIRS "." + "./include") +# # # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 5c2efde660..7169a16124 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -1,4 +1,4 @@ -/* client-tls-callback.c +/* client-tls.c * * Copyright (C) 2006-2023 wolfSSL Inc. * @@ -18,40 +18,108 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* the usual suspects */ -#include -#include -#include -#include -/* ESP specific */ -#include "wifi_connect.h" +#include "client-tls.h" + +/* Espressif FreeRTOS */ +#ifndef SINGLE_THREADED + #include + #include + #include +#endif /* socket includes */ -#include "lwip/netdb.h" -#include "lwip/sockets.h" +#include +#include /* wolfSSL */ #include +#include "user_settings.h" #include -#include #ifdef WOLFSSL_TRACK_MEMORY #include #endif +#ifndef NO_DH + /* see also wolfssl/test.h */ + #undef DEFAULT_MIN_DHKEY_BITS + #define DEFAULT_MIN_DHKEY_BITS 1024 + + #undef DEFAULT_MAX_DHKEY_BITS + #define DEFAULT_MAX_DHKEY_BITS 2048 +#endif + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #include + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_CLIENT_CERT client_sm2 + #define CTX_CLIENT_CERT_SIZE sizeof_client_sm2 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_CLIENT_KEY client_sm2_priv + #define CTX_CLIENT_KEY_SIZE sizeof_client_sm2_priv + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_PEM +#else + #include + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_CERT client_cert_der_2048 + #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 + #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_CLIENT_KEY client_key_der_2048 + #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 + #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 +#endif + +/* Project */ +#include "wifi_connect.h" +#include "time_helper.h" + +/* working TLS 1.2 VS client app commandline param: + * + * -h 192.168.1.128 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + * + * working Linux, non-working VS c app + * + * -h 192.168.1.128 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + * + **/ static const char* const TAG = "tls_client"; #if defined(DEBUG_WOLFSSL) +int stack_start = -1; -static void ShowCiphers(void) +int ShowCiphers(WOLFSSL* ssl) { - char ciphers[4096]; - - int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers)); + #define CLIENT_TLS_MAX_CIPHER_LENGTH 4096 + char ciphers[CLIENT_TLS_MAX_CIPHER_LENGTH]; + const char* cipher_used; + int ret = 0; + + if (ssl == NULL) { + ESP_LOGI(TAG, "WOLFSSL* ssl is NULL, so no cipher in use"); + ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers)); + if (ret == WOLFSSL_SUCCESS) { + for (int i = 0; i < CLIENT_TLS_MAX_CIPHER_LENGTH; i++) { + if (ciphers[i] == ':') { + ciphers[i] = '\n'; + } + } + ESP_LOGI(TAG, "Available Ciphers:\n%s\n", ciphers); + } + else { + ESP_LOGE(TAG, "Failed to call wolfSSL_get_ciphers. Error %d", ret); + } + } + else { + cipher_used = wolfSSL_get_cipher_name(ssl); + ESP_LOGI(TAG, "WOLFSSL* ssl using %s", cipher_used); + } - if (ret == WOLFSSL_SUCCESS) - printf("%s\n", ciphers); + return ret; } #endif @@ -69,13 +137,13 @@ static void ShowCiphers(void) static byte mSlotList[ATECC_MAX_SLOT]; int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, - atmel_slot_dealloc_cb dealloc); + atmel_slot_dealloc_cb dealloc); /* initialize slot array */ void my_atmel_slotInit() { int i; - for(i=0;i= 0 && slotId < ATECC_MAX_SLOT){ + if (slotId >= 0 && slotId < ATECC_MAX_SLOT) { mSlotList[slotId] = ATECC_INVALID_SLOT; } } -#endif /* CUSTOM_SLOT_ALLOCATION */ +#endif /* CUSTOM_SLOT_ALLOCATION */ #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */ /* client task */ -void tls_smp_client_task() +WOLFSSL_ESP_TASK tls_smp_client_task(void* args) { - int ret; +#if defined(SINGLE_THREADED) + int ret = ESP_OK; + #define TLS_SMP_CLIENT_TASK_RET ret +#else + #define TLS_SMP_CLIENT_TASK_RET +#endif + char buff[256]; + const char sndMsg[] = "GET /index.html HTTP/1.0\r\n\r\n"; + const char* ch = TLS_SMP_TARGET_HOST; /* see wifi_connect.h */ + struct sockaddr_in servAddr; + + struct hostent *hp; + struct ip4_addr *ip4_addr; + int ret_i; /* interim return values */ int sockfd; int doPeerCheck; int sendGet; - struct sockaddr_in servAddr; - char buff[256]; - const char* ch = TLS_SMP_TARGET_HOST; +#ifndef NO_DH + int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; +#endif size_t len; - struct hostent *hp; - struct ip4_addr *ip4_addr; - const char sndMsg[] = "GET /index.html HTTP/1.0\r\n\r\n"; /* declare wolfSSL objects */ - WOLFSSL_CTX *ctx; - WOLFSSL *ssl; + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; - WOLFSSL_ENTER("tls_smp_client_task"); + wolfSSL_Debugging_ON(); + WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME); - doPeerCheck = 0; + doPeerCheck = 1; sendGet = 0; #ifdef DEBUG_WOLFSSL WOLFSSL_MSG("Debug ON"); - wolfSSL_Debugging_ON(); - ShowCiphers(); + ShowCiphers(NULL); #endif /* Initialize wolfSSL */ wolfSSL_Init(); - /* Create a socket that uses an internet IPv4 address, + /* Create a socket that uses an Internet IPv4 address, * Sets the socket to be stream based (TCP), * 0 means choose the default protocol. */ if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { - ESP_LOGE(TAG,"ERROR: failed to create the socket\n"); + ESP_LOGE(TAG, "ERROR: failed to create the socket\n"); } ESP_LOGI(TAG, "get target IP address"); hp = gethostbyname(TLS_SMP_TARGET_HOST); if (!hp) { - ESP_LOGE(TAG, "Failed to get host name."); - ip4_addr = NULL; - } else { - - ip4_addr = (struct ip4_addr *)hp->h_addr; - ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr)); + ESP_LOGE(TAG, "Failed to get host name."); + ip4_addr = NULL; } + else { + ip4_addr = (struct ip4_addr *)hp->h_addr; + } + /* Create and initialize WOLFSSL_CTX */ - if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) { - ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL_CTX\n"); + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */ + /* options: */ + /* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); only TLS 1.2 */ + /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); only TLS 1.3 */ + /* wolfSSL_CTX_NoTicketTLSv12(); */ + /* wolfSSL_NoTicketTLSv12(); */ + if (ctx == NULL) { + ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX\n"); } - WOLFSSL_MSG("Loading...cert"); - /* Load client certificates into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, - sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) { - ESP_LOGE(TAG,"ERROR: failed to load %d, please check the file.\n",ret); + +#if defined(WOLFSSL_ESP32_CIPHER_SUITE) + ESP_LOGI(TAG, "Start SM2\n"); + +/* + * + * reference code for SM Ciphers: + * + #if defined(HAVE_AESGCM) && !defined(NO_DH) + #ifdef WOLFSSL_TLS13 + defaultCipherList = "TLS13-AES128-GCM-SHA256" + #ifndef WOLFSSL_NO_TLS12 + ":DHE-PSK-AES128-GCM-SHA256" + #endif + ; + #else + defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; + #endif + #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13) + defaultCipherList = "TLS13-AES128-GCM-SHA256:PSK-AES128-GCM-SHA256" + #ifndef WOLFSSL_NO_TLS12 + ":PSK-AES128-GCM-SHA256" + #endif + ; + #elif defined(HAVE_NULL_CIPHER) + defaultCipherList = "PSK-NULL-SHA256"; + #elif !defined(NO_AES_CBC) + defaultCipherList = "PSK-AES128-CBC-SHA256"; + #else + defaultCipherList = "PSK-AES128-GCM-SHA256"; + #endif +*/ + + ret = wolfSSL_CTX_set_cipher_list(ctx, WOLFSSL_ESP32_CIPHER_SUITE); + if (ret == WOLFSSL_SUCCESS) { + ESP_LOGI(TAG, "Set cipher list: %s\n", WOLFSSL_ESP32_CIPHER_SUITE); } - /* not peer check */ - if( doPeerCheck == 0 ){ + else { + ESP_LOGE(TAG, "ERROR: failed to set cipher list: %s\n", WOLFSSL_ESP32_CIPHER_SUITE); + } +#endif + +#ifdef DEBUG_WOLFSSL + ShowCiphers(NULL); + ESP_LOGI(TAG, + "Stack used: %d\n", + CONFIG_ESP_MAIN_TASK_STACK_SIZE + - uxTaskGetStackHighWaterMark(NULL)); +#endif + +/* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */ +#ifndef NO_DH + ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits); + if (ret != SSL_SUCCESS) { + ESP_LOGE(TAG, "Error setting minimum DH key size"); + } +#endif + + /* no peer check */ + if (doPeerCheck == 0) { + ESP_LOGW(TAG, "doPeerCheck == 0"); wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); - } else { + } + else { + ESP_LOGW(TAG, "doPeerCheck != 0"); WOLFSSL_MSG("Loading... our cert"); /* load our certificate */ - if ((ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, client_cert_der_2048, - sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) { - ESP_LOGE(TAG,"ERROR: failed to load chain %d, please check the file.\n",ret); + ret_i = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + CTX_CLIENT_CERT, + CTX_CLIENT_CERT_SIZE, + CTX_CLIENT_CERT_TYPE); + if (ret_i != SSL_SUCCESS) { + ESP_LOGE(TAG, "ERROR: failed to load chain %d, please check the file.\n", ret_i); } - if ((ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, - sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) { - wolfSSL_CTX_free(ctx); ctx = NULL; - ESP_LOGE(TAG,"ERROR: failed to load key %d, please check the file.\n", ret); + /* Load client certificates into WOLFSSL_CTX */ + WOLFSSL_MSG("Loading...cert"); + ret_i = wolfSSL_CTX_load_verify_buffer(ctx, + CTX_CA_CERT, + CTX_CA_CERT_SIZE, + CTX_CA_CERT_TYPE); + + ret_i = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + CTX_CLIENT_KEY, + CTX_CLIENT_KEY_SIZE, + CTX_CLIENT_KEY_TYPE); + if(ret_i != SSL_SUCCESS) { + wolfSSL_CTX_free(ctx) ; ctx = NULL ; + ESP_LOGE(TAG, "ERROR: failed to load key %d, " + "please check the file.\n", ret_i) ; } wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, 0); @@ -202,37 +355,60 @@ void tls_smp_client_task() memset(&servAddr, 0, sizeof(servAddr)); /* Fill in the server address */ - servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_family = AF_INET; /* using IPv4 */ servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ - if(*ch >= '1' && *ch <= '9') { + if (*ch >= '1' && *ch <= '9') { /* Get the server IPv4 address from the command line call */ WOLFSSL_MSG("inet_pton"); - if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST, - &servAddr.sin_addr)) != 1) { - ESP_LOGE(TAG,"ERROR: invalid address ret=%d\n", ret); + if ((ret_i = inet_pton(AF_INET, + TLS_SMP_TARGET_HOST, + &servAddr.sin_addr)) != 1) { + ESP_LOGE(TAG, "ERROR: invalid address ret=%d\n", ret_i); } - } else { + } + else { servAddr.sin_addr.s_addr = ip4_addr->addr; } /* Connect to the server */ - sprintf(buff, "Connecting to server....%s(port:%d)", TLS_SMP_TARGET_HOST - , DEFAULT_PORT); + sprintf(buff, + "Connecting to server....%s(port:%d)", + TLS_SMP_TARGET_HOST, + DEFAULT_PORT); WOLFSSL_MSG(buff); - printf("%s\n",buff); - if ((ret = connect(sockfd, (struct sockaddr *)&servAddr, - sizeof(servAddr))) == -1){ - ESP_LOGE(TAG,"ERROR: failed to connect ret=%d\n", ret); + printf("%s\n", buff); + + if ((ret_i = connect(sockfd, + (struct sockaddr *)&servAddr, + sizeof(servAddr))) == -1) { + ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i); } WOLFSSL_MSG("Create a WOLFSSL object"); /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { - ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL object\n"); + ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object\n"); + } + else { +#ifdef DEBUG_WOLFSSL + ESP_LOGI(TAG, "\nCreated WOLFSSL object:"); + ShowCiphers(ssl); +#endif } - /* when using atecc608a on esp32-wroom-32se */ +#if defined(WOLFSSL_SM2) + /* SM TLS1.3 Cipher needs to have key share explicitly set. */ + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1); + if (ret == WOLFSSL_SUCCESS) { + ESP_LOGI(TAG, "Successfully set WOLFSSL_ECC_SM2P256V1"); + } + else { + ESP_LOGE(TAG, "FAILED to set WOLFSSL_ECC_SM2P256V1"); + } +#endif + /* when using atecc608a on esp32-wroom-32se */ + #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ && defined(WOLFSSL_ATECC508A) atcatls_set_callbacks(ctx); @@ -248,37 +424,46 @@ void tls_smp_client_task() WOLFSSL_MSG("Connect to wolfSSL on the server side"); /* Connect to wolfSSL on the server side */ - if (wolfSSL_connect(ssl) != SSL_SUCCESS) { - ESP_LOGE(TAG,"ERROR: failed to connect to wolfSSL\n"); - } + if (wolfSSL_connect(ssl) == SSL_SUCCESS) { +#ifdef DEBUG_WOLFSSL + ShowCiphers(ssl); +#endif + /* Get a message for the server from stdin */ + WOLFSSL_MSG("Message for server: "); + memset(buff, 0, sizeof(buff)); + + if (sendGet) { + printf("SSL connect ok, sending GET...\n"); + len = XSTRLEN(sndMsg); + strncpy(buff, sndMsg, len); + buff[len] = '\0'; + } + else { + sprintf(buff, "message from esp32 tls client\n"); + len = strnlen(buff, sizeof(buff)); + } + /* Send the message to the server */ + if (wolfSSL_write(ssl, buff, len) != len) { + ESP_LOGE(TAG, "ERROR: failed to write\n"); + } - /* Get a message for the server from stdin */ - WOLFSSL_MSG("Message for server: "); - memset(buff, 0, sizeof(buff)); - - if(sendGet){ - printf("SSL connect ok, sending GET...\n"); - len = XSTRLEN(sndMsg); - strncpy(buff, sndMsg, len); - buff[len] = '\0'; - } else { - sprintf(buff, "message from esp32 tls client\n"); - len = strnlen(buff, sizeof(buff)); - } - /* Send the message to the server */ - if (wolfSSL_write(ssl, buff, len) != len) { - ESP_LOGE(TAG,"ERROR: failed to write\n"); - } + /* Read the server data into our buff array */ + memset(buff, 0, sizeof(buff)); + if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) { + ESP_LOGE(TAG, "ERROR: failed to read\n"); + } - /* Read the server data into our buff array */ - memset(buff, 0, sizeof(buff)); - if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) { - ESP_LOGE(TAG,"ERROR: failed to read\n"); + /* Print to stdout any data the server sends */ + printf("Server: "); + printf("%s\n", buff); + } + else { + ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL\n"); } +#ifdef DEBUG_WOLFSSL + ShowCiphers(ssl); +#endif - /* Print to stdout any data the server sends */ - printf("Server:"); - printf("%s", buff); /* Cleanup and return */ wolfSSL_free(ssl); /* Free the wolfSSL object */ wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ @@ -287,5 +472,32 @@ void tls_smp_client_task() vTaskDelete(NULL); - return; /* Return reporting a success */ + return TLS_SMP_CLIENT_TASK_RET; +} + +#if defined(SINGLE_THREADED) + /* we don't initialize a single thread, so no init function here */ +#else +/* create task */ +WOLFSSL_ESP_TASK tls_smp_client_init(void* args) +{ + int ret; +#if ESP_IDF_VERSION_MAJOR >= 4 + TaskHandle_t _handle; +#else + xTaskHandle _handle; +#endif + /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */ + ret = xTaskCreate(tls_smp_client_task, + TLS_SMP_CLIENT_TASK_NAME, + TLS_SMP_CLIENT_TASK_WORDS, + NULL, + TLS_SMP_CLIENT_TASK_PRIORITY, + &_handle); + + if (ret != pdPASS) { + ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_CLIENT_TASK_NAME); + } + return TLS_SMP_CLIENT_TASK_RET; } +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h new file mode 100644 index 0000000000..4cbfd83d6a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h @@ -0,0 +1,61 @@ +/* server-tls.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _SERVER_TLS_ +#define _SERVER_TLS_ + +#include +#include +#include "user_settings.h" + +#define TLS_SMP_TARGET_HOST "192.168.1.125" +#define DEFAULT_PORT 11111 + +#define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" +#define TLS_SMP_CLIENT_TASK_WORDS 22240 +#define TLS_SMP_CLIENT_TASK_PRIORITY 8 + +#if defined(SINGLE_THREADED) + #define WOLFSSL_ESP_TASK int +#else + #include "freertos/FreeRTOS.h" + #define WOLFSSL_ESP_TASK void +#endif + +typedef struct { + int port; + int loops; +} tls_args; + +/* Function to show the ciphers available / in use. */ +#if defined(DEBUG_WOLFSSL) + int ShowCiphers(WOLFSSL* ssl); +#endif + +/* This is the TLS Client function, possibly in an RTOS thread. */ +WOLFSSL_ESP_TASK tls_smp_client_task(void* args); + +/* init will create an RTOS task, otherwise server is simply function call. */ +#if defined(SINGLE_THREADED) + /* no init neded */ +#else + WOLFSSL_ESP_TASK tls_smp_client_init(void* args); +#endif +#endif /* _SERVER_TLS_ */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h new file mode 100644 index 0000000000..94c3b5eba6 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h @@ -0,0 +1,24 @@ +/* template main.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _MAIN_H_ +#define _MAIN_H_ + +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h new file mode 100644 index 0000000000..a47f940016 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* common Espressif time_helper v5.6.3.001 */ + +#ifndef _TIME_HELPER_H +#define _TIME_HELPER_H + +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 + * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* a function to show the current data and time */ +int esp_show_current_datetime(); + +/* worst case, if GitHub time not available, used fixed time */ +int set_fixed_default_time(void); + +/* set time from string (e.g. GitHub commit time) */ +int set_time_from_string(char* time_buffer); + +/* set time from NTP servers, + * also initially calls set_fixed_default_time or set_time_from_string */ +int set_time(void); + +/* wait NTP_RETRY_COUNT seconds before giving up on NTP time */ +int set_time_wait_for_ntp(void); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* #ifndef _TIME_HELPER_H */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h index 7b85be227a..644ce00db3 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wifi_connect.h * * Copyright (C) 2006-2023 wolfSSL Inc. * @@ -18,26 +18,76 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef _TLS_WIFI_H_ -#define _TLS_WIFI_H_ - -#include "esp_idf_version.h" -#include "esp_log.h" -#include "esp_wifi.h" -#if ESP_IDF_VERSION_MAJOR >= 4 - #include "esp_event.h" -#else - #include "esp_event_loop.h" -#endif +#ifndef _WIFI_CONNECT_H_ +#define _WIFI_CONNECT_H_ -#define DEFAULT_PORT 11111 +#include +#include -#define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" -#define TLS_SMP_CLIENT_TASK_WORDS 10240 -#define TLS_SMP_CLIENT_TASK_PRIORITY 8 +/* ESP lwip */ +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY #define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID #define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD -#define TLS_SMP_TARGET_HOST CONFIG_TARGET_HOST +#define USE_WIFI_EXAMPLE +#ifdef USE_WIFI_EXAMPLE + #include "esp_netif.h" + #include "protocol_examples_common.h" /* see project CMakeLists.txt */ #endif + +/** + ****************************************************************************** + ****************************************************************************** + ** USER APPLICATION SETTINGS BEGIN + ****************************************************************************** + ****************************************************************************** + **/ + +/* when using a private config with plain text passwords, + * file my_private_config.h should be excluded from git updates */ +/* #define USE_MY_PRIVATE_CONFIG */ + +#ifdef USE_MY_PRIVATE_CONFIG + #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS) + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL) + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX) + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE) + #include "~/Documents/my_private_config.h" + #else + #warning "did not detect environment. using ~/my_private_config.h" + #include "~/my_private_config.h" + #endif +#else + + /* + ** The examples use WiFi configuration that you can set via project + ** configuration menu + ** + ** If you'd rather not, just change the below entries to strings with + ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" + */ + #ifdef CONFIG_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID + #else + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif + + #ifdef CONFIG_ESP_WIFI_PASSWORD + #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD + #else + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif +#endif + +/* ESP lwip */ +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY + +int wifi_init_sta(void); + +int wifi_show_ip(void); + +#endif /* _WIFI_CONNECT_H_ */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c new file mode 100644 index 0000000000..cbbc995b96 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -0,0 +1,256 @@ +/* main.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include "sdkconfig.h" +#include "main.h" + +/* ESP specific */ +#include +#include +#include + +/* wolfSSL */ +#include +#include +#include +#ifndef WOLFSSL_ESPIDF + #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" +#endif + +/* this project */ +#include "client-tls.h" +#include "time_helper.h" + +#ifndef CONFIG_IDF_TARGET_ESP32H2 + /* There's no WiFi on ESP32-H2. + * For wired ethernet, see: + * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */ + #include "wifi_connect.h" +#endif + +#ifdef WOLFSSL_TRACK_MEMORY + #include +#endif + +static const char* const TAG = "TLS Client"; + +#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ + && defined(WOLFSSL_ATECC508A) + +#include "wolfssl/wolfcrypt/port/atmel/atmel.h" + +/* when you want to use a custom slot allocation */ +/* enable the definition CUSTOM_SLOT_ALLOCATION. */ + +#if defined(CUSTOM_SLOT_ALLOCATION) + +static byte mSlotList[ATECC_MAX_SLOT]; + +int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc); + +/* initialize slot array */ +void my_atmel_slotInit() +{ + int i; + for(i = 0;i < ATECC_MAX_SLOT;i++) { + mSlotList[i] = ATECC_INVALID_SLOT; + } +} + +/* allocate slot depending on slotType */ +int my_atmel_alloc(int slotType) +{ + int i, slot = -1; + + switch(slotType){ + case ATMEL_SLOT_ENCKEY: + slot = 4; + break; + case ATMEL_SLOT_DEVICE: + slot = 0; + break; + case ATMEL_SLOT_ECDHE: + slot = 0; + break; + case ATMEL_SLOT_ECDHE_ENC: + slot = 4; + break; + case ATMEL_SLOT_ANY: + for(i = 0;i < ATECC_MAX_SLOT;i++){ + if(mSlotList[i] == ATECC_INVALID_SLOT){ + slot = i; + break; + } + } + } + + return slot; +} + +/* free slot array */ +void my_atmel_free(int slotId) +{ + if(slotId >= 0 && slotId < ATECC_MAX_SLOT){ + mSlotList[slotId] = ATECC_INVALID_SLOT; + } +} +#endif /* CUSTOM_SLOT_ALLOCATION */ +#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */ + +/* for FreeRTOS */ +void app_main(void) +{ + int stack_start = 0; + esp_err_t ret = 0; + ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------"); + ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); + ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "--------------------------------------------------------"); +#ifdef ESP_TASK_MAIN_STACK + ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK); +#endif +#ifdef TASK_EXTRA_STACK_SIZE + ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); +#endif +#ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", + CONFIG_ESP_MAIN_TASK_STACK_SIZE, + (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); + + /* Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in bytes not words, unlike + * vanilla FreeRTOS) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + */ + stack_start = uxTaskGetStackHighWaterMark(NULL); + ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); +#endif + +#ifdef HAVE_VERSION_EXTENDED_INFO + esp_ShowExtendedSystemInfo(); +#endif + + /* Set time for cert validation. + * Some lwIP APIs, including SNTP functions, are not thread safe. */ + ret = set_time(); /* need to setup NTP before WiFi */ + + /* Optionally erase flash */ + /* ESP_ERROR_CHECK(nvs_flash_erase()); */ + +#ifdef FOUND_PROTOCOL_EXAMPLES_DIR + ESP_LOGI(TAG, "FOUND_PROTOCOL_EXAMPLES_DIR active, using example code."); + ESP_ERROR_CHECK(nvs_flash_init()); + + #if defined(CONFIG_IDF_TARGET_ESP32H2) + ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. "); + #else + ESP_ERROR_CHECK(esp_netif_init()); + ESP_ERROR_CHECK(esp_event_loop_create_default()); + ESP_ERROR_CHECK(example_connect()); + #endif +#else + ESP_ERROR_CHECK(nvs_flash_init()); + + /* Initialize NVS */ + ret = nvs_flash_init(); + if (ret == ESP_ERR_NVS_NO_FREE_PAGES || + ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { + ESP_ERROR_CHECK(nvs_flash_erase()); + ret = nvs_flash_init(); + } + ESP_ERROR_CHECK(ret); + + #if defined(CONFIG_IDF_TARGET_ESP32H2) + ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. "); + #else + /* Initialize WiFi */ + ESP_LOGI(TAG, "ESP_WIFI_MODE_STA"); + ret = wifi_init_sta(); + while (ret != 0) { + ESP_LOGI(TAG, "Waiting..."); + vTaskDelay(60000 / portTICK_PERIOD_MS); + ESP_LOGI(TAG, "Trying WiFi again..."); + ret = wifi_init_sta(); + } + #endif +#endif + + /* Once we are connected to the network, start & wait for NTP time */ + ret = set_time_wait_for_ntp(); + + if (ret < -1) { + /* a value of -1 means there was no NTP server, so no need to wait */ + ESP_LOGI(TAG, "Waiting 10 more seconds for NTP to complete." ); + vTaskDelay(10000 / portTICK_PERIOD_MS); /* brute-force solution */ + esp_show_current_datetime(); + } + + /* HWM is maximum amount of stack space that has been unused, in bytes + * not words (unlike vanilla freeRTOS). */ + ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes", + CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL)) + ); + ESP_LOGI(TAG, "Starting TLS Client task ...