From a13f48aea06f1b4ca8dacd2feed683ee53b0033d Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 15 Oct 2024 18:36:28 -0700 Subject: [PATCH] Update Espressif Examples --- IDE/Espressif/ESP-IDF/README.md | 37 +- IDE/Espressif/ESP-IDF/README_32se.md | 2 +- IDE/Espressif/ESP-IDF/examples/README.md | 7 +- .../ESP-IDF/examples/template/CMakeLists.txt | 8 +- .../ESP-IDF/examples/template/README.md | 10 +- .../components/wolfssl/CMakeLists.txt | 28 +- .../template/components/wolfssl/Kconfig | 25 + .../template/components/wolfssl/README.md | 162 +++++ .../template/components/wolfssl/component.mk | 296 ++++++++ .../wolfssl/include/user_settings.h | 61 +- .../examples/template/main/CMakeLists.txt | 2 +- .../examples/template/main/include/main.h | 3 + .../examples/template/sdkconfig.defaults | 126 +++- .../template/sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_benchmark/CMakeLists.txt | 67 +- .../examples/wolfssl_benchmark/README.md | 38 +- .../components/wolfssl/CMakeLists.txt | 395 +++++++++-- .../components/wolfssl/Kconfig | 523 ++++++++++++++ .../components/wolfssl/README.md | 162 +++++ .../components/wolfssl/component.mk | 347 +++++---- .../wolfssl/include/user_settings.h | 669 +++++++++++++----- .../wolfssl_benchmark/main/CMakeLists.txt | 2 + .../wolfssl_benchmark/main/include/main.h | 9 +- .../examples/wolfssl_benchmark/main/main.c | 94 +-- .../partitions_singleapp_large.csv | 62 +- .../wolfssl_benchmark/sdkconfig.defaults | 51 +- .../sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_client/CMakeLists.txt | 28 +- .../ESP-IDF/examples/wolfssl_client/README.md | 6 +- .../components/wolfssl/CMakeLists.txt | 622 ++++++++++++++-- .../wolfssl_client/components/wolfssl/Kconfig | 523 ++++++++++++++ .../components/wolfssl/README.md | 162 +++++ .../components/wolfssl/component.mk | 2 +- .../wolfssl/include/user_settings.h | 619 ++++++++++++++-- .../wolfssl_client/main/CMakeLists.txt | 18 +- .../wolfssl_client/main/Kconfig.projbuild | 81 ++- .../examples/wolfssl_client/main/client-tls.c | 16 +- .../wolfssl_client/main/include/client-tls.h | 4 +- .../wolfssl_client/main/include/main.h | 3 + .../wolfssl_client/main/include/time_helper.h | 4 +- .../main/include/wifi_connect.h | 14 +- .../examples/wolfssl_client/main/main.c | 44 +- .../wolfssl_client/main/time_helper.c | 30 +- .../wolfssl_client/main/wifi_connect.c | 24 +- .../wolfssl_client/sdkconfig.defaults | 58 +- .../wolfssl_client/sdkconfig.defaults.esp32c2 | 7 + .../wolfssl_client/sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_server/CMakeLists.txt | 28 +- .../ESP-IDF/examples/wolfssl_server/README.md | 2 +- .../components/wolfssl/CMakeLists.txt | 624 ++++++++++++++-- .../wolfssl_server/components/wolfssl/Kconfig | 523 ++++++++++++++ .../components/wolfssl/README.md | 162 +++++ .../components/wolfssl/component.mk | 68 +- .../wolfssl/include/user_settings.h | 624 ++++++++++++++-- .../wolfssl_server/main/CMakeLists.txt | 18 +- .../wolfssl_server/main/Kconfig.projbuild | 89 ++- .../examples/wolfssl_server/main/component.mk | 7 +- .../wolfssl_server/main/include/main.h | 2 +- .../wolfssl_server/main/include/time_helper.h | 13 +- .../main/include/wifi_connect.h | 58 +- .../examples/wolfssl_server/main/main.c | 148 ++-- .../examples/wolfssl_server/main/server-tls.c | 45 +- .../wolfssl_server/main/time_helper.c | 166 +++-- .../wolfssl_server/main/wifi_connect.c | 156 +++- .../wolfssl_server/sdkconfig.defaults | 114 ++- .../wolfssl_server/sdkconfig.defaults.esp32c2 | 7 + .../wolfssl_server/sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_test/CMakeLists.txt | 73 +- .../ESP-IDF/examples/wolfssl_test/README.md | 45 +- .../components/wolfssl/CMakeLists.txt | 399 +++++++++-- .../wolfssl_test/components/wolfssl/Kconfig | 523 ++++++++++++++ .../wolfssl_test/components/wolfssl/README.md | 162 +++++ .../components/wolfssl/component.mk | 345 +++++---- .../wolfssl/include/user_settings.h | 646 ++++++++++++----- .../examples/wolfssl_test/main/CMakeLists.txt | 2 + .../examples/wolfssl_test/main/component.mk | 2 +- .../examples/wolfssl_test/main/include/main.h | 5 +- .../ESP-IDF/examples/wolfssl_test/main/main.c | 83 ++- .../examples/wolfssl_test/sdkconfig.defaults | 53 +- .../wolfssl_test/sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_test_idf/README.md | 4 +- .../examples/wolfssl_test_idf/main/main.c | 31 +- .../wolfssl_test_idf/main/time_helper.c | 2 +- IDE/Espressif/ESP-IDF/test/README.md | 2 +- IDE/Espressif/README.md | 19 +- IDE/Espressif/include.am | 92 ++- examples/configs/user_settings_platformio.h | 3 +- wolfcrypt/src/port/Espressif/README.md | 16 +- wolfcrypt/src/port/Espressif/esp32_mp.c | 4 + wolfcrypt/src/port/Espressif/esp32_sha.c | 2 +- .../port/Espressif/esp_crt_bundle/README.md | 2 +- .../Espressif/esp_crt_bundle/esp_crt_bundle.c | 2 +- .../src/port/Espressif/esp_sdk_time_lib.c | 6 +- .../src/port/Espressif/esp_sdk_wifi_lib.c | 8 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 6 +- .../wolfcrypt/port/Espressif/esp_crt_bundle.h | 3 +- wolfssl/wolfcrypt/settings.h | 2 +- 97 files changed, 9475 insertions(+), 1522 deletions(-) create mode 100644 IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk create mode 100644 IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md index cc1a1d661d..01a860fd9d 100644 --- a/IDE/Espressif/ESP-IDF/README.md +++ b/IDE/Espressif/ESP-IDF/README.md @@ -1,11 +1,12 @@ # ESP-IDF Port These Espressif examples have been created and tested with the latest stable release branch of -[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html). +ESP-IDF v5.2, v5.3 and the master branch + The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended. -Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html). +Espressif has [a list of all ESP-IDF versions](Espressifversions.html). -See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html). +See the latest Espressif Migration Guides. ## Examples @@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below. ### File: `sdkconfig.h` The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig` -file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html) +file at [build](Espressif api-guides/build-system.html) time, should be included before any other files. ### File: `user_settings.h` @@ -101,7 +102,7 @@ of your source code, particularly before the `#include git clone -b v5.0.2 --recursive https://github.com/espre - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715 - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777) - WSL 1 Ubuntu 22.04.3 LTS - - ESP-IDF: ESP-IDF v5.1 - - SoC Module : all those supported in ESP-IDF v5.1 + - ESP-IDF: ESP-IDF v5.2 + - SoC Module : all those supported in ESP-IDF v5.2 ## JTAG Debugging Notes @@ -226,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020 reset_config srst_push_pull trst_push_pull ``` + +## Windows long paths + +Check "Long Paths Enabled" in Windows registry. + +Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1. + +The operation requires Administrator privileges. Command: + +```powershell +powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}" +``` diff --git a/IDE/Espressif/ESP-IDF/README_32se.md b/IDE/Espressif/ESP-IDF/README_32se.md index af440a8b5a..438723c6b2 100644 --- a/IDE/Espressif/ESP-IDF/README_32se.md +++ b/IDE/Espressif/ESP-IDF/README_32se.md @@ -10,7 +10,7 @@ Including the following examples: The `user_settings.h` file enables some of the hardened settings. ## Requirements -1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/ +1. ESP-IDF development framework: https://github.com/espressif/esp-idf 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md index d4a0ad696a..a25289432c 100644 --- a/IDE/Espressif/ESP-IDF/examples/README.md +++ b/IDE/Espressif/ESP-IDF/examples/README.md @@ -78,7 +78,7 @@ wolfSSL to be installed. If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux). -The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl) +The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) also installs source code locally, instead of pointing to a source repository. ## VisualGDB @@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058) -See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf). - - - +See also the `ESP-FAQ Handbook`. diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt index 2f3e1630a3..54971360fc 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt @@ -1,12 +1,12 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.2 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) # Optional no watchdog typically used for test & benchmark -# add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) +add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) # The wolfSSL CMake file should be able to find the source code. # Otherwise, assign an environment variable or set it here: @@ -71,6 +71,10 @@ else() message(STATUS "No conflicting wolfSSL components found.") endif() +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) + # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". include($ENV{IDF_PATH}/tools/cmake/project.cmake) diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md index 8d9ebbe49a..9e82e72806 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/README.md +++ b/IDE/Espressif/ESP-IDF/examples/template/README.md @@ -7,7 +7,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ### Prerequisites -It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed. +It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed. ### Files Included @@ -19,7 +19,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp- - The [components/wolfssl/CMakeLists.txt](./components/wolfssl/CMakeLists.txt) typically does not need to be changed. -- Optional [VisualGDB Project](./VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj) for Visual Studio using ESP32 and ESP-IDF v5.1. +- Optional [VisualGDB Project](./VisualGDB/README.md) for Visual Studio using ESP32 and ESP-IDF v5.2. See also [template](../template/VisualGDB/README.md) for other devices. - Edit the project [CMakeLists.txt](./CMakeLists.txt) to optionally point this project's wolfSSL component source code at a different directory: @@ -30,12 +30,12 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") ## Getting Started: -Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html). +Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html). Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory. ``` -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 echo "Run export.sh from ${WRK_IDF_PATH}" . ${WRK_IDF_PATH}/export.sh @@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200 idf.py flash -p /dev/ttyS19 -b 115200 monitor ``` -Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html). +Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html). ## Other Examples: diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt index 8c678fbf3b..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt @@ -28,6 +28,9 @@ cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") # function: IS_ESP_IDF_COMPONENT # output: RESULT = 1 (true) if this component is located in the ESP-IDF components @@ -153,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -404,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -420,6 +428,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support + "${THIS_ESP_TLS}" "${THIS_INCLUDE_TIMER}" "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) @@ -757,6 +766,7 @@ else() REQUIRES "${COMPONENT_REQUIRES}" EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" PRIV_REQUIRES + "${THIS_ESP_TLS}" "${THIS_INCLUDE_TIMER}" "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) @@ -768,7 +778,10 @@ else() endif() # function(WOLFSSL_INIT_CERT_BUNDLE) -if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) if (CMAKE_BUILD_EARLY_EXPANSION) message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") endif() @@ -1001,10 +1014,13 @@ if(WOLFSSL_ROOT) set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") - file(WRITE "tada.txt" "${WOLFSSL_ROOT}\n") # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE if(CONFIG_ESP_TLS_USING_WOLFSSL) - message(STATUS "wolfSSL will be used for ESP-TLS") + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() else() message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") endif() diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig index 5e21683b32..cdd039d73f 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig @@ -382,6 +382,24 @@ menu "wolfSSL" Hardware acceleration enabled by default. Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + endmenu # wolfSSL Hardware Acceleration # ----------------------------------------------------------------------------------------------------------------- @@ -410,6 +428,13 @@ menu "wolfSSL" default n help Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + endmenu # wolfSSL Debug Options # ----------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk new file mode 100644 index 0000000000..45a1aa08fb --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk @@ -0,0 +1,296 @@ +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +$(info *********** wolfssl component ************) + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. + +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src + +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + + +## +## wolfcrypt test (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test + +## +## wolfcrypt +## +## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index 3939302b98..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -85,6 +85,9 @@ /* Turn on messages that are useful to see only in examples. */ #define WOLFSSL_EXAMPLE_VERBOSITY +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + /* wolfSSL Examples: set macros used in example applications. * * These Settings NOT available in ESP-IDF (e.g. esp-tls) @@ -153,8 +156,13 @@ /* Other applications detected by cmake */ #elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) - /* The wolfSSL Version */ - #define FP_MAX_BITS (8192 * 2) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif #define HAVE_ALPN #define HAVE_SNI #define OPENSSL_EXTRA_X509_SMALL @@ -240,9 +248,23 @@ /* Used by ESP-IDF components: */ #if defined(CONFIG_ESP_TLS_USING_WOLFSSL) /* The ESP-TLS */ - #define FP_MAX_BITS (8192 * 2) + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif #define HAVE_ALPN - #define HAVE_SNI + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif #define OPENSSL_EXTRA_X509_SMALL #define HAVE_TLS_EXTENSIONS @@ -349,18 +371,25 @@ /* Required for RSA */ #define WC_RSA_PSS - /* TLS 1.3 normally requires HAVE_FFDHE. For now just syntax highlight: */ + /* TLS 1.3 normally requires HAVE_FFDHE */ #if defined(HAVE_FFDHE_2048) || \ defined(HAVE_FFDHE_3072) || \ defined(HAVE_FFDHE_4096) || \ defined(HAVE_FFDHE_6144) || \ defined(HAVE_FFDHE_8192) #else + #define HAVE_FFDHE_2048 /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ #endif #endif - +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -477,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -733,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -791,7 +827,7 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options optionally increase error message size for very long paths. #define WOLFSSL_MAX_ERROR_SZ 500 -Turn debugging on/off: +Turn wolfSSL debugging on/off: wolfSSL_Debugging_ON(); wolfSSL_Debugging_OFF(); @@ -801,6 +837,7 @@ Turn debugging on/off: #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_DEBUG_IGNORE_ASN_TIME #define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC @@ -809,6 +846,8 @@ Turn debugging on/off: #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK #define ESP_MONITOR_HW_TASK_LOCK #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt index a038d035bc..3d72464657 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt @@ -1,5 +1,5 @@ # wolfSSL Espressif Example Project/main CMakeLists.txt -# v1.0 +# v1.1 # # wolfssl template # diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h index 94d9132358..ec666f37dc 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults index d14a51ee0c..c3b5367a69 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults @@ -1,30 +1,142 @@ # Set the known example app config to template example (see user_settings.h) CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y -# Set the known example app config to TLS Client (see user_settings.h) -CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y # -# Default main stack size +# Default main stack size. See user_settings.h # -# This is typically way bigger than needed for stack size. See user_settings.h +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 - +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=3584 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=3584 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index 8c66ae2695..f11fcd13e2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -1,11 +1,13 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.0 