From 34122ddb9f2f649d208bd65675b8c9d72e9e0631 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 1 Oct 2024 11:57:01 -0700 Subject: [PATCH] component file sync --- .../components/wolfssl/CMakeLists.txt | 16 ++++-- .../wolfssl_client/components/wolfssl/Kconfig | 25 +++++++++ .../components/wolfssl/component.mk | 4 +- .../wolfssl/include/user_settings.h | 51 ++++++++++++++++--- 4 files changed, 83 insertions(+), 13 deletions(-) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt index dd4409fa3c..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt @@ -28,6 +28,9 @@ cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") # function: IS_ESP_IDF_COMPONENT # output: RESULT = 1 (true) if this component is located in the ESP-IDF components @@ -153,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -404,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -420,6 +428,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support + "${THIS_ESP_TLS}" "${THIS_INCLUDE_TIMER}" "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) @@ -757,6 +766,7 @@ else() REQUIRES "${COMPONENT_REQUIRES}" EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" PRIV_REQUIRES + "${THIS_ESP_TLS}" "${THIS_INCLUDE_TIMER}" "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig index 5e21683b32..cdd039d73f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig @@ -382,6 +382,24 @@ menu "wolfSSL" Hardware acceleration enabled by default. Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + endmenu # wolfSSL Hardware Acceleration # ----------------------------------------------------------------------------------------------------------------- @@ -410,6 +428,13 @@ menu "wolfSSL" default n help Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + endmenu # wolfSSL Debug Options # ----------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk index e1fdb650e3..45a1aa08fb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk @@ -1,7 +1,7 @@ # # Copyright (C) 2006-2024 wolfSSL Inc. # -# This file is part of wolfSSL for the Espressif ESP-IDF. +# This file is part of wolfSSL. # # wolfSSL is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -20,7 +20,7 @@ $(info *********** wolfssl component ************) - # +# # Component Makefile # # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 3939302b98..999d5ed77a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -85,6 +85,9 @@ /* Turn on messages that are useful to see only in examples. */ #define WOLFSSL_EXAMPLE_VERBOSITY +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + /* wolfSSL Examples: set macros used in example applications. * * These Settings NOT available in ESP-IDF (e.g. esp-tls) @@ -153,8 +156,13 @@ /* Other applications detected by cmake */ #elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) - /* The wolfSSL Version */ - #define FP_MAX_BITS (8192 * 2) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif #define HAVE_ALPN #define HAVE_SNI #define OPENSSL_EXTRA_X509_SMALL @@ -240,7 +248,16 @@ /* Used by ESP-IDF components: */ #if defined(CONFIG_ESP_TLS_USING_WOLFSSL) /* The ESP-TLS */ - #define FP_MAX_BITS (8192 * 2) + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif #define HAVE_ALPN #define HAVE_SNI #define OPENSSL_EXTRA_X509_SMALL @@ -349,18 +366,25 @@ /* Required for RSA */ #define WC_RSA_PSS - /* TLS 1.3 normally requires HAVE_FFDHE. For now just syntax highlight: */ + /* TLS 1.3 normally requires HAVE_FFDHE */ #if defined(HAVE_FFDHE_2048) || \ defined(HAVE_FFDHE_3072) || \ defined(HAVE_FFDHE_4096) || \ defined(HAVE_FFDHE_6144) || \ defined(HAVE_FFDHE_8192) #else + #define HAVE_FFDHE_2048 /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ #endif #endif - +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -477,8 +501,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -739,6 +766,11 @@ #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -791,7 +823,7 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options optionally increase error message size for very long paths. #define WOLFSSL_MAX_ERROR_SZ 500 -Turn debugging on/off: +Turn wolfSSL debugging on/off: wolfSSL_Debugging_ON(); wolfSSL_Debugging_OFF(); @@ -801,6 +833,7 @@ Turn debugging on/off: #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_DEBUG_IGNORE_ASN_TIME #define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC @@ -809,6 +842,8 @@ Turn debugging on/off: #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK #define ESP_MONITOR_HW_TASK_LOCK #define USE_ESP_DPORT_ACCESS_READ_BUFFER