\n"); + +#if defined(SINGLE_THREADED) + /* just call the task */ + tls_smp_client_task((void*)NULL); +#else + tls_args args[1] = {0}; + /* start a thread with the task */ + args[0].loops = 10; + args[0].port = 11111; + tls_smp_client_init(args); +/* optional additional client threads + tls_smp_client_init(args); + tls_smp_client_init(args); + tls_smp_client_init(args); + tls_smp_client_init(args); + tls_smp_client_init(args); + tls_smp_client_init(args); + tls_smp_client_init(args); +*/ +#endif + + ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); + vTaskDelete(NULL); + /* done */ + while (1) { + ESP_LOGV(TAG, "\n\nLoop...\n\n"); +#ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL) )); +#endif + +#if defined(SINGLE_THREADED) + ESP_LOGV(TAG, "\n\nDone!\n\n"); + while (1); +#else + vTaskDelay(60000); +#endif + } /* done whle */ + +} /* app_main */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c new file mode 100644 index 0000000000..5149d2e609 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c @@ -0,0 +1,333 @@ +/* time_helper.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* common Espressif time_helper v5.6.3.002 */ +#include "esp_idf_version.h" +#include "sdkconfig.h" +#include "time_helper.h" + +#include + +#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) + #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR >= 1) + #define HAS_ESP_NETIF_SNTP 1 + #include + #include + #else + #include + #include + #endif +#else + /* TODO Consider pre IDF v5? */ +#endif + +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 + * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + */ +const static char* TAG = "time_helper"; + +/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +#ifndef TIME_ZONE +/* + * PST represents Pacific Standard Time. + * +8 specifies the offset from UTC (Coordinated Universal Time), indicating + * that Pacific Time is UTC-8 during standard time. + * PDT represents Pacific Daylight Time. + * M3.2.0 indicates that Daylight Saving Time (DST) starts on the + * second (2) Sunday (0) of March (3). + * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11) + */ + #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" +#endif /* not defined: TIME_ZONE, so we are setting our own */ + +#define NTP_RETRY_COUNT 10 + +/* NELEMS(x) number of elements + * To determine the number of elements in the array, we can divide the total + * size of the array by the size of the array element. + * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c + **/ +#define NELEMS(x) ( (int)(sizeof(x) / sizeof((x)[0])) ) + +/* See also CONFIG_LWIP_SNTP_MAX_SERVERS in sdkconfig */ +#define NTP_SERVER_LIST ( (char*[]) { \ + "pool.ntp.org", \ + "time.nist.gov", \ + "utcnist.colorado.edu" \ + } \ + ) +/* #define NTP_SERVER_COUNT using NELEMS: + * + * (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0])) + */ +#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST) + +#ifndef CONFIG_LWIP_SNTP_MAX_SERVERS + /* We should find max value in sdkconfig, if not set it to our count:*/ + #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT +#endif + +char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; + +/* our NTP server list is global info */ +extern char* ntpServerList[NTP_SERVER_COUNT]; + +/* Show the current date and time */ +int esp_show_current_datetime() +{ + time_t now; + char strftime_buf[64]; + struct tm timeinfo; + + time(&now); + setenv("TZ", TIME_ZONE, 1); + tzset(); + + localtime_r(&now, &timeinfo); + strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); + ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); + return 0; +} + +/* the worst-case scenario is a hard-coded date/time */ +int set_fixed_default_time(void) +{ + /* ideally, we'd like to set time from network, + * but let's set a default time, just in case */ + struct tm timeinfo = { + .tm_year = 2023 - 1900, + .tm_mon = 10, + .tm_mday = 02, + .tm_hour = 13, + .tm_min = 01, + .tm_sec = 05 + }; + struct timeval now; + time_t interim_time; + int ret = -1; + + /* set interim static time */ + interim_time = mktime(&timeinfo); + + ESP_LOGI(TAG, "Adjusting time from fixed value"); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + + return ret; +} + +/* set_time_from_string(s) + * + * returns 0 = success if able to set the time from the provided string + * error for any other value, typically -1 */ +int set_time_from_string(char* time_buffer) +{ + /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */ + const char *format = "%3s %3s %d %d:%d:%d %d %s"; + struct tm this_timeinfo; + struct timeval now; + time_t interim_time; + char offset[6]; /* expecting trailing single quote, not used */ + char day_str[4]; + char month_str[4]; + int day, year, hour, minute, second; + int quote_offset = 0; + int ret = 0; + + /* we are expecting the string to be encapsulated in single quotes */ + if (*time_buffer == 0x27) { + quote_offset = 1; + } + + ret = sscanf(time_buffer + quote_offset, + format, + day_str, month_str, + &day, &hour, &minute, &second, &year, &offset); + + if (ret == 8) { + /* we found a match for all componets */ + + const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; + + for (int i = 0; i < 12; i++) { + if (strcmp(month_str, months[i]) == 0) { + this_timeinfo.tm_mon = i; + break; + } + } + + this_timeinfo.tm_mday = day; + this_timeinfo.tm_hour = hour; + this_timeinfo.tm_min = minute; + this_timeinfo.tm_sec = second; + this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */ + + interim_time = mktime(&this_timeinfo); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "Time updated to %s", time_buffer); + } + else { + ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer); + ESP_LOGI(TAG, "Trying fixed date that was hard-coded."); + set_fixed_default_time(); + ret = -1; + } + return ret; +} + +/* set time; returns 0 if succecssfully configured with NTP */ +int set_time(void) +{ +#ifndef NTP_SERVER_COUNT + ESP_LOGW(TAG, "Warning: no sntp server names defined. " + "Setting to empty list"); + #define NTP_SERVER_COUNT 0 + #warning "NTP not properly configured" +#endif /* not defined: NTP_SERVER_COUNT */ + +#ifdef HAS_ESP_NETIF_SNTP + #if CONFIG_LWIP_SNTP_MAX_SERVERS > 1 + esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG_MULTIPLE( + NTP_SERVER_COUNT, + ESP_SNTP_SERVER_LIST(ntpServerList[0]) + ); + #else + esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG(ntpServerList[0]); + #endif /* CONFIG_LWIP_SNTP_MAX_SERVERS > 1 */ +#endif /* HAS_ESP_NETIF_SNTP */ + + int ret = 0; + int i = 0; /* counter for time servers */ + + ESP_LOGI(TAG, "Setting the time. Startup time:"); + esp_show_current_datetime(); + +#ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE + /* initialy set a default approximate time from recent git commit */ + ESP_LOGI(TAG, "Found git hash date, attempting to set system date."); + set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE); + esp_show_current_datetime(); + + ret = -4; +#else + /* otherwise set a fixed time that was hard coded */ + set_fixed_default_time(); + ret = -3; +#endif + +#ifdef CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH + config.smooth_sync = true; +#endif + + if (NTP_SERVER_COUNT) { + /* next, let's setup NTP time servers + * + * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * + * WARNING: do not set operating mode while SNTP client is running! + */ + /* TODO Consider esp_sntp_setoperatingmode(SNTP_OPMODE_POLL); */ + sntp_setoperatingmode(SNTP_OPMODE_POLL); + if (NTP_SERVER_COUNT > CONFIG_LWIP_SNTP_MAX_SERVERS) { + ESP_LOGW(TAG, "WARNING: %d NTP Servers defined, but " + "CONFIG_LWIP_SNTP_MAX_SERVERS = %d", + NTP_SERVER_COUNT,CONFIG_LWIP_SNTP_MAX_SERVERS); + } + ESP_LOGI(TAG, "sntp_setservername:"); + for (i = 0; i < CONFIG_LWIP_SNTP_MAX_SERVERS; i++) { + const char* thisServer = ntpServerList[i]; + if (strncmp(thisServer, "\x00", 1) == 0) { + /* just in case we run out of NTP servers */ + break; + } + ESP_LOGI(TAG, "%s", thisServer); + sntp_setservername(i, thisServer); + } + #ifdef HAS_ESP_NETIF_SNTP + ret = esp_netif_sntp_init(&config); + #else + ESP_LOGW(TAG,"Warning: Consider upgrading ESP-IDF to take advantage " + "of updated SNTP libraries"); + #endif + if (ret == ESP_OK) { + ESP_LOGV(TAG, "Successfully called esp_netif_sntp_init"); + } + else { + ESP_LOGE(TAG, "ERROR: esp_netif_sntp_init return = %d", ret); + } + + sntp_init(); + switch (ret) { + case ESP_ERR_INVALID_STATE: + break; + default: + break; + } + ESP_LOGI(TAG, "sntp_init done."); + } + else { + ESP_LOGW(TAG, "No sntp time servers found."); + ret = -1; + } + return ret; +} + +/* wait for NTP to actually set the time */ +int set_time_wait_for_ntp(void) +{ + int ret = 0; +#ifdef HAS_ESP_NETIF_SNTP + int ntp_retry = 0; + const int ntp_retry_count = NTP_RETRY_COUNT; + + ret = esp_netif_sntp_start(); + + ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); +#endif /* HAS_ESP_NETIF_SNTP */ + esp_show_current_datetime(); + +#ifdef HAS_ESP_NETIF_SNTP + while (ret == ESP_ERR_TIMEOUT && (ntp_retry++ < ntp_retry_count)) { + ret = esp_netif_sntp_sync_wait(1000 / portTICK_PERIOD_MS); + ESP_LOGI(TAG, "Waiting for NTP to sync time... (%d/%d)", + ntp_retry, + ntp_retry_count); + esp_show_current_datetime(); + } +#endif /* HAS_ESP_NETIF_SNTP */ + +#ifdef TIME_ZONE + setenv("TZ", TIME_ZONE, 1); + tzset(); +#endif + + if (ret == ESP_OK) { + ESP_LOGI(TAG, "Successfuly set time via NTP servers."); + } + else { + ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " + "result = 0x%0x: %s", + ret, esp_err_to_name(ret)); + } + return ret; +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c index 4910c5be2a..7aa8560043 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -18,15 +18,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/*ESP specific */ + #include "wifi_connect.h" + #include "freertos/FreeRTOS.h" #include "freertos/task.h" #include "freertos/event_groups.h" -#include "wifi_connect.h" -#include "lwip/sockets.h" -#include "lwip/netdb.h" -#include "lwip/apps/sntp.h" -#include "nvs_flash.h" +#include +#include /* wolfSSL */ #include @@ -36,74 +34,34 @@ #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" #endif -#if ESP_IDF_VERSION_MAJOR >= 4 +#if ESP_IDF_VERSION_MAJOR >= 5 +#elif ESP_IDF_VERSION_MAJOR >= 4 #include "protocol_examples_common.h" #else const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; #endif -/* proto-type */ -extern void tls_smp_client_task(); -static void tls_smp_client_init(); - -const static char *TAG = "tls_client"; - -static void set_time() -{ - /* set dummy wallclock time. */ - struct timeval utctime; - struct timezone tz; - struct strftime_buf; - time_t now; - struct tm timeinfo; - char strftime_buf[64]; - /* please update the time if seeing unknown failure when loading cert. */ - /* this could cause TLS communication failure due to time expiration */ - /* increasing 31536000 seconds is close to spanning 356 days. */ - utctime.tv_sec = 1695513105; /* dummy time: Sat Sep 23 17:05:31 PDT 2023 */ - utctime.tv_usec = 0; - tz.tz_minuteswest = 0; - tz.tz_dsttime = 0; - - settimeofday(&utctime, &tz); - - time(&now); - localtime_r(&now, &timeinfo); - - strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); - ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); - -#if ESP_IDF_VERSION_MAJOR < 4 - /* wait until wifi connect */ - xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, - false, true, portMAX_DELAY); -#endif - /* now we start client tasks. */ - tls_smp_client_init(); -} - -/* create task */ -static void tls_smp_client_init(void) -{ - int ret; -#if ESP_IDF_VERSION_MAJOR >= 4 - TaskHandle_t _handle; +#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) + #if ESP_IDF_VERSION_MAJOR >= 4 + /* likely using examples, see wifi_connect.h */ + #else + /* TODO - still supporting pre V4 ? */ + const static int CONNECTED_BIT = BIT0; + static EventGroupHandle_t wifi_event_group; + #endif + #if (ESP_IDF_VERSION_MAJOR == 5) + #define HAS_WPA3_FEATURES + #else + #undef HAS_WPA3_FEATURES + #endif #else - xTaskHandle _handle; + /* TODO Consider pre IDF v5? */ #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ - ret = xTaskCreate(tls_smp_client_task, - TLS_SMP_CLIENT_TASK_NAME, - TLS_SMP_CLIENT_TASK_WORDS, - NULL, - TLS_SMP_CLIENT_TASK_PRIORITY, - &_handle); - - if (ret != pdPASS) { - ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_CLIENT_TASK_NAME); - } -} + +/* breadcrumb prefix for logging */ +const static char *TAG = "wifi_connect"; + #if ESP_IDF_VERSION_MAJOR < 4 /* event handler for wifi events */ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) @@ -133,99 +91,172 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) } return ESP_OK; } -#endif -/* entry point */ -void app_main(void) -{ - ESP_LOGI(TAG, "Start app_main..."); - ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); - ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET); - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_STRING = %s", LIBWOLFSSL_VERSION_STRING); - -#if defined(WOLFSSL_MULTI_INSTALL_WARNING) - ESP_LOGI(TAG, ""); - ESP_LOGI(TAG, "WARNING: Multiple wolfSSL installs found."); - ESP_LOGI(TAG, "Check ESP-IDF and local project [components] directory."); - ESP_LOGI(TAG, ""); -#endif +#else -#if defined(LIBWOLFSSL_VERSION_GIT_HASH) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH = %s", LIBWOLFSSL_VERSION_GIT_HASH); +#ifdef CONFIG_ESP_MAXIMUM_RETRY + #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY +#else + #define CONFIG_ESP_MAXIMUM_RETRY 5 #endif -#if defined(LIBWOLFSSL_VERSION_GIT_SHORT_HASH ) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_SHORT_HASH = %s", LIBWOLFSSL_VERSION_GIT_SHORT_HASH); +#if CONFIG_ESP_WIFI_AUTH_OPEN +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_OPEN +#elif CONFIG_ESP_WIFI_AUTH_WEP +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WEP +#elif CONFIG_ESP_WIFI_AUTH_WPA_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA2_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA_WPA2_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_WPA2_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA3_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA3_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA2_WPA3_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_WPA3_PSK +#elif CONFIG_ESP_WIFI_AUTH_WAPI_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WAPI_PSK #endif -#if defined(LIBWOLFSSL_VERSION_GIT_HASH_DATE) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH_DATE = %s", LIBWOLFSSL_VERSION_GIT_HASH_DATE); +#ifndef ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD + #define CONFIG_ESP_WIFI_AUTH_WPA2_PSK 1 + #define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD CONFIG_ESP_WIFI_AUTH_WPA2_PSK #endif +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; - /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) - /* not available for C3 at this time */ -#elif defined(CONFIG_IDF_TARGET_ESP32S3) - ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#else - ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#endif +/* The event group allows multiple bits for each event, but we only care about two events: + * - we are connected to the AP with an IP + * - we failed to connect after the maximum amount of retries */ +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 - /* all platforms: stack high water mark check */ - ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); +static int s_retry_num = 0; +ip_event_got_ip_t* event; - ESP_ERROR_CHECK(nvs_flash_init()); - ESP_LOGI(TAG, "Initialize wifi"); -#if (ESP_IDF_VERSION_MAJOR == 4 && ESP_IDF_VERSION_MINOR >= 1) || \ - (ESP_IDF_VERSION_MAJOR >= 5) - esp_netif_init(); -#else - tcpip_adapter_init(); -#endif +static void event_handler(void* arg, + esp_event_base_t event_base, + int32_t event_id, + void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } + else if (event_base == WIFI_EVENT && + event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } + else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG, "connect to the AP fail"); + } + else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + event = (ip_event_got_ip_t*) event_data; + wifi_show_ip(); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} + +int wifi_init_sta(void) +{ + int ret = 0; + s_wifi_event_group = xEventGroupCreate(); + + ESP_ERROR_CHECK(esp_netif_init()); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + esp_netif_create_default_wifi_sta(); - /* */ -#if ESP_IDF_VERSION_MAJOR >= 4 - ESP_ERROR_CHECK(esp_event_loop_create_default()); - /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. - * Read "Establishing Wi-Fi or Ethernet Connection" section in - * examples/protocols/README.md for more information about this function. - */ - ESP_ERROR_CHECK(example_connect()); -#else - wifi_event_group = xEventGroupCreate(); - ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL)); wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + esp_event_handler_instance_t instance_any_id; + esp_event_handler_instance_t instance_got_ip; + ESP_ERROR_CHECK(esp_event_handler_instance_register(WIFI_EVENT, + ESP_EVENT_ANY_ID, + &event_handler, + NULL, + &instance_any_id)); + ESP_ERROR_CHECK(esp_event_handler_instance_register(IP_EVENT, + IP_EVENT_STA_GOT_IP, + &event_handler, + NULL, + &instance_got_ip)); + wifi_config_t wifi_config = { .sta = { - .ssid = TLS_SMP_WIFI_SSID, - .password = TLS_SMP_WIFI_PASS, + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS, + /* Authmode threshold resets to WPA2 as default if password matches + * WPA2 standards (pasword len => 8). If you want to connect the + * device to deprecated WEP/WPA networks, Please set the threshold + * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with + * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK + * standards. */ + .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD, + #ifdef HAS_WPA3_FEATURES + .sae_pwe_h2e = WPA3_SAE_PWE_BOTH, + #endif }, }; - /* WiFi station mode */ ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); - /* Wifi Set the configuration of the ESP32 STA or AP */ - ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); - /* Start Wifi */ + ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); ESP_ERROR_CHECK(esp_wifi_start() ); ESP_LOGI(TAG, "wifi_init_sta finished."); - ESP_LOGI(TAG, "connect to ap SSID:%s password:%s", - TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS); + + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) + * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT). + * The bits are set by event_handler() (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + /* xEventGroupWaitBits() returns the bits before the call returned, + * hence we can test which event actually happened. */ +#if defined(SHOW_SSID_AND_PASSWORD) + ESP_LOGW(TAG, "Undefine SHOW_SSID_AND_PASSWORD to not show SSID/password"); + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s password:%s", + EXAMPLE_ESP_WIFI_SSID, + EXAMPLE_ESP_WIFI_PASS); + } + else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, + EXAMPLE_ESP_WIFI_PASS); + } + else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } +#else + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "Connected to AP"); + } + else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to AP"); + ret = -1; + } + else { + ESP_LOGE(TAG, "AP UNEXPECTED EVENT"); + ret = -2; + } #endif - ESP_LOGI(TAG, "Set dummy time..."); - set_time(); + return ret; +} + +int wifi_show_ip(void) +{ + /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */ + return 0; } +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv new file mode 100644 index 0000000000..0b2fcd1a9f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv @@ -0,0 +1,31 @@ +# to view: idf.py partition-table +# +# ESP-IDF Partition Table +# Name, Type, SubType, Offset, Size, Flags +nvs, data, nvs, 0x9000, 24K, +phy_init,data, phy, 0xf000, 4K, +factory, app, factory, 0x10000, 1500K, + + +# For other settings, see: +# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables +# +# Here is the summary printed for the "Single factory app, no OTA" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x6000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# +# +# Here is the summary printed for the "Factory app, two OTA definitions" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x4000, +# otadata, data, ota, 0xd000, 0x2000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# ota_0, app, ota_0, 0x110000, 1M, +# ota_1, app, ota_1, 0x210000, 1M, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt index 0d591ea0d0..11a9e467a9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt @@ -1,11 +1,96 @@ +# wolfSSL Espressif Example Project CMakeLists.txt +# v1.0 +# # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.16) + +# The wolfSSL CMake file should be able to find the source code. +# Otherwise, assign an environment variable or set it here: +# +# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") +# +# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find +# USE_MY_PRIVATE_CONFIG path for my_private_config.h +# +# Expected path varies: +# +# WSL: /mnt/c/workspace +# Linux: ~/workspace +# Windows: C:\workspace +# +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME + +# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. +set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + +if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") +else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") +endif() + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + -# (Not part of the boilerplate) # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -# disable the following line if there isn't the directory -set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + +if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") +else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") +endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) + project(wolfssl_server) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md index 50a1859c71..7d8d0d1275 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md @@ -1,5 +1,13 @@ # wolfSSL Server Example + +## VisualGDB + +Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button. +No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`. + +## ESP-IDF Commandline + The Example contains a wolfSSL simple server. 1. `idf.py menuconfigure` to configure the project @@ -20,3 +28,75 @@ When you want to test the wolfSSL simple server demo e.g ./example/client/client -h xx.xx.xx See the README.md file in the upper level 'examples' directory for more information about examples. + + +``` +# . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh +. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +cd /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_server + +# optionally erase +idf.py erase-flash -p /dev/ttyS19 -b 115200 + +# Program flash +idf.py flash -p /dev/ttyS19 -b 115200 monitor +``` + + +Linux Client to x108 SM server + +``` +cd /mnt/c/workspace/wolfssl-gojimmypi + +# show the ciphers +./examples/client/client -e + +./examples/client/client -h 192.168.1.108 -v 4 -l TLS_SM4_GCM_SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +``` + + +Linux Server + +``` +./examples/server/server -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V +``` + + +Cipers to consider + +``` +TLS13-AES128-GCM-SHA256: +TLS13-AES256-GCM-SHA384: +TLS13-CHACHA20-POLY1305-SHA256: + +TLS13-SM4-GCM-SM3: +TLS13-SM4-CCM-SM3: +ECDHE-ECDSA-SM4-CBC-SM3: +ECDHE-ECDSA-SM4-GCM-SM3: +ECDHE-ECDSA-SM4-CCM-SM3 + +DHE-RSA-AES128-SHA: +DHE-RSA-AES256-SHA: +ECDHE-RSA-AES128-SHA: +ECDHE-RSA-AES256-SHA: +ECDHE-ECDSA-AES128-SHA: +ECDHE-ECDSA-AES256-SHA: +DHE-RSA-AES128-SHA256: +DHE-RSA-AES256-SHA256: +DHE-RSA-AES128-GCM-SHA256: +DHE-RSA-AES256-GCM-SHA384: +ECDHE-RSA-AES128-GCM-SHA256: +ECDHE-RSA-AES256-GCM-SHA384: +ECDHE-ECDSA-AES128-GCM-SHA256: +ECDHE-ECDSA-AES256-GCM-SHA384: +ECDHE-RSA-AES128-SHA256: +ECDHE-ECDSA-AES128-SHA256: +ECDHE-RSA-AES256-SHA384: +ECDHE-ECDSA-AES256-SHA384: +ECDHE-RSA-CHACHA20-POLY1305: +ECDHE-ECDSA-CHACHA20-POLY1305: +DHE-RSA-CHACHA20-POLY1305: +ECDHE-RSA-CHACHA20-POLY1305-OLD: +ECDHE-ECDSA-CHACHA20-POLY1305-OLD: +DHE-RSA-CHACHA20-POLY1305-OLD: +``` diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md new file mode 100644 index 0000000000..01dd6baf8a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md @@ -0,0 +1,512 @@ +# SM Cipher Notes + + +### Install SM +``` +cd /mnt/c/workspace/wolfsm-$USER +./install.sh ../wolfssl-$USER +``` + + +### Build Linux SM Examples +``` +./autogen.sh +./configure --enable-sm3 --enable-sm4-gcm --enable-sm2 \ + --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr \ + --enable-sm4-gcm --enable-sm4-ccm +make clean && make +``` + +### TLS 1.3 Server + +``` +./examples/server/server -v 4 -b -d -p 11111 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V +``` + +### TLS 1.3 Client + +``` +./examples/client/client -h 127.0.0.1 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +``` + +### TLS 1.2 Client to Local Linux Server + +``` +./examples/client/client -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 \ + -c ./certs/sm2/client-sm2.pem \ + -k ./certs/sm2/client-sm2-priv.pem \ + -A ./certs/sm2/root-sm2.pem -C +``` + +### TLS 1.2 Client to ESP32 Server + +``` +./examples/client/client -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 \ + -c ./certs/sm2/client-sm2.pem \ + -k ./certs/sm2/client-sm2-priv.pem \ + -A ./certs/sm2/root-sm2.pem -C +``` +### Others... + +``` +# Success: Linux Client to ESP32 Server TLS1.2 +./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +# Success: Linux Client to ESP32 Server TLS1.3 + +# Reported as TLS_SM4_GCM_SM3, but parameter is TLS13-SM4-GCM-SM3 +./examples/client/client -h 192.168.1.113 -v 4 -l TLS13-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +# Reported as TLS-SM4-CCM-SM3, but parameter is TLS13-SM4-CCM-SM3 +./examples/client/client -h 192.168.1.113 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +./examples/client/client -h 192.168.1.113 -v 4 -l TLS13-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C + +``` + +``` +ESP32-to-ESP32 +TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 +TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 +TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 +``` + +Tried both PEM and DER format. + +The latest server is PEM format, triple-checked to have the embedded server +be the same as the Linux server files. + + +| Usage | Certificate | Key | Certificate Authority file, default ./certs/client-cert.pem | +| ----- | ---------------------------------- | ----------------------------------- | --------------------------------- | +| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V | +| client | -c ./certs/sm2/client-sm2.pem | -k ./certs/sm2/client-sm2-priv.pem | -A ./certs/sm2/root-sm2.pem -C | +| emdedded: +| server | wolfSSL_CTX_use_certificate_buffer