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) +# Optional no watchdog typically used for test & benchmark add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) + # The wolfSSL CMake file should be able to find the source code. # Otherwise, assign an environment variable or set it here: # @@ -20,19 +22,58 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) # Linux: ~/workspace # Windows: C:\workspace # +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME -# Optionally specify a location for wolfSSL component source code -# set(WOLFSSL_ROOT "c:/mydir/wolfssl" ) -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -# -#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") -# message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") -# set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -#else() -# message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") -#endif() +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md index 143a6a6991..e760db5f99 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md @@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## Espressif ESP Component Registry -See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl) +See the wolfSSL namespace and additional details: +https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ ## Windows COM Port @@ -38,9 +39,7 @@ using the VisualGDB extension. The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project. - --------- |------------- |------------- | -ChipSet | ESP-IDF v4.4 | ESP-IDF v5.1 | +ChipSet | ESP-IDF v4.4 | ESP-IDF v5.2 | -------- |------------- |------------- | ESP32 | x | | ESP32-S2 | | | @@ -66,7 +65,8 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh 1-1. Example Configuration -> BENCH_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + The list of arguments can be found in help. See [benchmark/README.md](https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/benchmark/README.md) + Features to be benchmarked are enabled in the `user_settings.h`. When you want to run the benchmark program @@ -89,14 +89,34 @@ git fetch git pull git submodule update --init --recursive -cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# pick your workspace location +# cd ~/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark -# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB +# The ESP8266 uses a completely different toolchain: +WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4 -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 -WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1 +# Pick ESP-IDF toolchain install directory WRK_IDF_PATH=~/esp/esp-idf +# ESP-IDF v4.x uses toolchain v8.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1 + +# ESP-IDF v5.0 with toolchain v12.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0 + +# ESP-IDF v5.0 to v5.2.1 uses toolchain v12.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.2.1 + +# The most recent version: +# ESP-IDF v5.2 uses toolchain v13.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 + + . $WRK_IDF_PATH/export.sh # Set target SoC diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt index f0bef7fc31..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt @@ -19,17 +19,67 @@ # # cmake for wolfssl Espressif projects # -# Version 5.7.0 template update + THIS_IDF_PATH +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + # The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component @@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "") endif() if( "$ENV{IDF_PATH}" STREQUAL "" ) - message(FATAL_ERROR "IDF_PATH Environment variable not set!") + message(FATAL_ERROR "IDF_PATH Environment variable not set!") else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() @@ -106,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -130,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -147,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -166,26 +236,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") - else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) - if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank + else() + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. else() - get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via prior specification.") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() @@ -286,6 +386,11 @@ endfunction() message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") + +# Optional variable inspection if (0) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) @@ -302,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -318,8 +428,9 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - ${THIS_INCLUDE_TIMER} - ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -328,6 +439,15 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) @@ -341,7 +461,9 @@ else() # Abort CMake after fatal error. endif() else() - message(STATUS "Searching for wolfSL source code...") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) endif() @@ -349,11 +471,18 @@ else() if(WOLFSSL_ROOT) message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") else() - message(STATUS "Failed: wolfssl directory not found.") + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" - "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") - # Abort CMake after fatal error. + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) @@ -379,22 +508,24 @@ else() endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") - # wolfSSL user_settings.h is in the local project. + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") - + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -427,8 +558,7 @@ else() message(STATUS "**************************************************************************************") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") - # Abort CMake after fatal error. + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -536,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -552,7 +684,7 @@ else() message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" @@ -601,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -622,15 +755,120 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES - "${THIS_INCLUDE_TIMER}" - "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark - ) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE # Some optional diagnostics. Verbose ones are truncated. if (VERBOSE_COMPONENT_MESSAGES) @@ -662,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -717,33 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig new file mode 100644 index 0000000000..cdd039d73f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk index 54ae8041fd..95a5a4723c 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,193 +50,246 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS -# In the wolfSSL GitHub examples for Espressif, -# the root is 7 directories up from here: -WOLFSSL_ROOT := ../../../../../../../ +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. -# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. COMPONENT_ADD_INCLUDEDIRS := . COMPONENT_ADD_INCLUDEDIRS += include -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src -# WOLFSSL_ROOT := "" -COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test -COMPONENT_SRCDIRS += include +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src -COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o ## ## wolfSSL ## -COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # COMPONENT_OBJS += src/conf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o # COMPONENT_OBJS += src/pk.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o # COMPONENT_OBJS += src/ssl_asn1.o # COMPONENT_OBJS += src/ssl_bn.o # COMPONENT_OBJS += src/ssl_certman.o # COMPONENT_OBJS += src/ssl_crypto.o # COMPONENT_OBJS += src/ssl_misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o # COMPONENT_OBJS += src/x509.o # COMPONENT_OBJS += src/x509_str.o ## ## wolfcrypt ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o ## ## Espressif ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o ## ## wolfcrypt benchmark (optional) ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + ## ## wolfcrypt test (optional) ## -## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test ## ## wolfcrypt ## +# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index 1c30597da9..0ce13530b2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,19 +18,52 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* This user_settings.h is for Espressif ESP-IDF * * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 * - * Do not include any wolfssl headers here + * Do not include any wolfssl headers here. * * When editing this file: - * ensure wolfssl_test and wolfssl_benchmark settings match. + * ensure all examples match. The template example is the reference. */ -/* The Espressif project config file. See also sdkconfig.defaults */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ /* The Espressif sdkconfig will have chipset info. ** @@ -46,33 +79,250 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF -/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ -#define NO_ESP_SDK_WIFI +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif +#endif + +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 + +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES #endif +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ + /* * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif /* See below for chipset detection from sdkconfig.h */ /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ -/* #define SINGLE_THREADED */ +#define SINGLE_THREADED -/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. +/* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) * When really desperate or no TLS used, try NO_SESSION_CACHE. */ @@ -92,130 +342,6 @@ /* RSA_LOW_MEM: Half as much memory but twice as slow. */ #define RSA_LOW_MEM -/* Uncommon settings for testing only */ -#define TEST_ESPIDF_ALL_WOLFSSL -#ifdef TEST_ESPIDF_ALL_WOLFSSL - #define WOLFSSL_MD2 - #define HAVE_BLAKE2 - #define HAVE_BLAKE2B - #define HAVE_BLAKE2S - - #define WC_RC2 - #define WOLFSSL_ALLOW_RC4 - - #define HAVE_POLY1305 - - #define WOLFSSL_AES_128 - #define WOLFSSL_AES_OFB - #define WOLFSSL_AES_CFB - #define WOLFSSL_AES_XTS - - /* #define WC_SRTP_KDF */ - /* TODO Causes failure with Espressif AES HW Enabled */ - /* #define HAVE_AES_ECB */ - /* #define HAVE_AESCCM */ - /* TODO sanity check when missing HAVE_AES_ECB */ - #define WOLFSSL_WOLFSSH - - #define HAVE_AESGCM - #define WOLFSSL_AES_COUNTER - - #define HAVE_FFDHE - #define HAVE_FFDHE_2048 - #if defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO Full size SRP is disabled on the ESP8266 at this time. - * Low memory issue? */ - #define WOLFCRYPT_HAVE_SRP - /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ - #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS - #elif defined(CONFIG_IDF_TARGET_ESP32) || \ - defined(CONFIG_IDF_TARGET_ESP32S2) || \ - defined(CONFIG_IDF_TARGET_ESP32S3) - /* TODO: SRP Not enabled, known to fail on this target - * See https://github.com/wolfSSL/wolfssl/issues/7210 */ - #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) - /* SRP Known to be working on this target::*/ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #else - /* For everything else, give a try and see if SRP working: */ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #endif - - #define HAVE_DH - - /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. - * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ - /* #define HAVE_CAMELLIA */ - - /* DSA requires old SHA */ - #define HAVE_DSA - - /* Needs SHA512 ? */ - #define HAVE_HPKE - - /* Not for Espressif? */ - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) || \ - defined(CONFIG_IDF_TARGET_ESP8266) - - #if defined(CONFIG_IDF_TARGET_ESP8266) - #undef HAVE_ECC - #undef HAVE_ECC_CDH - #undef HAVE_CURVE25519 - - /* TODO does CHACHA also need alignment? Failing on ESP8266 - * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ - #ifdef HAVE_CHACHA - #error "HAVE_CHACHA not supported on ESP8266" - #endif - #ifdef HAVE_XCHACHA - #error "HAVE_XCHACHA not supported on ESP8266" - #endif - #else - #define HAVE_XCHACHA - #define HAVE_CHACHA - /* TODO Not enabled at this time, needs further testing: - * #define WC_SRTP_KDF - * #define HAVE_COMP_KEY - * #define WOLFSSL_HAVE_XMSS - */ - #endif - /* TODO AES-EAX not working on this platform */ - - /* Optionally disable DH - * #undef HAVE_DH - * #undef HAVE_FFDHE - */ - - /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ - #ifndef HAVE_ECC - #define ECC_SHAMIR - #endif - #else - #define WOLFSSL_AES_EAX - - #define ECC_SHAMIR - #endif - - /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ - /* #define WOLFSSL_CAAM */ - /* #define WOLFSSL_CAAM_BLOB */ - - #define WOLFSSL_AES_SIV - #define WOLFSSL_CMAC - - #define WOLFSSL_CERT_PIV - - /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ - /* #define HAVE_SCRYPT */ - #define SCRYPT_TEST_ALL - #define HAVE_X963_KDF -#endif - /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ @@ -230,14 +356,40 @@ #define BENCH_EMBEDDED /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF + + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -254,32 +406,67 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -#define WOLFSSL_SHA512 - -/* when you want to use SHA3 */ -#define WOLFSSL_SHA3 - - /* ED25519 requires SHA512 */ -#define HAVE_ED25519 - /* Some features not enabled for ESP8266: */ #if defined(CONFIG_IDF_TARGET_ESP8266) || \ defined(CONFIG_IDF_TARGET_ESP32C2) + /* Some known low-memory devices have features not enabled by default. */ /* TODO determine low memory configuration for ECC. */ #else - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 + + /* when you want to use SHA3 */ + /* #define WOLFSSL_SHA3 */ + + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 #endif -#define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif -/* Optional OPENSSL compatibility */ -#define OPENSSL_EXTRA +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ /* #Optional HAVE_PKCS7 */ -#define HAVE_PKCS7 +/* #define HAVE_PKCS7 */ #if defined(HAVE_PKCS7) /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ @@ -319,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -329,7 +519,7 @@ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ /* #define WOLFSSL_SP_RISCV32 */ @@ -338,6 +528,14 @@ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif #define WOLFSSL_SMALL_STACK @@ -345,18 +543,32 @@ #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS + + #define WOLFSSL_CERT_TEXT -#define WOLFSSL_CERT_TEXT + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -376,10 +588,62 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 /* Alternatively, if there's an ECC Secure Element present: */ /* #define WOLFSSL_ESPWROOM32SE */ @@ -501,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -556,18 +824,33 @@ /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER See wolfcrypt/benchmark/benchmark.c for debug and other settings: @@ -579,7 +862,8 @@ Turn on timer debugging (used when CPU cycles not available) */ /* Pause in a loop rather than exit. */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ #define WOLFSSL_HW_METRICS @@ -628,6 +912,12 @@ Turn on timer debugging (used when CPU cycles not available) * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -705,6 +995,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 @@ -726,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 @@ -750,3 +1042,34 @@ Turn on timer debugging (used when CPU cycles not available) #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt index 6614af4fcc..bb71f4b282 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt @@ -1,3 +1,5 @@ +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.1 # # wolfssl benchmark test # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h index cae03b4a93..30c2289f3a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h @@ -1,4 +1,4 @@ -/* benchmark main.h +/* wolfssl_benchmark main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -19,12 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef _MAIN_ -#define _MAIN_ +#ifndef _MAIN_H_ +#define _MAIN_H_ void app_main(void); -/* see wolfssl/wolfcrypt/benchmark/benchmark.h */ -extern void wolf_benchmark_task(); - #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c index 3381f25fe7..02c2771815 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c @@ -27,20 +27,27 @@ /* The wolfSSL user_settings.h file is automatically included by the settings.h * file and should never be explicitly included in any other source files. * The settings.h should also be listed above wolfssl library include files. */ -#include -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #error "Problem with wolfSSL user_settings. " \ - "Check components/wolfssl/include " \ - "and confirm WOLFSSL_USER_SETTINGS is defined, " \ - "typically in the component CMakeLists.txt" +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include -#include - /* Hardware; include after other libraries, * particularly after freeRTOS from settings.h */ #include @@ -152,6 +159,7 @@ char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS]; int construct_argv() { + #define ARG_BUFF_SIZE 16 int cnt = 0; int i = 0; int len = 0; @@ -212,15 +220,16 @@ int construct_argv() /* entry point */ void app_main(void) { - int stack_start = 0; - uart_config_t uart_config = { .baud_rate = THIS_MONITOR_UART_BAUD_DATE, .data_bits = UART_DATA_8_BITS, .parity = UART_PARITY_DISABLE, .stop_bits = UART_STOP_BITS_1, }; + int stack_start = 0; + word32 loops = 0; esp_err_t ret = 0; + stack_start = esp_sdk_stack_pointer(); /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, @@ -270,7 +279,7 @@ void app_main(void) ESP_LOGI(TAG, "NO_CRYPT_BENCHMARK defined, skipping wolf_benchmark_task") #else - /* although wolfCrypt_Init() may be explicitly called above, + /* Although wolfCrypt_Init() may be explicitly called above, ** note it is still always called in wolf_benchmark_task. */ stack_start = uxTaskGetStackHighWaterMark(NULL); @@ -278,36 +287,41 @@ void app_main(void) do { ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - wolf_benchmark_task(); /* TODO capture return value! */ +#ifdef WOLFSSL_BENCH_ARGV + ret = benchmark_test(__argv); +#else + ret = benchmark_test(NULL); +#endif ESP_LOGI(TAG, "Stack used: %d\n", stack_start - uxTaskGetStackHighWaterMark(NULL)); - #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) - esp_hw_show_metrics(); - #endif - } while (BENCHMARK_LOOP); - /* Reminder: wolfCrypt_Cleanup should always be called at completion, + esp_hw_show_metrics(); + + loops++; /* count of the number of tests run before fail. */ + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "loops = %d", loops); + + } while (BENCHMARK_LOOP && (ret == 0)); + + /* Reminder: wolfCrypt_Cleanup() should always be called at completion, ** and is called in wolf_benchmark_task(). */ +#if defined BENCHMARK_LOOP && (BENCHMARK_LOOP == 1) + /* If BENCHMARK_LOOP enabled and we get here, there was likely an error. */ + ESP_LOGI(TAG, "Benchmark loops completed: %d", loops); +#endif + #if defined(SINGLE_THREADED) /* need stack monitor for single thread */ #else ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); #endif - /* note wolfCrypt_Cleanup() should always be called when finished. - ** This is called at the end of wolf_test_task(); - */ - -#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) - esp_hw_show_mp_metrics(); -#endif - #ifdef INCLUDE_uxTaskGetStackHighWaterMark - ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); - ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - (uxTaskGetStackHighWaterMark(NULL))); + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL))); #endif #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE @@ -318,19 +332,19 @@ void app_main(void) ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); } #elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) - ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); #else ESP_LOGI(TAG, "\n\nDone!\n\n" "If running from idf.py monitor, press twice: Ctrl+]"); #endif - /* after the test, we'll just wait */ + /* After completion, we'll just wait */ while (1) { - /* do something other than nothing to help next program/debug session*/ -#ifndef SINGLE_THREADED - vTaskDelay(1000); +#if defined(SINGLE_THREADED) + while (1); +#else + vTaskDelay(60000); #endif - } - + } /* done while */ #endif /* NO_CRYPT_BENCHMARK */ -} /* main */ +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv index a9c373bec7..0b2fcd1a9f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv @@ -1,31 +1,31 @@ -# to view: idf.py partition-table -# -# ESP-IDF Partition Table -# Name, Type, SubType, Offset, Size, Flags -nvs, data, nvs, 0x9000, 24K, -phy_init,data, phy, 0xf000, 4K, -factory, app, factory, 0x10000, 1500K, - - -# For other settings, see: -# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables -# -# Here is the summary printed for the "Single factory app, no OTA" configuration: -# -# # ESP-IDF Partition Table -# # Name, Type, SubType, Offset, Size, Flags -# nvs, data, nvs, 0x9000, 0x6000, -# phy_init, data, phy, 0xf000, 0x1000, -# factory, app, factory, 0x10000, 1M, -# -# -# Here is the summary printed for the "Factory app, two OTA definitions" configuration: -# -# # ESP-IDF Partition Table -# # Name, Type, SubType, Offset, Size, Flags -# nvs, data, nvs, 0x9000, 0x4000, -# otadata, data, ota, 0xd000, 0x2000, -# phy_init, data, phy, 0xf000, 0x1000, -# factory, app, factory, 0x10000, 1M, -# ota_0, app, ota_0, 0x110000, 1M, -# ota_1, app, ota_1, 0x210000, 1M, +# to view: idf.py partition-table +# +# ESP-IDF Partition Table +# Name, Type, SubType, Offset, Size, Flags +nvs, data, nvs, 0x9000, 24K, +phy_init,data, phy, 0xf000, 4K, +factory, app, factory, 0x10000, 1500K, + + +# For other settings, see: +# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables +# +# Here is the summary printed for the "Single factory app, no OTA" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x6000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# +# +# Here is the summary printed for the "Factory app, two OTA definitions" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x4000, +# otadata, data, ota, 0xd000, 0x2000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# ota_0, app, ota_0, 0x110000, 1M, +# ota_1, app, ota_1, 0x210000, 1M, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults index e7f3037365..5dd65ae9d4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults @@ -1,18 +1,31 @@ +# Set the known example app config to template example (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# sdkconfig.defaults for ESP8266 + ESP32 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults CONFIG_BENCH_ARGV="-lng 0" +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size. See user_settings.h # +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h +# # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 +# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app. +CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=28672 # # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled @@ -30,6 +43,10 @@ CONFIG_ESP_TASK_WDT_EN=n CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y CONFIG_ESP_INT_WDT=n +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + # ESP8266 WDT # CONFIG_ESP_PANIC_PRINT_REBOOT is not set CONFIG_ESP_PANIC_PRINT_REBOOT=n @@ -45,6 +62,36 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + # Set max COU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt index 14d08bf9f9..0518aedc2e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt @@ -3,6 +3,8 @@ # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly +message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") + cmake_minimum_required(VERSION 3.16) # The wolfSSL CMake file should be able to find the source code. @@ -48,7 +50,8 @@ endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common") if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") @@ -80,17 +83,20 @@ else() endif() -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +message(STATUS "begin include") +if(0) + # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. + set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") - message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") - set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -else() - message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") + else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + endif() endif() - include($ENV{IDF_PATH}/tools/cmake/project.cmake) - +message(STATUS "end include") project(wolfssl_client) +message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md index 43961ec9be..ff275c7117 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md @@ -10,9 +10,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## Quick Start -Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html) -for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html) -for the ESP8266. +Use the `ESP-IDF` for ESP32 or `RTOS SDK` for the ESP8266. Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266) and set the various parameters for the target device, along with local WiFi settings: @@ -49,7 +47,7 @@ Difficulty flashing: * Check that quality USB cables are being used. * Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable. * Review board specifications: some require manual boot mode via on-board buttons. -* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf) +* See Espressif ESP Frequently Asked Questions `esp-faq-en-master.pdf`. ## ESP-IDF Commandline v5.x diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt index c3c09ca532..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt @@ -19,16 +19,145 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -51,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -68,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -76,27 +225,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + else() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank + else() + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -114,16 +307,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -143,7 +367,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -154,17 +379,58 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") +# Optional variable inspection +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() + +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - # esp_timer - # driver # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -173,48 +439,99 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() else() - message(STATUS "NEW wolfssl directory not found.") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") + else() + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") - + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -237,11 +554,12 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -291,6 +609,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -347,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -360,21 +681,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers - ${THIS_IDF_PATH}/components/esp_event/include - ${THIS_IDF_PATH}/components/esp_netif/include - ${THIS_IDF_PATH}/components/esp_wifi/include + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -399,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -411,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -432,22 +755,144 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark - ) - # some optional diagnostics - if (1) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -455,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -510,31 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + +endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig new file mode 100644 index 0000000000..cdd039d73f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk index 1008e04afe..45a1aa08fb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk @@ -20,7 +20,7 @@ $(info *********** wolfssl component ************) - # +# # Component Makefile # # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 325e54b6a4..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,18 +18,195 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 -/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" -/* This user_settings.h is for Espressif ESP-IDF */ +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here. + * + * When editing this file: + * ensure all examples match. The template example is the reference. + */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ -/* #define DEBUG_WOLFSSL */ -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +#undef WOLFSSL_ESPIDF +#define WOLFSSL_ESPIDF + +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER + /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER @@ -58,14 +235,72 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ -#undef WOLFSSL_ESPIDF -#define WOLFSSL_ESPIDF +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN -/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ -#define NO_ESP_SDK_WIFI + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ /* - * ONE of these Espressif chipsets should be defined: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE @@ -84,11 +319,28 @@ #endif /* See below for chipset detection from sdkconfig.h */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +#define SINGLE_THREADED + /* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) - * When really desperate, try NO_SESSION_CACHE. */ -#define MICRO_SESSION_CACHE + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -103,19 +355,41 @@ #define BENCH_EMBEDDED -#define WOLFSSL_SMALL_STACK -#define HAVE_ECC -#define RSA_LOW_MEM - /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF + + /* May be required */ + #ifndef HAVE_AEAD + #endif -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -132,30 +406,72 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -#if defined(CONFIG_IDF_TARGET_ESP8266) +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) /* Some known low-memory devices have features not enabled by default. */ + /* TODO determine low memory configuration for ECC. */ #else /* when you want to use SHA512 */ #define WOLFSSL_SHA512 /* when you want to use SHA3 */ - #define WOLFSSL_SHA3 + /* #define WOLFSSL_SHA3 */ /* ED25519 requires SHA512 */ #define HAVE_ED25519 +#endif - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL - #define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif + +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" #endif /* Optional OpenSSL compatibility */ /* #define OPENSSL_EXTRA */ -/* when you want to use pkcs7 */ +/* #Optional HAVE_PKCS7 */ /* #define HAVE_PKCS7 */ + #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT @@ -175,25 +491,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ - #endif -#endif +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -204,23 +506,40 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif + +#define WOLFSSL_SMALL_STACK + + #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ @@ -230,13 +549,26 @@ /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS -#define WOLFSSL_CERT_TEXT + + #define WOLFSSL_CERT_TEXT + + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -256,11 +588,66 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -378,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -403,29 +794,84 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -466,6 +912,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -543,6 +995,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -562,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -584,3 +1042,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt index 621eb8702e..e339d25093 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt @@ -3,6 +3,7 @@ # # wolfssl client test # +message("Begin wolfSSL main CMakeLists.txt") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") if(WIN32) @@ -83,24 +84,27 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") else() # if we get here, check the execute_process command and parameters. - message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") + message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.") + message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"") set(${VAR_OUPUT} "Unknown") endif() endfunction() # LIBWOLFSSL_SAVE_INFO +# Save some project-specific details. Repo may be different than component, or may not even be a repo at all: if(NOT CMAKE_BUILD_EARLY_EXPANSION) - # LIBWOLFSSL_VERSION_GIT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_SHORT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_HASH_DATE + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") endif() message(STATUS "") +message("End wolfSSL main CMakeLists.txt") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild index 83dcd64398..061d0aa5a4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild @@ -1,4 +1,83 @@ -menu "Example Configuration" +menu "Example wolfSSL Configuration" + +choice WOLFSSL_EXAMPLE_CHOOSE + prompt "Choose Example (See wolfssl/include/user_settings.h)" + default WOLFSSL_EXAMPLE_NAME_NONE + help + The user settings file can be adjusted to specific wolfSSL examples. + + config WOLFSSL_EXAMPLE_NAME_TEMPLATE + bool "wolfSSL Template" + help + The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more. + + config WOLFSSL_EXAMPLE_NAME_TEST + bool "wolfSSL Test" + help + This app tests all cryptographic functions currently enabled. See also Benchmark performance app. + + config WOLFSSL_EXAMPLE_NAME_BENCHMARK + bool "wolfSSL Benchmark" + help + Benchmark performance app. See also cryptographic test. + + config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT + bool "TLS Client" + help + TLS Client Example app. Needs WiFi and a listening server on port 11111. + + config WOLFSSL_EXAMPLE_NAME_TLS_SERVER + bool "TLS Server" + help + TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE + bool "SSH Template App" + help + Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH. + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER + bool "SSH to UART Server for the ESP32" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER + bool "SSH to UART Server for the ESP8266" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE + bool "MQTT Template" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT + bool "MQTT AWS IoT" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFTPM_EXAMPLE_NAME_ESPRESSIF + bool "TPM Test Example for the ESP32" + help + See wolfSSL/wolfTPM on GitHub. + + config WOLFSSL_EXAMPLE_NAME_NONE + bool "Other" + help + A specific example app is not defined. + +endchoice config WOLFSSL_TARGET_HOST string "Target host" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 638fdf343d..2883f2f25d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -18,6 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include "client-tls.h" /* Espressif FreeRTOS */ @@ -36,6 +37,8 @@ /* wolfSSL */ #include +/* This project not yet using the library */ +#undef USE_WOLFSSL_ESP_SDK_WIFI #include #if defined(WOLFSSL_WC_KYBER) @@ -204,7 +207,6 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) size_t len; - wolfSSL_Debugging_ON(); WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME); doPeerCheck = 1; @@ -238,8 +240,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) /* Create and initialize WOLFSSL_CTX */ ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */ /* options: */ - /* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); only TLS 1.2 */ - /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); only TLS 1.3 */ + /* ctx = wolfSSL_CTX_new(wolfSSLv1_2_client_method()); only TLS 1.2 */ + /* ctx = wolfSSL_CTX_new(wolfSSLv1_3_client_method()); only TLS 1.3 */ /* wolfSSL_CTX_NoTicketTLSv12(); */ /* wolfSSL_NoTicketTLSv12(); */ if (ctx == NULL) { @@ -460,6 +462,9 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) } ESP_LOGI(TAG, "Connect to wolfSSL server..."); + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif ret_i = wolfSSL_connect(ssl); #ifdef DEBUG_WOLFSSL this_heap = esp_get_free_heap_size(); @@ -570,7 +575,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #else xTaskHandle _handle; #endif - /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions */ + /* See Espressif api-reference/system/freertos_idf.html#functions */ if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) { /* Observed approximately 6KB limit for the RTOS task stack size. * Reminder parameter is bytes, not words as with generic FreeRTOS. */ @@ -582,8 +587,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here. - * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ + * Espressif uses BYTES for the task stack size here. */ ret = xTaskCreate(tls_smp_client_task, TLS_SMP_CLIENT_TASK_NAME, TLS_SMP_CLIENT_TASK_BYTES, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h index b016f29a61..80802af508 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h @@ -29,9 +29,9 @@ /* See main/Kconfig.projbuild for default configuration settings */ #ifdef CONFIG_WOLFSSL_TARGET_HOST - #define TLS_SMP_TARGET_HOST "192.168.1.36" + #define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST #else - #define TLS_SMP_TARGET_HOST "192.168.1.41" + #define TLS_SMP_TARGET_HOST "192.168.1.37" #endif #ifdef CONFIG_WOLFSSL_TARGET_PORT diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h index 12c452d6e2..fee34cbc43 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h index 3586ac65a8..ab73b24391 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h @@ -24,8 +24,8 @@ #ifndef _TIME_HELPER_H_ #define _TIME_HELPER_H_ -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0 See Espressif api-reference/system/system_time */ #ifdef __cplusplus diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h index 6888228f3f..404efc0d37 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -106,20 +106,26 @@ /* tyically from ESP32 with ESP-IDF v4 ot v5 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID #elif defined(CONFIG_EXAMPLE_WIFI_SSID) - /* tyically from ESP8266 rtos-sdk/v3.4 */ + /* typically from ESP8266 rtos-sdk/v3.4 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID #else - #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif #endif #if defined(CONFIG_ESP_WIFI_PASSWORD) /* tyically from ESP32 with ESP-IDF v4 or v5 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD #elif defined(CONFIG_EXAMPLE_WIFI_SSID) - /* tyically from ESP8266 rtos-sdk/v3.4 */ + /* typically from ESP8266 rtos-sdk/v3.4 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD #else - #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_PASS + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif #endif #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c index 838ad66bd4..376c853fc2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -28,22 +28,32 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ -/* Reminder: settings.h pulls in user_settings.h; don't include it here */ -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* this project */ #include "client-tls.h" #include "time_helper.h" -#ifndef CONFIG_IDF_TARGET_ESP32H2 +#ifdef CONFIG_IDF_TARGET_ESP32H2 /* There's no WiFi on ESP32-H2. * For wired ethernet, see: * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */ +#else #include "wifi_connect.h" /* * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4 @@ -123,8 +133,12 @@ void my_atmel_free(int slotId) /* Entry for FreeRTOS */ void app_main(void) { +#if !defined(SINGLE_THREADED) && INCLUDE_uxTaskGetStackHighWaterMark int stack_start = 0; +#endif +#if !defined(SINGLE_THREADED) int this_heap = 0; +#endif esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -132,6 +146,9 @@ void app_main(void) ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); +#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig."); +#endif #ifdef ESP_SDK_MEM_LIB_VERSION sdk_init_meminfo(); #endif @@ -155,7 +172,7 @@ void app_main(void) * the minimum free stack space there has been (in bytes not words, unlike * vanilla FreeRTOS) since the task started. The smaller the returned * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + * see Espressif api-reference/system/freertos_idf */ stack_start = uxTaskGetStackHighWaterMark(NULL); #ifdef ESP_SDK_MEM_LIB_VERSION @@ -172,7 +189,15 @@ void app_main(void) #ifdef HAVE_VERSION_EXTENDED_INFO esp_ShowExtendedSystemInfo(); #endif - +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_OFF(); +#endif +#ifdef CONFIG_IDF_TARGET_ESP32H2 + ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported"); + while (1) { + vTaskDelay(60000); + } +#endif /* Set time for cert validation. * Some lwIP APIs, including SNTP functions, are not thread safe. */ ret = set_time(); /* need to setup NTP before WiFi */ @@ -267,7 +292,6 @@ void app_main(void) - (uxTaskGetStackHighWaterMark(NULL)) ); ESP_LOGI(TAG, "Starting TLS Client task ...\n"); - ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d", &this_heap, this_heap); tls_smp_client_init(args); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c index 0adfefcbce..1ff6af4174 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c @@ -19,11 +19,29 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* See https://tf.nist.gov/tf-cgi/servers.cgi */ +/* common Espressif time_helper */ +#include "time_helper.h" + -/* common Espressif time_helper v5.6.6.001 */ #include "sdkconfig.h" -#include "time_helper.h" +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif #include #include @@ -41,8 +59,8 @@ /* TODO Consider non ESP-IDF environments */ #endif -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0. See: Espressif api-reference/system/system_time */ /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ @@ -285,7 +303,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference/system/system_time * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c index 19ced33011..f2e13afc19 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -31,12 +31,22 @@ #include /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* When there's too little heap, WiFi quietly refuses to connect */ @@ -198,7 +208,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference/system/freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults index 765df0fe6b..146dabf0f1 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults @@ -1,12 +1,21 @@ -# sdkconfig.defaults for ESP8266 + ESP32 -# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. -# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults -CONFIG_BENCH_ARGV="-lng 0" +# Set the known example app config to TLS Client (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y +# CONFIG_EXAMPLE_WIFI_SSID="myssid" +# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword" + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # -# Default main stack size. See user_settings.h +# Default main stack size +# +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others @@ -50,12 +59,43 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y -# Set max COU frequency (falls back as needed for lower maximum) +# Set max CPU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y -# FreeRTOS ticks at 1ms interval -CONFIG_FREERTOS_UNICORE=y -CONFIG_FREERTOS_HZ=1000 +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 new file mode 100644 index 0000000000..a24d9302e6 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 @@ -0,0 +1,7 @@ +# +# Main XTAL Config +# +CONFIG_XTAL_FREQ_26=y +# CONFIG_XTAL_FREQ_40 is not set +CONFIG_XTAL_FREQ=26 +# end of Main XTAL Config diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt index 11a9e467a9..e4ce3d8a0d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt @@ -3,6 +3,8 @@ # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly +message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") + cmake_minimum_required(VERSION 3.16) # The wolfSSL CMake file should be able to find the source code. @@ -48,7 +50,8 @@ endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common") if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") @@ -80,17 +83,20 @@ else() endif() -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +message(STATUS "begin include") +if(0) + # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. + set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") - message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") - set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -else() - message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") + else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + endif() endif() - include($ENV{IDF_PATH}/tools/cmake/project.cmake) - +message(STATUS "end include") project(wolfssl_server) +message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md index 6baa41aa7a..0b88c035fa 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md @@ -39,7 +39,7 @@ See the README.md file in the upper level 'examples' directory for more informat ``` # . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh -. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server # optionally erase diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt index b809a17142..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt @@ -19,16 +19,145 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -51,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -68,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -76,27 +225,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + else() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank + else() + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -114,16 +307,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -143,7 +367,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -154,17 +379,58 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") +# Optional variable inspection +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - # esp_timer - # driver # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -173,48 +439,99 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() + else() + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") else() - message(STATUS "NEW wolfssl directory not found.") + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") - + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -237,11 +554,12 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -291,6 +609,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -347,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -360,21 +681,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers - ${THIS_IDF_PATH}/components/esp_event/include - ${THIS_IDF_PATH}/components/esp_netif/include - ${THIS_IDF_PATH}/components/esp_wifi/include + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -383,7 +705,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -399,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -411,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -432,22 +755,144 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark - ) - # some optional diagnostics - if (1) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -455,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -510,31 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + +endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig new file mode 100644 index 0000000000..cdd039d73f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk index 02c36849b9..45a1aa08fb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,17 +50,61 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + # NOTICE: the WOLFSSL_ROOT setting MUST be relative! # See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables # In the wolfSSL GitHub examples for Espressif: # https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples # When this wolfssl component.mk makefile is in [project]/components/wolfssl -# The root is 7 directories up from here: +# The root is 7 directories up from here (the location of of this component.mk): WOLFSSL_ROOT := ../../../../../../.. -# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. -COMPONENT_ADD_INCLUDEDIRS := ./include +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt @@ -118,7 +164,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o @@ -142,7 +188,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o @@ -174,7 +220,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o @@ -211,8 +257,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o @@ -244,5 +290,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib. ## ## wolfcrypt ## -# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 380da3e691..