server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer
server_sm2_priv | wolfSSL_CTX_load_verify_buffer
client-sm2 | + +### Code + +See [source code](https://github.com/gojimmypi/wolfssl/blob/2c4f443aec7b151f945cb9dfe2dad6ee30449cf0/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c#L187): + +![code](./code.png) + + +### Linux client talking to embedded server: + +``` +/examples/client/client -h 192.168.1.108 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C +wolfSSL_connect error -188, ASN no signer error to confirm failure +wolfSSL error: wolfSSL_connect failed +``` + +Output: +``` +ets Jul 29 2019 12:21:46 + +rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) +configsip: 0, SPIWP:0xee +clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00 +mode:DIO, clock div:2 +load:0x3fff0030,len:7000 +load:0x40078000,len:15452 +ho 0 tail 12 room 4 +load:0x40080400,len:3840 +entry 0x4008064c +I (29) boot: ESP-IDF v5.0-dirty 2nd stage bootloader +I (29) boot: compile time 13:40:31 +I (29) boot: chip revision: v3.0 +I (32) boot_comm: chip revision: 3, min. bootloader chip revision: 0 +I (39) boot.esp32: SPI Speed : 40MHz +I (44) boot.esp32: SPI Mode : DIO +I (48) boot.esp32: SPI Flash Size : 2MB +I (53) boot: Enabling RNG early entropy source... +I (58) boot: Partition Table: +I (62) boot: ## Label Usage Type ST Offset Length +I (69) boot: 0 nvs WiFi data 01 02 00009000 00006000 +I (77) boot: 1 phy_init RF data 01 01 0000f000 00001000 +I (84) boot: 2 factory factory app 00 00 00010000 00177000 +I (92) boot: End of partition table +I (96) boot_comm: chip revision: 3, min. application chip revision: 0 +I (103) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=338d8h (211160) map +I (188) esp_image: segment 1: paddr=00043900 vaddr=3ffb0000 size=03b78h ( 15224) load +I (194) esp_image: segment 2: paddr=00047480 vaddr=40080000 size=08b98h ( 35736) load +I (209) esp_image: segment 3: paddr=00050020 vaddr=400d0020 size=c591ch (809244) map +I (501) esp_image: segment 4: paddr=00115944 vaddr=40088b98 size=0c230h ( 49712) load +I (522) esp_image: segment 5: paddr=00121b7c vaddr=50000000 size=00010h ( 16) load +I (533) boot: Loaded app from partition at offset 0x10000 +I (533) boot: Disabling RNG early entropy source... +I (545) cpu_start: Pro cpu up. +I (545) cpu_start: Starting app cpu, entry point is 0x400812f4 +I (532) cpu_start: App cpu up. +I (561) cpu_start: Pro cpu start user code +I (561) cpu_start: cpu freq: 160000000 Hz +I (561) cpu_start: Application information: +I (566) cpu_start: Project name: wolfssl_server +I (571) cpu_start: App version: v5.6.3-stable-1088-g560c84b2b-d +I (578) cpu_start: Compile time: Jul 19 2023 22:20:09 +I (585) cpu_start: ELF file SHA256: 3e6e571c9e87bf44... +I (591) cpu_start: ESP-IDF: v5.0-dirty +I (596) heap_init: Initializing. RAM available for dynamic allocation: +I (603) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM +I (609) heap_init: At 3FFBDA68 len 00022598 (137 KiB): DRAM +I (615) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM +I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM +I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM +I (636) spi_flash: detected chip: generic +I (639) spi_flash: flash io: dio +W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the +size in the binary image header. +I (657) cpu_start: Starting scheduler on PRO CPU. +I (0) cpu_start: Starting scheduler on APP CPU. +I (725) tls_server: ESP_WIFI_MODE_STA +I (735) wifi:wifi driver task: 3ffcb738, prio:23, stack:6656, core=0 +I (735) system_api: Base MAC address is not set +I (735) system_api: read default base MAC address from EFUSE +I (755) wifi:wifi firmware version: 0d470ef +I (755) wifi:wifi certification version: v7.0 +I (755) wifi:config NVS flash: enabled +I (755) wifi:config nano formating: disabled +I (755) wifi:Init data frame dynamic rx buffer num: 32 +I (765) wifi:Init management frame dynamic rx buffer num: 32 +I (765) wifi:Init management short buffer num: 32 +I (775) wifi:Init dynamic tx buffer num: 32 +I (775) wifi:Init static rx buffer size: 1600 +I (775) wifi:Init static rx buffer num: 10 +I (785) wifi:Init dynamic rx buffer num: 32 +I (785) wifi_init: rx ba win: 6 +I (795) wifi_init: tcpip mbox: 32 +I (795) wifi_init: udp mbox: 6 +I (795) wifi_init: tcp mbox: 6 +I (805) wifi_init: tcp tx win: 5744 +I (805) wifi_init: tcp rx win: 5744 +I (815) wifi_init: tcp mss: 1440 +I (815) wifi_init: WiFi IRAM OP enabled +I (815) wifi_init: WiFi RX IRAM OP enabled +I (825) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07 +I (925) wifi:mode : sta (24:d7:eb:41:7b:68) +I (935) wifi:enable tsf +I (935) tls_server: wifi_init_sta finished. +I (945) wifi:new:<4,0>, old:<1,0>, ap:<255,255>, sta:<4,0>, prof:1 +I (945) wifi:state: init -> auth (b0) +I (945) wifi:state: auth -> assoc (0) +I (955) wifi:state: assoc -> run (10) +W (955) wifi:idx:0 (ifx:0, c8:d7:19:cd:00:17), tid:0, ssn:0, winSize:64 +I (985) wifi:connected with testbench, aid = 1, channel 4, BW20, bssid = c8:d7:19:cd:00:17 +I (985) wifi:security: WPA2-PSK, phy: bgn, rssi: -45 +I (995) wifi:pm start, type: 1 + +I (1065) wifi:AP's beacon interval = 102400 us, DTIM period = 1 +I (3225) esp_netif_handlers: sta ip: 192.168.1.108, mask: 255.255.255.0, gw: 192.168.1.10 +I (3225) tls_server: got ip:192.168.1.108 +I (3235) Time Helper: sntp_setservername: +I (3235) Time Helper: pool.ntp.org +I (3245) Time Helper: time.nist.gov +I (3245) Time Helper: utcnist.colorado.edu +I (3255) Time Helper: sntp_init done. +TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12 +8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS +A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD +SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD +:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3 +:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305 +I (3315) wolfssl: Start wolfSSL_Init() +I (3315) wolfssl: wolfSSL Entering wolfSSL_Init +I (3325) wolfssl: wolfSSL Entering wolfCrypt_Init +I (3325) wolfssl: start socket()) +I (3335) wolfssl: Create and initialize WOLFSSL_CTX +I (3335) wolfssl: wolfSSL Entering wolfSSLv23_server_method_ex +I (3345) wolfssl: wolfSSL Entering wolfSSL_CTX_new_ex +I (3345) wolfssl: wolfSSL Entering wolfSSL_CertManagerNew +I (3355) wolfssl: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0 +I (3365) tls_server: Start SM2 + +I (3365) wolfssl: wolfSSL Entering wolfSSL_CTX_set_cipher_list +I (3375) tls_server: Set cipher list: ECDHE-ECDSA-SM4-CBC-SM3 + +TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12 +8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS +A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD +SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD +:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3 +:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305 +I (3435) wolfssl: Loading certificate... +I (3435) wolfssl: wolfSSL Entering wolfSSL_CTX_use_certificate_buffer +I (3445) wolfssl: wolfSSL Entering PemToDer +I (3455) wolfssl: Checking cert signature type +I (3455) wolfssl: wolfSSL Entering GetExplicitVersion +I (3465) wolfssl: wolfSSL Entering wc_GetSerialNumber +I (3465) wolfssl: Got Cert Header +I (3475) wolfssl: wolfSSL Entering GetObjectId +I (3475) wolfssl: Got Algo ID +I (3475) wolfssl: Getting Name +I (3485) wolfssl: Getting Cert Name +I (3485) wolfssl: Getting Name +I (3495) wolfssl: Getting Cert Name +I (3495) wolfssl: Got Subject Name +I (3495) wolfssl: wolfSSL Entering GetAlgoId +I (3505) wolfssl: wolfSSL Entering GetObjectId +I (3505) wolfssl: wolfSSL Entering GetObjectId +I (3515) wolfssl: Got Key +I (3515) wolfssl: ECDSA/ED25519/ED448 cert signature +I (3525) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_certificate_buffer, return 1 +I (3535) tls_server: Loaded server_sm2 + +I (3535) wolfssl: Loading key info... +I (3535) wolfssl: wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer +I (3545) wolfssl: wolfSSL Entering PemToDer +I (3555) wolfssl: wolfSSL Entering GetAlgoId +I (3555) wolfssl: wolfSSL Entering GetObjectId +I (3565) wolfssl: wolfSSL Entering GetAlgoId +I (3565) wolfssl: wolfSSL Entering GetObjectId +I (3575) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1 +I (3575) tls_server: Loaded PrivateKey_buffer server_sm2_priv + +I (3585) wolfssl: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex +I (3595) wolfssl: Processing CA PEM file +I (3595) wolfssl: wolfSSL Entering PemToDer +I (3605) wolfssl: Adding a CA +I (3605) wolfssl: wolfSSL Entering GetExplicitVersion +I (3615) wolfssl: wolfSSL Entering wc_GetSerialNumber +I (3615) wolfssl: Got Cert Header +I (3625) wolfssl: wolfSSL Entering GetObjectId +I (3625) wolfssl: Got Algo ID +I (3635) wolfssl: Getting Name +I (3635) wolfssl: Getting Cert Name +I (3635) wolfssl: Getting Name +I (3645) wolfssl: Getting Cert Name +I (3645) wolfssl: Got Subject Name +I (3655) wolfssl: wolfSSL Entering GetAlgoId +I (3655) wolfssl: wolfSSL Entering GetObjectId +I (3665) wolfssl: wolfSSL Entering GetObjectId +I (3665) wolfssl: Got Key +I (3665) wolfssl: Parsed Past Key +I (3675) wolfssl: wolfSSL Entering DecodeCertExtensions +I (3675) wolfssl: wolfSSL Entering GetObjectId +I (3685) wolfssl: wolfSSL Entering DecodeSubjKeyId +I (3685) wolfssl: wolfSSL Entering GetObjectId +I (3695) wolfssl: wolfSSL Entering DecodeAuthKeyId +I (3705) wolfssl: wolfSSL Entering GetObjectId +I (3705) wolfssl: wolfSSL Entering DecodeBasicCaConstraint +I (3715) wolfssl: wolfSSL Entering GetObjectId +I (3715) wolfssl: wolfSSL Entering DecodeAltNames +I (3725) wolfssl: Unsupported name type, skipping +I (3725) wolfssl: wolfSSL Entering GetObjectId +I (3735) wolfssl: wolfSSL Entering DecodeExtKeyUsage +I (3735) wolfssl: wolfSSL Entering GetObjectId +I (3745) wolfssl: wolfSSL Entering GetObjectId +I (3745) wolfssl: wolfSSL Entering GetObjectId +I (3755) wolfssl: Parsed new CA +I (3755) wolfssl: No key size check done on CA +I (3765) wolfssl: Freeing Parsed CA +I (3765) wolfssl: Freeing der CA +I (3775) wolfssl: OK Freeing der CA +I (3775) wolfssl: wolfSSL Leaving AddCA, return 0 +I (3785) wolfssl: Processed a CA +I (3785) wolfssl: Processed at least one valid CA. Other stuff OK +I (3795) wolfssl: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1 +I (3795) tls_server: Success: load verify buffer + +I (3805) tls_server: Finish SM2 + +I (3805) tls_server: accept clients... +I (3815) wolfssl: Waiting for a connection... +I (14485) wolfssl: wolfSSL Entering wolfSSL_new +I (14495) wolfssl: wolfSSL Entering ReinitSSL +I (14495) wolfssl: wolfSSL Entering SetSSL_CTX +I (14495) wolfssl: wolfSSL Entering wolfSSL_NewSession +I (14505) wolfssl: wolfSSL Leaving wolfSSL_new, return 0 +I (14505) wolfssl: wolfSSL Entering wolfSSL_set_fd +I (14515) wolfssl: wolfSSL Entering wolfSSL_set_read_fd +I (14515) wolfssl: wolfSSL Leaving wolfSSL_set_read_fd, return 1 +I (14525) wolfssl: wolfSSL Entering wolfSSL_set_write_fd +I (14535) wolfssl: wolfSSL Leaving wolfSSL_set_write_fd, return 1 +I (14535) wolfssl: wolfSSL Entering wolfSSL_accept +I (14545) wolfssl: wolfSSL Entering ReinitSSL +I (14545) wolfssl: growing input buffer +I (14555) wolfssl: received record layer msg +I (14555) wolfssl: got HANDSHAKE +I (14565) wolfssl: wolfSSL Entering wolfSSL_get_options +I (14565) wolfssl: wolfSSL Entering DoTls13HandShakeMsg +I (14575) wolfssl: wolfSSL Entering DoTls13HandShakeMsgType +I (14575) wolfssl: processing client hello +I (14585) wolfssl: wolfSSL Entering DoTls13ClientHello +I (14595) wolfssl: wolfSSL Entering DoClientHello +I (14595) wolfssl: downgrading to TLSv1.2 +I (14605) wolfssl: Matched No Compression +I (14605) wolfssl: Adding signature algorithms extension +I (14615) wolfssl: Signature Algorithms extension received +I (14615) wolfssl: Point Formats extension received +I (14625) wolfssl: Supported Groups extension received +I (14625) wolfssl: Unknown TLS extension type +I (14635) wolfssl: Unknown TLS extension type +I (14635) wolfssl: wolfSSL Entering MatchSuite +I (14645) wolfssl: wolfSSL Entering VerifyServerSuite +I (14645) wolfssl: Requires ECC +I (14655) wolfssl: Verified suite validity +I (14655) wolfssl: wolfSSL Leaving DoClientHello, return 0 +I (14665) wolfssl: wolfSSL Leaving DoTls13ClientHello, return 0 +I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsgType(), return 0 +I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsg, return 0 +I (14685) wolfssl: Shrinking input buffer +I (14685) wolfssl: accept state ACCEPT_CLIENT_HELLO_DONE +I (14695) wolfssl: accept state ACCEPT_FIRST_REPLY_DONE +I (14705) wolfssl: wolfSSL Entering SendServerHello +I (14705) wolfssl: growing output buffer +I (14715) internal.c: GrowOutputBuffer ok +I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options +I (14725) wolfssl: Point Formats extension to write +W (14735) wolfio: ssl->wflags = 0 +I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 +I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 +I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 +I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 +I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 +I (14765) wolfio: 06 00 0b 00 02 01 00 +W (14775) wolfio: sz = 87 +I (14775) wolfssl: Shrinking output buffer +I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0 +I (14785) wolfssl: accept state SERVER_HELLO_SENT +I (14795) wolfssl: wolfSSL Entering SendCertificate +I (14795) wolfssl: growing output buffer +I (14805) internal.c: GrowOutputBuffer ok +W (14815) wolfio: ssl->wflags = 0 +I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 +I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 +I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b +I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 +I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 +I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 +I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 +I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 +I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c +I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d +I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 +I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f +I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 +I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 +I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 +I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 +I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 +I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e +I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 +I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c +I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 +I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 +I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e +I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 +I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c +I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 +I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 +I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c +I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f +I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa +I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f +I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 +I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 +I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b +I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f +I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb +I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 +I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 +I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 +I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 +I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 +I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 +I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d +I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 +I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 +I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f +I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 +W (15135) wolfio: sz = 747 +I (15135) wolfssl: Shrinking output buffer +I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0 +I (15145) wolfssl: accept state CERT_SENT +I (15155) wolfssl: wolfSSL Entering SendCertificateStatus +I (15155) wolfssl: wolfSSL Leaving SendCertificateStatus, return 0 +I (15165) wolfssl: accept state CERT_STATUS_SENT +I (15165) wolfssl: wolfSSL Entering SendServerKeyExchange +I (15175) wolfssl: Using ephemeral ECDH +I (15175) wolfssl: wolfSSL Entering EccMakeKey +I (15535) wolfssl: wolfSSL Leaving EccMakeKey, return 0 +I (15535) wolfssl: Trying ECC private key, RSA didn't work +I (15535) wolfssl: wolfSSL Entering GetAlgoId +I (15545) wolfssl: wolfSSL Entering GetObjectId +I (15555) wolfssl: Using ECC private key +I (15555) wolfssl: wolfSSL Entering Sm2wSm3Sign +I (15915) wolfssl: wolfSSL Leaving Sm2wSm3Sign, return 0 +I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg +I (15925) wolfssl: growing output buffer +I (15925) internal.c: GrowOutputBuffer ok +W (15925) wolfio: ssl->wflags = 0 +I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 +I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 +I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f +I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 +I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 +I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad +I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac +I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a +I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c +I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 +W (15995) wolfio: sz = 154 +I (16005) wolfssl: Shrinking output buffer +I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0 +I (16015) wolfssl: accept state KEY_EXCHANGE_SENT +I (16025) wolfssl: accept state CERT_REQ_SENT +I (16025) wolfssl: wolfSSL Entering SendServerHelloDone +I (16035) wolfssl: growing output buffer +I (16035) internal.c: GrowOutputBuffer ok +W (16045) wolfio: ssl->wflags = 0 +I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 +W (16045) wolfio: sz = 9 +I (16055) wolfssl: Embed Send error +I (16055) wolfssl: Connection reset +I (16065) int: Sent = -3 +W (16065) int: WOLFSSL_CBIO_ERR_CONN_RST +E (16075) int: SOCKET_ERROR_E 2 +I (16075) wolfssl: wolfSSL Leaving SendServerHelloDone, return -308 +I (16085) wolfssl: wolfSSL error occurred, error = -308 +I (16085) wolfssl: wolfSSL Entering wolfSSL_get_error +I (16095) wolfssl: wolfSSL Leaving wolfSSL_get_error, return -308 +E (16085) tls_server: wolfSSL_accept error -308 +I (16105) wolfssl: Client connected successfully +I (16105) wolfssl: wolfSSL Entering wolfSSL_read +I (16115) wolfssl: wolfSSL Entering wolfSSL_read_internal +I (16125) wolfssl: wolfSSL Entering ReceiveData +I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed +I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308 +E (16145) tls_server: ERROR: failed to read +I (16145) wolfssl: Client sends: +I (16145) wolfssl: +I (16155) wolfssl: wolfSSL Entering wolfSSL_write +I (16155) wolfssl: handshake not complete, trying to finish +I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate +I (16165) wolfssl: wolfSSL Entering wolfSSL_accept +I (16175) wolfssl: wolfSSL Entering ReinitSSL +W (16185) wolfio: ssl->wflags = 0 +I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 +W (16185) wolfio: sz = 9 +I (16195) wolfssl: Embed Send error +I (16195) wolfssl: General error +I (16205) int: Sent = -1 +E (16205) int: SOCKET_ERROR_E +I (16205) wolfssl: wolfSSL error occurred, error = -308 +I (16215) wolfssl: wolfSSL Leaving wolfSSL_negotiate, return -1 +I (16225) wolfssl: wolfSSL Leaving wolfSSL_write, return -1 +E (16225) tls_server: ERROR: failed to write +I (16235) wolfssl: wolfSSL Entering wolfSSL_free +I (16235) wolfssl: Free'ing server ssl +I (16245) wolfssl: Shrinking output buffer +I (16245) wolfssl: wolfSSL Entering ClientSessionToSession +I (16255) wolfssl: wolfSSL Entering wolfSSL_FreeSession +I (16255) wolfssl: wolfSSL_FreeSession full free +I (16265) wolfssl: CTX ref count not 0 yet, no free +I (16265) wolfssl: wolfSSL Leaving wolfSSL_free, return 0 +I (16275) wolfssl: Waiting for a connection... +``` + +### Wireshark: + +![wireshark](./wireshark.png) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md new file mode 100644 index 0000000000..4f6aa4cd94 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md @@ -0,0 +1,52 @@ +# wolfSSL Project Files for Visual Studio 2022 with VisualGDB Extension + +Include in the respective project `./VisualGDB` directory are [VisualGDB](https://visualgdb.com/) project files. +Individual project files are included for convenience to new users, as there are [difficulties switching between ESP-IDF Versions or Chipsets](https://sysprogs.com/w/forums/topic/difficulties-switching-espressif-esp-idf-version-or-chipset/) using the VisualGDB extension. + +The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project. + + +-------- |------------- |------------- | +ChipSet | ESP-IDF v4.4 | ESP-IDF v5.0 | +-------- |------------- |------------- | +ESP32 | x | | +ESP32-S2 | | | +ESP32-S3 | x | x | +ESP32-C3 | x | x | +ESP32-C6 | | | + + +The default directories are: + +- `C:\SysGCC` - The root directory install of VisualGDB +- `C:\SysGCC\esp32` - The default for ESP-IDF v5.x +- `C:\SysGCC\esp32-8.4` - Many need to manually select this name for ESP-IDF v4.x install +- `C:\SysGCC\esp8266`- The default for ESP8266 + +## Resources + +- [wolfSSL Website](https://www.wolfssl.com/) + +- [wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki) + +- [FIPS 140-2/140-3 FAQ](https://wolfssl.com/license/fips) + +- [wolfSSL Documentation](https://wolfssl.com/wolfSSL/Docs.html) + +- [wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html) + +- [wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html) + +- [wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html) + +- [TLS 1.3](https://www.wolfssl.com/docs/tls13/) + +- [wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/) + +- [Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples) + +## Support + +For questions please email [support@wolfssl.com](mailto:support@wolfssl.com) + +<-- edit 5.6.0001 see https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB --> diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/VisualGDB_wolfssl_server.sln b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln similarity index 81% rename from IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/VisualGDB_wolfssl_server.sln rename to IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln index 59a39fee24..4af977fc23 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/VisualGDB_wolfssl_server.sln +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln @@ -1,9 +1,9 @@  Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 16 -VisualStudioVersion = 16.0.33027.164 +# Visual Studio Version 17 +VisualStudioVersion = 17.7.34031.279 MinimumVisualStudioVersion = 10.0.40219.1 -Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "VisualGDB_wolfssl_server", "VisualGDB_wolfssl_server.vgdbproj", "{CD5A90CA-2D40-461A-A0C3-27654371BB00}" +Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "wolfssl_server_IDF_v5_ESP32", "wolfssl_server_IDF_v5_ESP32.vgdbproj", "{CD5A90CA-2D40-461A-A0C3-27654371BB00}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution @@ -26,6 +26,6 @@ Global HideSolutionNode = FALSE EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution - SolutionGuid = {719A8CBE-E881-4B20-89F3-9910520E1067} + SolutionGuid = {8024AC13-8021-400B-976F-30C392D5BBD3} EndGlobalSection EndGlobal diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/VisualGDB_wolfssl_server.