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,18 +18,195 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 -/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" -/* This user_settings.h is for Espressif ESP-IDF */ +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here. + * + * When editing this file: + * ensure all examples match. The template example is the reference. + */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ -#define DEBUG_WOLFSSL -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +#undef WOLFSSL_ESPIDF +#define WOLFSSL_ESPIDF + +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER + /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER @@ -38,6 +215,7 @@ /* With limited RAM, we'll disable some of the Kyber sizes: */ #define WOLFSSL_NO_KYBER1024 #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE #endif #endif @@ -57,14 +235,72 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ -#undef WOLFSSL_ESPIDF -#define WOLFSSL_ESPIDF +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN -/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ -#define NO_ESP_SDK_WIFI + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ /* - * ONE of these Espressif chipsets should be defined: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE @@ -83,11 +319,28 @@ #endif /* See below for chipset detection from sdkconfig.h */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +#define SINGLE_THREADED + /* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) - * When really desperate, try NO_SESSION_CACHE. */ -#define MICRO_SESSION_CACHE + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -102,19 +355,41 @@ #define BENCH_EMBEDDED -#define WOLFSSL_SMALL_STACK -#define HAVE_ECC -#define RSA_LOW_MEM - /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -131,30 +406,72 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -#if defined(CONFIG_IDF_TARGET_ESP8266) +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) /* Some known low-memory devices have features not enabled by default. */ + /* TODO determine low memory configuration for ECC. */ #else /* when you want to use SHA512 */ #define WOLFSSL_SHA512 /* when you want to use SHA3 */ - #define WOLFSSL_SHA3 + /* #define WOLFSSL_SHA3 */ /* ED25519 requires SHA512 */ #define HAVE_ED25519 +#endif - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL - #define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif + +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" #endif /* Optional OpenSSL compatibility */ /* #define OPENSSL_EXTRA */ -/* when you want to use pkcs7 */ +/* #Optional HAVE_PKCS7 */ /* #define HAVE_PKCS7 */ + #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT @@ -174,25 +491,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -203,37 +506,69 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif + +#define WOLFSSL_SMALL_STACK + + #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS -#define WOLFSSL_CERT_TEXT + + #define WOLFSSL_CERT_TEXT + + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -253,11 +588,66 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -375,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -400,29 +794,84 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -463,6 +912,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -540,6 +995,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -559,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -581,3 +1042,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt index 798cecceb7..9b1e29369c 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt @@ -3,6 +3,7 @@ # # wolfssl server test # +message("Begin wolfSSL main CMakeLists.txt") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") if(WIN32) @@ -83,24 +84,27 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") else() # if we get here, check the execute_process command and parameters. - message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") + message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.") + message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"") set(${VAR_OUPUT} "Unknown") endif() endfunction() # LIBWOLFSSL_SAVE_INFO +# Save some project-specific details. Repo may be different than component, or may not even be a repo at all: if(NOT CMAKE_BUILD_EARLY_EXPANSION) - # LIBWOLFSSL_VERSION_GIT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_SHORT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_HASH_DATE + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") endif() message(STATUS "") +message("End wolfSSL main CMakeLists.txt") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild index 64406069d4..061d0aa5a4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild @@ -1,9 +1,94 @@ -menu "Example Configuration" +menu "Example wolfSSL Configuration" + +choice WOLFSSL_EXAMPLE_CHOOSE + prompt "Choose Example (See wolfssl/include/user_settings.h)" + default WOLFSSL_EXAMPLE_NAME_NONE + help + The user settings file can be adjusted to specific wolfSSL examples. + + config WOLFSSL_EXAMPLE_NAME_TEMPLATE + bool "wolfSSL Template" + help + The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more. + + config WOLFSSL_EXAMPLE_NAME_TEST + bool "wolfSSL Test" + help + This app tests all cryptographic functions currently enabled. See also Benchmark performance app. + + config WOLFSSL_EXAMPLE_NAME_BENCHMARK + bool "wolfSSL Benchmark" + help + Benchmark performance app. See also cryptographic test. + + config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT + bool "TLS Client" + help + TLS Client Example app. Needs WiFi and a listening server on port 11111. + + config WOLFSSL_EXAMPLE_NAME_TLS_SERVER + bool "TLS Server" + help + TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE + bool "SSH Template App" + help + Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH. + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER + bool "SSH to UART Server for the ESP32" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER + bool "SSH to UART Server for the ESP8266" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE + bool "MQTT Template" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT + bool "MQTT AWS IoT" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFTPM_EXAMPLE_NAME_ESPRESSIF + bool "TPM Test Example for the ESP32" + help + See wolfSSL/wolfTPM on GitHub. + + config WOLFSSL_EXAMPLE_NAME_NONE + bool "Other" + help + A specific example app is not defined. + +endchoice + +config WOLFSSL_TARGET_HOST + string "Target host" + default "127.0.0.1" + help + host address for the example to connect config WOLFSSL_TARGET_PORT int "Target port" default 11111 help - Host listening port for the example to connect. + host port for the example to connect endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk index 44bd2b5273..c59edbee41 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk @@ -1,3 +1,8 @@ # -# Main Makefile. This is basically the same as a component makefile. +# Main component makefile. +# +# This Makefile can be left empty. By default, it will take the sources in the +# src/ directory, compile them and link them into lib(subdirectory_name).a +# in the build directory. This behavior is entirely configurable, +# please read the ESP-IDF documents if you need to do this. # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h index 94d9132358..9e0096839f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h @@ -1,4 +1,4 @@ -/* template main.h +/* wolfssl_server main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h index b3574b66b8..3d335c652a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h @@ -1,4 +1,5 @@ -/* +/* time_helper.h + * * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. @@ -20,11 +21,11 @@ /* common Espressif time_helper v5.6.3.001 */ -#ifndef _TIME_HELPER_H -#define _TIME_HELPER_H +#ifndef _TIME_HELPER_H_ +#define _TIME_HELPER_H_ -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0 See: Espressif api-reference/system/system_time */ #ifdef __cplusplus @@ -32,7 +33,7 @@ extern "C" { #endif /* a function to show the current data and time */ -int esp_show_current_datetime(); +int esp_show_current_datetime(void); /* worst case, if GitHub time not available, used fixed time */ int set_fixed_default_time(void); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index b5debf3641..668f6b8e99 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -21,9 +21,6 @@ #ifndef _WIFI_CONNECT_H_ #define _WIFI_CONNECT_H_ -#include -#include - /* ESP lwip */ #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY @@ -31,8 +28,10 @@ #define TLS_SMP_SERVER_TASK_BYTES 22240 #define TLS_SMP_SERVER_TASK_PRIORITY 8 +/* Optionally use ESP-IDF config settings #define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID #define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD +*/ #define USE_WIFI_EXAMPLE #ifdef USE_WIFI_EXAMPLE @@ -52,18 +51,53 @@ * file my_private_config.h should be excluded from git updates */ /* #define USE_MY_PRIVATE_CONFIG */ -#ifdef USE_MY_PRIVATE_CONFIG +/* Note that IntelliSense may not work properly in the next section for the + * Espressif SDK 3.4 on the ESP8266. Macros should still be defined. + * See the project-level Makefile. Example found in: + * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template + * + * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that + * triggers the make (not cmake) to add compiler defines. + */ +#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG) + #include "/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_WSL_CONFIG) + #include "/mnt/c/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_LINUX_CONFIG) + #include "~/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_MAC_CONFIG) + #include "~/Documents/my_private_config.h" +#elif defined(USE_MY_PRIVATE_CONFIG) + /* This section works best with cmake & non-environment variable setting */ #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_CMAKE + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_MAKE #include "/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_CMAKE + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_MAKE #include "/mnt/c/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_CMAKE + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_MAKE #include "~/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE) #include "~/Documents/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE) + #define WOLFSSL_MAKE + #include "~/Documents/my_private_config.h" + #elif defined(OS_WINDOWS) + #include "/workspace/my_private_config.h" #else - #warning "did not detect environment. using ~/my_private_config.h" - #include "~/my_private_config.h" + /* Edit as needed for your private config: */ + #warning "default private config using /workspace/my_private_config.h" + #include "/workspace/my_private_config.h" #endif #else @@ -74,8 +108,12 @@ ** If you'd rather not, just change the below entries to strings with ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" */ - #ifdef CONFIG_ESP_WIFI_SSID + #if defined(CONFIG_ESP_WIFI_SSID) + /* tyically from ESP32 with ESP-IDF v4 ot v5 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID #else /* See new esp-sdk-lib.h helpers: */ #ifndef EXAMPLE_ESP_WIFI_SSID @@ -83,8 +121,12 @@ #endif #endif - #ifdef CONFIG_ESP_WIFI_PASSWORD + #if defined(CONFIG_ESP_WIFI_PASSWORD) + /* tyically from ESP32 with ESP-IDF v4 or v5 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD #else /* See new esp-sdk-lib.h helpers: */ #ifndef EXAMPLE_ESP_WIFI_PASS diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c index b25991ca2b..e8195416f4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -27,29 +27,43 @@ #include /* wolfSSL */ -#include /* includes wolfSSL user-settings.h */ -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* this project */ #include "server-tls.h" #include "time_helper.h" -#ifndef CONFIG_IDF_TARGET_ESP32H2 +#ifdef CONFIG_IDF_TARGET_ESP32H2 /* There's no WiFi on ESP32-H2. * For wired ethernet, see: * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */ +#else #include "wifi_connect.h" + /* + * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4 + * See https://github.com/espressif/esp-modbus/issues/2 + */ #endif #ifdef WOLFSSL_TRACK_MEMORY #include #endif -static const char* const TAG = "TLS Client"; +static const char* TAG = "main"; #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ && defined(WOLFSSL_ATECC508A) @@ -114,10 +128,11 @@ void my_atmel_free(int slotId) #endif /* CUSTOM_SLOT_ALLOCATION */ #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */ -/* for FreeRTOS */ +/* Entry for FreeRTOS */ void app_main(void) { int stack_start = 0; + int this_heap = 0; esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Server Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -125,31 +140,58 @@ void app_main(void) ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); +#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig."); +#endif +#ifdef ESP_SDK_MEM_LIB_VERSION + sdk_init_meminfo(); +#endif #ifdef ESP_TASK_MAIN_STACK ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK); #endif #ifdef TASK_EXTRA_STACK_SIZE ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); #endif -#ifdef INCLUDE_uxTaskGetStackHighWaterMark + +#ifdef SINGLE_THREADED + ESP_LOGI(TAG, "Single threaded"); +#else ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", CONFIG_ESP_MAIN_TASK_STACK_SIZE, - (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); + (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); + + #ifdef INCLUDE_uxTaskGetStackHighWaterMark + { + /* Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in bytes not words, unlike + * vanilla FreeRTOS) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * see Espressif api-reference/system/freertos_idf + */ + stack_start = uxTaskGetStackHighWaterMark(NULL); + #ifdef ESP_SDK_MEM_LIB_VERSION + { + sdk_var_whereis("stack_start", &stack_start); + } + #endif - /* Returns the high water mark of the stack associated with xTask. That is, - * the minimum free stack space there has been (in bytes not words, unlike - * vanilla FreeRTOS) since the task started. The smaller the returned - * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html - */ - stack_start = uxTaskGetStackHighWaterMark(NULL); - ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); -#endif + ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); + } + #endif /* INCLUDE_uxTaskGetStackHighWaterMark */ +#endif /* SINGLE_THREADED */ #ifdef HAVE_VERSION_EXTENDED_INFO esp_ShowExtendedSystemInfo(); #endif - +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_OFF(); +#endif +#ifdef CONFIG_IDF_TARGET_ESP32H2 + ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported"); + while (1) { + vTaskDelay(60000); + } +#endif /* Set time for cert validation. * Some lwIP APIs, including SNTP functions, are not thread safe. */ ret = set_time(); /* need to setup NTP before WiFi */ @@ -183,11 +225,23 @@ void app_main(void) /* Initialize NVS */ ret = nvs_flash_init(); - if (ret == ESP_ERR_NVS_NO_FREE_PAGES || - ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { - ESP_ERROR_CHECK(nvs_flash_erase()); - ret = nvs_flash_init(); + #if defined(CONFIG_IDF_TARGET_ESP8266) + { + if (ret == ESP_ERR_NVS_NO_FREE_PAGES) { + ESP_ERROR_CHECK(nvs_flash_erase()); + ret = nvs_flash_init(); + } + } + #else + { + /* Non-ESP8266 initialization is slightly different */ + if (ret == ESP_ERR_NVS_NO_FREE_PAGES || + ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { + ESP_ERROR_CHECK(nvs_flash_erase()); + ret = nvs_flash_init(); + } } + #endif /* else not CONFIG_IDF_TARGET_ESP8266 */ ESP_ERROR_CHECK(ret); #if defined(CONFIG_IDF_TARGET_ESP32H2) @@ -202,8 +256,8 @@ void app_main(void) ESP_LOGI(TAG, "Trying WiFi again..."); ret = wifi_init_sta(); } - #endif -#endif + #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */ +#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */ /* Once we are connected to the network, start & wait for NTP time */ ret = set_time_wait_for_ntp(); @@ -215,34 +269,46 @@ void app_main(void) esp_show_current_datetime(); } +#if defined(SINGLE_THREADED) + /* just call the task */ + tls_smp_server_task((void*)NULL); +#else + tls_args args[1] = {0}; + /* start a thread with the task */ /* HWM is maximum amount of stack space that has been unused, in bytes * not words (unlike vanilla freeRTOS). */ + this_heap = esp_get_free_heap_size(); ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes", CONFIG_ESP_MAIN_TASK_STACK_SIZE - (uxTaskGetStackHighWaterMark(NULL)) ); - ESP_LOGI(TAG, "Starting TLS Server...\n"); + ESP_LOGI(TAG, "Starting TLS Server task...\n"); + ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d", + &this_heap, this_heap); + + -#if defined(SINGLE_THREADED) - /* just call the task */ - tls_smp_server_task((void*)NULL); -#else - tls_args args[1] = {0}; - /* start a thread with the task */ tls_smp_server_init(args); /* NULL will use the DEFAULT_PORT value */ #endif + /* Done */ +#ifdef SINGLE_THREADED + ESP_LOGV(TAG, "\n\nDone!\n\n"); + while (1); +#else + ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); + vTaskDelete(NULL); /* done */ while (1) { + ESP_LOGV(TAG, "\n\nLoop...\n\n"); + #ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); -#if defined(SINGLE_THREADED) - ESP_LOGV(TAG, "\n\nDone!