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj similarity index 92% rename from IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/VisualGDB_wolfssl_server.vgdbproj rename to IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj index c1194d45ed..2aa5313936 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/VisualGDB_wolfssl_server.vgdbproj +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj @@ -1,5 +1,5 @@ - + @@ -18,9 +18,9 @@ com.visualgdb.xtensa-esp32-elf - 8.4.0 - 8.1.0 - 9 + 12.2.0 + 12.1 + 1 .. @@ -67,11 +67,11 @@ true - v4.4.1 - esp-idf/v4.4.1 + release/v5.1 + esp-idf/v5.1 ESPIDF - COM20 + COM19 false false ESP32 @@ -93,7 +93,7 @@ - COM20 + COM19 115200 8 @@ -104,7 +104,7 @@ 0 false - false + true false ASCII @@ -220,7 +220,7 @@ openocd - -f interface/tigard.cfg -c "adapter_khz 3000" -f target/esp32.cfg + -f interface/ftdi/tigard.cfg -c "adapter_khz 15000" -f interface/ftdi/tigard.cfg -f target/esp32.cfg @@ -252,7 +252,7 @@ true - Auto + Disabled 0 false false diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt index 2f1e9e4111..e82e19b600 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt @@ -19,7 +19,7 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.3.001 +# Version 5.6.0.011 for detect test/benchmark # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # @@ -28,14 +28,31 @@ cmake_minimum_required(VERSION 3.16) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component +set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) + +# find the user name to search for possible "wolfssl-username" +message(STATUS "USERNAME = $ENV{USERNAME}") +if( "$ENV{USER}" STREQUAL "" ) # the bash user + if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user + message(STATUS "could not find USER or USERNAME") + else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USERNAME}") + endif() +else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USER}") +endif() +message(STATUS "THIS_USER = ${THIS_USER}") + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 -# set the root of wolfSSL: +# set the root of wolfSSL in top-level project CMakelists.txt: # set(WOLFSSL_ROOT "C:/some path/with/spaces") -# set(WOLFSSL_ROOT "c:/workspace/wolfssl-gojimmypi") +# set(WOLFSSL_ROOT "c:/workspace/wolfssl-[username]") # set(WOLFSSL_ROOT "/mnt/c/some path/with/spaces") # or use this logic to assign value from Environment Variable WOLFSSL_ROOT, # or assume this is an example 7 subdirectories below: @@ -43,6 +60,97 @@ set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl # We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl # The root of wolfSSL is 7 directories up from here: +# function: IS_WOLFSSL_SOURCE +# parameter: DIRECTORY_PARAMETER - the directory to test +# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. +function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) + if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") + set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) + else() + set(${RESULT} "" PARENT_SCOPE) + endif() +endfunction() + +# function: FIND_WOLFSSL_DIRECTORY +# parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank +# +function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + else() + get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if("${FOUND_WOLFSSL}") + message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + else() + message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT}") + endif() + endif() + + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + + # loop through all the parents, looking for wolfssl + while(NOT CURRENT_SEARCH_DIR STREQUAL "/" AND NOT CURRENT_SEARCH_DIR STREQUAL "" ) + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + # wolfSSL may simply be in a parent directory, such as for local examples in wolfssl repo + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) + if( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + + if( THIS_USER ) + # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + + #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + return() + endif() + endif() + + # Next check for no user suffix "wolfssl" subdirectory as we recurse up the directory tree + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + # if(EXISTS ${CURRENT_SEARCH_DIR} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR} AND EXISTS "${CURRENT_SEARCH_DIR}/wolfcrypt/src") + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + + # Move up one directory level + set(PRIOR_SEARCH_DIR "${CURRENT_SEARCH_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) + message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) + # when the search directory is empty, we'll give up + set(CURRENT_SEARCH_DIR "") + endif() + endwhile() + + # If not found, set the output variable to empty before exiting + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} "" PARENT_SCOPE) +endfunction() + + +# Example usage: + + + + if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( @@ -58,159 +166,36 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") - # TODO - if(WIN32) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") - message("Detected Windows") - endif() - if(CMAKE_HOST_UNIX) - message("Detected UNIX") - endif() - if(APPLE) - message("Detected APPLE") - endif() - if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") - message("Detected WSL") - endif() - if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") - message("Detected Linux") - endif() - if(APPLE) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") - message("Detected Apple") - endif() - - # Check to see if we're already in wolfssl, and only if WOLFSSL_ROOT not specified - if ("${WOLFSSL_ROOT}" STREQUAL "") - # wolfssl examples are 7 directories deep from wolfssl repo root - # 1 2 3 4 5 6 7 - set(THIS_RELATIVE_PATH "../../../../../../..") - get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) - message(STATUS "Searching in path = ${THIS_SEARCH_PATH}") - - if (EXISTS "${THIS_SEARCH_PATH}/wolfcrypt/src") - # we're already in wolfssl examples! - get_filename_component(WOLFSSL_ROOT "${THIS_SEARCH_PATH}" ABSOLUTE) - message(STATUS "Using wolfSSL example with root ${WOLFSSL_ROOT}") - else() - # We're in some other repo such as wolfssh, so we'll search for an - # adjacent-level directory for wolfssl. (8 directories up, then down one) - # - # For example wolfSSL examples: - # C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\components\wolfssl - # - # For example wolfSSH examples: - # C:\workspace\wolfssh-gojimmypi\ide\Espressif\ESP-IDF\examples\wolfssh_benchmark\components\wolfssl - # - # 1 2 3 4 5 6 7 8 - set(THIS_RELATIVE_PATH "../../../../../../../..") - get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) - message(STATUS "Searching next in path = ${THIS_SEARCH_PATH}") - endif() + # search for wolfSSL + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + if(WOLFSSL_ROOT) + message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + else() + message(STATUS "NEW wolfssl directory not found.") + # Abort. We need wolfssl _somewhere_. + message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" + "Try setting WOLFSSL_ROOT environment variable or git clone.") endif() - # search other possible locations - if ("${WOLFSSL_ROOT}" STREQUAL "") - # there's not a hard-coded WOLFSSL_ROOT value above, so let's see if we can find it. - if( "$ENV{WOLFSSL_ROOT}" STREQUAL "" ) - message(STATUS "Environment Variable WOLFSSL_ROOT not set. Will search common locations.") - - message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") - get_filename_component(THIS_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) - message(STATUS "THIS_DIR = ${THIS_DIR}") - - # find the user name to search for possible "wolfssl-username" - message(STATUS "USERNAME = $ENV{USERNAME}") - if( "$ENV{USER}" STREQUAL "" ) # the bash user - if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user - message(STATUS "could not find USER or USERNAME") - else() - # the bash user is not blank, so we'll use it. - set(THIS_USER "$ENV{USERNAME}") - endif() - else() - # the bash user is not blank, so we'll use it. - set(THIS_USER "$ENV{USER}") - endif() - message(STATUS "THIS_USER = ${THIS_USER}") - - # This same makefile is used for both the wolfssl component, and other - # components that may depend on wolfssl, such as wolfssh. Therefore - # we need to determine if this makefile is in the wolfssl repo, or - # some other repo. - - if( "{THIS_USER}" STREQUAL "" ) - # This is highly unusual to not find a user name. - # In this case, we'll just search for a "wolfssl" directory: - message(STATUS "No username found!") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) - else() - # We found an environment USER name! - # The first place to look for wolfssl will be in a user-clone called "wolfssl-[username]" - message(STATUS "Using [THIS_USER = ${THIS_USER}] to see if there's a [relative path]/wolfssl-${THIS_USER} directory.") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl-${THIS_USER}" ABSOLUTE) - - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "Found wolfssl in user-suffix ${WOLFSSL_ROOT}") - else() - # If there's not a user-clone called "wolfssl-[username]", - # perhaps there's simply a git clone called "wolfssl"? - message(STATUS "Did not find wolfssl-${THIS_USER}; continuing search...") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) - - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "Found wolfssl in standard ${WOLFSSL_ROOT}") - else() - # Things are looking pretty bleak. We'll likely not be able to compile. - message(STATUS "Did not find wolfssl in ${WOLFSSL_ROOT}") - endif() - endif() - endif() + set(INCLUDE_PATH ${WOLFSSL_ROOT}) - else() - # there's an environment variable, so use it. - set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( EXISTS "${WOLFSSL_ROOT}" ) - get_filename_component(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") - else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() - # end of search for wolfssl component root - else() - # There's already a value assigned; we won't search for anything else. - message(STATUS "Found user-specified WOLFSSL_ROOT value.") - endif() # WOLFSSL_ROOT user defined - - # After all the logic above, does our WOLFSSL_ROOT actually exist? - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}") - else() - # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}. Try setting environment variable or git clone.") + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") endif() - - set(INCLUDE_PATH ${WOLFSSL_ROOT}) + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" - # TODO: Make this a universal makefile that detects if benchmark / test needed - # Sometimes problematic with SM; consider gating detection. - #"\"${WOLFSSL_ROOT}/wolfcrypt/benchmark\"" # the benchmark application - #"\"${WOLFSSL_ROOT}/wolfcrypt/test\"" # the test application - ) # COMPONENT_SRCDIRS + "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" + ) # COMPONENT_SRCDIRS + message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") @@ -303,10 +288,10 @@ else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) message(STATUS "Using existing wolfSSL user_settings.h in " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") else() message(STATUS "Installing wolfSSL user_settings.h to " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/") endif() @@ -314,9 +299,12 @@ else() # next check if there's a [root]/include/config.h if( EXISTS "${WOLFSSL_ROOT}/include/config.h" ) - message(FATAL_ERROR "Found stray wolfSSL config.h in " - "${WOLFSSL_ROOT}/include/config.h " - " (please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h )") + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") + message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h" ) + message(STATUS " Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h" ) + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" ) @@ -399,6 +387,14 @@ else() "\"${WOLFSSL_ROOT}/src/x509_str.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" "\"${EXCLUDE_ASM}\"" ) @@ -443,6 +439,7 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + endif() # CMAKE_BUILD_EARLY_EXPANSION diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 29a03b0f15..9aca493ef4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -19,21 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* This is the user_settings.h file for the wolfssl_server TLS example. - * For application-specific settings, please see server-tls.h file */ - -#include /* essential to chip set detection */ - -/* optional timezone used when setting time */ -#define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" - -/* #define SHOW_SSID_AND_PASSWORD */ /* remove this to not show in startup log */ - -#undef WOLFSSL_ESPIDF -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESP8266 +/* This user_settings.h is for Espressif ESP-IDF */ +#include /* The Espressif sdkconfig will have chipset info. ** @@ -46,6 +33,7 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ +#undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF /* @@ -55,64 +43,25 @@ * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP8266 +#undef WOLFSSL_ESP32 #define WOLFSSL_ESP32 -#if defined(CONFIG_IDF_TARGET_ESP32) - /* HW Enabled by default for ESP32. To disable: */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ -#elif defined(CONFIG_IDF_TARGET_ESP32S2) - /* HW Disabled by default for ESP32-S2. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32S3) - /* HW Enabled by default for ESP32. To disable: */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ -#elif defined(CONFIG_IDF_TARGET_ESP32C2) - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32C3) - /* HW Disabled by default for ESP32-C3. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32C6) - /* HW Disabled by default for ESP32-C6. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32H2) - /* HW Disabled by default for ESP32-H2. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#else - /* HW Disabled by default for all other ESP32-[?]. */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#endif - - /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* When you don't want to use the old SHA */ +/* #define NO_SHA */ +/* #define NO_OLD_TLS */ + #define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 /* TLS 1.3 */ #define WOLFSSL_TLS13 @@ -124,45 +73,44 @@ #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB -/* when you want to use SINGLE THREAD */ -/* #define SINGLE_THREADED */ #define NO_FILESYSTEM +#define NO_OLD_TLS + #define HAVE_AESGCM #define WOLFSSL_RIPEMD /* when you want to use SHA224 */ -/* #define WOLFSSL_SHA224 */ - -#define NO_OLD_TLS +#define WOLFSSL_SHA224 /* when you want to use SHA384 */ -/* #define WOLFSSL_SHA384 */ - -/* #define WOLFSSL_SHA3 */ +#define WOLFSSL_SHA384 +/* when you want to use SHA512 */ #define WOLFSSL_SHA512 + +/* when you want to use SHA3 */ +#define WOLFSSL_SHA3 + +#define HAVE_ED25519 /* ED25519 requires SHA512 */ + #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 + #define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ +#define HAVE_PKCS7 + #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT #endif -/* optional DH */ -/* #define PROJECT_DH */ -#ifdef PROJECT_DH - #define HAVE_DH - #define HAVE_FFDHE_2048 -#endif - /* when you want to use aes counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -177,23 +125,29 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ +/* rsa primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #define EPS_RSA_EXPT_XBTIS 36 - /* X and Y of X * Y mod P greater than */ - #define ESP_RSA_MULM_BITS 36 + + #if defined(CONFIG_IDF_TARGET_ESP32) + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + + #endif #endif + #define RSA_LOW_MEM -/* debug options */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ -/* #define WOLFSSL_ATECC508A_DEBUG */ +/* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ /* if it cannot adjust time in the device, */ @@ -201,147 +155,192 @@ /* #define NO_ASN_TIME */ /* #define XTIME time */ + /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 -/* see esp_ShowExtendedSystemInfo in esp32-crypt.h for startup log info */ -#define HAVE_VERSION_EXTENDED_INFO +#define HASH_SIZE_LIMIT /* for test.c */ +/* USE_FAST_MATH is default */ +#define USE_FAST_MATH -/* debug options */ -/* #define ESP_VERIFY_MEMBLOCK */ -#define WOLFSSL_HW_METRICS -/* #define DEBUG_WOLFSSL_VERBOSE */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -#define NO_RECOVER_SOFTWARE_CALC +/***** Use SP_MATH *****/ +/* #undef USE_FAST_MATH */ +/* #define SP_MATH */ +/* #define WOLFSSL_SP_MATH_ALL */ -/* optionally turn off individual math HW acceleration features */ +/***** Use Integer Heap Math *****/ +/* #undef USE_FAST_MATH */ +/* #define USE_INTEGER_HEAP_MATH */ -/* Turn off Large Number Multiplication: -** [Z = X * Y] in esp_mp_mul() */ -/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ -/* Turn off Large Number Modular Exponentiation: -** [Z = X^Y mod M] in esp_mp_exptmod() */ -/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ +#define WOLFSSL_SMALL_STACK -/* Turn off Large Number Modular Multiplication -** [Z = X × Y mod M] in esp_mp_mulmod() */ -/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ +#define HAVE_VERSION_EXTENDED_INFO +/* #define HAVE_WC_INTROSPECTION */ -/* this is known to fail in TFM: */ -/* #define HONOR_MATH_USED_LENGTH */ +#define HAVE_SESSION_TICKET -/* this is known to fail in TFM */ -/* #define CHECK_MP_READ_UNSIGNED_BIN */ +/* #define HAVE_HASHDRBG */ -#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_EXT +#define WOLFSSL_SYS_CA_CERTS -/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ -/* Uncomment this section to enable SM -#define WOLFSSL_SM2 -#define WOLFSSL_SM3 -#define WOLFSSL_SM4 + +#define WOLFSSL_CERT_TEXT + +#define WOLFSSL_ASN_TEMPLATE + +/* +#undef WOLFSSL_KEY_GEN +#undef WOLFSSL_CERT_REQ +#undef WOLFSSL_CERT_GEN +#undef WOLFSSL_CERT_EXT +#undef WOLFSSL_SYS_CA_CERTS */ -#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) - /* see https://github.com/wolfSSL/wolfssl/pull/6537 - * - * see settings.h for other features turned on with SM4 ciphers. - */ - #undef USE_CERT_BUFFERS_1024 - #define USE_CERT_BUFFERS_1024 +/* +--enable-keygen +--enable-certgen +--enable-certreq +--enable-certext +--enable-asn-template +*/ - #undef WOLFSSL_SM4_ECB - #define WOLFSSL_SM4_ECB +/* Default is HW enabled unless turned off. +** Uncomment these lines to force SW instead of HW acceleration */ - #undef WOLFSSL_SM4_CBC - #define WOLFSSL_SM4_CBC +#if defined(CONFIG_IDF_TARGET_ESP32) + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ + + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ + /***** END CONFIG_IDF_TARGET_ESP32 *****/ - #undef WOLFSSL_SM4_CTR - #define WOLFSSL_SM4_CTR +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ - #undef WOLFSSL_SM4_GCM - #define WOLFSSL_SM4_GCM +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ - #undef WOLFSSL_SM4_CCM - #define WOLFSSL_SM4_CCM +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ - #define HAVE_POLY1305 - #define HAVE_CHACHA + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ - #undef HAVE_AESGCM - #define HAVE_AESGCM + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ - #undef HAVE_ECC - #define HAVE_ECC + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ - /* see https://github.com/wolfSSL/wolfssl/pull/6825 */ - #include +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ - #define CTX_CA_CERT root_sm2 - #define CTX_CA_CERT_SIZE sizeof_root_sm2 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM - #define CTX_SERVER_CERT server_sm2 - #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM - #define CTX_SERVER_KEY server_sm2_priv - #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM -/* - * SM optional cipher suite settings: - * - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" -*/ - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ - "TLS13-SM4-CCM-SM3:" \ - "TLS-SM4-GCM-SM3:" /* not a valid command-line cipher */ \ - "TLS-SM4-CCM-SM3:" /* not a valid command-line cipher */ \ - "ECDHE-ECDSA-SM4-CBC-SM3:" \ - "ECDHE-ECDSA-SM4-GCM-SM3:" \ - "ECDHE-ECDSA-SM4-CCM-SM3" + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + /* wolfSSL Hardware Acceleration not yet implemented */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO: Revisit ESP8266 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP266 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* There's no Hardware Acceleration available on ESP8684 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP8684 *****/ #else - /* default settings */ - #define USE_CERT_BUFFERS_2048 - #define USE_CERT_BUFFERS_256 - #define CTX_CA_CERT ca_cert_der_2048 - #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 - #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_CERT server_cert_der_2048 - #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 - #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 - #define CTX_SERVER_KEY server_key_der_2048 - #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 - #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 -/* - * Optional Cipher Suite Specification - * - * nothing defined, default used = "TLS13-AES128-GCM-SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" - #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3:" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-AES128-GCM-SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-AES128-GCM-SHA256:" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-CHACHA20-POLY1305-SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS_CHACHA20_POLY1305_SHA256" - #define WOLFSSL_ESP32_CIPHER_SUITE "TLS_SM4_CCM_SM3" + /* Anything else encountered, disable HW accleration */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif /* CONFIG_IDF_TARGET Check */ + +/* Debug options: + +#define ESP_VERIFY_MEMBLOCK +#define DEBUG_WOLFSSL +#define DEBUG_WOLFSSL_VERBOSE +#define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_ESP32_CRYPT_DEBUG +#define NO_RECOVER_SOFTWARE_CALC +#define WOLFSSL_TEST_STRAY 1 +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +#define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define ESP_DISABLE_HW_TASK_LOCK */ -#endif - #undef HAVE_ECC - #define HAVE_ECC +#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +#define WOLFSSL_HW_METRICS + +/* #define HASH_SIZE_LIMIT */ /* for test.c */ - #undef HAVE_SUPPORTED_CURVES - #define HAVE_SUPPORTED_CURVES +/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -349,9 +348,24 @@ * for the PRIV_REQUIRES list. */ /* #define INCLUDE_ALT_HW_TEST */ -/* #define NO_HW_MATH_TEST */ +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number ESP32 HW Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number ESP32 HW Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number ESP32 HW Modular Multiplication +** [Z = X * Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE #define HAVE_PK_CALLBACKS @@ -359,22 +373,36 @@ #define ATCA_WOLFSSL */ -/* USE_FAST_MATH is default */ -#define USE_FAST_MATH - -/* use SP_MATH */ -/* -#undef USE_FAST_MATH -#define WOLFSSL_SP_MATH_ALL +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 */ -/* use integer heap math */ -/* -#undef USE_FAST_MATH -#define USE_INTEGER_HEAP_MATH -*/ +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #include + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_CERT server_sm2 + #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_KEY server_sm2_priv + #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM -/* optionally use DPORT_ACCESS_READ_BUFFER */ -/* -#define USE_ESP_DPORT_ACCESS_READ_BUFFER -*/ + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 +#else + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_256 + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt index e754ae0f22..c0ad51909b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt @@ -1,12 +1,36 @@ - +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.0 # # wolfssl server test # set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") -set(COMPONENT_SRCS "server-tls.c" "wifi_connect.c") -set(COMPONENT_ADD_INCLUDEDIRS "." "./include") - +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() set (git_cmd "git") if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) @@ -19,8 +43,14 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") endif() - -register_component() +## register_component() +idf_component_register(SRCS main.c + wifi_connect.c + time_helper.c + server-tls.c + INCLUDE_DIRS "." + "./include") +# # # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) @@ -73,3 +103,4 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION) endif() message(STATUS "") + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild new file mode 100644 index 0000000000..264c808834 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild @@ -0,0 +1,29 @@ +menu "Example Configuration" + +config BENCH_ARGV + string "Arguments for benchmark test" + default "-lng 0" + help + -? Help, print this usage + 0: English, 1: Japanese + -csv Print terminal output in csv format + -base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes) + -no_aad No additional authentication data passed. + -dgst_full Full digest operation performed. + -rsa_sign Measure RSA sign/verify instead of encrypt/decrypt. + - Algorithm to benchmark. Available algorithms include: + cipher aes-cbc aes-gcm chacha20 chacha20-poly1305 + digest md5 poly1305 sha sha2 sha224 sha256 sha384 sha512 sha3 + sha3-224 sha3-256 sha3-384 sha3-512 + mac hmac hmac-md5 hmac-sha hmac-sha224 hmac-sha256 hmac-sha384 + hmac-sha512 + asym rsa rsa-sz dh ecc-kg ecc + other rng + -lng Display benchmark result by specified language. + 0: English, 1: Japanese + Size of block in bytes + + e.g -lng 1 + e.g sha + +endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h new file mode 100644 index 0000000000..94c3b5eba6 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h @@ -0,0 +1,24 @@ +/* template main.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _MAIN_H_ +#define _MAIN_H_ + +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h new file mode 100644 index 0000000000..d065df3c4e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h @@ -0,0 +1,62 @@ +/* server-tls.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _SERVER_TLS_ +#define _SERVER_TLS_ + +#define DEFAULT_PORT 11111 + +#define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" +#define TLS_SMP_CLIENT_TASK_WORDS 10240 +#define TLS_SMP_CLIENT_TASK_PRIORITY 8 + +#define TLS_SMP_TARGET_HOST "192.168.25.109" + +#include +#include +#include "user_settings.h" + +#if defined(SINGLE_THREADED) + #define WOLFSSL_ESP_TASK int +#else + #include "freertos/FreeRTOS.h" + #define WOLFSSL_ESP_TASK void +#endif + +typedef struct { + int port; + int loops; +} tls_args; + +/* Function to show the ciphers available / in use. */ +#if defined(DEBUG_WOLFSSL) + int ShowCiphers(WOLFSSL* ssl); +#endif + +/* This is the TLS Server function, possibly in an RTOS thread. */ +WOLFSSL_ESP_TASK tls_smp_server_task(void *args); + +/* init will create an RTOS task, otherwise server is simply function call. */ +#if defined(SINGLE_THREADED) + /* no init neded */ +#else + WOLFSSL_ESP_TASK tls_smp_server_init(void* args); +#endif +#endif /* _SERVER_TLS_ */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h new file mode 100644 index 0000000000..a47f940016 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* common Espressif time_helper v5.6.3.001 */ + +#ifndef _TIME_HELPER_H +#define _TIME_HELPER_H + +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 + * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* a function to show the current data and time */ +int esp_show_current_datetime(); + +/* worst case, if GitHub time not available, used fixed time */ +int set_fixed_default_time(void); + +/* set time from string (e.g. GitHub commit time) */ +int set_time_from_string(char* time_buffer); + +/* set time from NTP servers, + * also initially calls set_fixed_default_time or set_time_from_string */ +int set_time(void); + +/* wait NTP_RETRY_COUNT seconds before giving up on NTP time */ +int set_time_wait_for_ntp(void); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* #ifndef _TIME_HELPER_H */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index c8a27577e0..d5eec7c19b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -18,25 +18,82 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef _TLS_WIFI_H_ -#define _TLS_WIFI_H_ - -#include "esp_idf_version.h" -#include "esp_log.h" -#include "esp_wifi.h" -#if ESP_IDF_VERSION_MAJOR >= 4 -#include "esp_event.h" -#else -#include "esp_event_loop.h" -#endif +#ifndef _WIFI_CONNECT_H_ +#define _WIFI_CONNECT_H_ + +#include +#include + +/* ESP lwip */ +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY #define DEFAULT_PORT 11111 #define TLS_SMP_SERVER_TASK_NAME "tls_sever_example" -#define TLS_SMP_SERVER_TASK_WORDS 10240 +#define TLS_SMP_SERVER_TASK_WORDS 22240 #define TLS_SMP_SERVER_TASK_PRIORITY 8 #define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID #define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD +#define USE_WIFI_EXAMPLE +#ifdef USE_WIFI_EXAMPLE + #include "esp_netif.h" + #include "protocol_examples_common.h" /* see project CMakeLists.txt */ #endif + +/** + ****************************************************************************** + ****************************************************************************** + ** USER APPLICATION SETTINGS BEGIN + ****************************************************************************** + ****************************************************************************** + **/ + +/* when using a private config with plain text passwords, + * file my_private_config.h should be excluded from git updates */ +/* #define USE_MY_PRIVATE_CONFIG */ + +#ifdef USE_MY_PRIVATE_CONFIG + #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS) + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL) + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX) + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE) + #include "~/Documents/my_private_config.h" + #else + #warning "did not detect environment. using ~/my_private_config.h" + #include "~/my_private_config.h" + #endif +#else + + /* + ** The examples use WiFi configuration that you can set via project + ** configuration menu + ** + ** If you'd rather not, just change the below entries to strings with + ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" + */ + #ifdef CONFIG_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID + #else + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif + + #ifdef CONFIG_ESP_WIFI_PASSWORD + #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD + #else + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif +#endif + +/* ESP lwip */ +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY + +int wifi_init_sta(void); + +int wifi_show_ip(void); + +#endif /* _WIFI_CONNECT_H_ */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c new file mode 100644 index 0000000000..0c043b2a69 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -0,0 +1,247 @@ +/* main.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include "sdkconfig.h" +#include "main.h" + +/* ESP specific */ +#include +#include +#include + +/* wolfSSL */ +#include +#include +#include +#ifndef WOLFSSL_ESPIDF + #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" +#endif + +/* this project */ +#include "server-tls.h" +#include "time_helper.h" + +#ifndef CONFIG_IDF_TARGET_ESP32H2 + /* There's no WiFi on ESP32-H2. + * For wired ethernet, see: + * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */ + #include "wifi_connect.h" +#endif + +#ifdef WOLFSSL_TRACK_MEMORY + #include +#endif + +static const char* const TAG = "TLS Client"; + +#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ + && defined(WOLFSSL_ATECC508A) + +#include "wolfssl/wolfcrypt/port/atmel/atmel.h" + +/* when you want to use a custom slot allocation */ +/* enable the definition CUSTOM_SLOT_ALLOCATION. */ + +#if defined(CUSTOM_SLOT_ALLOCATION) + +static byte mSlotList[ATECC_MAX_SLOT]; + +int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc); + +/* initialize slot array */ +void my_atmel_slotInit() +{ + int i; + for(i = 0;i < ATECC_MAX_SLOT;i++) { + mSlotList[i] = ATECC_INVALID_SLOT; + } +} + +/* allocate slot depending on slotType */ +int my_atmel_alloc(int slotType) +{ + int i, slot = -1; + + switch(slotType){ + case ATMEL_SLOT_ENCKEY: + slot = 4; + break; + case ATMEL_SLOT_DEVICE: + slot = 0; + break; + case ATMEL_SLOT_ECDHE: + slot = 0; + break; + case ATMEL_SLOT_ECDHE_ENC: + slot = 4; + break; + case ATMEL_SLOT_ANY: + for(i = 0;i < ATECC_MAX_SLOT;i++){ + if(mSlotList[i] == ATECC_INVALID_SLOT){ + slot = i; + break; + } + } + } + + return slot; +} + +/* free slot array */ +void my_atmel_free(int slotId) +{ + if(slotId >= 0 && slotId < ATECC_MAX_SLOT){ + mSlotList[slotId] = ATECC_INVALID_SLOT; + } +} +#endif /* CUSTOM_SLOT_ALLOCATION */ +#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */ + +/* for FreeRTOS */ +void app_main(void) +{ + int stack_start = 0; + esp_err_t ret = 0; + ESP_LOGI(TAG, "---------------- wolfSSL TLS Server Example ------------"); + ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); + ESP_LOGI(TAG, "--------------------------------------------------------"); + ESP_LOGI(TAG, "--------------------------------------------------------"); +#ifdef ESP_TASK_MAIN_STACK + ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK); +#endif +#ifdef TASK_EXTRA_STACK_SIZE + ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); +#endif +#ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", + CONFIG_ESP_MAIN_TASK_STACK_SIZE, + (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); + + /* Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in bytes not words, unlike + * vanilla FreeRTOS) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + */ + stack_start = uxTaskGetStackHighWaterMark(NULL); + ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); +#endif + +#ifdef HAVE_VERSION_EXTENDED_INFO + esp_ShowExtendedSystemInfo(); +#endif + + /* Set time for cert validation. + * Some lwIP APIs, including SNTP functions, are not thread safe. */ + ret = set_time(); /* need to setup NTP before WiFi */ + + /* Optionally erase flash */ + /* ESP_ERROR_CHECK(nvs_flash_erase()); */ + +#ifdef FOUND_PROTOCOL_EXAMPLES_DIR + ESP_LOGI(TAG, "FOUND_PROTOCOL_EXAMPLES_DIR active, using example code."); + ESP_ERROR_CHECK(nvs_flash_init()); + + #if defined(CONFIG_IDF_TARGET_ESP32H2) + ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. "); + #else + ESP_ERROR_CHECK(esp_netif_init()); + ESP_ERROR_CHECK(esp_event_loop_create_default()); + ESP_ERROR_CHECK(example_connect()); + #endif +#else + ESP_ERROR_CHECK(nvs_flash_init()); + + /* Initialize NVS */ + ret = nvs_flash_init(); + if (ret == ESP_ERR_NVS_NO_FREE_PAGES || + ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { + ESP_ERROR_CHECK(nvs_flash_erase()); + ret = nvs_flash_init(); + } + ESP_ERROR_CHECK(ret); + + #if defined(CONFIG_IDF_TARGET_ESP32H2) + ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. "); + #else + /* Initialize WiFi */ + ESP_LOGI(TAG, "ESP_WIFI_MODE_STA"); + ret = wifi_init_sta(); + while (ret != 0) { + ESP_LOGI(TAG, "Waiting..."); + vTaskDelay(60000 / portTICK_PERIOD_MS); + ESP_LOGI(TAG, "Trying WiFi again..."); + ret = wifi_init_sta(); + } + #endif +#endif + + /* Once we are connected to the network, start & wait for NTP time */ + ret = set_time_wait_for_ntp(); + + if (ret < -1) { + /* a value of -1 means there was no NTP server, so no need to wait */ + ESP_LOGI(TAG, "Waiting 10 more seconds for NTP to complete." ); + vTaskDelay(10000 / portTICK_PERIOD_MS); /* brute-force solution */ + esp_show_current_datetime(); + } + + /* HWM is maximum amount of stack space that has been unused, in bytes + * not words (unlike vanilla freeRTOS). */ + ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes", + CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL)) + ); + ESP_LOGI(TAG, "Starting TLS Server...\n"); + +#if defined(SINGLE_THREADED) + /* just call the task */ + tls_smp_server_task((void*)NULL); +#else + tls_args args[1] = {0}; + /* start a thread with the task */ + tls_smp_server_init(args); /* NULL will use the DEFAULT_PORT value */ +#endif + + /* done */ + while (1) { + ESP_LOGV(TAG, "\n\nLoop...\n\n"); +#ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack delta: %d\n", stack_start + - uxTaskGetStackHighWaterMark(NULL)); +#endif + +#if defined(SINGLE_THREADED) + ESP_LOGV(TAG, "\n\nDone!\n\n"); + while (1); +#else + vTaskDelay(60000); + ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); + vTaskDelete(NULL); +#endif + } /* done whle */ + +} /* app_main */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index 8a6f85c354..8d6cdd25cd 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -1,4 +1,4 @@ -/* server-tls-callback.c +/* server-tls.c * * Copyright (C) 2006-2023 wolfSSL Inc. * @@ -18,122 +18,121 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* the usual suspects */ -#include -#include -#include -#include + +#include "server-tls.h" + +/* Espressif FreeRTOS */ +#ifndef SINGLE_THREADED + #include + #include + #include +#endif /* socket includes */ -#include -#include -#include -#include +#include +#include /* wolfSSL */ #include +#include "user_settings.h" #include -#include - -/* ESP specific */ -#include "wifi_connect.h" #ifdef WOLFSSL_TRACK_MEMORY #include #endif -static const char* const TAG = "tls_server"; - -#if defined(DEBUG_WOLFSSL) - -static void ShowCiphers(void) -{ - char ciphers[4096]; - - int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers)); - - if (ret == WOLFSSL_SUCCESS) - printf("%s\n", ciphers); -} +#ifndef NO_DH + /* see also wolfssl/test.h */ + #undef DEFAULT_MIN_DHKEY_BITS + #define DEFAULT_MIN_DHKEY_BITS 1024 + #undef DEFAULT_MAX_DHKEY_BITS + #define DEFAULT_MAX_DHKEY_BITS 2048 #endif -#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ - && defined(WOLFSSL_ATECC508A) - -#include "wolfssl/wolfcrypt/port/atmel/atmel.h" - -/* when you want to use a custom slot allocation */ -/* enable the definition CUSTOM_SLOT_ALLOCATION. */ +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #include + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_CERT server_sm2 + #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_KEY server_sm2_priv + #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM +#else + #include + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 +#endif -#if defined(CUSTOM_SLOT_ALLOCATION) +/* Project */ +#include "wifi_connect.h" +#include "time_helper.h" -static byte mSlotList[ATECC_MAX_SLOT]; -int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc); +static const char* const TAG = "server-tls"; +int stack_start = -1; -/* initialize slot array */ -void my_atmel_slotInit() +int ShowCiphers(WOLFSSL* ssl) { - int i; - - for(i=0;i= 0 && slotId < ATECC_MAX_SLOT){ - mSlotList[slotId] = ATECC_INVALID_SLOT; - } -} -#endif /* CUSTOM_SLOT_ALLOCATION */ -#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */ -void tls_smp_server_task() +/* FreeRTOS */ +/* server task */ +WOLFSSL_ESP_TASK tls_smp_server_task(void *args) { - int sockfd; - int connd; +#if defined(SINGLE_THREADED) + #define TLS_SMP_SERVER_TASK_RET ret +#else + #define TLS_SMP_SERVER_TASK_RET +#endif + char buff[256]; + const char msg[] = "I hear you fa shizzle!"; + struct sockaddr_in servAddr; struct sockaddr_in clientAddr; - socklen_t size = sizeof(clientAddr); - char buff[256]; - size_t len; + int sockfd; + int connd; int shutdown = 0; int ret; - const char msg[] = "I hear you fa shizzle!"; + socklen_t size = sizeof(clientAddr); + size_t len; /* declare wolfSSL objects */ WOLFSSL_CTX* ctx; @@ -142,9 +141,8 @@ void tls_smp_server_task() WOLFSSL_ENTER("tls_smp_server_task"); #ifdef DEBUG_WOLFSSL - WOLFSSL_MSG("Debug ON"); wolfSSL_Debugging_ON(); - ShowCiphers(); + ShowCiphers(NULL); #endif /* Initialize wolfSSL */ @@ -161,9 +159,99 @@ void tls_smp_server_task() /* Create and initialize WOLFSSL_CTX */ WOLFSSL_MSG("Create and initialize WOLFSSL_CTX"); +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); + // ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); /* only TLS 1.3 */ + if (ctx == NULL) { + ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX"); + } +#else + /* TODO remove duplicate */ if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX"); } +#endif + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + ESP_LOGI(TAG, "Start SM3\n"); + + /* Optional set explicit ciphers + ret = wolfSSL_CTX_set_cipher_list(ctx, WOLFSSL_ESP32_CIPHER_SUITE); + if (ret == SSL_SUCCESS) { + ESP_LOGI(TAG, "Set cipher list: "WOLFSSL_ESP32_CIPHER_SUITE"\n"); + } + else { + ESP_LOGE(TAG, "ERROR: failed to set cipher list: "WOLFSSL_ESP32_CIPHER_SUITE"\n"); + } + */ + ShowCiphers(NULL); + ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - uxTaskGetStackHighWaterMark(NULL)); + + WOLFSSL_MSG("Loading certificate..."); + /* -c Load server certificates into WOLFSSL_CTX */ + ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + CTX_SERVER_CERT, + CTX_SERVER_CERT_SIZE, + CTX_SERVER_CERT_TYPE + ); + +/* optional wolfSSL_CTX_use_certificate_buffer + ret = wolfSSL_CTX_use_certificate_buffer(ctx, + server_sm2, + sizeof_server_sm2, + WOLFSSL_FILETYPE_PEM); +*/ + if (ret == SSL_SUCCESS) { + ESP_LOGI(TAG, "Loaded server_sm2\n"); + } + else { + ESP_LOGE(TAG, "ERROR: failed to load cert\n"); + } + ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - uxTaskGetStackHighWaterMark(NULL)); + +#ifndef NO_DH + #define DEFAULT_MIN_DHKEY_BITS 1024 + #define DEFAULT_MAX_DHKEY_BITS 2048 + int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; + ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits); +#endif +#ifndef NO_RSA + #define DEFAULT_MIN_RSAKEY_BITS 1024 + short minRsaKeyBits = DEFAULT_MIN_RSAKEY_BITS; + ret = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits); +#endif + + WOLFSSL_MSG("Loading key info..."); + /* -k Load server key into WOLFSSL_CTX */ + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + CTX_SERVER_KEY, + CTX_SERVER_KEY_SIZE, + CTX_SERVER_KEY_TYPE); + + if (ret == SSL_SUCCESS) { + ESP_LOGI(TAG, "Loaded PrivateKey_buffer server_sm2_priv\n"); + } + else { + ESP_LOGE(TAG, "ERROR: failed to load " + "PrivateKey_buffer server_sm2_priv\n"); + } + ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - uxTaskGetStackHighWaterMark(NULL)); + /* -A load authority */ + ret = wolfSSL_CTX_load_verify_buffer(ctx, + client_sm2, + sizeof_client_sm2, + WOLFSSL_FILETYPE_PEM); + if (ret == SSL_SUCCESS) { + ESP_LOGI(TAG, "Success: load verify buffer\n"); + } + else { + ESP_LOGE(TAG, "ERROR: failed to load verify buffer\n"); + } + ESP_LOGI(TAG, "Finish SM2\n"); +#else WOLFSSL_MSG("Loading certificate..."); /* Load server certificates into WOLFSSL_CTX */ @@ -181,8 +269,11 @@ void tls_smp_server_task() ESP_LOGE(TAG, "ERROR: failed to load privatekey"); } - /* TO DO when using ECDSA, it loads the provisioned certificate and present it.*/ - /* TO DO when using ECDSA, it uses the generated key instead of loading key */ +#endif + + + /* TODO when using ECDSA,it loads the provisioned certificate and present it. + TODO when using ECDSA,it uses the generated key instead of loading key */ /* Initialize the server address struct with zeros */ memset(&servAddr, 0, sizeof(servAddr)); @@ -210,33 +301,50 @@ void tls_smp_server_task() atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free); #endif #endif - + ESP_LOGI(TAG, "accept clients..."); /* Continue to accept clients until shutdown is issued */ while (!shutdown) { - WOLFSSL_MSG("Waiting for a connection..."); - /* Accept client connections */ + ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - uxTaskGetStackHighWaterMark(NULL)); + WOLFSSL_MSG("Waiting for a connection..."); + wifi_show_ip(); + + /* Accept client socket connections */ if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) { ESP_LOGE(TAG, "ERROR: failed to accept the connection"); } /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { - ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object"); + ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object"); } + + /* show what cipher connected for this WOLFSSL* object */ + ShowCiphers(ssl); + /* Attach wolfSSL to the socket */ wolfSSL_set_fd(ssl, connd); /* Establish TLS connection */ ret = wolfSSL_accept(ssl); - if (ret != SSL_SUCCESS) { - ESP_LOGE(TAG, "wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret)); + if (ret == SSL_SUCCESS) { + ShowCiphers(ssl); + } + else { + ESP_LOGE(TAG, "wolfSSL_accept error %d", + wolfSSL_get_error(ssl, ret)); } WOLFSSL_MSG("Client connected successfully"); + ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - uxTaskGetStackHighWaterMark(NULL)); + /* Read the client data into our buff array */ memset(buff, 0, sizeof(buff)); if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { ESP_LOGE(TAG, "ERROR: failed to read"); } /* Print to stdout any data the client sends */ + ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - uxTaskGetStackHighWaterMark(NULL)); WOLFSSL_MSG("Client sends:"); WOLFSSL_MSG(buff); /* Check for server shutdown command */ @@ -257,11 +365,54 @@ void tls_smp_server_task() close(connd); /* Close the connection to the client */ } /* Cleanup and return */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ close(sockfd); /* Close the socket listening for clients */ vTaskDelete(NULL); - return; /* Return reporting a success */ + return TLS_SMP_SERVER_TASK_RET; +} + +#if defined(SINGLE_THREADED) + /* we don't initialize a thread */ +#else +/* create task */ +WOLFSSL_ESP_TASK tls_smp_server_init(void* args) +{ +#if defined(SINGLE_THREADED) + #define TLS_SMP_CLIENT_TASK_RET ret +#else + #define TLS_SMP_CLIENT_TASK_RET +#endif + int thisPort = 0; + int ret_i = 0; /* interim return result */ + if (thisPort == 0) { + thisPort = DEFAULT_PORT; + } + +#if ESP_IDF_VERSION_MAJOR >= 4 + TaskHandle_t _handle; +#else + xTaskHandle _handle; +#endif + /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */ + ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d", + TLS_SMP_SERVER_TASK_WORDS); + ret_i = xTaskCreate(tls_smp_server_task, + TLS_SMP_SERVER_TASK_NAME, + TLS_SMP_SERVER_TASK_WORDS, /* not bytes! */ + (void*)&thisPort, + TLS_SMP_SERVER_TASK_PRIORITY, + &_handle); + + if (ret_i != pdPASS) { + ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME); + } + + /* vTaskStartScheduler(); // called automatically in ESP-IDF */ + return TLS_SMP_CLIENT_TASK_RET; } +#endif + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c new file mode 100644 index 0000000000..5149d2e609 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -0,0 +1,333 @@ +/* time_helper.