\n\n"); - while (1); -#else - /* Delete this main task to free up memory */ - ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); - vTaskDelete(NULL); -#endif + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL) )); + #endif + vTaskDelay(60000); } /* done while */ +#endif /* else not SINGLE_THREADED */ } /* app_main */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index b966e4e17b..8e1a14e91d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -39,10 +39,28 @@ #endif /* wolfSSL */ -#include -#include -#include - +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +#if defined(WOLFSSL_WC_KYBER) + #include + #include +#endif +#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + #include +#endif #ifdef WOLFSSL_TRACK_MEMORY #include #endif @@ -286,15 +304,19 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) my_atmel_slotInit(); atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free); #endif +#endif +#ifdef WOLFSSL_EXAMPLE_VERBOSITY + ESP_LOGI(TAG, "Initial stack used: %d\n", + TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL) ); #endif ESP_LOGI(TAG, "accept clients..."); /* Continue to accept clients until shutdown is issued */ while (!shutdown) { - ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES - - uxTaskGetStackHighWaterMark(NULL) ); WOLFSSL_MSG("Waiting for a connection..."); +#if ESP_IDF_VERSION_MAJOR >=4 + /* TODO: IP Address is problematic in RTOS SDK 3.4 */ wifi_show_ip(); - +#endif /* Accept client socket connections */ if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) { @@ -319,7 +341,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) } } #else - ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled"); + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled, not using PQ."); #endif /* show what cipher connected for this WOLFSSL* object */ ShowCiphers(ssl); @@ -363,6 +385,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) /* Cleanup after this connection */ wolfSSL_free(ssl); /* Free the wolfSSL object */ close(connd); /* Close the connection to the client */ +#ifdef WOLFSSL_EXAMPLE_VERBOSITY + ESP_LOGI(TAG, "Stack used: %d\n", + TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL)); +#endif } /* !shutdown */ /* Cleanup and return */ wolfSSL_free(ssl); /* Free the wolfSSL object */ @@ -398,8 +424,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) xTaskHandle _handle; #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here. - * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ + * Espressif uses BYTES for the task stack size here. */ ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d", TLS_SMP_SERVER_TASK_BYTES); ret_i = xTaskCreate(tls_smp_server_task, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c index 41a0e09751..75ab617b41 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -19,7 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* common Espressif time_helper v5.6.3.002 */ +/* See https://tf.nist.gov/tf-cgi/servers.cgi */ + +/* common Espressif time_helper v5.6.6.001 */ #include "sdkconfig.h" #include "time_helper.h" @@ -36,25 +38,23 @@ #include #endif #else - /* TODO Consider pre IDF v5? */ + /* TODO Consider non ESP-IDF environments */ #endif -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues - */ -const static char* TAG = "time_helper"; +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0. See: Espressif api-reference/system/system_time */ /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ #ifndef TIME_ZONE -/* - * PST represents Pacific Standard Time. - * +8 specifies the offset from UTC (Coordinated Universal Time), indicating - * that Pacific Time is UTC-8 during standard time. - * PDT represents Pacific Daylight Time. - * M3.2.0 indicates that Daylight Saving Time (DST) starts on the - * second (2) Sunday (0) of March (3). - * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11) - */ + /* + * PST represents Pacific Standard Time. + * +8 specifies the offset from UTC (Coordinated Universal Time), indicating + * that Pacific Time is UTC-8 during standard time. + * PDT represents Pacific Daylight Time. + * M3.2.0 indicates that Daylight Saving Time (DST) starts on the + * second (2) Sunday (0) of March (3). + * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11) + */ #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" #endif /* not defined: TIME_ZONE, so we are setting our own */ @@ -87,11 +87,13 @@ const static char* TAG = "time_helper"; char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; +const static char* TAG = "time_helper"; + /* our NTP server list is global info */ extern char* ntpServerList[NTP_SERVER_COUNT]; /* Show the current date and time */ -int esp_show_current_datetime() +int esp_show_current_datetime(void) { time_t now; char strftime_buf[64]; @@ -104,7 +106,7 @@ int esp_show_current_datetime() localtime_r(&now, &timeinfo); strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); - return 0; + return ESP_OK; } /* the worst-case scenario is a hard-coded date/time */ @@ -113,9 +115,9 @@ int set_fixed_default_time(void) /* ideally, we'd like to set time from network, * but let's set a default time, just in case */ struct tm timeinfo = { - .tm_year = 2023 - 1900, + .tm_year = 2024 - 1900, .tm_mon = 10, - .tm_mday = 02, + .tm_mday = 11, .tm_hour = 13, .tm_min = 01, .tm_sec = 05 @@ -130,7 +132,38 @@ int set_fixed_default_time(void) ESP_LOGI(TAG, "Adjusting time from fixed value"); now = (struct timeval){ .tv_sec = interim_time }; ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "settimeofday result = %d", ret); + return ret; +} +/* probably_valid_time_string(s) + * + * some sanity checks on time string before calling sscanf() + * + * returns 0 == ESP_OK == Success if str is likely a valid time. + * -1 == ESP_FAIL otherwise + */ +int probably_valid_time_string(const char* str) +{ + int ret = ESP_OK; + size_t length = 0; + size_t spaces = 0; + size_t colons = 0; + + while (str[length] != '\0') { + if (str[length] == ' ') { + spaces++; + } + if (str[length] == ':') { + colons++; + } + length++; + } + + if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) { + ret = ESP_FAIL; + ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str); + } return ret; } @@ -138,60 +171,67 @@ int set_fixed_default_time(void) * * returns 0 = success if able to set the time from the provided string * error for any other value, typically -1 */ -int set_time_from_string(char* time_buffer) +int set_time_from_string(const char* time_buffer) { /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */ + char offset[28]; /* large arrays, just in case there's still bad data */ + char day_str[28]; + char month_str[28]; const char *format = "%3s %3s %d %d:%d:%d %d %s"; struct tm this_timeinfo; struct timeval now; time_t interim_time; - char offset[6]; /* expecting trailing single quote, not used */ - char day_str[4]; - char month_str[4]; int day, year, hour, minute, second; int quote_offset = 0; int ret = 0; - /* we are expecting the string to be encapsulated in single quotes */ - if (*time_buffer == 0x27) { - quote_offset = 1; - } + /* perform some basic sanity checkes */ + ret = probably_valid_time_string(time_buffer); + if (ret == ESP_OK) { + /* we are expecting the string to be encapsulated in single quotes */ + if (*time_buffer == 0x27) { + quote_offset = 1; + } - ret = sscanf(time_buffer + quote_offset, - format, - day_str, month_str, - &day, &hour, &minute, &second, &year, &offset); + ret = sscanf(time_buffer + quote_offset, + format, + day_str, month_str, + &day, &hour, &minute, &second, &year, &offset); - if (ret == 8) { - /* we found a match for all componets */ + if (ret == 8) { + /* we found a match for all componets */ - const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; + const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; - for (int i = 0; i < 12; i++) { - if (strcmp(month_str, months[i]) == 0) { - this_timeinfo.tm_mon = i; - break; + for (int i = 0; i < 12; i++) { + if (strcmp(month_str, months[i]) == 0) { + this_timeinfo.tm_mon = i; + break; + } } - } - this_timeinfo.tm_mday = day; - this_timeinfo.tm_hour = hour; - this_timeinfo.tm_min = minute; - this_timeinfo.tm_sec = second; - this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */ + this_timeinfo.tm_mday = day; + this_timeinfo.tm_hour = hour; + this_timeinfo.tm_min = minute; + this_timeinfo.tm_sec = second; + this_timeinfo.tm_year = year - 1900; /* Years since 1900 */ - interim_time = mktime(&this_timeinfo); - now = (struct timeval){ .tv_sec = interim_time }; - ret = settimeofday(&now, NULL); - ESP_LOGI(TAG, "Time updated to %s", time_buffer); - } - else { - ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer); - ESP_LOGI(TAG, "Trying fixed date that was hard-coded."); - set_fixed_default_time(); - ret = -1; + interim_time = mktime(&this_timeinfo); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "Time updated to %s", time_buffer); + } + else { + ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", + time_buffer); + ESP_LOGI(TAG, "Trying fixed date that was hard-coded...."); + set_fixed_default_time(); + ret = ESP_FAIL; + } } + return ret; } @@ -224,14 +264,16 @@ int set_time(void) #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE /* initialy set a default approximate time from recent git commit */ - ESP_LOGI(TAG, "Found git hash date, attempting to set system date."); - set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE); + ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s", + LIBWOLFSSL_VERSION_GIT_HASH_DATE); + set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0"); esp_show_current_datetime(); ret = -4; #else /* otherwise set a fixed time that was hard coded */ set_fixed_default_time(); + esp_show_current_datetime(); ret = -3; #endif @@ -242,7 +284,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressifapi-reference/system/system_time.html#sntp-time-synchronization * * WARNING: do not set operating mode while SNTP client is running! */ @@ -262,6 +304,7 @@ int set_time(void) } ESP_LOGI(TAG, "%s", thisServer); sntp_setservername(i, thisServer); + ret = ESP_OK; } #ifdef HAS_ESP_NETIF_SNTP ret = esp_netif_sntp_init(&config); @@ -289,6 +332,9 @@ int set_time(void) ESP_LOGW(TAG, "No sntp time servers found."); ret = -1; } + + esp_show_current_datetime(); + ESP_LOGI(TAG, "time helper existing with result = %d", ret); return ret; } @@ -303,6 +349,8 @@ int set_time_wait_for_ntp(void) ret = esp_netif_sntp_start(); ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); +#else + ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined"); #endif /* HAS_ESP_NETIF_SNTP */ esp_show_current_datetime(); @@ -322,7 +370,7 @@ int set_time_wait_for_ntp(void) #endif if (ret == ESP_OK) { - ESP_LOGI(TAG, "Successfuly set time via NTP servers."); + ESP_LOGI(TAG, "Successfully set time via NTP servers."); } else { ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 1b33f98052..2c66126d97 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -18,24 +18,42 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - #include "wifi_connect.h" +#include "wifi_connect.h" +/* FreeRTOS */ #include #include #include -#include + +/* Espressif */ #include +#include +#include /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#if ESP_IDF_VERSION_MAJOR >= 5 +/* When there's too little heap, WiFi quietly refuses to connect */ +#define WIFI_LOW_HEAP_WARNING 21132 + +#if defined(CONFIG_IDF_TARGET_ESP8266) +#elif ESP_IDF_VERSION_MAJOR >= 5 + /* example path set in cmake file */ #elif ESP_IDF_VERSION_MAJOR >= 4 #include "protocol_examples_common.h" #else @@ -43,7 +61,9 @@ static EventGroupHandle_t wifi_event_group; #endif -#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) +#if defined(CONFIG_IDF_TARGET_ESP8266) + +#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) #if ESP_IDF_VERSION_MAJOR >= 4 /* likely using examples, see wifi_connect.h */ #else @@ -63,7 +83,114 @@ /* breadcrumb prefix for logging */ const static char *TAG = "wifi_connect"; -#if ESP_IDF_VERSION_MAJOR < 4 +#if defined(CONFIG_IDF_TARGET_ESP8266) +#ifndef CONFIG_ESP_MAX_STA_CONN + #define CONFIG_ESP_MAX_STA_CONN 4 +#endif +#define EXAMPLE_MAX_STA_CONN CONFIG_ESP_MAX_STA_CONN + +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 +#ifndef CONFIG_ESP_MAXIMUM_RETRY + #define CONFIG_ESP_MAXIMUM_RETRY 5 +#endif +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; +static int s_retry_num = 0; + +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY +static void event_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG,"connect to the AP fail"); + } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data; + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->ip_info.ip)); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} + +int wifi_init_sta(void) +{ + word32 this_heap; + + s_wifi_event_group = xEventGroupCreate(); + + tcpip_adapter_init(); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL)); + ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS + }, + }; + + /* Setting a password implies station will connect to all security modes including WEP/WPA. + * However these modes are deprecated and not advisable to be used. Incase your Access point + * doesn't support WPA2, these mode can be enabled by commenting below line */ + + if (strlen((char *)wifi_config.sta.password)) { + wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK; + } + + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished. Connecting..."); + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "this heap = %d", this_heap); + if (this_heap < WIFI_LOW_HEAP_WARNING) { + ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING); + } + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum + * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + ESP_LOGI(TAG, "xEventGroupWaitBits finished."); + /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually + * happened. */ + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s", + EXAMPLE_ESP_WIFI_SSID); + } else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS); + } else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } + + ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler)); + ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler)); + vEventGroupDelete(s_wifi_event_group); + return ESP_OK; +} + +#elif ESP_IDF_VERSION_MAJOR < 4 /* event handler for wifi events */ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) { @@ -80,7 +207,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference/system/freertos_idf.html */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: @@ -269,7 +396,8 @@ int wifi_init_sta(void) int wifi_show_ip(void) { - /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */ - return 0; + /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR, + * IP2STR(&event->ip_info.ip)); */ + return ESP_OK; } #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults index f8bce25ff3..2734899437 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults @@ -1,25 +1,133 @@ +# Set the known example app config to TLS Server (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER=y + +# CONFIG_EXAMPLE_WIFI_SSID="myssid" +# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword" + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size # -# This is typically way bigger than needed for stack size. See user_settings.h +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # -CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500 +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=55500 +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 new file mode 100644 index 0000000000..a24d9302e6 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 @@ -0,0 +1,7 @@ +# +# Main XTAL Config +# +CONFIG_XTAL_FREQ_26=y +# CONFIG_XTAL_FREQ_40 is not set +CONFIG_XTAL_FREQ=26 +# end of Main XTAL Config diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt index 6e70b4a626..4260db5ca3 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt @@ -1,15 +1,82 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.1 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.16) +# Optional no watchdog typically used for test & benchmark add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) -include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# The wolfSSL CMake file should be able to find the source code. +# Otherwise, assign an environment variable or set it here: +# +# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") +# +# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find +# USE_MY_PRIVATE_CONFIG path for my_private_config.h +# +# Expected path varies: +# +# WSL: /mnt/c/workspace +# Linux: ~/workspace +# Windows: C:\workspace +# +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". +include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(wolfssl_test) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md index ee66039f04..298ea015ce 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md @@ -1,5 +1,6 @@ # wolfSSL Crypt Test Example + This is the ESP32 Version of the [wolfSSL wolfcrypt test application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). For general information on [wolfSSL examples for Espressif](../README.md), see the @@ -8,7 +9,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## ESP Registry The easiest way to get started with wolfSSL is by using the -[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples. +[ESP Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) examples. ``` . ~/esp/esp-idf/export.sh @@ -22,13 +23,13 @@ idf.py -b 115200 flash monitor Open the VisualGDB Visual Studio Project file in the [VisualGDB directory](./VisualGDB/README.md) and click the "Start" button. No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`. -## ESP-IDF Commandline +## ESP-IDF Commandline (version 4.4 or greater for the ESP32) 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> - TEST_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). + All features enabled in the `user_settings.h` will be tested. When you want to run the test program @@ -42,16 +43,17 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor Example build on WSL, assuming `git clone` from `c:\workspace`: ``` -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +# WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/master echo "Run export.sh from ${WRK_IDF_PATH}" . ${WRK_IDF_PATH}/export.sh # switch to test example -cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test +cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_test -# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB -. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +# Pick ESP-IDF install directory, this one for v5.2 in VisualGDB +. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh # set target chipset idf.py set-target esp32s3 @@ -65,6 +67,33 @@ idf.py idf.py build flash -p /dev/ttyS24 -b 115200 monitor ``` +## ESP-IDF Commandline (version 3.5 or earlier for the ESP8266) + + +``` +WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4 +. $WRK_IDF_PATH/export.sh + +# install as needed / prompted +/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh + +cd IDE/Espressif/ESP-IDF/examples/ESP8266 + +# adjust settings as desired +idf.py menuconfig + +idf.py build flash -p /dev/ttyS55 -b 115200 +``` + +## Putty (via WSL) + +Define a non-blank value for `ESPIDF_PUTTY_MONITOR` to launch `testMonitor.sh` output in putty.exe sessions from Windows. +Assumes `PUTTY_EXE="/mnt/c/tools/putty.exe"`. + +```bash +export ESPIDF_PUTTY_MONITOR=true +``` + ## Example Output Note the default wolfSSL `user_settings.h` is configured by default to be the most diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt index 5f42ad3452..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt @@ -19,17 +19,67 @@ # # cmake for wolfssl Espressif projects # -# Version 5.7.0 template update + THIS_IDF_PATH +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + # The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component @@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "") endif() if( "$ENV{IDF_PATH}" STREQUAL "" ) - message(FATAL_ERROR "IDF_PATH Environment variable not set!") + message(FATAL_ERROR "IDF_PATH Environment variable not set!") else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() @@ -106,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -130,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -147,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -166,26 +236,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") - else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) - if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank + else() + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. else() - get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via prior specification.") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() @@ -286,6 +386,11 @@ endfunction() message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") + +# Optional variable inspection if (0) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) @@ -302,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -318,8 +428,9 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - ${THIS_INCLUDE_TIMER} - ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -328,6 +439,15 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) @@ -341,7 +461,9 @@ else() # Abort CMake after fatal error. endif() else() - message(STATUS "Searching for wolfSL source code...") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) endif() @@ -349,11 +471,18 @@ else() if(WOLFSSL_ROOT) message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") else() - message(STATUS "Failed: wolfssl directory not found.") + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" - "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") - # Abort CMake after fatal error. + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) @@ -379,22 +508,24 @@ else() endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") - # wolfSSL user_settings.h is in the local project. + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") - + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -427,8 +558,7 @@ else() message(STATUS "**************************************************************************************") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") - # Abort CMake after fatal error. + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -536,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -552,7 +684,7 @@ else() message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" @@ -589,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -601,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -622,15 +755,120 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES - "${THIS_INCLUDE_TIMER}" - "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark - ) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE # Some optional diagnostics. Verbose ones are truncated. if (VERBOSE_COMPONENT_MESSAGES) @@ -662,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -717,33 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig new file mode 100644 index 0000000000..cdd039d73f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk index 2540584c8f..bab08b5522 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,193 +50,246 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS -# In the wolfSSL GitHub examples for Espressif, -# the root is 7 directories up from here: -WOLFSSL_ROOT := ../../../../../../../ +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. + +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) # NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. COMPONENT_ADD_INCLUDEDIRS := . COMPONENT_ADD_INCLUDEDIRS += include -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src -# WOLFSSL_ROOT := "" -COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test -COMPONENT_SRCDIRS += include +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src -COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o ## ## wolfSSL ## -COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # COMPONENT_OBJS += src/conf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o # COMPONENT_OBJS += src/pk.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o # COMPONENT_OBJS += src/ssl_asn1.o # COMPONENT_OBJS += src/ssl_bn.o # COMPONENT_OBJS += src/ssl_certman.o # COMPONENT_OBJS += src/ssl_crypto.o # COMPONENT_OBJS += src/ssl_misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o # COMPONENT_OBJS += src/x509.o # COMPONENT_OBJS += src/x509_str.o ## ## wolfcrypt ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o ## ## Espressif ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o ## ## wolfcrypt benchmark (optional) ## -## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + ## ## wolfcrypt test (optional) ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test ## ## wolfcrypt ## +# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index 9cf87e8fdb..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,19 +18,52 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* This user_settings.h is for Espressif ESP-IDF * * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 * - * Do not include any wolfssl headers here + * Do not include any wolfssl headers here. * * When editing this file: - * ensure wolfssl_test and wolfssl_benchmark settings match. + * ensure all examples match. The template example is the reference. */ -/* The Espressif project config file. See also sdkconfig.defaults */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ /* The Espressif sdkconfig will have chipset info. ** @@ -46,33 +79,250 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF -/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ -#define NO_ESP_SDK_WIFI +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif +#endif + +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 + +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES #endif +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ + /* * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif /* See below for chipset detection from sdkconfig.h */ /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ -/* #define SINGLE_THREADED */ +#define SINGLE_THREADED -/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. +/* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) * When really desperate or no TLS used, try NO_SESSION_CACHE. */ @@ -92,130 +342,6 @@ /* RSA_LOW_MEM: Half as much memory but twice as slow. */ #define RSA_LOW_MEM -/* Uncommon settings for testing only */ -#define TEST_ESPIDF_ALL_WOLFSSL -#ifdef TEST_ESPIDF_ALL_WOLFSSL - #define WOLFSSL_MD2 - #define HAVE_BLAKE2 - #define HAVE_BLAKE2B - #define HAVE_BLAKE2S - - #define WC_RC2 - #define WOLFSSL_ALLOW_RC4 - - #define HAVE_POLY1305 - - #define WOLFSSL_AES_128 - #define WOLFSSL_AES_OFB - #define WOLFSSL_AES_CFB - #define WOLFSSL_AES_XTS - - /* #define WC_SRTP_KDF */ - /* TODO Causes failure with Espressif AES HW Enabled */ - /* #define HAVE_AES_ECB */ - /* #define HAVE_AESCCM */ - /* TODO sanity check when missing HAVE_AES_ECB */ - #define WOLFSSL_WOLFSSH - - #define HAVE_AESGCM - #define WOLFSSL_AES_COUNTER - - #define HAVE_FFDHE - #define HAVE_FFDHE_2048 - #if defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO Full size SRP is disabled on the ESP8266 at this time. - * Low memory issue? */ - #define WOLFCRYPT_HAVE_SRP - /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ - #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS - #elif defined(CONFIG_IDF_TARGET_ESP32) || \ - defined(CONFIG_IDF_TARGET_ESP32S2) || \ - defined(CONFIG_IDF_TARGET_ESP32S3) - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) - /* SRP Known to be working on this target::*/ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #else - /* For everything else, give a try and see if SRP working: */ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #endif - - #define HAVE_DH - - /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. - * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ - /* #define HAVE_CAMELLIA */ - - /* DSA requires old SHA */ - #define HAVE_DSA - - /* Needs SHA512 ? */ - #define HAVE_HPKE - - /* Not for Espressif? */ - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) || \ - defined(CONFIG_IDF_TARGET_ESP8266) - - #if defined(CONFIG_IDF_TARGET_ESP8266) - #undef HAVE_ECC - #undef HAVE_ECC_CDH - #undef HAVE_CURVE25519 - - /* TODO does CHACHA also need alignment? Failing on ESP8266 - * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ - #ifdef HAVE_CHACHA - #error "HAVE_CHACHA not supported on ESP8266" - #endif - #ifdef HAVE_XCHACHA - #error "HAVE_XCHACHA not supported on ESP8266" - #endif - #else - #define HAVE_XCHACHA - #define HAVE_CHACHA - /* TODO Not enabled at this time, needs further testing: - * #define WC_SRTP_KDF - * #define HAVE_COMP_KEY - * #define WOLFSSL_HAVE_XMSS - */ - #endif - /* TODO AES-EAX not working on this platform */ - - /* Optionally disable DH - * #undef HAVE_DH - * #undef HAVE_FFDHE - */ - - /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ - #ifndef HAVE_ECC - #define ECC_SHAMIR - #endif - #else - #define WOLFSSL_AES_EAX - - #define ECC_SHAMIR - #endif - - /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ - /* #define WOLFSSL_CAAM */ - /* #define WOLFSSL_CAAM_BLOB */ - - #define WOLFSSL_AES_SIV - #define WOLFSSL_CMAC - - #define WOLFSSL_CERT_PIV - - /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ - /* #define HAVE_SCRYPT */ - #define SCRYPT_TEST_ALL - #define HAVE_X963_KDF -#endif - /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ @@ -230,14 +356,40 @@ #define BENCH_EMBEDDED /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -254,32 +406,67 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -#define WOLFSSL_SHA512 - -/* when you want to use SHA3 */ -#define WOLFSSL_SHA3 - - /* ED25519 requires SHA512 */ -#define HAVE_ED25519 - /* Some features not enabled for ESP8266: */ #if defined(CONFIG_IDF_TARGET_ESP8266) || \ defined(CONFIG_IDF_TARGET_ESP32C2) + /* Some known low-memory devices have features not enabled by default. */ /* TODO determine low memory configuration for ECC. */ #else - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 + + /* when you want to use SHA3 */ + /* #define WOLFSSL_SHA3 */ + + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 #endif -#define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif -/* Optional OPENSSL compatibility */ -#define OPENSSL_EXTRA +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ /* #Optional HAVE_PKCS7 */ -#define HAVE_PKCS7 +/* #define HAVE_PKCS7 */ #if defined(HAVE_PKCS7) /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ @@ -319,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -329,7 +519,7 @@ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ /* #define WOLFSSL_SP_RISCV32 */ @@ -338,6 +528,14 @@ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif #define WOLFSSL_SMALL_STACK @@ -345,18 +543,32 @@ #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS + + + #define WOLFSSL_CERT_TEXT + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ -#define WOLFSSL_CERT_TEXT +#endif #define WOLFSSL_ASN_TEMPLATE @@ -376,10 +588,62 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 /* Alternatively, if there's an ECC Secure Element present: */ /* #define WOLFSSL_ESPWROOM32SE */ @@ -501,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -556,18 +824,33 @@ /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER See wolfcrypt/benchmark/benchmark.c for debug and other settings: @@ -579,7 +862,8 @@ Turn on timer debugging (used when CPU cycles not available) */ /* Pause in a loop rather than exit. */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ #define WOLFSSL_HW_METRICS @@ -628,6 +912,12 @@ Turn on timer debugging (used when CPU cycles not available) * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -705,6 +995,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 @@ -726,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 @@ -773,3 +1065,11 @@ Turn on timer debugging (used when CPU cycles not available) #else #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" #endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt index 2fe1790be0..3690d140f4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt @@ -1,3 +1,5 @@ +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.1 # # wolfssl crypt test # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk index df684f1e0b..d9b752f161 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk @@ -6,4 +6,4 @@ # in the build directory. This behavior is entirely configurable, # please read the ESP-IDF documents if you need to do this. # -# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.) +# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h index 94d9132358..ac09e78437 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h @@ -1,4 +1,4 @@ -/* template main.h +/* wolfssl_test main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c index 315ff304c9..0e18bedcc7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c @@ -1,4 +1,4 @@ -/* main.c +/* test main.c * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -26,17 +26,20 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ /* Reminder: settings.h pulls in user_settings.h; don't include it here. */ -#ifdef WOLFSSL_USER_SETTINGS +#if defined(WOLFSSL_USER_SETTINGS) #include - #ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" #endif - #include - #include - #include - #include - #include #else /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ @@ -44,8 +47,9 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include "driver/uart.h" - +/* Hardware; include after other libraries, + * particularly after freeRTOS from settings.h */ +#include /* set to 0 for one test, ** set to 1 for continuous test loop */ @@ -76,9 +80,13 @@ /* ** although the wolfcrypt/test includes a default time setting, -** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */ - +** see the enclosed optional time helper for adding NNTP. +** be sure to add "time_helper.c" in main/CMakeLists.txt +*/ #undef WOLFSSL_USE_TIME_HELPER +#if defined(WOLFSSL_USE_TIME_HELPER) + #include "time_helper.h" +#endif /* see wolfssl/wolfcrypt/test/test.h */ extern void wolf_crypt_task(); @@ -155,13 +163,16 @@ void app_main(void) .parity = UART_PARITY_DISABLE, .stop_bits = UART_STOP_BITS_1, }; + int stack_start = 0; + int loops = 0; esp_err_t ret = 0; - wc_ptr_t stack_start = esp_sdk_stack_pointer(); + + stack_start = esp_sdk_stack_pointer(); /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, * UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */ - /* Some targets may need to have UART speed set. TODO: which? */ + /* Some targets may need to have UART speed set, such as ESP8266 */ ESP_LOGI(TAG, "UART init"); uart_param_config(UART_NUM_0, &uart_config); uart_driver_install(UART_NUM_0, @@ -186,6 +197,7 @@ void app_main(void) #ifdef TASK_EXTRA_STACK_SIZE ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); #endif + #ifdef INCLUDE_uxTaskGetStackHighWaterMark ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", CONFIG_ESP_MAIN_TASK_STACK_SIZE, @@ -195,13 +207,13 @@ void app_main(void) * the minimum free stack space there has been (in bytes not words, unlike * vanilla FreeRTOS) since the task started. The smaller the returned * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + * see Espressif esp32/api-reference/system/freertos_idf.html */ stack_start = uxTaskGetStackHighWaterMark(NULL); ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); #endif -#ifdef HAVE_VERSION_EXTENDED_INFO +#if defined(HAVE_VERSION_EXTENDED_INFO) esp_ShowExtendedSystemInfo(); #endif @@ -230,38 +242,45 @@ void app_main(void) ESP_LOGI(TAG, "NO_CRYPT_TEST defined, skipping wolf_test_task"); #else /* Although wolfCrypt_Init() may be explicitly called above, - ** Note it is still always called in wolf_test_task. + ** note it is still always called in wolf_test_task. */ - int loops = 0; + stack_start = uxTaskGetStackHighWaterMark(NULL); + do { - #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); + + ret = wolf_test_task(); + #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS) esp_hw_show_metrics(); #endif - ret = wolf_test_task(); + loops++; /* count of the number of tests run before fail. */ ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); ESP_LOGI(TAG, "loops = %d", loops); - loops++; - } - while (TEST_LOOP && (ret == 0)); + } while (TEST_LOOP && (ret == 0)); + + /* Reminder: wolfCrypt_Cleanup() should always be called at completion, + ** and is called in wolf_test_task(). */ #if defined TEST_LOOP && (TEST_LOOP == 1) ESP_LOGI(TAG, "Test loops completed: %d", loops); #endif - /* note wolfCrypt_Cleanup() should always be called when finished. - ** This is called at the end of wolf_test_task(); - */ +#if defined(SINGLE_THREADED) + /* need stack monitor for single thread */ +#else + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); +#endif #if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) esp_hw_show_mp_metrics(); #endif #ifdef INCLUDE_uxTaskGetStackHighWaterMark - ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); - ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - (uxTaskGetStackHighWaterMark(NULL))); + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL))); #endif #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE @@ -278,7 +297,7 @@ void app_main(void) "If running from idf.py monitor, press twice: Ctrl+]"); #endif - /* done */ + /* After completion, we'll just wait */ while (1) { #if defined(SINGLE_THREADED) while (1); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults index 2a5ad756d7..6f5dcdb8f1 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults @@ -1,19 +1,32 @@ -# sdkconfig.defaults for ESP8266 + ESP32 +# Set the known example app config to template example (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_TEST=y + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# sdkconfig.defaults for ESP32. +# See separate sdkconfig.defaults.esp8266 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults CONFIG_BENCH_ARGV="-lng 0" +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size. See user_settings.h # +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h +# # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 +# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app. +CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=28672 # # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled @@ -31,6 +44,10 @@ CONFIG_ESP_TASK_WDT_EN=n CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y CONFIG_ESP_INT_WDT=n +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + # ESP8266 WDT # CONFIG_ESP_PANIC_PRINT_REBOOT is not set CONFIG_ESP_PANIC_PRINT_REBOOT=n @@ -46,6 +63,36 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + # Set max COU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md index f8ec01cec6..7d0988aafb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md @@ -15,8 +15,8 @@ Open the VisualGDB Visual Studio Project file in the VisualGDB directory and cli 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> - TEST_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). + All features enabled in the `user_settings.h` will be tested. When you want to run the test program diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c index ba8c82a76e..4c29ecc97a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c @@ -24,15 +24,26 @@ #include "sdkconfig.h" /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF -#warning "problem with wolfSSL user settings. Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + /* Unlike other examples with wolfSSL as a local component, this */ + /* example tests wolSSL *in* the ESP-IDF. If you get an error: */ + /* wolfssl/wolfcrypt/settings.h: No such file or directory */ + /* Then wolfSSL is missing from the ESP-IDF components */ + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include + #include + #include +#else + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile: \ +CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include - /* ** the wolfssl component can be installed in either: ** @@ -152,8 +163,8 @@ void app_main(void) /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) - /* not available for C3 at this time */ +#if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3) + /* TODO CPU_FREQ_MHZ not available for C2/C3 at this time */ #elif defined(CONFIG_IDF_TARGET_ESP32S3) ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ @@ -173,7 +184,7 @@ void app_main(void) #if defined(NO_ESP32_CRYPT) ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED."); #else - #if defined(CONFIG_IDF_TARGET_ESP32C3) + #if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3) #error "ESP32_CRYPT not yet supported on ESP32-C3" #elif defined(CONFIG_IDF_TARGET_ESP32S2) #error "ESP32_CRYPT not yet supported on ESP32-S2" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c index 70a6cb816e..95977ee9c1 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c @@ -94,7 +94,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference/system/system_time */ sntp_setoperatingmode(SNTP_OPMODE_POLL); diff --git a/IDE/Espressif/ESP-IDF/test/README.md b/IDE/Espressif/ESP-IDF/test/README.md index 8a12a50fea..e499c970e0 100644 --- a/IDE/Espressif/ESP-IDF/test/README.md +++ b/IDE/Espressif/ESP-IDF/test/README.md @@ -7,4 +7,4 @@ When you want to run the app 2. `idf.py menuconfig` to configure unit test app. 3. `idf.py -T wolfssl build` to build wolfssl unit test app. -See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app. +See Espressif for more information about unit test app. diff --git a/IDE/Espressif/README.md b/IDE/Espressif/README.md index 5bb1622f3c..530c1012cb 100644 --- a/IDE/Espressif/README.md +++ b/IDE/Espressif/README.md @@ -28,18 +28,16 @@ resource. ## Requirements The wolfSSL Espressif code requires the ESP-IDF to be installed for -[Windows](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/windows-setup.html) -or [Linux / MacOS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/linux-macos-setup.html). +Windows or Linux / MacOS. -See the [Espressif Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/). +See the Espressif Getting Started Guide. -Any editor can be used. See also the [Espressif Third-Party Tools](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/resources.html) -for a list of feature-rich Integrated Development Environments. +Any editor can be used. The [wolfSSL examples](./ESP-IDF/examples/README.md) all include a `./VisualGDB` directory with SoC-specific configurations to help get started quickly. -Although not required, a [JTAG Adapter](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/jtag-debugging/index.html) -can be helpful for development. When not using a built-in JTAG from Espressif, the examples typically +Although not required, a JTAG Adapter can be helpful for development. +When not using a built-in JTAG from Espressif, the examples typically use the open source [Tigard board](https://github.com/tigard-tools/tigard#readme). ## Examples: @@ -52,7 +50,7 @@ There are a variety of examples to help get started: The wolfSSL library can be installed as a managed component: -* [Espressif Managed Component Registry](https://components.espressif.com/components/wolfssl/wolfssl) +* [Espressif Managed Component Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) ## Notes: @@ -145,7 +143,6 @@ the reset-program hardware properly, causing devices to not be programmed with t Connecting...................................... A fatal error occurred: Failed to connect to ESP32: Wrong boot mode detected (0x13)! The chip needs to be in download mode. -For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html CMake Error at run_serial_tool.cmake:56 (message): /home/gojimmypi/.espressif/python_env/idf4.4_py3.8_env/bin/python /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/components/esptool_py/esptool/esptool.py @@ -188,7 +185,7 @@ Task watchdog got triggered. Guru Meditation Error: Core 0 panic'ed (unknown). Exception was unhandled. ``` -The watchdog needs to be [fed](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-reference/system/wdts.html?highlight=watchdog#_CPPv418esp_task_wdt_resetv) on a regular basis +The watchdog needs to be fed on a regular basis with `void esp_task_wdt_reset(void)` from `esp8266/include/esp_task_wdt.h`. Try turning off the WDT in menuconfig, or for Makefiles: @@ -199,4 +196,4 @@ EXTRA_CFLAGS += -DNO_WATCHDOG #### Other Solutions -See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf) +See also Espressif `esp-faq-en-master.pdf` diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index ab57c84ab7..eea296f2c2 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -22,17 +22,21 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h # Template EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -43,23 +47,27 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_ # Benchmark EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32C3.sln @@ -72,17 +80,18 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_ # TLS Client EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk @@ -95,6 +104,10 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-t EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj @@ -105,18 +118,15 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_cli EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include @@ -129,6 +139,14 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln @@ -139,24 +157,28 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h + +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln @@ -174,7 +196,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/tigard.cfg -# Other test +# Other test for wolfSSL installed in the ESP-IDF EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/README.md diff --git a/examples/configs/user_settings_platformio.h b/examples/configs/user_settings_platformio.h index 25babd2113..020a81b468 100644 --- a/examples/configs/user_settings_platformio.h +++ b/examples/configs/user_settings_platformio.h @@ -513,8 +513,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md index a95d86ff24..3c27d83739 100644 --- a/wolfcrypt/src/port/Espressif/README.md +++ b/wolfcrypt/src/port/Espressif/README.md @@ -14,18 +14,18 @@ Support for the ESP32 on-board cryptographic hardware acceleration for symmetric More details about ESP32 HW Acceleration can be found in: -* [ESP32 Technical Reference Manual](https://espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf) -* [ESP32-S2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s2_technical_reference_manual_en.pdf) -* [ESP32-S3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf) -* [ESP32-C2 (aka ESP8684 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp8684_technical_reference_manual_en.pdf) -* [ESP32-C3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf) -* [ESP32-C6 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c6_technical_reference_manual_en.pdf) -* [ESP32-H2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-h2_technical_reference_manual_en.pdf) +* `esp32_technical_reference_manual_en.pdf` +* `esp32-s2_technical_reference_manual_en.pdf` +* `esp32-s3_technical_reference_manual_en.pdf` +* `esp8684_technical_reference_manual_en.pdf` +* `esp32-c3_technical_reference_manual_en.pdf` +* `esp32-c6_technical_reference_manual_en.pdf` +* `esp32-h2_technical_reference_manual_en.pdf` ### Building Simply run `ESP-IDF.py` in any of the [Espressif/ESP-IDF/Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples). -See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). Hardware acceleration is enabled by default. All settings should be adjusted in the respective project component `user_settings.h` file. See the example in [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h). diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c index 952a12c1c1..458719d3eb 100644 --- a/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -3039,12 +3039,16 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } /* 8. clear and release HW */ + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGI(TAG, "Unlock esp_mp_exptmod"); + #endif if (exptmod_lock_called) { ret = esp_mp_hw_unlock(); } else { + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGV(TAG, "Lock not called"); + #endif } /* end if CONFIG_IDF_TARGET_ESP32C6 */ diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index ad371c7603..c1aec3e39c 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -20,7 +20,7 @@ */ /* - * ESP32-C3: https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf + * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf * see page 335: no SHA-512 * */ diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md index 55635e89ee..9f52338e9b 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md @@ -6,7 +6,7 @@ and with the intention of using Certificate Bundles in the esp-tls component. See the ESP-IDF `idf.py menuconfig`. A recent version of the [wolfSSL Kconfig](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig) file is needed. The [template example](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template) can be use for creating a project-specific [wolfSSL component](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl) -when not using a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +when not using a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). ## Getting Started diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c index c0a092b755..97b4063128 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c @@ -67,7 +67,7 @@ esp_err_t esp_crt_bundle_attach(void *conf) * * See the latest code at: * https://github.com/wolfSSL/wolfssl or - * https://components.espressif.com/components/wolfssl/wolfssl + * https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ */ #if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION) #if (WOLFSSL_ESPIDF_COMPONENT_VERSION > 0) diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index 9c574451a6..678de3b9a7 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -74,10 +74,10 @@ esp_err_t esp_sdk_time_lib_init(void) /* ESP-IDF uses a 64-bit signed integer to represent time_t * starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + * See: Espressif api-reference system_time (year-2036-and-2038-overflow-issues) */ -/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +/* see gnu TZ-Variable */ #ifndef TIME_ZONE /* * PST represents Pacific Standard Time. @@ -379,7 +379,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference system_time (sntp-time-synchronization) * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c index 06c9f81e8b..d56d549b2c 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -28,7 +28,7 @@ #include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ -#if defined(USE_WOLFSSL_ESP_SDK_WIFI) +#if defined(USE_WOLFSSL_ESP_SDK_WIFI) && ESP_IDF_VERSION_MAJOR > 4 /* Espressif */ #include "sdkconfig.h" /* programmatically generated from sdkconfig */ @@ -59,8 +59,8 @@ esp_err_t esp_sdk_wifi_lib_init(void) #if defined(CONFIG_IDF_TARGET_ESP8266) #elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR) /* example path set in cmake file */ -#elif ESP_IDF_VERSION_MAJOR >= 4 - #include "protocol_examples_common.h" +#elif ESP_IDF_VERSION_MAJOR > 4 +/* #include "protocol_examples_common.h" */ #else const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; @@ -266,7 +266,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 3d6c4e1de1..99d2ca20ab 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1009,9 +1009,9 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); /* * Errata Mitigation. See - * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-c3_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-s3_errata_en.pdf + * esp32_errata_en.pdf + * esp32-c3_errata_en.pdf + * esp32-s3_errata_en.pdf */ #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h index 632b371f58..a9857a2d13 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -31,8 +31,7 @@ * wolfSSL libraries. It is used when the wolfssl libary component is configured * to be utilized by the Espressif ESP-IDF, specifically the esp-tls layer. * - * See: - * https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/protocols/esp_tls.html + * See: esp-idf api-reference for esp_tls. * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h * ******************************************************************************* diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 440a3e5586..ece446faa0 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -540,7 +540,7 @@ * used in the esp-wolfssl or other places in the ESP-IDF. They should * be always be included for backward compatibility. * - * See also: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html + * See also: Espressif api-reference kconfig docs. * * These settings should be checked and assigned wolfssl equivalents before * any others.