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* common Espressif time_helper v5.6.3.002 */ +#include "esp_idf_version.h" +#include "sdkconfig.h" +#include "time_helper.h" + +#include + +#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) + #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR >= 1) + #define HAS_ESP_NETIF_SNTP 1 + #include + #include + #else + #include + #include + #endif +#else + /* TODO Consider pre IDF v5? */ +#endif + +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 + * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + */ +const static char* TAG = "time_helper"; + +/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +#ifndef TIME_ZONE +/* + * PST represents Pacific Standard Time. + * +8 specifies the offset from UTC (Coordinated Universal Time), indicating + * that Pacific Time is UTC-8 during standard time. + * PDT represents Pacific Daylight Time. + * M3.2.0 indicates that Daylight Saving Time (DST) starts on the + * second (2) Sunday (0) of March (3). + * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11) + */ + #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" +#endif /* not defined: TIME_ZONE, so we are setting our own */ + +#define NTP_RETRY_COUNT 10 + +/* NELEMS(x) number of elements + * To determine the number of elements in the array, we can divide the total + * size of the array by the size of the array element. + * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c + **/ +#define NELEMS(x) ( (int)(sizeof(x) / sizeof((x)[0])) ) + +/* See also CONFIG_LWIP_SNTP_MAX_SERVERS in sdkconfig */ +#define NTP_SERVER_LIST ( (char*[]) { \ + "pool.ntp.org", \ + "time.nist.gov", \ + "utcnist.colorado.edu" \ + } \ + ) +/* #define NTP_SERVER_COUNT using NELEMS: + * + * (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0])) + */ +#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST) + +#ifndef CONFIG_LWIP_SNTP_MAX_SERVERS + /* We should find max value in sdkconfig, if not set it to our count:*/ + #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT +#endif + +char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; + +/* our NTP server list is global info */ +extern char* ntpServerList[NTP_SERVER_COUNT]; + +/* Show the current date and time */ +int esp_show_current_datetime() +{ + time_t now; + char strftime_buf[64]; + struct tm timeinfo; + + time(&now); + setenv("TZ", TIME_ZONE, 1); + tzset(); + + localtime_r(&now, &timeinfo); + strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); + ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); + return 0; +} + +/* the worst-case scenario is a hard-coded date/time */ +int set_fixed_default_time(void) +{ + /* ideally, we'd like to set time from network, + * but let's set a default time, just in case */ + struct tm timeinfo = { + .tm_year = 2023 - 1900, + .tm_mon = 10, + .tm_mday = 02, + .tm_hour = 13, + .tm_min = 01, + .tm_sec = 05 + }; + struct timeval now; + time_t interim_time; + int ret = -1; + + /* set interim static time */ + interim_time = mktime(&timeinfo); + + ESP_LOGI(TAG, "Adjusting time from fixed value"); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + + return ret; +} + +/* set_time_from_string(s) + * + * returns 0 = success if able to set the time from the provided string + * error for any other value, typically -1 */ +int set_time_from_string(char* time_buffer) +{ + /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */ + const char *format = "%3s %3s %d %d:%d:%d %d %s"; + struct tm this_timeinfo; + struct timeval now; + time_t interim_time; + char offset[6]; /* expecting trailing single quote, not used */ + char day_str[4]; + char month_str[4]; + int day, year, hour, minute, second; + int quote_offset = 0; + int ret = 0; + + /* we are expecting the string to be encapsulated in single quotes */ + if (*time_buffer == 0x27) { + quote_offset = 1; + } + + ret = sscanf(time_buffer + quote_offset, + format, + day_str, month_str, + &day, &hour, &minute, &second, &year, &offset); + + if (ret == 8) { + /* we found a match for all componets */ + + const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; + + for (int i = 0; i < 12; i++) { + if (strcmp(month_str, months[i]) == 0) { + this_timeinfo.tm_mon = i; + break; + } + } + + this_timeinfo.tm_mday = day; + this_timeinfo.tm_hour = hour; + this_timeinfo.tm_min = minute; + this_timeinfo.tm_sec = second; + this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */ + + interim_time = mktime(&this_timeinfo); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "Time updated to %s", time_buffer); + } + else { + ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer); + ESP_LOGI(TAG, "Trying fixed date that was hard-coded."); + set_fixed_default_time(); + ret = -1; + } + return ret; +} + +/* set time; returns 0 if succecssfully configured with NTP */ +int set_time(void) +{ +#ifndef NTP_SERVER_COUNT + ESP_LOGW(TAG, "Warning: no sntp server names defined. " + "Setting to empty list"); + #define NTP_SERVER_COUNT 0 + #warning "NTP not properly configured" +#endif /* not defined: NTP_SERVER_COUNT */ + +#ifdef HAS_ESP_NETIF_SNTP + #if CONFIG_LWIP_SNTP_MAX_SERVERS > 1 + esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG_MULTIPLE( + NTP_SERVER_COUNT, + ESP_SNTP_SERVER_LIST(ntpServerList[0]) + ); + #else + esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG(ntpServerList[0]); + #endif /* CONFIG_LWIP_SNTP_MAX_SERVERS > 1 */ +#endif /* HAS_ESP_NETIF_SNTP */ + + int ret = 0; + int i = 0; /* counter for time servers */ + + ESP_LOGI(TAG, "Setting the time. Startup time:"); + esp_show_current_datetime(); + +#ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE + /* initialy set a default approximate time from recent git commit */ + ESP_LOGI(TAG, "Found git hash date, attempting to set system date."); + set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE); + esp_show_current_datetime(); + + ret = -4; +#else + /* otherwise set a fixed time that was hard coded */ + set_fixed_default_time(); + ret = -3; +#endif + +#ifdef CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH + config.smooth_sync = true; +#endif + + if (NTP_SERVER_COUNT) { + /* next, let's setup NTP time servers + * + * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * + * WARNING: do not set operating mode while SNTP client is running! + */ + /* TODO Consider esp_sntp_setoperatingmode(SNTP_OPMODE_POLL); */ + sntp_setoperatingmode(SNTP_OPMODE_POLL); + if (NTP_SERVER_COUNT > CONFIG_LWIP_SNTP_MAX_SERVERS) { + ESP_LOGW(TAG, "WARNING: %d NTP Servers defined, but " + "CONFIG_LWIP_SNTP_MAX_SERVERS = %d", + NTP_SERVER_COUNT,CONFIG_LWIP_SNTP_MAX_SERVERS); + } + ESP_LOGI(TAG, "sntp_setservername:"); + for (i = 0; i < CONFIG_LWIP_SNTP_MAX_SERVERS; i++) { + const char* thisServer = ntpServerList[i]; + if (strncmp(thisServer, "\x00", 1) == 0) { + /* just in case we run out of NTP servers */ + break; + } + ESP_LOGI(TAG, "%s", thisServer); + sntp_setservername(i, thisServer); + } + #ifdef HAS_ESP_NETIF_SNTP + ret = esp_netif_sntp_init(&config); + #else + ESP_LOGW(TAG,"Warning: Consider upgrading ESP-IDF to take advantage " + "of updated SNTP libraries"); + #endif + if (ret == ESP_OK) { + ESP_LOGV(TAG, "Successfully called esp_netif_sntp_init"); + } + else { + ESP_LOGE(TAG, "ERROR: esp_netif_sntp_init return = %d", ret); + } + + sntp_init(); + switch (ret) { + case ESP_ERR_INVALID_STATE: + break; + default: + break; + } + ESP_LOGI(TAG, "sntp_init done."); + } + else { + ESP_LOGW(TAG, "No sntp time servers found."); + ret = -1; + } + return ret; +} + +/* wait for NTP to actually set the time */ +int set_time_wait_for_ntp(void) +{ + int ret = 0; +#ifdef HAS_ESP_NETIF_SNTP + int ntp_retry = 0; + const int ntp_retry_count = NTP_RETRY_COUNT; + + ret = esp_netif_sntp_start(); + + ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); +#endif /* HAS_ESP_NETIF_SNTP */ + esp_show_current_datetime(); + +#ifdef HAS_ESP_NETIF_SNTP + while (ret == ESP_ERR_TIMEOUT && (ntp_retry++ < ntp_retry_count)) { + ret = esp_netif_sntp_sync_wait(1000 / portTICK_PERIOD_MS); + ESP_LOGI(TAG, "Waiting for NTP to sync time... (%d/%d)", + ntp_retry, + ntp_retry_count); + esp_show_current_datetime(); + } +#endif /* HAS_ESP_NETIF_SNTP */ + +#ifdef TIME_ZONE + setenv("TZ", TIME_ZONE, 1); + tzset(); +#endif + + if (ret == ESP_OK) { + ESP_LOGI(TAG, "Successfuly set time via NTP servers."); + } + else { + ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " + "result = 0x%0x: %s", + ret, esp_err_to_name(ret)); + } + return ret; +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 8e68e77bda..7aa8560043 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -18,15 +18,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/*ESP specific */ + #include "wifi_connect.h" + #include "freertos/FreeRTOS.h" #include "freertos/task.h" #include "freertos/event_groups.h" -#include "wifi_connect.h" -#include "lwip/sockets.h" -#include "lwip/netdb.h" -#include "lwip/apps/sntp.h" -#include "nvs_flash.h" +#include +#include /* wolfSSL */ #include @@ -36,74 +34,34 @@ #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" #endif -#if ESP_IDF_VERSION_MAJOR >= 4 +#if ESP_IDF_VERSION_MAJOR >= 5 +#elif ESP_IDF_VERSION_MAJOR >= 4 #include "protocol_examples_common.h" #else const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; #endif -/* prefix for logging */ -const static char *TAG = "tls_server"; -/* proto-type definition */ -extern void tls_smp_server_task(); -static void tls_smp_server_init(); - -static void set_time() -{ - /* set dummy wallclock time. */ - struct timeval utctime; - struct timezone tz; - struct strftime_buf; - time_t now; - struct tm timeinfo; - char strftime_buf[64]; - /* please update the time if seeing unknown failure when loading cert. */ - /* this could cause TLS communication failure due to time expiration */ - /* increasing 31536000 seconds is close to spanning 356 days. */ - utctime.tv_sec = 1695513105; /* dummy time: Sat Sep 23 17:05:31 PDT 2023 */ - utctime.tv_usec = 0; - tz.tz_minuteswest = 0; - tz.tz_dsttime = 0; - - settimeofday(&utctime, &tz); - - time(&now); - localtime_r(&now, &timeinfo); - - strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); - ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); - -#if ESP_IDF_VERSION_MAJOR < 4 - /* wait until wifi connect */ - xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, - false, true, portMAX_DELAY); -#endif - /* now we start client tasks. */ - tls_smp_server_init(); -} - -/* create task */ -static void tls_smp_server_init(void) -{ - int ret; -#if ESP_IDF_VERSION_MAJOR >= 4 - TaskHandle_t _handle; +#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) + #if ESP_IDF_VERSION_MAJOR >= 4 + /* likely using examples, see wifi_connect.h */ + #else + /* TODO - still supporting pre V4 ? */ + const static int CONNECTED_BIT = BIT0; + static EventGroupHandle_t wifi_event_group; + #endif + #if (ESP_IDF_VERSION_MAJOR == 5) + #define HAS_WPA3_FEATURES + #else + #undef HAS_WPA3_FEATURES + #endif #else - xTaskHandle _handle; + /* TODO Consider pre IDF v5? */ #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ - ret = xTaskCreate(tls_smp_server_task, - TLS_SMP_SERVER_TASK_NAME, - TLS_SMP_SERVER_TASK_WORDS, - NULL, - TLS_SMP_SERVER_TASK_PRIORITY, - &_handle); - - if (ret != pdPASS) { - ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME); - } -} + +/* breadcrumb prefix for logging */ +const static char *TAG = "wifi_connect"; + #if ESP_IDF_VERSION_MAJOR < 4 /* event handler for wifi events */ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) @@ -114,13 +72,13 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) esp_wifi_connect(); break; case SYSTEM_EVENT_STA_GOT_IP: -#if ESP_IDF_VERSION_MAJOR >= 4 + #if ESP_IDF_VERSION_MAJOR >= 4 ESP_LOGI(TAG, "got ip:" IPSTR "\n", IP2STR(&event->event_info.got_ip.ip_info.ip)); -#else + #else ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); -#endif + #endif /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; @@ -133,97 +91,172 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) } return ESP_OK; } -#endif -/* entry point */ -void app_main(void) -{ - ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); - ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET); - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_STRING = %s", LIBWOLFSSL_VERSION_STRING); - -#if defined(WOLFSSL_MULTI_INSTALL_WARNING) - ESP_LOGI(TAG, ""); - ESP_LOGI(TAG, "WARNING: Multiple wolfSSL installs found."); - ESP_LOGI(TAG, "Check ESP-IDF and local project [components] directory."); - ESP_LOGI(TAG, ""); -#endif +#else -#if defined(LIBWOLFSSL_VERSION_GIT_HASH) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH = %s", LIBWOLFSSL_VERSION_GIT_HASH); +#ifdef CONFIG_ESP_MAXIMUM_RETRY + #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY +#else + #define CONFIG_ESP_MAXIMUM_RETRY 5 #endif -#if defined(LIBWOLFSSL_VERSION_GIT_SHORT_HASH ) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_SHORT_HASH = %s", LIBWOLFSSL_VERSION_GIT_SHORT_HASH); +#if CONFIG_ESP_WIFI_AUTH_OPEN +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_OPEN +#elif CONFIG_ESP_WIFI_AUTH_WEP +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WEP +#elif CONFIG_ESP_WIFI_AUTH_WPA_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA2_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA_WPA2_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_WPA2_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA3_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA3_PSK +#elif CONFIG_ESP_WIFI_AUTH_WPA2_WPA3_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_WPA3_PSK +#elif CONFIG_ESP_WIFI_AUTH_WAPI_PSK +#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WAPI_PSK #endif -#if defined(LIBWOLFSSL_VERSION_GIT_HASH_DATE) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH_DATE = %s", LIBWOLFSSL_VERSION_GIT_HASH_DATE); +#ifndef ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD + #define CONFIG_ESP_WIFI_AUTH_WPA2_PSK 1 + #define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD CONFIG_ESP_WIFI_AUTH_WPA2_PSK #endif +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; - /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) - /* not available for C3 at this time */ -#elif defined(CONFIG_IDF_TARGET_ESP32S3) - ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#else - ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); -#endif +/* The event group allows multiple bits for each event, but we only care about two events: + * - we are connected to the AP with an IP + * - we failed to connect after the maximum amount of retries */ +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 - /* all platforms: stack high water mark check */ - ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - ESP_ERROR_CHECK(nvs_flash_init()); +static int s_retry_num = 0; +ip_event_got_ip_t* event; + + +static void event_handler(void* arg, + esp_event_base_t event_base, + int32_t event_id, + void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } + else if (event_base == WIFI_EVENT && + event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } + else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG, "connect to the AP fail"); + } + else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + event = (ip_event_got_ip_t*) event_data; + wifi_show_ip(); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} + +int wifi_init_sta(void) +{ + int ret = 0; + s_wifi_event_group = xEventGroupCreate(); + + ESP_ERROR_CHECK(esp_netif_init()); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + esp_netif_create_default_wifi_sta(); - ESP_LOGI(TAG, "Initialize wifi"); - /* TCP/IP adapter initialization */ -#if (ESP_IDF_VERSION_MAJOR == 4 && ESP_IDF_VERSION_MINOR >= 1) || \ - (ESP_IDF_VERSION_MAJOR >= 5) - esp_netif_init(); -#else - tcpip_adapter_init(); -#endif - /* */ -#if ESP_IDF_VERSION_MAJOR >= 4 - ESP_ERROR_CHECK(esp_event_loop_create_default()); - /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. - * Read "Establishing Wi-Fi or Ethernet Connection" section in - * examples/protocols/README.md for more information about this function. - */ - ESP_ERROR_CHECK(example_connect()); -#else - wifi_event_group = xEventGroupCreate(); - ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL)); wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + esp_event_handler_instance_t instance_any_id; + esp_event_handler_instance_t instance_got_ip; + ESP_ERROR_CHECK(esp_event_handler_instance_register(WIFI_EVENT, + ESP_EVENT_ANY_ID, + &event_handler, + NULL, + &instance_any_id)); + ESP_ERROR_CHECK(esp_event_handler_instance_register(IP_EVENT, + IP_EVENT_STA_GOT_IP, + &event_handler, + NULL, + &instance_got_ip)); + wifi_config_t wifi_config = { .sta = { - .ssid = TLS_SMP_WIFI_SSID, - .password = TLS_SMP_WIFI_PASS, + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS, + /* Authmode threshold resets to WPA2 as default if password matches + * WPA2 standards (pasword len => 8). If you want to connect the + * device to deprecated WEP/WPA networks, Please set the threshold + * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with + * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK + * standards. */ + .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD, + #ifdef HAS_WPA3_FEATURES + .sae_pwe_h2e = WPA3_SAE_PWE_BOTH, + #endif }, }; - /* WiFi station mode */ ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); - /* Wifi Set the configuration of the ESP32 STA or AP */ - ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); - /* Start Wifi */ + ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); ESP_ERROR_CHECK(esp_wifi_start() ); ESP_LOGI(TAG, "wifi_init_sta finished."); - ESP_LOGI(TAG, "connect to ap SSID:%s password:%s", - TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS); + + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) + * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT). + * The bits are set by event_handler() (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + /* xEventGroupWaitBits() returns the bits before the call returned, + * hence we can test which event actually happened. */ +#if defined(SHOW_SSID_AND_PASSWORD) + ESP_LOGW(TAG, "Undefine SHOW_SSID_AND_PASSWORD to not show SSID/password"); + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s password:%s", + EXAMPLE_ESP_WIFI_SSID, + EXAMPLE_ESP_WIFI_PASS); + } + else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, + EXAMPLE_ESP_WIFI_PASS); + } + else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } +#else + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "Connected to AP"); + } + else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to AP"); + ret = -1; + } + else { + ESP_LOGE(TAG, "AP UNEXPECTED EVENT"); + ret = -2; + } #endif - ESP_LOGI(TAG, "Set dummy time..."); - set_time(); + return ret; +} + +int wifi_show_ip(void) +{ + /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */ + return 0; } +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv new file mode 100644 index 0000000000..0b2fcd1a9f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv @@ -0,0 +1,31 @@ +# to view: idf.py partition-table +# +# ESP-IDF Partition Table +# Name, Type, SubType, Offset, Size, Flags +nvs, data, nvs, 0x9000, 24K, +phy_init,data, phy, 0xf000, 4K, +factory, app, factory, 0x10000, 1500K, + + +# For other settings, see: +# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables +# +# Here is the summary printed for the "Single factory app, no OTA" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x6000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# +# +# Here is the summary printed for the "Factory app, two OTA definitions" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x4000, +# otadata, data, ota, 0xd000, 0x2000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# ota_0, app, ota_0, 0x110000, 1M, +# ota_1, app, ota_1, 0x210000, 1M, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt index 914efa6cbd..0dadfac600 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt @@ -1,12 +1,79 @@ +# wolfSSL Espressif Example Project CMakeLists.txt +# v1.0 +# # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.16) + +# The wolfSSL CMake file should be able to find the source code. +# Otherwise, assign an environment variable or set it here: +# +# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") +# +# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find +# USE_MY_PRIVATE_CONFIG path for my_private_config.h +# +# Expected path varies: +# +# WSL: /mnt/c/workspace +# Linux: ~/workspace +# Windows: C:\workspace +# +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) set(COMPONENTS main wolfssl + # cryptoauthlib ) # set components project(wolfssl_test) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md index c06aa79f88..993d56fcc6 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md @@ -1,6 +1,27 @@ # wolfSSL Crypt Test Example -The Example contains of wolfSSL test program. +This is the ESP32 Version of the [wolfSSL wolfcrypt test application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). + + + +## ESP Registry + +The easiest way to get started with wolfSSL is by using the +[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples. + +``` +. ~/esp/esp-idf/export.sh +idf.py create-project-from-example "wolfssl/wolfssl^5.6.0-stable:wolfssl_test" +cd wolfssl_benchmark +idf.py -b 115200 flash monitor +``` + +## VisualGDB + +Open the VisualGDB Visual Studio Project file in the [VisualGDB directory]() and click the "Start" button. +No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`. + +## ESP-IDF Commandline 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> @@ -20,9 +41,10 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor Example build on WSL, assuming `git clone` from `c:\workspace`: ``` -# Optionally install wolfSSL component -# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF -./setup.sh +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh # switch to test example cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test @@ -49,7 +71,7 @@ compatible across the widest ranges of targets. Contact wolfSSL at support@wolfs for help in optimizing for your particular application, or see the [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html). -Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 921600 monitor`: +Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 115200 monitor`: ``` ets Jun 8 2016 00:22:57 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt index f752fa666b..e82e19b600 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt @@ -19,7 +19,7 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.009 for FIND_WOLFSSL_DIRECTORY +# Version 5.6.0.011 for detect test/benchmark # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # @@ -50,9 +50,9 @@ message(STATUS "THIS_USER = ${THIS_USER}") # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 -# set the root of wolfSSL: +# set the root of wolfSSL in top-level project CMakelists.txt: # set(WOLFSSL_ROOT "C:/some path/with/spaces") -# set(WOLFSSL_ROOT "c:/workspace/wolfssl-gojimmypi") +# set(WOLFSSL_ROOT "c:/workspace/wolfssl-[username]") # set(WOLFSSL_ROOT "/mnt/c/some path/with/spaces") # or use this logic to assign value from Environment Variable WOLFSSL_ROOT, # or assume this is an example 7 subdirectories below: @@ -177,136 +177,30 @@ else() "Try setting WOLFSSL_ROOT environment variable or git clone.") endif() -if( 0 ) - # Check to see if we're already in wolfssl, and only if WOLFSSL_ROOT not specified - if ("${WOLFSSL_ROOT}" STREQUAL "") - # wolfssl examples are 7 directories deep from wolfssl repo root - # 1 2 3 4 5 6 7 - set(THIS_RELATIVE_PATH "../../../../../../..") - get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) - message(STATUS "Searching in path = ${THIS_SEARCH_PATH}") - - if (EXISTS "${THIS_SEARCH_PATH}/wolfcrypt/src") - # we're already in wolfssl examples! - get_filename_component(WOLFSSL_ROOT "${THIS_SEARCH_PATH}" ABSOLUTE) - message(STATUS "Using wolfSSL example with root ${WOLFSSL_ROOT}") - else() - # We're in some other repo such as wolfssh, so we'll search for an - # adjacent-level directory for wolfssl. (8 directories up, then down one) - # - # For example wolfSSL examples: - # C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\components\wolfssl - # - # For example wolfSSH examples: - # C:\workspace\wolfssh-gojimmypi\ide\Espressif\ESP-IDF\examples\wolfssh_benchmark\components\wolfssl - # - # 1 2 3 4 5 6 7 8 - set(THIS_RELATIVE_PATH "../../../../../../../..") - get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) - message(STATUS "Searching next in path = ${THIS_SEARCH_PATH}") - endif() - endif() - - # search other possible locations - if ("${WOLFSSL_ROOT}" STREQUAL "") - # there's not a hard-coded WOLFSSL_ROOT value above, so let's see if we can find it. - if( "$ENV{WOLFSSL_ROOT}" STREQUAL "" ) - message(STATUS "Environment Variable WOLFSSL_ROOT not set. Will search common locations.") - - message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") - get_filename_component(THIS_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) - message(STATUS "THIS_DIR = ${THIS_DIR}") - - # find the user name to search for possible "wolfssl-username" - message(STATUS "USERNAME = $ENV{USERNAME}") - if( "$ENV{USER}" STREQUAL "" ) # the bash user - if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user - message(STATUS "could not find USER or USERNAME") - else() - # the bash user is not blank, so we'll use it. - set(THIS_USER "$ENV{USERNAME}") - endif() - else() - # the bash user is not blank, so we'll use it. - set(THIS_USER "$ENV{USER}") - endif() - message(STATUS "THIS_USER = ${THIS_USER}") - - # This same makefile is used for both the wolfssl component, and other - # components that may depend on wolfssl, such as wolfssh. Therefore - # we need to determine if this makefile is in the wolfssl repo, or - # some other repo. - - if( "{THIS_USER}" STREQUAL "" ) - # This is highly unusual to not find a user name. - # In this case, we'll just search for a "wolfssl" directory: - message(STATUS "No username found!") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) - else() - # We found an environment USER name! - # The first place to look for wolfssl will be in a user-clone called "wolfssl-[username]" - message(STATUS "Using [THIS_USER = ${THIS_USER}] to see if there's a [relative path]/wolfssl-${THIS_USER} directory.") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl-${THIS_USER}" ABSOLUTE) - - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "Found wolfssl in user-suffix ${WOLFSSL_ROOT}") - else() - # If there's not a user-clone called "wolfssl-[username]", - # perhaps there's simply a git clone called "wolfssl"? - message(STATUS "Did not find wolfssl-${THIS_USER}; continuing search...") - get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) - - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "Found wolfssl in standard ${WOLFSSL_ROOT}") - else() - # Things are looking pretty bleak. We'll likely not be able to compile. - message(STATUS "Did not find wolfssl in ${WOLFSSL_ROOT}") - endif() - endif() - endif() + set(INCLUDE_PATH ${WOLFSSL_ROOT}) - else() - # there's an environment variable, so use it. - set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( EXISTS "${WOLFSSL_ROOT}" ) - get_filename_component(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") - else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() - # end of search for wolfssl component root - else() - # There's already a value assigned; we won't search for anything else. - message(STATUS "Found user-specified WOLFSSL_ROOT value.") - endif() # WOLFSSL_ROOT user defined - - # After all the logic above, does our WOLFSSL_ROOT actually exist? - if( EXISTS "${WOLFSSL_ROOT}" ) - message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}") - else() - # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}. Try setting environment variable or git clone.") + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") endif() -endif() - - - - set(INCLUDE_PATH ${WOLFSSL_ROOT}) + if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/benchmark\"" # the benchmark application - "\"${WOLFSSL_ROOT}/wolfcrypt/test\"" # the test application - ) # COMPONENT_SRCDIRS + "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" + ) # COMPONENT_SRCDIRS + message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -394,10 +288,10 @@ endif() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) message(STATUS "Using existing wolfSSL user_settings.h in " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") else() message(STATUS "Installing wolfSSL user_settings.h to " - "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/") endif() @@ -405,7 +299,12 @@ endif() # next check if there's a [root]/include/config.h if( EXISTS "${WOLFSSL_ROOT}/include/config.h" ) - message(FATAL_ERROR "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h (please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h") + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") + message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h" ) + message(STATUS " Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h" ) + message(STATUS "******************************************************************************") + message(STATUS "******************************************************************************") else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" ) @@ -488,6 +387,14 @@ endif() "\"${WOLFSSL_ROOT}/src/x509_str.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" "\"${EXCLUDE_ASM}\"" ) @@ -532,6 +439,7 @@ endif() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + endif() # CMAKE_BUILD_EARLY_EXPANSION diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index 2ac4ac9ecd..9aca493ef4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -19,23 +19,21 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#undef WOLFSSL_ESPIDF -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESP8266 +/* This user_settings.h is for Espressif ESP-IDF */ +#include /* The Espressif sdkconfig will have chipset info. ** ** Possible values: ** ** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 ** CONFIG_IDF_TARGET_ESP32S3 ** CONFIG_IDF_TARGET_ESP32C3 ** CONFIG_IDF_TARGET_ESP32C6 */ -#include +#undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF /* @@ -45,10 +43,22 @@ * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP8266 +#undef WOLFSSL_ESP32 #define WOLFSSL_ESP32 -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* optionally turn off SHA512/224 SHA512/256 */ +/* #define WOLFSSL_NOSHA512_224 */ +/* #define WOLFSSL_NOSHA512_256 */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* When you don't want to use the old SHA */ +/* #define NO_SHA */ +/* #define NO_OLD_TLS */ #define BENCH_EMBEDDED #define USE_CERT_BUFFERS_2048 @@ -61,22 +71,40 @@ #define HAVE_AEAD #define HAVE_SUPPORTED_CURVES -/* when you want to use SINGLE THREAD */ -/* #define SINGLE_THREADED */ +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + #define NO_FILESYSTEM +#define NO_OLD_TLS + #define HAVE_AESGCM + +#define WOLFSSL_RIPEMD +/* when you want to use SHA224 */ +#define WOLFSSL_SHA224 + /* when you want to use SHA384 */ -/* #define WOLFSSL_SHA384 */ +#define WOLFSSL_SHA384 + +/* when you want to use SHA512 */ #define WOLFSSL_SHA512 + +/* when you want to use SHA3 */ +#define WOLFSSL_SHA3 + +#define HAVE_ED25519 /* ED25519 requires SHA512 */ + #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 + #define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ +#define HAVE_PKCS7 + #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF @@ -97,21 +125,29 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ +/* rsa primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #define EPS_RSA_EXPT_XBTIS 36 - /* X and Y of X * Y mod P greater than */ - #define ESP_RSA_MULM_BITS 2000 + + #if defined(CONFIG_IDF_TARGET_ESP32) + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + + #endif #endif -/* debug options */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -/* #define WOLFSSL_ATECC508A_DEBUG */ +#define RSA_LOW_MEM + +/* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ /* if it cannot adjust time in the device, */ @@ -123,46 +159,250 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define HASH_SIZE_LIMIT /* for test.c */ + +/* USE_FAST_MATH is default */ +#define USE_FAST_MATH + +/***** Use SP_MATH *****/ +/* #undef USE_FAST_MATH */ +/* #define SP_MATH */ +/* #define WOLFSSL_SP_MATH_ALL */ + +/***** Use Integer Heap Math *****/ +/* #undef USE_FAST_MATH */ +/* #define USE_INTEGER_HEAP_MATH */ + + +#define WOLFSSL_SMALL_STACK + + +#define HAVE_VERSION_EXTENDED_INFO +/* #define HAVE_WC_INTROSPECTION */ + +#define HAVE_SESSION_TICKET + +/* #define HAVE_HASHDRBG */ + +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_EXT +#define WOLFSSL_SYS_CA_CERTS + + +#define WOLFSSL_CERT_TEXT + +#define WOLFSSL_ASN_TEMPLATE + +/* +#undef WOLFSSL_KEY_GEN +#undef WOLFSSL_CERT_REQ +#undef WOLFSSL_CERT_GEN +#undef WOLFSSL_CERT_EXT +#undef WOLFSSL_SYS_CA_CERTS +*/ + +/* +--enable-keygen +--enable-certgen +--enable-certreq +--enable-certext +--enable-asn-template +*/ + +/* Default is HW enabled unless turned off. +** Uncomment these lines to force SW instead of HW acceleration */ + #if defined(CONFIG_IDF_TARGET_ESP32) - /* when you want not to use HW acceleration on ESP32 (below for S3, etc */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ + + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ + /***** END CONFIG_IDF_TARGET_ESP32 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S2) - /* ESP32-S2 disabled by default; not implemented */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S3) - /* when you want not to use HW acceleration on ESP32-S3 */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32C3) - /* ESP32-C3 disabled by default, not implemented */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32C6) - /* ESP32-C6 disabled by default, not implemented */ + /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO: Revisit ESP8266 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI -#elif defined(CONFIG_IDF_TARGET_ESP32H2) - /* ESP32-H2 disabled by default, not implemented */ + /***** END CONFIG_IDF_TARGET_ESP266 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* There's no Hardware Acceleration available on ESP8684 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP8684 *****/ + #else - /* anything else unknown will have HW disabled by default */ + /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif /* CONFIG_IDF_TARGET Check */ + +/* Debug options: + +#define ESP_VERIFY_MEMBLOCK +#define DEBUG_WOLFSSL +#define DEBUG_WOLFSSL_VERBOSE +#define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_ESP32_CRYPT_DEBUG +#define NO_RECOVER_SOFTWARE_CALC +#define WOLFSSL_TEST_STRAY 1 +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +#define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define ESP_DISABLE_HW_TASK_LOCK +*/ + +#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +#define WOLFSSL_HW_METRICS + +/* #define HASH_SIZE_LIMIT */ /* for test.c */ + +/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ + +/* Optionally include alternate HW test library: alt_hw_test.h */ +/* When enabling, the ./components/wolfssl/CMakeLists.txt file + * will need the name of the library in the idf_component_register + * for the PRIV_REQUIRES list. */ +/* #define INCLUDE_ALT_HW_TEST */ + +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number ESP32 HW Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number ESP32 HW Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number ESP32 HW Modular Multiplication +** [Z = X * Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + + +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + +/* when turning on ECC508 / ECC608 support +#define WOLFSSL_ESPWROOM32SE +#define HAVE_PK_CALLBACKS +#define WOLFSSL_ATECC508A +#define ATCA_WOLFSSL +*/ + +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #include + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_CERT server_sm2 + #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_KEY server_sm2_priv + #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 +#else + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_256 + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt index 5c9452238d..8787e3b883 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt @@ -1,4 +1,3 @@ - # # wolfssl crypt test # @@ -23,7 +22,9 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") endif() -register_component() +idf_component_register(SRCS main.c + INCLUDE_DIRS "." + "./include") # # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h new file mode 100644 index 0000000000..94c3b5eba6 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h @@ -0,0 +1,24 @@ +/* template main.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _MAIN_H_ +#define _MAIN_H_ + +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h new file mode 100644 index 0000000000..37b770415a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _TIME_HELPER_H + +#ifdef __cplusplus +extern "C" { +#endif + +int set_time(void); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* #ifndef _TIME_HELPER_H */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c index bcf220d8e2..225e4994f3 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c @@ -27,11 +27,14 @@ #include #include #include +#include + #ifndef WOLFSSL_ESPIDF #warning "problem with wolfSSL user settings. Check components/wolfssl/include" #endif #include +#include /* ** the wolfssl component can be installed in either: @@ -59,7 +62,6 @@ /* see wolfssl/wolfcrypt/test/test.h */ extern void wolf_crypt_task(); - static const char* const TAG = "wolfssl_test"; #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ @@ -123,65 +125,80 @@ void my_atmel_free(int slotId) #endif /* CUSTOM_SLOT_ALLOCATION */ #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */ - /* entry point */ void app_main(void) { - int rc = 0; + int stack_start = 0; + esp_err_t ret = 0; + ESP_LOGI(TAG, "------------------ wolfSSL Test Example ----------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); - - ESP_LOGI(TAG, "CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET); - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_STRING = %s", LIBWOLFSSL_VERSION_STRING); - -#if defined(LIBWOLFSSL_VERSION_GIT_HASH) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH = %s", LIBWOLFSSL_VERSION_GIT_HASH); +#ifdef ESP_TASK_MAIN_STACK + ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK); #endif - -#if defined(LIBWOLFSSL_VERSION_GIT_SHORT_HASH ) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_SHORT_HASH = %s", LIBWOLFSSL_VERSION_GIT_SHORT_HASH); +#ifdef TASK_EXTRA_STACK_SIZE + ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); #endif - -#if defined(LIBWOLFSSL_VERSION_GIT_HASH_DATE) - ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH_DATE = %s", LIBWOLFSSL_VERSION_GIT_HASH_DATE); +#ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", + CONFIG_ESP_MAIN_TASK_STACK_SIZE, + (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); + + /* Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in bytes not words, unlike + * vanilla FreeRTOS) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + */ + stack_start = uxTaskGetStackHighWaterMark(NULL); + ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); #endif +#ifdef HAVE_VERSION_EXTENDED_INFO + esp_ShowExtendedSystemInfo(); +#endif /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) - /* not available for C3 at this time */ -#elif defined(CONFIG_IDF_TARGET_ESP32C6) - /* not available for C6 at this time */ +#if defined(CONFIG_IDF_TARGET_ESP32) + ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz", + CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ + ); + ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz", + CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ + ); + ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); #elif defined(CONFIG_IDF_TARGET_ESP32S3) ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ ); ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); #else - ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz", - CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ - ); - ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); + /* not available for other platformas at this time */ #endif /* all platforms: stack high water mark check */ ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - /* check to see if we are using hardware encryption */ + /* check to see if we are using hardware encryption + * TODO: move this to esp_util.c */ #if defined(NO_ESP32_CRYPT) ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED."); #else #if defined(CONFIG_IDF_TARGET_ESP32C3) - #error "ESP32_CRYPT not yet supported on ESP32-C3" + ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C3."); + #elif defined(CONFIG_IDF_TARGET_ESP32S2) - #error "ESP32_CRYPT not yet supported on ESP32-S2" + ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S2."); + #elif defined(CONFIG_IDF_TARGET_ESP32S3) - /* #error "ESP32_CRYPT not yet supported on ESP32-S3" */ - ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S3."); + ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S3."); + #else ESP_LOGI(TAG, "ESP32_CRYPT is enabled."); #endif @@ -191,7 +208,7 @@ void app_main(void) set_time(); #endif -/* when using atecc608a on esp32-wroom-32se */ +/* when using atecc608a on esp32-WROOM-32se */ #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ && defined(WOLFSSL_ATECC508A) #if defined(CUSTOM_SLOT_ALLOCATION) @@ -211,24 +228,43 @@ void app_main(void) /* Although wolfCrypt_Init() may be explicitly called above, ** Note it is still always called in wolf_test_task. */ - rc = wolf_test_task(); + int loops = 0; + do { + /* Remove _DISABLED upon #6990 Merge: */ + #if defined(WOLFSSL_HW_METRICS_DISABLED) + esp_hw_show_metrics(); + #endif + ret = wolf_test_task(); + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "loops = %d", loops); + + loops++; + } + while (ret == 0); + ESP_LOGI(TAG, "loops = %d", loops); + /* note wolfCrypt_Cleanup() should always be called when finished. ** This is called at the end of wolf_test_task(); */ - if (rc == 0) { - ESP_LOGI(TAG, "wolf_test_task complete success result code = %d", rc); + if (ret == 0) { + ESP_LOGI(TAG, "wolf_test_task complete success result code = %d", ret); } else { - ESP_LOGE(TAG, "wolf_test_task FAIL result code = %d", rc); + ESP_LOGE(TAG, "wolf_test_task FAIL result code = %d", ret); /* see wolfssl/wolfcrypt/error-crypt.h */ } +#if defined(DEBUG_WOLFSSL) && !defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI) + esp_hw_show_mp_metrics(); +#endif + + /* after the test, we'll just wait */ #ifdef INCLUDE_uxTaskGetStackHighWaterMark ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - (uxTaskGetStackHighWaterMark(NULL) / 4)); + - (uxTaskGetStackHighWaterMark(NULL))); #endif ESP_LOGI(TAG, "\n\nDone!\n\n" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c index c3cccde41a..8b7da74a00 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c @@ -18,6 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include #include diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md index e34220d9ee..f2efc2f3dd 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md @@ -6,6 +6,12 @@ This IDF version does NOT contain a local component and exists only to test wolf The recommended configuration is to have only the CMakeLists.txt in the local project components\wolfssl directory. See the [wolfssl_test](../wolfssl_test/README.md) example. +## VisualGDB + +Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button. + +## ESP-IDF Commandline + 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> @@ -35,7 +41,7 @@ cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test . /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/export.sh # build and flash, in this example to COM20 -idf.py build flash -p /dev/ttyS20 -b 921600 monitor +idf.py build flash -p /dev/ttyS20 -b 115200 monitor ``` ## Example Output @@ -45,7 +51,7 @@ compatible across the widest ranges of targets. Contact wolfSSL at support@wolfs for help in optimizing for your particular application, or see the [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html). -Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 921600 monitor`: +Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 115200 monitor`: ``` ets Jun 8 2016 00:22:57 diff --git a/IDE/Espressif/ESP-IDF/user_settings.h b/IDE/Espressif/ESP-IDF/user_settings.h index 2ac4ac9ecd..801889b6dc 100644 --- a/IDE/Espressif/ESP-IDF/user_settings.h +++ b/IDE/Espressif/ESP-IDF/user_settings.h @@ -83,7 +83,7 @@ #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -102,10 +102,17 @@ /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE /* threshold for performance adjustment for HW primitive use */ + + /* NOTE HW unreliable for small values on older original ESP32!*/ + /* threshold for performance adjustment for HW primitive use */ /* X bits of G^X mod P greater than */ - #define EPS_RSA_EXPT_XBTIS 36 + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + /* X and Y of X * Y mod P greater than */ - #define ESP_RSA_MULM_BITS 2000 + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif /* debug options */ @@ -123,46 +130,130 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 +/* Default is HW enabled unless turned off. +** Uncomment these lines to force SW instead of HW acceleration */ + #if defined(CONFIG_IDF_TARGET_ESP32) - /* when you want not to use HW acceleration on ESP32 (below for S3, etc */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ + /* end CONFIG_IDF_TARGET_ESP32 */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ + /***** END CONFIG_IDF_TARGET_ESP32 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S2) - /* ESP32-S2 disabled by default; not implemented */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32S3) - /* when you want not to use HW acceleration on ESP32-S3 */ - /* #define NO_ESP32_CRYPT */ - /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ - /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ - /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32C3) - /* ESP32-C3 disabled by default, not implemented */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32C6) - /* ESP32-C6 disabled by default, not implemented */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* These are defined automatically in esp32-crypt.h, here for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ + + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32H2) - /* ESP32-H2 disabled by default, not implemented */ + /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ + #else - /* anything else unknown will have HW disabled by default */ + /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif /* CONFIG_IDF_TARGET Check */ + +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + #include + #define CTX_CA_CERT root_sm2 + #define CTX_CA_CERT_SIZE sizeof_root_sm2 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_CERT server_sm2 + #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM + #define CTX_SERVER_KEY server_sm2_priv + #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 +#else + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_256 + #define CTX_CA_CERT ca_cert_der_2048 + #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 + #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_CERT server_cert_der_2048 + #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 + #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 + #define CTX_SERVER_KEY server_key_der_2048 + #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 + #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif + diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index 05fc62d78e..88f325f194 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -6,6 +6,8 @@ # distribution file set will not contain GitHub info # # see: https://github.com/wolfSSL/wolfssl/pull/5955 +# +# Don't list any config.h files here EXTRA_DIST+= IDE/Espressif/ESP-IDF/compileAllExamples.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/dummy_config_h @@ -19,30 +21,44 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h # Template EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include/main.h + EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj # Benchmark EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.h -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk - +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32C3.sln @@ -54,47 +70,91 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_ # TLS Client EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.vgdbproj +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md + +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj # TLS Server + EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/VisualGDB_wolfssl_server.vgdbproj +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md + +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj # wolfSSL Test EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C3.sln From 98e8ee65ddccbf21e59022b79ab09d411edcca3a Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 22 Nov 2023 15:10:09 -0800 Subject: [PATCH 2/3] remove stray Espressif include.am entry --- IDE/Espressif/include.am | 1 - 1 file changed, 1 deletion(-) diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index 88f325f194..662034155e 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -45,7 +45,6 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl From fb77319758da284f990605d2613289241ee52404 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 5 Dec 2023 10:36:05 -0800 Subject: [PATCH 3/3] Espressif examples: polish & misc updates --- .../wolfssl/include/user_settings.h | 48 ++-- .../ESP-IDF/examples/template/main/main.c | 2 +- .../examples/wolfssl_benchmark/CMakeLists.txt | 49 +--- .../wolfssl/include/user_settings.h | 60 ++++- .../examples/wolfssl_benchmark/main/main.c | 3 +- .../wolfssl/include/user_settings.h | 37 ++- .../wolfssl_client/main/Kconfig.projbuild | 12 +- .../examples/wolfssl_client/main/client-tls.c | 4 +- .../wolfssl_client/main/include/client-tls.h | 16 +- .../examples/wolfssl_client/main/main.c | 15 +- .../wolfssl_client/main/wifi_connect.c | 26 ++- .../wolfssl/include/user_settings.h | 29 ++- .../wolfssl_server/main/CMakeLists.txt | 2 +- .../wolfssl_server/main/Kconfig.projbuild | 28 +-- .../wolfssl_server/main/include/server-tls.h | 18 +- .../main/include/wifi_connect.h | 4 +- .../examples/wolfssl_server/main/main.c | 18 +- .../examples/wolfssl_server/main/server-tls.c | 6 +- .../wolfssl_server/main/time_helper.c | 2 +- .../wolfssl_server/main/wifi_connect.c | 25 +- .../wolfssl/include/user_settings.h | 58 ++++- .../ESP-IDF/examples/wolfssl_test/main/main.c | 3 +- .../examples/wolfssl_test/sdkconfig.defaults | 2 + IDE/Espressif/ESP-IDF/user_settings.h | 220 +++++++++++++++--- 24 files changed, 501 insertions(+), 186 deletions(-) diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index 9aca493ef4..819ce60b75 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -92,14 +92,16 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 -#define HAVE_ED25519 /* ED25519 requires SHA512 */ +/* Reminder: ED25519 requires SHA512 */ +#define HAVE_ED25519 #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 - #define OPENSSL_EXTRA +/* Optional OPENSSL compatibility */ +#define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ @@ -111,7 +113,7 @@ #define WOLFSSL_AES_DIRECT #endif -/* when you want to use aes counter mode */ +/* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ @@ -125,7 +127,7 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* rsa primitive specific definition */ +/* RSA primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE @@ -255,8 +257,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -303,15 +331,6 @@ #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP266 *****/ - -#elif defined(CONFIG_IDF_TARGET_ESP8684) - /* There's no Hardware Acceleration available on ESP8684 */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI - /***** END CONFIG_IDF_TARGET_ESP8684 *****/ - #else /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT @@ -327,6 +346,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/main.c b/IDE/Espressif/ESP-IDF/examples/template/main/main.c index 0fdcdc3ee4..5e41a28fd7 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -38,7 +38,7 @@ void app_main(void) esp_ShowExtendedSystemInfo(); #endif -#ifdef WOLFSSL_HW_METRICS_DISABLED /* Remove _DISABLED upon #6990 Merge */ +#if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) esp_hw_show_metrics(); #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index 4cf6a30fd7..b49373e693 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -19,54 +19,9 @@ cmake_minimum_required(VERSION 3.16) # Linux: ~/workspace # Windows: C:\workspace # -if(WIN32) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") - message("Detected Windows") -endif() -if(CMAKE_HOST_UNIX) - message("Detected UNIX") -endif() -if(APPLE) - message("Detected APPLE") -endif() -if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") - message("Detected WSL") -endif() -if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") - message("Detected Linux") -endif() -if(APPLE) - # Windows-specific configuration here - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") - message("Detected Apple") -endif() -# End optional WOLFSSL_CMAKE_SYSTEM_NAME -# Check that there are not conflicting wolfSSL components -# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl -# The local component wolfSSL directory will be in ./components/wolfssl -if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) - # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' - # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) - # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) - # So we'll error out and let the user decide how to proceed: - message(WARNING "\nFound wolfSSL components in\n" - "./managed_components/wolfssl__wolfssl\n" - "and\n" - "./components/wolfssl\n" - "in project directory: \n" - "${CMAKE_HOME_DIRECTORY}") - message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" - "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " - "or rename the idf_component.yml file typically found in ./main/") -else() - message(STATUS "No conflicting wolfSSL components found.") -endif() +# Optionally specify a location for wolfSSL component source code +# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" ) include($ENV{IDF_PATH}/tools/cmake/project.cmake) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index 9aca493ef4..cc9bae6bc6 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -92,14 +92,15 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 -#define HAVE_ED25519 /* ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ +#define HAVE_ED25519 #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 - #define OPENSSL_EXTRA +#define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ @@ -157,9 +158,10 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define ESP_RSA_TIMEOUT_CNT 0x349F00 -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH @@ -168,6 +170,7 @@ /* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ @@ -255,8 +258,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -327,6 +356,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER @@ -335,12 +365,16 @@ #define ESP_DISABLE_HW_TASK_LOCK */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +#define WOLFSSL_ESPIDF_ERROR_PAUSE + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -362,7 +396,6 @@ ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ - #define WOLFSSL_PUBLIC_MP /* used by benchmark */ #define USE_CERT_BUFFERS_2048 @@ -406,3 +439,12 @@ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif + +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c index 89f08508b0..855105e7d2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c @@ -29,7 +29,8 @@ #include #include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h" #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif #include diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 9aca493ef4..de5e247ce3 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -255,8 +255,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -304,14 +330,6 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP266 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP8684) - /* There's no Hardware Acceleration available on ESP8684 */ - #define NO_ESP32_CRYPT - #define NO_WOLFSSL_ESP32_CRYPT_HASH - #define NO_WOLFSSL_ESP32_CRYPT_AES - #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI - /***** END CONFIG_IDF_TARGET_ESP8684 *****/ - #else /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT @@ -327,6 +345,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild index 080abdb74f..83dcd64398 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild @@ -1,9 +1,15 @@ menu "Example Configuration" -config TARGET_HOST +config WOLFSSL_TARGET_HOST string "Target host" - default "127.0.01.1" + default "127.0.0.1" help host address for the example to connect - + +config WOLFSSL_TARGET_PORT + int "Target port" + default 11111 + help + host port for the example to connect + endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 7169a16124..9d5d26dbe8 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -356,7 +356,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) /* Fill in the server address */ servAddr.sin_family = AF_INET; /* using IPv4 */ - servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_port = htons(TLS_SMP_DEFAULT_PORT); /* on DEFAULT_PORT */ if (*ch >= '1' && *ch <= '9') { /* Get the server IPv4 address from the command line call */ @@ -375,7 +375,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) sprintf(buff, "Connecting to server....%s(port:%d)", TLS_SMP_TARGET_HOST, - DEFAULT_PORT); + TLS_SMP_DEFAULT_PORT); WOLFSSL_MSG(buff); printf("%s\n", buff); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h index 4cbfd83d6a..1188ee36e8 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h @@ -23,10 +23,20 @@ #include #include -#include "user_settings.h" +#include "sdkconfig.h" -#define TLS_SMP_TARGET_HOST "192.168.1.125" -#define DEFAULT_PORT 11111 +/* See main/Kconfig.projbuild for default configuration settings */ +#ifdef CONFIG_WOLFSSL_TARGET_HOST + #define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST +#else + #define TLS_SMP_TARGET_HOST "192.168.1.38" +#endif + +#ifdef CONFIG_WOLFSSL_TARGET_PORT + #define TLS_SMP_DEFAULT_PORT CONFIG_WOLFSSL_TARGET_PORT +#else + #define TLS_SMP_DEFAULT_PORT 11111 +#endif #define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" #define TLS_SMP_CLIENT_TASK_WORDS 22240 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c index cbbc995b96..add43ada2f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -31,7 +31,8 @@ #include #include #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif /* this project */ @@ -162,8 +163,18 @@ void app_main(void) ESP_ERROR_CHECK(nvs_flash_init()); #if defined(CONFIG_IDF_TARGET_ESP32H2) - ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. "); + ESP_LOGE(TAG, "There's no WiFi on ESP32-H2."); #else + #ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is myssid."); + ESP_LOGW(TAG, " Do you have a WiFi AP called myssid, or "); + ESP_LOGW(TAG, " did you forget the ESP-IDF configuration?"); + } + #else + #define CONFIG_EXAMPLE_WIFI_SSID "myssid" + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); + #endif ESP_ERROR_CHECK(esp_netif_init()); ESP_ERROR_CHECK(esp_event_loop_create_default()); ESP_ERROR_CHECK(example_connect()); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c index 7aa8560043..b9f9ab7385 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -20,18 +20,20 @@ */ #include "wifi_connect.h" -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/event_groups.h" +#include +#include +#include #include #include /* wolfSSL */ #include -#include +#include "user_settings.h" #include +#include #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif #if ESP_IDF_VERSION_MAJOR >= 5 @@ -166,7 +168,8 @@ static void event_handler(void* arg, int wifi_init_sta(void) { - int ret = 0; + int ret = ESP_OK; + s_wifi_event_group = xEventGroupCreate(); ESP_ERROR_CHECK(esp_netif_init()); @@ -208,6 +211,17 @@ int wifi_init_sta(void) }; ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + +#ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\"."); + ESP_LOGW(TAG, " Do you have a WiFi AP called \"myssid\", "); + ESP_LOGW(TAG, " or did you forget the ESP-IDF configuration?"); + } +#else + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); +#endif + ESP_ERROR_CHECK(esp_wifi_start() ); ESP_LOGI(TAG, "wifi_init_sta finished."); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 9aca493ef4..8a49155d64 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -255,8 +255,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -327,6 +353,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt index c0ad51909b..798cecceb7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt @@ -48,7 +48,7 @@ idf_component_register(SRCS main.c wifi_connect.c time_helper.c server-tls.c - INCLUDE_DIRS "." + INCLUDE_DIRS "." "./include") # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild index 264c808834..64406069d4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild @@ -1,29 +1,9 @@ menu "Example Configuration" -config BENCH_ARGV - string "Arguments for benchmark test" - default "-lng 0" +config WOLFSSL_TARGET_PORT + int "Target port" + default 11111 help - -? Help, print this usage - 0: English, 1: Japanese - -csv Print terminal output in csv format - -base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes) - -no_aad No additional authentication data passed. - -dgst_full Full digest operation performed. - -rsa_sign Measure RSA sign/verify instead of encrypt/decrypt. - - Algorithm to benchmark. Available algorithms include: - cipher aes-cbc aes-gcm chacha20 chacha20-poly1305 - digest md5 poly1305 sha sha2 sha224 sha256 sha384 sha512 sha3 - sha3-224 sha3-256 sha3-384 sha3-512 - mac hmac hmac-md5 hmac-sha hmac-sha224 hmac-sha256 hmac-sha384 - hmac-sha512 - asym rsa rsa-sz dh ecc-kg ecc - other rng - -lng Display benchmark result by specified language. - 0: English, 1: Japanese - Size of block in bytes - - e.g -lng 1 - e.g sha + Host listening port for the example to connect. endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h index d065df3c4e..ea9126fe60 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h @@ -21,17 +21,9 @@ #ifndef _SERVER_TLS_ #define _SERVER_TLS_ -#define DEFAULT_PORT 11111 - -#define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" -#define TLS_SMP_CLIENT_TASK_WORDS 10240 -#define TLS_SMP_CLIENT_TASK_PRIORITY 8 - -#define TLS_SMP_TARGET_HOST "192.168.25.109" - -#include +#include /* includes wolfSSL user-settings.h */ #include -#include "user_settings.h" +#include "sdkconfig.h" #if defined(SINGLE_THREADED) #define WOLFSSL_ESP_TASK int @@ -40,6 +32,12 @@ #define WOLFSSL_ESP_TASK void #endif +#ifdef CONFIG_WOLFSSL_TARGET_PORT + #define TLS_SMP_DEFAULT_PORT CONFIG_WOLFSSL_TARGET_PORT +#else + #define TLS_SMP_DEFAULT_PORT 11111 +#endif + typedef struct { int port; int loops; diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index d5eec7c19b..a045b23ba8 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -27,8 +27,6 @@ /* ESP lwip */ #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY -#define DEFAULT_PORT 11111 - #define TLS_SMP_SERVER_TASK_NAME "tls_sever_example" #define TLS_SMP_SERVER_TASK_WORDS 22240 #define TLS_SMP_SERVER_TASK_PRIORITY 8 @@ -66,7 +64,7 @@ #else #warning "did not detect environment. using ~/my_private_config.h" #include "~/my_private_config.h" - #endif + #endif #else /* diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c index 0c043b2a69..1c0d537e40 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -27,11 +27,11 @@ #include /* wolfSSL */ -#include -#include +#include /* includes wolfSSL user-settings.h */ #include #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif /* this project */ @@ -162,8 +162,18 @@ void app_main(void) ESP_ERROR_CHECK(nvs_flash_init()); #if defined(CONFIG_IDF_TARGET_ESP32H2) - ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. "); + ESP_LOGE(TAG, "There's no WiFi on ESP32-H2."); #else + #ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is myssid."); + ESP_LOGW(TAG, " Do you have a WiFi AP called myssid, or "); + ESP_LOGW(TAG, " did you forget the ESP-IDF configuration?"); + } + #else + #define CONFIG_EXAMPLE_WIFI_SSID "myssid" + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); + #endif ESP_ERROR_CHECK(esp_netif_init()); ESP_ERROR_CHECK(esp_event_loop_create_default()); ESP_ERROR_CHECK(example_connect()); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index 8d6cdd25cd..9df8283d24 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -279,7 +279,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) memset(&servAddr, 0, sizeof(servAddr)); /* Fill in the server address */ servAddr.sin_family = AF_INET; /* using IPv4 */ - servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_port = htons(TLS_SMP_DEFAULT_PORT); /* on port */ servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ /* Bind the server socket to our port */ @@ -372,7 +372,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) vTaskDelete(NULL); - return TLS_SMP_SERVER_TASK_RET; + return TLS_SMP_SERVER_TASK_RET; } #if defined(SINGLE_THREADED) @@ -389,7 +389,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) int thisPort = 0; int ret_i = 0; /* interim return result */ if (thisPort == 0) { - thisPort = DEFAULT_PORT; + thisPort = TLS_SMP_DEFAULT_PORT; } #if ESP_IDF_VERSION_MAJOR >= 4 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c index 5149d2e609..1f16e4be7d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -20,11 +20,11 @@ */ /* common Espressif time_helper v5.6.3.002 */ -#include "esp_idf_version.h" #include "sdkconfig.h" #include "time_helper.h" #include +#include #if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR >= 1) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 7aa8560043..7401c5d7e9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -20,18 +20,19 @@ */ #include "wifi_connect.h" -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/event_groups.h" +#include +#include +#include #include #include /* wolfSSL */ #include -#include #include +#include #ifndef WOLFSSL_ESPIDF - #warning "problem with wolfSSL user_settings. Check components/wolfssl/include" + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" #endif #if ESP_IDF_VERSION_MAJOR >= 5 @@ -166,7 +167,8 @@ static void event_handler(void* arg, int wifi_init_sta(void) { - int ret = 0; + int ret = ESP_OK; + s_wifi_event_group = xEventGroupCreate(); ESP_ERROR_CHECK(esp_netif_init()); @@ -208,6 +210,17 @@ int wifi_init_sta(void) }; ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + +#ifdef CONFIG_EXAMPLE_WIFI_SSID + if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) { + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\"."); + ESP_LOGW(TAG, " Do you have a WiFi AP called \"myssid\", "); + ESP_LOGW(TAG, " or did you forget the ESP-IDF configuration?"); + } +#else + ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined."); +#endif + ESP_ERROR_CHECK(esp_wifi_start() ); ESP_LOGI(TAG, "wifi_init_sta finished."); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index 9aca493ef4..d6eeebbb42 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -92,14 +92,15 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 -#define HAVE_ED25519 /* ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ +#define HAVE_ED25519 #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 - #define OPENSSL_EXTRA +#define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ @@ -159,7 +160,8 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH @@ -168,6 +170,7 @@ /* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ @@ -255,8 +258,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -327,6 +356,7 @@ #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER @@ -335,12 +365,16 @@ #define ESP_DISABLE_HW_TASK_LOCK */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +#define WOLFSSL_ESPIDF_ERROR_PAUSE + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -362,7 +396,6 @@ ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ - #define WOLFSSL_PUBLIC_MP /* used by benchmark */ #define USE_CERT_BUFFERS_2048 @@ -406,3 +439,12 @@ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif + +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c index 225e4994f3..1c21bd93a9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c @@ -230,8 +230,7 @@ void app_main(void) */ int loops = 0; do { - /* Remove _DISABLED upon #6990 Merge: */ - #if defined(WOLFSSL_HW_METRICS_DISABLED) + #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) esp_hw_show_metrics(); #endif ret = wolf_test_task(); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults index ccb7820e7b..17097709d9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults @@ -1,3 +1,5 @@ +# This tag is used to include this file in the ESP Component Registry: + # # Default main stack size # diff --git a/IDE/Espressif/ESP-IDF/user_settings.h b/IDE/Espressif/ESP-IDF/user_settings.h index 801889b6dc..7b0a7ed814 100644 --- a/IDE/Espressif/ESP-IDF/user_settings.h +++ b/IDE/Espressif/ESP-IDF/user_settings.h @@ -19,23 +19,21 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#undef WOLFSSL_ESPIDF -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP32 -#undef WOLFSSL_ESP8266 +/* This user_settings.h is for Espressif ESP-IDF */ +#include /* The Espressif sdkconfig will have chipset info. ** ** Possible values: ** ** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 ** CONFIG_IDF_TARGET_ESP32S3 ** CONFIG_IDF_TARGET_ESP32C3 ** CONFIG_IDF_TARGET_ESP32C6 */ -#include +#undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF /* @@ -45,10 +43,22 @@ * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 */ +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP8266 +#undef WOLFSSL_ESP32 #define WOLFSSL_ESP32 -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* optionally turn off SHA512/224 SHA512/256 */ +/* #define WOLFSSL_NOSHA512_224 */ +/* #define WOLFSSL_NOSHA512_256 */ + +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +/* #define SINGLE_THREADED */ + +/* When you don't want to use the old SHA */ +/* #define NO_SHA */ +/* #define NO_OLD_TLS */ #define BENCH_EMBEDDED #define USE_CERT_BUFFERS_2048 @@ -61,22 +71,41 @@ #define HAVE_AEAD #define HAVE_SUPPORTED_CURVES -/* when you want to use SINGLE THREAD */ -/* #define SINGLE_THREADED */ +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + #define NO_FILESYSTEM +#define NO_OLD_TLS + #define HAVE_AESGCM + +#define WOLFSSL_RIPEMD +/* when you want to use SHA224 */ +#define WOLFSSL_SHA224 + /* when you want to use SHA384 */ -/* #define WOLFSSL_SHA384 */ +#define WOLFSSL_SHA384 + +/* when you want to use SHA512 */ #define WOLFSSL_SHA512 + +/* when you want to use SHA3 */ +#define WOLFSSL_SHA3 + +#define HAVE_ED25519 /* ED25519 requires SHA512 */ + #define HAVE_ECC #define HAVE_CURVE25519 #define CURVE25519_SMALL #define HAVE_ED25519 +/* Optional OPENSSL compatibility * +#define OPENSSL_EXTRA /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ +#define HAVE_PKCS7 + #if defined(HAVE_PKCS7) #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF @@ -101,24 +130,25 @@ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE - /* threshold for performance adjustment for HW primitive use */ - /* NOTE HW unreliable for small values on older original ESP32!*/ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 + #if defined(CONFIG_IDF_TARGET_ESP32) - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif #endif -/* debug options */ -/* #define DEBUG_WOLFSSL */ -/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ -/* #define WOLFSSL_ATECC508A_DEBUG */ +#define RSA_LOW_MEM + +/* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ /* if it cannot adjust time in the device, */ @@ -130,6 +160,58 @@ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 +#define HASH_SIZE_LIMIT /* for test.c */ + +/* USE_FAST_MATH is default */ +#define USE_FAST_MATH + +/***** Use SP_MATH *****/ +/* #undef USE_FAST_MATH */ +/* #define SP_MATH */ +/* #define WOLFSSL_SP_MATH_ALL */ + +/***** Use Integer Heap Math *****/ +/* #undef USE_FAST_MATH */ +/* #define USE_INTEGER_HEAP_MATH */ + + +#define WOLFSSL_SMALL_STACK + + +#define HAVE_VERSION_EXTENDED_INFO +/* #define HAVE_WC_INTROSPECTION */ + +#define HAVE_SESSION_TICKET + +/* #define HAVE_HASHDRBG */ + +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_EXT +#define WOLFSSL_SYS_CA_CERTS + + +#define WOLFSSL_CERT_TEXT + +#define WOLFSSL_ASN_TEMPLATE + +/* +#undef WOLFSSL_KEY_GEN +#undef WOLFSSL_CERT_REQ +#undef WOLFSSL_CERT_GEN +#undef WOLFSSL_CERT_EXT +#undef WOLFSSL_SYS_CA_CERTS +*/ + +/* +--enable-keygen +--enable-certgen +--enable-certreq +--enable-certext +--enable-asn-template +*/ + /* Default is HW enabled unless turned off. ** Uncomment these lines to force SW instead of HW acceleration */ @@ -145,7 +227,7 @@ /* These are defined automatically in esp32-crypt.h, here for clarity: */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ - /* end CONFIG_IDF_TARGET_ESP32 */ + #undef ESP_RSA_MULM_BITS #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ /***** END CONFIG_IDF_TARGET_ESP32 *****/ @@ -174,8 +256,34 @@ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ + /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ + + /* These are defined automatically in esp32-crypt.h, here for clarity */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ + + /* There's no AES or RSA/Math accelerator on the ESP32-C2 + * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD + /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ + +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ @@ -215,6 +323,13 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ +#elif defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO: Revisit ESP8266 */ + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + /***** END CONFIG_IDF_TARGET_ESP266 *****/ #else /* Anything else encountered, disable HW accleration */ #define NO_ESP32_CRYPT @@ -223,6 +338,60 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* Debug options: + +#define ESP_VERIFY_MEMBLOCK +#define DEBUG_WOLFSSL +#define DEBUG_WOLFSSL_VERBOSE +#define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_ESP32_CRYPT_DEBUG +#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG +#define NO_RECOVER_SOFTWARE_CALC +#define WOLFSSL_TEST_STRAY 1 +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +#define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define ESP_DISABLE_HW_TASK_LOCK +*/ + +#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +#define WOLFSSL_HW_METRICS + +/* #define HASH_SIZE_LIMIT */ /* for test.c */ + +/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */ + +/* Optionally include alternate HW test library: alt_hw_test.h */ +/* When enabling, the ./components/wolfssl/CMakeLists.txt file + * will need the name of the library in the idf_component_register + * for the PRIV_REQUIRES list. */ +/* #define INCLUDE_ALT_HW_TEST */ + +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number ESP32 HW Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number ESP32 HW Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number ESP32 HW Modular Multiplication +** [Z = X * Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + + +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + +/* when turning on ECC508 / ECC608 support +#define WOLFSSL_ESPWROOM32SE +#define HAVE_PK_CALLBACKS +#define WOLFSSL_ATECC508A +#define ATCA_WOLFSSL +*/ + /* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm #define WOLFSSL_SM2 #define WOLFSSL_SM3 @@ -256,4 +425,3 @@ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #endif -